\u4eceKubernetes 1.24\u7248\u672c\u5f00\u59cb\uff0cDockershim\u88ab\u5e9f\u6b62\uff0c\u9700\u8981\u4f7f\u7528cri\u6765\u53d6\u800c\u4ee3\u4e4b\u3002
\n\u6211\u8ba4\u4e3a\u53ef\u4ee5\u7ee7\u7eed\u4f7f\u7528Docker\u6765\u6784\u5efa\u8986\u76d6\u5728\u4e0a\u9762\u7684\u5bb9\u5668\uff0c\u4f46\u96c6\u7fa4\u9700\u8981\u4f7f\u7528cri-docker\u6216cri-o\u6765\u6784\u5efa\u3002
\n\u987a\u4fbf\u63d0\u4e00\u4e0b\uff0c\u5728\u66f4\u65b0\u4f7f\u7528containerd\u76841.23\u7248\u672c\u65f6\uff0c\u6211\u5c1d\u8bd5\u540c\u65f6\u5f15\u5165cri-o\uff0c\u4f46\u6ca1\u6709\u6210\u529f\u3002\uff08\u4e0d\u77e5\u9053\u539f\u56e0\uff09<\/p>\n
\u8fd9\u6b21\uff0c\u6211\u4eec\u5728Rockey Linux 9\u4e0a\u8fdb\u884c\u4e86\u65b0\u7684\u8bbe\u7f6e\uff0c\u5b89\u88c5\u4e86Kubernetes v1.25.5\u548ccri-o\u3002<\/p>\n
\u4e0d\u4f7f\u7528minikube\u7b49\uff0c\u800c\u662f\u4f7f\u7528kubeadm\u6765\u5728\u670d\u52a1\u5668\u4e0a\u8bbe\u7f6eOreOre\uff08\u81ea\u5b9a\u4e49\uff09\u7684k8s\u73af\u5883\uff0c\u6211\u4eec\u5c06\u6309\u7167\u5b98\u65b9\u6307\u5357\u8fdb\u884c\u64cd\u4f5c\u3002
\nhttps:\/\/kubernetes.io\/ja\/docs\/setup\/independent\/install-kubeadm\/<\/p>\n
[root@localhost tmp]# uname -a\r\nLinux localhost.localdomain 5.14.0-162.6.1.el9_1.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Nov 28 18:44:09 UTC 2022 x86_64 x86_64 x86_64 GNU\/Linux\r\n[root@localhost tmp]# cat \/etc\/os-release \r\nNAME=\"Rocky Linux\"\r\nVERSION=\"9.1 (Blue Onyx)\"\r\nID=\"rocky\"\r\nID_LIKE=\"rhel centos fedora\"\r\nVERSION_ID=\"9.1\"\r\nPLATFORM_ID=\"platform:el9\"\r\nPRETTY_NAME=\"Rocky Linux 9.1 (Blue Onyx)\"\r\nANSI_COLOR=\"0;32\"\r\nLOGO=\"fedora-logo-icon\"\r\nCPE_NAME=\"cpe:\/o:rocky:rocky:9::baseos\"\r\nHOME_URL=\"https:\/\/rockylinux.org\/\"\r\nBUG_REPORT_URL=\"https:\/\/bugs.rockylinux.org\/\"\r\nROCKY_SUPPORT_PRODUCT=\"Rocky-Linux-9\"\r\nROCKY_SUPPORT_PRODUCT_VERSION=\"9.1\"\r\nREDHAT_SUPPORT_PRODUCT=\"Rocky Linux\"\r\nREDHAT_SUPPORT_PRODUCT_VERSION=\"9.1\"\r\n<\/code><\/pre>\n\u7b80\u800c\u8a00\u4e4b<\/h1>\n
\u5efa\u7acb\u6211\u7684K8s\u96c6\u7fa4\uff08\u4e00\u4e2a\u8282\u70b9\uff09\u4ee5\u4fbf\u53ef\u4ee5\u4f7f\u7528kubectl apply\u547d\u4ee4\u3002<\/p>\n
\u64cd\u4f5c\u7cfb\u7edf\u7684\u51c6\u5907<\/h1>\n
\u6211\u4eec\u6309\u7167\u516c\u5f0f\u7684\u6b65\u9aa4\u6765\u8fdb\u884c\u3002<\/p>\n
\u5173\u95ed\u4ea4\u6362<\/h2>\n
\u5728\u5f00\u59cb\u4e4b\u524d\uff0c\u786e\u4fdd\u5c06swap\u5173\u95ed\uff0c\u56e0\u4e3a\u8fd9\u6837\u6307\u5357\u4e2d\u63d0\u5230\u7684\u3002\u4e3a\u4e86\u4fdd\u8bc1kubelet\u6b63\u5e38\u8fd0\u884c\uff0c\u5fc5\u987b\u59cb\u7ec8\u5c06swap\u5173\u95ed\u3002<\/p>\n
[root@localhost tmp]# sudo swapoff -a\r\n[root@localhost tmp]# free -h\r\n total used free shared buff\/cache available\r\nMem: 7.5Gi 1.4Gi 3.9Gi 10Mi 2.5Gi 6.1Gi\r\nSwap: 0B 0B 0B\r\n\r\n<\/code><\/pre>\n\u786e\u8ba4\u901a\u8fc7 sudo swapoff -a\uff0c\u4ea4\u6362\u7a7a\u95f4\u662f\u5426\u5df2\u7ecf\u88ab\u5173\u95ed\u4e86\uff0c\u5373\u53ef\u3002<\/p>\n
