更換k8s容器運(yùn)行時(shí)環(huán)境為docker的過程

更新時(shí)間：2025年10月10日 16:59:27 作者：my_qq_990814268

這篇文章主要介紹了更換k8s容器運(yùn)行時(shí)環(huán)境為docker的過程,具有很好的參考價(jià)值,希望對(duì)大家有所幫助,如有錯(cuò)誤或未考慮完全的地方,望不吝賜教

更換k8s容器運(yùn)行時(shí)環(huán)境為docker

k8s-V1.24之后容器運(yùn)行時(shí)默認(rèn)是containerd，若想改為熟悉的docker作為運(yùn)行時(shí)，需要做以下操作

在每個(gè)節(jié)點(diǎn)安裝containerd、docker;
每個(gè)節(jié)點(diǎn)安裝cri-docker；
調(diào)整kubelet配置并重啟驗(yàn)證。

1.安裝docker、containerd服務(wù)

# 安裝docker和containerd
# 二進(jìn)制包下載地址：https://download.docker.com/linux/static/stable/x86_64/
# wget https://download.docker.com/linux/static/stable/x86_64/docker-24.0.2.tgz
?
#解壓
tar xf docker-*.tgz 
#拷貝二進(jìn)制文件
cp docker/* /usr/bin/
#創(chuàng)建containerd的service文件,并且啟動(dòng)
cat >/etc/systemd/system/containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
?
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
TasksMax=infinity
OOMScoreAdjust=-999
?
[Install]
WantedBy=multi-user.target
EOF
?
# 設(shè)置開機(jī)自啟
systemctl enable --now containerd.service
systemctl status containerd.service
?
#準(zhǔn)備docker的service文件
cat > /etc/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service docker.socket containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
?
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
?
[Install]
WantedBy=multi-user.target
EOF
?
?
#準(zhǔn)備docker的socket文件
cat > /etc/systemd/system/docker.socket <<EOF
[Unit]
Description=Docker Socket for the API
?
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
?
[Install]
WantedBy=sockets.target
EOF
?
?
#創(chuàng)建docker組
groupadd docker
#啟動(dòng)docker
systemctl enable --now docker.socket  && systemctl enable --now docker.service
#驗(yàn)證
docker info
?
# 配置加速器
mkdir /etc/docker/ -pv
cat >/etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "https://docker.m.daocloud.io",
    "https://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
    },
  "data-root": "/var/lib/docker"
}
EOF
systemctl daemon-reload 
systemctl stop docker
systemctl restart docker

2.安裝cri-docker

# 由于1.24以及更高版本不支持docker所以安裝cri-docker,kubelet可以通過cri-docker間接編排容器
# 下載cri-docker 
# wget  https://mirrors.chenby.cn/https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.3/cri-dockerd-0.3.3.amd64.tgz
?
# 解壓cri-docker
tar xvf cri-dockerd-*.amd64.tgz 
cp -r cri-dockerd/  /usr/bin/
chmod +x /usr/bin/cri-dockerd/cri-dockerd
?
# 寫入啟動(dòng)配置文件
cat >  /usr/lib/systemd/system/cri-docker.service <<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service
Wants=network-online.target
Requires=cri-docker.socket
?
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
?
StartLimitBurst=3
StartLimitInterval=60s
?
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
?
TasksMax=infinity
Delegate=yes
KillMode=process
?
[Install]
WantedBy=multi-user.target
EOF
?
# 寫入socket配置文件
cat > /usr/lib/systemd/system/cri-docker.socket <<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
?
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
?
[Install]
WantedBy=sockets.target
EOF
?
# 進(jìn)行啟動(dòng)cri-docker
systemctl daemon-reload 
systemctl enable cri-docker --now
systemctl restart cri-docker
systemctl status cri-docker

3.調(diào)整kubelet配置，并重啟驗(yàn)證

#注釋掉原來的配置，改為：--container-runtime-endpoint=unix:///run/cri-dockerd.sock \
cat /etc/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
?
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStartPre=/bin/mount -o remount,rw '/sys/fs/cgroup'
ExecStart=/opt/kube/bin/kubelet \
  --config=/var/lib/kubelet/config.yaml \
#  --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
  --container-runtime-endpoint=unix:///run/cri-dockerd.sock \
  --hostname-override=10.10.10.3 \
  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
  --root-dir=/var/lib/kubelet \
  --v=2
Restart=always
RestartSec=5
?
[Install]
WantedBy=multi-user.target
?
systemctl daemon-reload
systemctl restart kubelet
?
# 驗(yàn)證：
[root@10-3 down]# kubectl get node -owide
NAME         STATUS   ROLES    AGE   VERSION    INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                    KERNEL-VERSION                       CONTAINER-RUNTIME
10.10.10.3   Ready    master   26h   v1.27.16   10.10.10.3    <none>        openEuler 22.03 (LTS-SP3)   5.10.0-182.0.0.95.oe2203sp3.x86_64   docker://24.0.5
k8s-node01   Ready    node     8h    v1.27.16   10.10.10.4    <none>        openEuler 22.03 (LTS-SP3)   5.10.0-182.0.0.95.oe2203sp3.x86_64   docker://24.0.5

#刪除節(jié)點(diǎn)上的歷史容器
crictl rm -f `crictl ps -aq`