Frakti
Frakti是一个基于Kubelet CRI的运行时,它提供了hypervisor级别的隔离性,特别适用于运行不可信应用以及多租户场景下。Frakti实现了一个混合运行时:
特权容器以Docker container的方式运行
而普通容器则以hyper container的方法运行在VM内
Frakti提供了一个简便的安装脚本,可以一键在Ubuntu或CentOS上启动一个本机的Kubernetes+frakti集群。
curl -sSL https://github.com/kubernetes/frakti/raw/master/cluster/allinone.sh | bash
首先需要在所有机器上安装hyperd, docker, frakti, CNI 和 kubelet。
Ubuntu 16.04+:
apt-get update && apt-get install -y qemu libvirt-bincurl -sSL https://hypercontainer.io/install | bash
CentOS 7:
curl -sSL https://hypercontainer.io/install | bash
配置hyperd:
echo -e "Kernel=/var/lib/hyper/kernel\n\Initrd=/var/lib/hyper/hyper-initrd.img\n\Hypervisor=qemu\n\StorageDriver=overlay\n\gRPCHost=127.0.0.1:22318" > /etc/hyper/configsystemctl enable hyperdsystemctl restart hyperd
Ubuntu 16.04+:
apt-get updateapt-get install -y docker.io
CentOS 7:
yum install -y docker
启动docker:
systemctl enable dockersystemctl start docker
curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.2/frakti -o /usr/bin/fraktichmod +x /usr/bin/frakticgroup_driver=$(docker info | awk '/Cgroup Driver/{print $3}')cat <<EOF > /lib/systemd/system/frakti.service[Unit]Description=Hypervisor-based container runtime for KubernetesDocumentation=https://github.com/kubernetes/fraktiAfter=network.target[Service]ExecStart=/usr/bin/frakti --v=3 \--log-dir=/var/log/frakti \--logtostderr=false \--cgroup-driver=${cgroup_driver} \--listen=/var/run/frakti.sock \--streaming-server-addr=%H \--hyper-endpoint=127.0.0.1:22318MountFlags=sharedTasksMax=8192LimitNOFILE=1048576LimitNPROC=1048576LimitCORE=infinityTimeoutStartSec=0Restart=on-abnormal[Install]WantedBy=multi-user.targetEOF
Ubuntu 16.04+:
apt-get update && apt-get install -y apt-transport-httpscurl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -cat <<EOF > /etc/apt/sources.list.d/kubernetes.listdeb http://apt.kubernetes.io/ kubernetes-xenial mainEOFapt-get updateapt-get install -y kubernetes-cni
CentOS 7:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpghttps://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOFsetenforce 0yum install -y kubernetes-cni
配置CNI网络,注意
frakti目前仅支持bridge插件
所有机器上Pod的子网不能相同,比如master上可以用
10.244.1.0/24,而第一个Node上可以用10.244.2.0/24
mkdir -p /etc/cni/net.dcat >/etc/cni/net.d/10-mynet.conf <<-EOF{"cniVersion": "0.3.0","name": "mynet","type": "bridge","bridge": "cni0","isGateway": true,"ipMasq": true,"ipam": {"type": "host-local","subnet": "10.244.1.0/24","routes": [{ "dst": "0.0.0.0/0" }]}}EOFcat >/etc/cni/net.d/99-loopback.conf <<-EOF{"cniVersion": "0.3.0","type": "loopback"}EOF
Ubuntu 16.04+:
apt-get install -y kubelet kubeadm kubectl
CentOS 7:
yum install -y kubelet kubeadm kubectl
配置Kubelet使用frakti runtime:
sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.confsystemctl daemon-reload
kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest# Optional: enable schedule pods on the masterexport KUBECONFIG=/etc/kubernetes/admin.confkubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-
# get token on master nodetoken=$(kubeadm token list | grep authentication,signing | awk '{print $1}')# join master on worker nodeskubeadm join --token $token ${master_ip}
在集群模式下,需要为容器网络配置直接路由,假设有一台master和两台Node:
NODE IP_ADDRESS CONTAINER_CIDRmaster 10.140.0.1 10.244.1.0/24node-1 10.140.0.2 10.244.2.0/24node-2 10.140.0.3 10.244.3.0/24
CNI的网络路由可以这么配置:
# on masterip route add 10.244.2.0/24 via 10.140.0.2ip route add 10.244.3.0/24 via 10.140.0.3# on node-1ip route add 10.244.1.0/24 via 10.140.0.1ip route add 10.244.3.0/24 via 10.140.0.3# on node-2ip route add 10.244.1.0/24 via 10.140.0.1ip route add 10.244.2.0/24 via 10.140.0.2
最近更新 12 months ago