\u5176\u4ed6<\/h2>\n
\u5728\u4e2d\u56fd\u53ea\u9700\u8981\u4e00\u4e2a\u9009\u9879\uff0c\u5c06\u4ee5\u4e0b\u5185\u5bb9\u7528\u4e2d\u6587\u8fdb\u884c\u672c\u5730\u5316\uff1a\u6b64\u5916\uff0cMAC\u5730\u5740\u548c\u4e3b\u673a\u540d\u5e94\u8be5\u662f\u552f\u4e00\u7684\uff0c\u5e76\u4e14\u5e94\u8be5\u786e\u8ba4product_uuid\u4e0e\u5176\u4ed6\u670d\u52a1\u5668\u4e0d\u91cd\u590d\uff01\u8bf7\u5141\u8bb8\u9632\u706b\u5899\u4f7f\u7528\u6307\u5b9a\u7aef\u53e3\u3002\u6682\u65f6\u4e3a\u4e86\u6d4b\u8bd5\uff0c\u6211\u5df2\u7ecf\u6267\u884c\u4e86systemctl stop firewalld\u547d\u4ee4\u3002\uff08\u5bf9\u4e8e\u5916\u90e8\u670d\u52a1\u5668\uff0c\u7edd\u5bf9\u4e0d\u8981\u8fd9\u6837\u505a\uff0c\u52a1\u5fc5\u6ce8\u610f\uff09<\/p>\n
\u5b89\u88c5CRI-O<\/h1>\n
\u6211\u5c06\u53c2\u8003\u6b64\u94fe\u63a5\uff0c\u5e76\u8fdb\u884c\u63a8\u8350\u3002<\/p>\n
https:\/\/kubernetes.io\/ja\/docs\/setup\/production-environment\/container-runtimes\/#cri-o<\/p>\n
\u7f51\u7edc\u6865\u63a5\u7684\u8bbe\u7f6e<\/h2>\n
\u6309\u7167\u4e66\u4e0a\u6240\u5199\uff0c\u8fdb\u884c\u590d\u5236\u7c98\u8d34\u3002\u4f7f\u7f51\u7edc\u6570\u636e\u5305\u53ef\u4ee5\u901a\u8fc7\u6865\u63a5\u548c\u8def\u7531\u8fdb\u884c\u8f6c\u53d1\u3002
\nk8s\u4f1a\u5229\u7528iptables\u6765\u8f6c\u53d1\u6570\u636e\u5305\u3002<\/p>\n
cat <<EOF | sudo tee \/etc\/modules-load.d\/k8s.conf\r\noverlay\r\nbr_netfilter\r\nEOF\r\n\r\nsudo modprobe overlay\r\nsudo modprobe br_netfilter\r\n\r\n# sysctl params required by setup, params persist across reboots\r\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\r\nnet.bridge.bridge-nf-call-iptables = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.ipv4.ip_forward = 1\r\nEOF\r\n\r\n# Apply sysctl params without reboot\r\nsudo sysctl --system\r\n<\/code><\/pre>\n\u6dfb\u52a0\u5b58\u50a8\u5e93<\/h2>\n
\u56e0\u4e3aRockey\u6ca1\u6709\u76f8\u5173\u7684\u4ed3\u5e93\uff0c\u6240\u4ee5\u5c06\u4f7f\u7528CentOS_8_Stream\u4f5c\u4e3a\u66ff\u4ee3\u3002\uff08\u4e5f\u8bb8\u6700\u597d\u8fdb\u884c\u6784\u5efa\uff09<\/p>\n
<\/p>\n
export OS=CentOS_8_Stream\r\nexport VERSION=1.25\r\ncurl -L -o \/etc\/yum.repos.d\/devel:kubic:libcontainers:stable.repo https:\/\/download.opensuse.org\/repositories\/devel:\/kubic:\/libcontainers:\/stable\/CentOS_8_Stream\/devel:kubic:libcontainers:stable.repo\r\ncurl -L -o \/etc\/yum.repos.d\/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https:\/\/download.opensuse.org\/repositories\/devel:kubic:libcontainers:stable:cri-o:$VERSION\/$OS\/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo\r\n\r\ndnf install cri-o\r\ndnf install containernetworking-plugins\r\n<\/code><\/pre>\n\u4fee\u6539crio.conf\u6587\u4ef6<\/h2>\n
\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\/etc\/crio\/crio.conf\uff08\u53ef\u4ee5\u5220\u9664\u6ce8\u91ca\uff09<\/p>\n
