From 22ca1d1db7aaaf16206e3f73fb96401a33f52b4e Mon Sep 17 00:00:00 2001 From: Vince Prignano Date: Tue, 4 Sep 2018 13:06:43 -0700 Subject: [PATCH] Add CRI installation instructions page with containerd and docker Signed-off-by: Vince Prignano --- .../setup-tools/kubeadm/kubeadm-init.md | 45 ++---- content/en/docs/setup/cri/_index.md | 4 + content/en/docs/setup/cri/cri-installation.md | 140 ++++++++++++++++++ .../docs/setup/independent/install-kubeadm.md | 52 +------ 4 files changed, 159 insertions(+), 82 deletions(-) create mode 100644 content/en/docs/setup/cri/_index.md create mode 100644 content/en/docs/setup/cri/cri-installation.md diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md index 84f0ea3a8c428..305a58252a84c 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md +++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md @@ -249,7 +249,7 @@ networking: podSubnet: "" serviceSubnet: 10.96.0.0/12 nodeRegistration: - criSocket: /var/run/dockershim.sock + criSocket: /var/run/containerd/containerd.sock name: your-host-name taints: - effect: NoSchedule @@ -368,41 +368,22 @@ Here's a breakdown of what/why: certificates from the `kube-apiserver` when the certificate expiration approaches. * `--cert-dir`the directory where the TLS certs are located. -### Use kubeadm with other CRI runtimes +### Use kubeadm with containerd -Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default. -The container runtime used by default is Docker, which is enabled through the built-in -`dockershim` CRI implementation inside of the `kubelet`. +From v1.12.0 the suggested kubeadm CRI is containerd. For further information refer to [CRI Installation](/docs/setup/cri/cri-installation/) instructions. -Other CRI-based runtimes include: - -- [cri-containerd](https://github.com/containerd/cri-containerd) -- [cri-o](https://github.com/kubernetes-incubator/cri-o) -- [frakti](https://github.com/kubernetes/frakti) -- [rkt](https://github.com/kubernetes-incubator/rktlet) - -After you have successfully installed `kubeadm` and `kubelet`, execute -these two additional steps: - -1. Install the runtime shim on every node, following the installation - document in the runtime shim project listing above. - -1. Configure kubelet to use the remote CRI runtime. Please remember to change - `RUNTIME_ENDPOINT` to your own value like `/var/run/{your_runtime}.sock`: - -```shell -cat > /etc/systemd/system/kubelet.service.d/20-cri.conf < /etc/sysctl.d/99-kubernetes-cri.conf <}} +{{< tab name="Ubuntu 16.04+" codelang="bash" >}} +apt-get install -y libseccomp2 +{{< /tab >}} +{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}} +yum install -y libseccomp +{{< /tab >}} +{{< /tabs >}} + +#### Install containerd + +[Containerd releases](https://github.com/containerd/containerd/releases) are published regularly, the values below are hardcoded to the latest version available at the time of writing. Please check for newer versions and hashes [here](https://storage.googleapis.com/cri-containerd-release). + +```shell +# Export required environment variables. +export CONTAINERD_VERSION="1.1.2" +export CONTAINERD_SHA256="d4ed54891e90a5d1a45e3e96464e2e8a4770cd380c21285ef5c9895c40549218" + +# Download containerd tar. +wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz + +# Check hash. +echo "${CONTAINERD_SHA256} cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" | sha256sum --check - + +# Unpack. +tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz + +# Start containerd. +systemctl start containerd +``` + +### Docker + +{{< tabs name="tab-cri-docker-installation" >}} +{{< tab name="Ubuntu 16.04" codelang="bash" >}} +# Install prerequisites. +apt-get install apt-transport-https ca-certificates curl software-properties-common + +# Download GPG key. +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + +# Add docker apt repository. +add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + +# Install docker. +apt-get update && apt-get install docker-ce=17.03.2~ce-0~ubuntu-xenial + +# Setup daemon. +cat > /etc/docker/daemon.json <}} +{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}} +# Install prerequisites. +yum install yum-utils device-mapper-persistent-data lvm2 + +# Add docker repository. +yum-config-manager \ + --add-repo \ + https://download.docker.com/linux/centos/docker-ce.repo + +# Install docker. +apt-get update && yum install docker-ce-17.03.2.ce + +# Setup daemon. +cat > /etc/docker/daemon.json <}} +{{< /tabs >}} + + +{{% /capture %}} \ No newline at end of file diff --git a/content/en/docs/setup/independent/install-kubeadm.md b/content/en/docs/setup/independent/install-kubeadm.md index c80c5aaba2186..b8d4eb0324b62 100644 --- a/content/en/docs/setup/independent/install-kubeadm.md +++ b/content/en/docs/setup/independent/install-kubeadm.md @@ -79,57 +79,9 @@ The pod network plugin you use (see below) may also require certain ports to be open. Since this differs with each pod network plugin, please see the documentation for the plugins about what port(s) those need. -## Installing Docker +## Installing a CRI -On each of your machines, install Docker. -Version 17.03 is recommended, but 1.11, 1.12 and 1.13 are known to work as well. -Versions 17.06+ _might work_, but have not yet been tested and verified by the Kubernetes node team. -Keep track of the latest verified Docker version in the Kubernetes release notes. - -Please proceed with executing the following commands based on your OS as root. You may become the root user by executing `sudo -i` after SSH-ing to each host. - -If you already have the required versions of the Docker installed, you can move on to next section. -If not, you can use the following commands to install Docker on your system: - -{{< tabs name="docker_install" >}} -{{% tab name="Ubuntu, Debian or HypriotOS" %}} -Install Docker from Ubuntu's repositories: - -```bash -apt-get update -apt-get install -y docker.io -``` - -or install Docker CE 17.03 from Docker's repositories for Ubuntu or Debian: - -```bash -apt-get update -apt-get install -y apt-transport-https ca-certificates curl software-properties-common -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" -apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}') -``` -{{% /tab %}} -{{% tab name="CentOS, RHEL or Fedora" %}} -Install Docker using your operating system's bundled package: - -```bash -yum install -y docker -systemctl enable docker && systemctl start docker -``` -{{% /tab %}} -{{% tab name="Container Linux" %}} -Enable and start Docker: - -```bash -systemctl enable docker && systemctl start docker -``` -{{% /tab %}} -{{< /tabs >}} - - -Refer to the [official Docker installation guides](https://docs.docker.com/engine/installation/) -for more information. +Refer to the [CRI installation](/docs/setup/cri/cri-installation/) guide for more information. ## Installing kubeadm, kubelet and kubectl