Add CRI installation instructions page with containerd and docker

Signed-off-by: Vince Prignano <vince@vincepri.com>
kubernetes · Sep 5, 2018 · 5a295bc · 5a295bc
1 parent b36eb90
commit 5a295bc
Show file tree

Hide file tree

Showing 3 changed files with 158 additions and 32 deletions.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -249,7 +249,7 @@ networking:
   podSubnet: ""
   serviceSubnet: 10.96.0.0/12
 nodeRegistration:
-  criSocket: /var/run/dockershim.sock
+  criSocket: /var/run/containerd/containerd.sock
   name: your-host-name
   taints:
   - effect: NoSchedule
@@ -368,41 +368,23 @@ Here's a breakdown of what/why:
    certificates from the `kube-apiserver` when the certificate expiration approaches.
 * `--cert-dir`the directory where the TLS certs are located.
 
-### Use kubeadm with other CRI runtimes
+### Use kubeadm with containerd
 
-Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
-The container runtime used by default is Docker, which is enabled through the built-in
-`dockershim` CRI implementation inside of the `kubelet`.
+From v1.12.0 the suggested kubeadm CRI is containerd. For further information refer to [CRI Installation](/docs/setup/cri/cri-installation/) instructions.
 
-Other CRI-based runtimes include:
-
-- [cri-containerd](https://github.com/containerd/cri-containerd)
-- [cri-o](https://github.com/kubernetes-incubator/cri-o)
-- [frakti](https://github.com/kubernetes/frakti)
-- [rkt](https://github.com/kubernetes-incubator/rktlet)
-
-After you have successfully installed `kubeadm` and `kubelet`, execute
-these two additional steps:
-
-1. Install the runtime shim on every node, following the installation
-   document in the runtime shim project listing above.
-
-1. Configure kubelet to use the remote CRI runtime. Please remember to change
-   `RUNTIME_ENDPOINT` to your own value like `/var/run/{your_runtime}.sock`:
-
-```shell
-cat > /etc/systemd/system/kubelet.service.d/20-cri.conf <<EOF
-[Service]
-Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=$RUNTIME_ENDPOINT"
-EOF
-systemctl daemon-reload
+After installing containerd, you should set `--cri-socket` in kubeadm init and kubeadm reset. Or, in alternative to command line flags, supply the containerd socket in your kubeadm configuration as shown in the example below:
+```yaml
+nodeRegistration:
+  criSocket: /var/run/containerd/containerd.sock
 ```
 
-Now `kubelet` is ready to use the specified CRI runtime, and you can continue
-with the `kubeadm init` and `kubeadm join` workflow to deploy Kubernetes cluster.
-
-You may also want to set `--cri-socket` to `kubeadm init` and `kubeadm reset` when
-using an external CRI implementation.
+In addition, you should set kubectl flags `--container-runtime=remote` and `--container-runtime-endpoint=unix:///path/to/containerd.sock`. This can be done through kubeadm configuration as shown in the example below:
+```yaml
+nodeRegistration:
+  kubeletExtraArgs:
+    container-runtime: remote
+    container-runtime-endpoint: unix:///var/run/containerd/containerd.sock
+```
 
 ### Using internal IPs in your cluster
 

diff --git a/content/en/docs/setup/cri/_index.md b/content/en/docs/setup/cri/_index.md
@@ -0,0 +1,4 @@
+---
+title: Kubernetes CRI
+weight: 30
+---
diff --git a/content/en/docs/setup/cri/cri-installation.md b/content/en/docs/setup/cri/cri-installation.md
@@ -0,0 +1,140 @@
+---
+reviewers:
+- vincepri
+title: CRI installation
+content_template: templates/concept
+weight: 100
+---
+{{% capture overview %}}
+Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
+This page contains installation instruction for various runtimes.
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+### Containerd
+
+This section contains the necessary steps to use `containerd` as CRI with kubeadm.
+
+#### Prerequisites
+
+```shell
+modprobe overlay
+modprobe br_netfilter
+
+# Setup required sysctl params, these persist across reboots.
+cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sysctl --system
+```
+
+{{< tabs name="tab-cri-containerd-installation" >}}
+{{< tab name="Ubuntu 16.04+" codelang="bash" >}}
+apt-get install -y libseccomp2
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+yum install -y libseccomp
+{{< /tab >}}
+{{< /tabs >}}
+
+#### Install containerd
+
+[Containerd releases](https://github.com/containerd/containerd/releases) are published regularly, the values below are hardcoded to the latest version available at the time of writing. Please check for newer versions and hashes [here](https://storage.googleapis.com/cri-containerd-release).
+
+```shell
+# Export required environment variables.
+export CONTAINERD_VERSION="1.1.2"
+export CONTAINERD_SHA256="d4ed54891e90a5d1a45e3e96464e2e8a4770cd380c21285ef5c9895c40549218"
+
+# Download containerd tar.
+wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# Check hash.
+echo "${CONTAINERD_SHA256} cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" | sha256sum --check -
+
+# Unpack.
+tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# Start containerd.
+systemctl start containerd
+```
+
+### Docker
+
+{{< tabs name="tab-cri-docker-installation" >}}
+{{< tab name="Ubuntu 16.04" codelang="bash" >}}
+# Install prerequisites.
+apt-get install apt-transport-https ca-certificates curl software-properties-common
+
+# Download GPG key.
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+# Add docker apt repository. 
+add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+
+# Install docker.
+apt-get update && apt-get install docker-ce=17.03.2~ce-0~ubuntu-xenial
+
+# Setup daemon.
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# Restart docker.
+systemctl daemon-reload
+systemctl restart docker
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+# Install prerequisites.
+yum install yum-utils device-mapper-persistent-data lvm2
+
+# Add docker repository. 
+yum-config-manager \
+    --add-repo \
+    https://download.docker.com/linux/centos/docker-ce.repo
+
+# Install docker.
+apt-get update && yum install docker-ce-17.03.2.ce
+
+# Setup daemon.
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# Restart docker.
+systemctl daemon-reload
+systemctl restart docker
+{{< /tab >}}
+{{< /tabs >}}
+
+
+{{% /capture %}}