[crio.runtime.runtimes.runc]\r\nruntime_path = \"\" \r\nruntime_type = \"oci\" \r\nruntime_root = \"\/run\/runc\" \r\n<\/code><\/pre>\n\u8fd0\u884cCri-o\u3002<\/h2>\n
\u6211\u4f1a\u4f7f\u7528systemctl\u6765\u542f\u52a8\u5b83\u3002<\/p>\n
sudo systemctl daemon-reload\r\nsudo systemctl enable crio\r\nsudo systemctl start crio\r\n\r\n[root@k8s-node01 crio]# systemctl status crio\r\n\u25cf crio.service - Container Runtime Interface for OCI (CRI-O)\r\n Loaded: loaded (\/usr\/lib\/systemd\/system\/crio.service; enabled; vendor preset: disabled)\r\n Active: active (running) since Thu 2022-12-15 03:55:24 EST; 5s ago\r\n Docs: https:\/\/github.com\/cri-o\/cri-o\r\n Main PID: 12123 (crio)\r\n Tasks: 28\r\n Memory: 38.2M\r\n CPU: 351ms\r\n CGroup: \/system.slice\/crio.service\r\n \u2514\u250012123 \/usr\/bin\/crio\r\n\r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.006674834-05:00\" level=info msg=\"RDT not available in the host system\" \r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.011036842-05:00\" level=info msg=\"Conmon does support the --sync option\" \r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.011088556-05:00\" level=info msg=\"Conmon does support the --log-global-size-max option\" \r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.018631810-05:00\" level=info msg=\"Found CNI network crio (type=bridge) at \/etc\/cni\/net.d\/100-crio-bridge>\r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.025073153-05:00\" level=info msg=\"Found CNI network 200-loopback.conf (type=loopback) at \/etc\/cni\/net.d\/>\r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.025121761-05:00\" level=info msg=\"Updated default CNI network name to crio\" \r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.044838541-05:00\" level=info msg=\"Serving metrics on :9537 via HTTP\" \r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.045259409-05:00\" level=error msg=\"Writing clean shutdown supported file: open \/var\/lib\/crio\/clean.shutd>\r\nDec 15 03:55:24 k8s-node01.ceres.local crio[12123]: time=\"2022-12-15 03:55:24.045361471-05:00\" level=error msg=\"Failed to sync parent directory of clean shutdown file: open \/var\/lib>\r\nDec 15 03:55:24 k8s-node01.ceres.local systemd[1]: Started Container Runtime Interface for OCI (CRI-O).\r\n<\/code><\/pre>\n\u5b89\u88c5<\/h1>\n
\u53c2\u8003Kubeadm\u3001Kubelet\u548cKubectl\u7684\u5b89\u88c5\uff0c\u6dfb\u52a0Yum\u4ed3\u5e93\u3002<\/p>\n
\u8fd8\u662f\u6309\u7167\u539f\u516c\u5f0f\u6765\u5427\u3002<\/p>\n
cat <<EOF | sudo tee \/etc\/yum.repos.d\/kubernetes.repo\r\n[kubernetes]\r\nname=Kubernetes\r\nbaseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-\\$basearch\r\nenabled=1\r\ngpgcheck=1\r\ngpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg\r\nexclude=kubelet kubeadm kubectl\r\nEOF\r\n\r\n<\/code><\/pre>\n\u4fee\u6539SELinux\u5e76\u8fdb\u884c\u5b89\u88c5\u3002\u5c3d\u7ba1\u5b98\u65b9\u63a8\u8350\u4f7f\u7528yum\u547d\u4ee4\uff0c\u4f46\u4f5c\u4e3aFedora\u7684\u7279\u70b9\uff0c\u6211\u4eec\u9009\u62e9\u4f7f\u7528dnf\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n
