版本 2.2.0
依赖于 containerd,如果之前是 Docker 安装的,可以参考 这篇文章 进行替换
参考 Install Kata Containers with containerd
下载安装 containerd
wget https://github.com/containerd/containerd/releases/download/v1.5.7/cri-containerd-cni-1.5.7-linux-amd64.tar.gz
tar xvzf cri-containerd-cni-1.5.7-linux-amd64.tar.gz -C /
下载 kata-containers
wget https://github.com/kata-containers/kata-containers/releases/download/2.2.1/kata-static-2.2.1-x86_64.tar.xz
tar xf kata-static-2.2.1-x86_64.tar.xz -C /
将路径 /opt/kata/bin
添加到 系统PATH
ln -s /opt/kata/bin/containerd-shim-kata-v2 /usr/local/bin/containerd-shim-kata-v2
!!注意,如果使用的是 cri-containerd-cni 压缩包,避免 与 /opt/kata/bin 下的 runc 冲突
Docker 中自带的 containerd 默认是将 CRI 这个插件禁用掉了
containerd config default > /etc/containerd/config.toml
-
sandbox 镜像修改
-
kata plugin 修改 ,参考官网containerd install
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "kata"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"
利用 ctr 测试
ctr image pull "docker.io/library/busybox:latest"
ctr run --runtime "io.containerd.kata.v2" --rm -t "docker.io/library/busybox:latest" test-kata uname -r
K8s RuntimeClass
apiVersion: node.k8s.io/v1
handler: kata
kind: RuntimeClass
metadata:
name: kata
overhead:
podFixed:
cpu: 100m
memory: 256Mi
busy box
apiVersion: v1
kind: Pod
metadata:
name: busybox
labels:
app: busybox
spec:
runtimeClassName: kata
containers:
- image: busybox
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
name: busybox
restartPolicy: Always
/usr/bin/containerd: symbol lookup error: /usr/bin/containerd: undefined symbol: seccomp_api_set
解决方法
/etc/apt/source.list
中添加 deb http://deb.debian.org/debian buster-backports main contrib non-free
然后执行
apt update
apt-get -t buster-backports install libseccomp2 libseccomp-dev