CRI - containerd
Container
- VM
- Guest OS의 커널에 요청되는 시스템 콜은 하이퍼바이저를 통해 처리
- Container
- Container의 시스템 콜은 Host OS의 커널을 공유하여 처리
- Linux namespace와 cgroup을 통해 격리된 환경 제공
설치
warning
기본적으로 설치되어야하는 프로그램의 경우 미리 설치된 이미지를 준비하면 좋습니다.
containerd-installation.yaml
---
- hosts: all
become: yes
tasks:
- name: Install requirements
apt:
name: "{{ item }}"
state: latest
update_cache: yes
loop: ["apt-transport-https", "ca-certificates", "curl", "gnupg"]
- name: Add docker GPG apt key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
keyring: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Add docker repository ({{ ansible_distribution_release }})
apt_repository:
repo: deb
[arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg]
https://download.docker.com/linux/ubuntu
{{ ansible_distribution_release }} stable
filename: docker
- name: Install containerd.io
apt:
name: containerd.io
state: latest
update_cache: yes
- name: Add containerd.conf to /etc/modules-load.d
copy:
dest: /etc/modules-load.d/containerd.conf
content: |
overlay
br_netfilter
mode: 0644
- name: modprobe overlay
modprobe:
name: overlay
- name: modprobe br_netfilter
modprobe:
name: br_netfilter
- name: Add 99-k8s-cri.conf to /etc/sysctl.d
copy:
dest: /etc/sysctl.d/99-k8s-cri.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
mode: 0644
- name: Update sysctl
shell: sysctl --system
- name: mkdir /etc/containerd
file:
path: /etc/containerd
state: directory
mode: 0755
- name: Add config.toml to /etc/containerd
shell: containerd config default > /etc/containerd/config.toml
args:
chdir: /etc/containerd
- name: Insert 'SystemdCgroup = true' for containerd with runc
lineinfile:
path: /etc/containerd/config.toml
regexp: '(^.*containerd\.runtimes\.runc\.options\]$)'
line: '\1\n SystemdCgroup = true'
backrefs: yes
- name: grep /etc/containerd/config.toml
shell: grep -C 3 'SystemdCgroup = true' /etc/containerd/config.toml
register: config_toml_grep
- name: Debug config.toml changes
debug:
msg: "{{ config_toml_grep.stdout.split('\n') }}"
- name: systemd enable and restart containerd
systemd:
name: containerd
enabled: yes
state: restarted
Reference
- https://bi-insider.com/posts/virtual-machines-vs-containers/
- https://docs.docker.com/engine/install/
- https://kubernetes.io/docs/setup/production-environment/container-runtimes/