# sed -i 's\/^SELINUX=enforcing$\/SELINUX=permissive\/' \/etc\/selinux\/config\r\n# dnf install -y kubelet-1.25.5-0 kubeadm-1.25.5-0 kubectl-1.25.5-0 --disableexcludes=kubernetes\r\nsystemctl enable --now kubelet\r\n<\/code><\/pre>\n\u5b89\u88c5\u5b8c package \u540e\uff0c\u8bf7\u5148\u91cd\u542f\u4e00\u6b21\u3002\u56e0\u4e3a\u6211\u60f3\u8981\u5c06 selinux \u5173\u95ed\u3002<\/p>\n
\u4f7f\u7528kubeadm\u8fdb\u884c\u521d\u59cb\u8bbe\u7f6e\u3002<\/h1>\n
\u4f7f\u7528kubeadm\u521b\u5efa\u4e00\u4e2a\u5355\u4e00\u7684\u63a7\u5236\u9762\u5e73\u9762\u96c6\u7fa4\u3002<\/p>\n
\u7531\u4e8e\u5df2\u7ecf\u8fdb\u884c\u4e86dnf\u66f4\u65b0\u7b49\u64cd\u4f5c\uff0c\u6211\u4eec\u5c06\u8df3\u8fc7\u5b83\u3002<\/p>\n
\u6267\u884ckubeadm init \u3002 \u4e2d\u53ef\u4ee5\u8f93\u5165\u9009\u9879\u3002\u7531\u4e8e\u5c06\u4f7f\u7528Calico\u5bb9\u5668\u7f51\u7edc\u63d2\u4ef6\uff0c\u56e0\u6b64\u6dfb\u52a0–pod-network-cidr=10.244.0.0\/16\u3002\u4e5f\u53ef\u4ee5\u66f4\u6539\u540e\u9762\u63d0\u5230\u7684Calico\u65b9\u9762\u7684\u6e05\u5355\u6587\u4ef6\u3002<\/p>\n
<\/p>\n
[root@localhost ~]# kubeadm init --pod-network-cidr=10.244.0.0\/16\r\nI0119 02:55:04.007666 12858 version.go:256] remote version is much newer: v1.26.1; falling back to: stable-1.25\r\n[init] Using Kubernetes version: v1.25.6\r\n[preflight] Running pre-flight checks\r\n [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly\r\n [WARNING SystemVerification]: missing optional cgroups: blkio\r\n[preflight] Pulling images required for setting up a Kubernetes cluster\r\n[preflight] This might take a minute or two, depending on the speed of your internet connection\r\n[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'\r\n[certs] Using certificateDir folder \"\/etc\/kubernetes\/pki\"\r\n[certs] Generating \"ca\" certificate and key\r\n[certs] Generating \"apiserver\" certificate and key\r\n[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local localhost.localdomain] and IPs [10.96.0.1 172.xx.12.62]\r\n[certs] Generating \"apiserver-kubelet-client\" certificate and key\r\n[certs] Generating \"front-proxy-ca\" certificate and key\r\n[certs] Generating \"front-proxy-client\" certificate and key\r\n[certs] Generating \"etcd\/ca\" certificate and key\r\n[certs] Generating \"etcd\/server\" certificate and key\r\n[certs] etcd\/server serving cert is signed for DNS names [localhost localhost.localdomain] and IPs [172.xx.12.62 127.0.0.1 ::1]\r\n[certs] Generating \"etcd\/peer\" certificate and key\r\n[certs] etcd\/peer serving cert is signed for DNS names [localhost localhost.localdomain] and IPs [172.xx.12.62 127.0.0.1 ::1]\r\n[certs] Generating \"etcd\/healthcheck-client\" certificate and key\r\n[certs] Generating \"apiserver-etcd-client\" certificate and key\r\n[certs] Generating \"sa\" key and public