-
配置
isulad在
/etc/isulad/daemon.json中先配置pod-sandbox-image:"pod-sandbox-image": "my-pause:1.0.0"
之后配置
isulad的endpoint:"hosts": [ "unix:///var/run/isulad.sock" ]
如果
hosts没有配置,默认的endpoint为unix:///var/run/isulad.sock -
重启
isulad$ sudo systemctl restart isulad
-
基于配置或者默认值启动
kubelet$ /usr/bin/kubelet --container-runtime-endpoint=unix:///var/run/isulad.sock --image-service-endpoint=unix:///var/run/isulad.sock --pod-infra-container-image=my-pause:1.0.0 --container-runtime=remote ...
RuntimeClass 用于选择容器运行时配置从而运行 pod 的容器,RuntimeClass 的具体信息请查看 runtime-class。目前,只支持kata-containers 和 runc这两种oci runtime。
-
在
/etc/isulad/daemon.json中配置isulad"runtimes": { "kata-runtime": { "path": "/usr/bin/kata-runtime", "runtime-args": [ "--kata-config", "/usr/share/defaults/kata-containers/configuration.toml" ] } }
-
其他配置
isulad支持overlay2和devicemapper作为存储驱动程序,默认的为overlay2。在某些情况下,更适合使用块设备类型作为存储驱动程序,例如运行
kata-containers。配置devicemapper的过程如下:首先创建ThinPool:
$ sudo pvcreate /dev/sdb1 # /dev/sdb1 for example $ sudo vgcreate isulad /dev/sdb $ sudo echo y | lvcreate --wipesignatures y -n thinpool isulad -L 200G $ sudo echo y | lvcreate --wipesignatures y -n thinpoolmeta isulad -L 20G $ sudo lvconvert -y --zero n -c 512K --thinpool isulad/thinpool --poolmetadata isulad/thinpoolmeta $ sudo lvchange --metadataprofile isulad-thinpool isulad/thinpool
之后在
/etc/isulad/daemon.json中增加devicemapper的配置 :"storage-driver": "devicemapper" "storage-opts": [ "dm.thinpooldev=/dev/mapper/isulad-thinpool", "dm.fs=ext4", "dm.min_free_space=10%" ]
-
重启
isulad$ sudo systemctl restart isulad
-
定义
kata-runtime.yaml,例如创建一个kata-runtime.yaml内容如下:apiVersion: node.k8s.io/v1beta1 kind: RuntimeClass metadata: name: kata-runtime handler: kata-runtime
之后运行
kubectl apply -f kata-runtime.yaml命令在kubectl中让这个配置生效。 -
定义 pod spec
kata-pod.yaml,例如创建一个kata-pod.yaml,内容如下:apiVersion: v1 kind: Pod metadata: name: kata-pod-example spec: runtimeClassName: kata-runtime containers: - name: kata-pod image: busybox:latest command: ["/bin/sh"] args: ["-c", "sleep 1000"]
-
运行 pod
$ kubectl create -f kata-pod.yaml $ kubectl get pod NAME READY STATUS RESTARTS AGE kata-pod-example 1/1 Running 4 2s
isulad实现了CRI接口从而可以连接CNI网络、解析CNI的网络配置文件、加入或者退出CNI网络。在本节中,我们调用 CRI 接口启动 pod 来验证 CNI 网络配置。
-
在
/etc/isulad/daemon.json中配置isulad:"network-plugin": "cni", "cni-bin-dir": "/opt/cni/bin", "cni-conf-dir": "/etc/cni/net.d",
-
准备CNI网络的插件:
编译生成 CNI 插件的二进制文件,并将该二进制文件复制到
/opt/cni/bin。$ git clone https://github.com/containernetworking/plugins.git $ cd plugins && ./build_linux.sh $ cd ./bin && ls bandwidth bridge dhcp firewall flannel ...
-
准备CNI网络的配置:
配置文件的后缀可以是
.conflist或者.conf,区别在于是否包含多个插件。例如,我们在目录/etc/cni/net.d/下创建10-mynet.conflist文件,内容如下:{ "cniVersion": "0.3.1", "name": "default", "plugins": [ { "name": "default", "type": "ptp", "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.1.0.0/16", "routes": [ { "dst": "0.0.0.0/0" } ] } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } -
配置
sandbox-config.json:{ "port_mappings":[{"protocol": 1, "container_port": 80, "host_port": 8080}], "metadata": { "name": "test", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "labels": { "filter_label_key": "filter_label_val" }, "linux": { } } -
重启
isulad并且启动pod:$ sudo systemctl restart isulad $ sudo crictl -i unix:///var/run/isulad.sock -r unix:///var/run/isulad.sock runp sandbox-config.json
-
查看pod网络信息:
$ sudo crictl -i unix:///var/run/isulad.sock -r unix:///var/run/isulad.sock inspectp <pod-id>