key\r\n[kubeconfig] Using kubeconfig folder \"\/etc\/kubernetes\"\r\n[kubeconfig] Writing \"admin.conf\" kubeconfig file\r\n[kubeconfig] Writing \"kubelet.conf\" kubeconfig file\r\n[kubeconfig] Writing \"controller-manager.conf\" kubeconfig file\r\n[kubeconfig] Writing \"scheduler.conf\" kubeconfig file\r\n[kubelet-start] Writing kubelet environment file with flags to file \"\/var\/lib\/kubelet\/kubeadm-flags.env\"\r\n[kubelet-start] Writing kubelet configuration to file \"\/var\/lib\/kubelet\/config.yaml\"\r\n[kubelet-start] Starting the kubelet\r\n[control-plane] Using manifest folder \"\/etc\/kubernetes\/manifests\"\r\n[control-plane] Creating static Pod manifest for \"kube-apiserver\"\r\n[control-plane] Creating static Pod manifest for \"kube-controller-manager\"\r\n[control-plane] Creating static Pod manifest for \"kube-scheduler\"\r\n[etcd] Creating static Pod manifest for local etcd in \"\/etc\/kubernetes\/manifests\"\r\n[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory \"\/etc\/kubernetes\/manifests\". This can take up to 4m0s\r\n[apiclient] All control plane components are healthy after 17.501654 seconds\r\n[upload-config] Storing the configuration used in ConfigMap \"kubeadm-config\" in the \"kube-system\" Namespace\r\n[kubelet] Creating a ConfigMap \"kubelet-config\" in namespace kube-system with the configuration for the kubelets in the cluster\r\n[upload-certs] Skipping phase. Please see --upload-certs\r\n[mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the labels: [node-role.kubernetes.io\/control-plane node.kubernetes.io\/exclude-from-external-load-balancers]\r\n[mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the taints [node-role.kubernetes.io\/control-plane:NoSchedule]\r\n[bootstrap-token] Using token: 815j1e.wy5xkrhs0fkwkkcx\r\n[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles\r\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes\r\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials\r\n[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token\r\n[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster\r\n[bootstrap-token] Creating the \"cluster-info\" ConfigMap in the \"kube-public\" namespace\r\n[kubelet-finalize] Updating \"\/etc\/kubernetes\/kubelet.conf\" to point to a rotatable kubelet client certificate and key\r\n[addons] Applied essential addon: CoreDNS\r\n[addons] Applied essential addon: kube-proxy\r\n\r\nYour Kubernetes control-plane has initialized successfully!\r\n\r\nTo start using your cluster, you need to run the following as a regular user:\r\n\r\n mkdir -p $HOME\/.kube\r\n sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\r\n sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\r\n\r\nAlternatively, if you are the root user, you can run:\r\n\r\n export KUBECONFIG=\/etc\/kubernetes\/admin.conf\r\n\r\nYou should now deploy a pod network to the cluster.\r\nRun \"kubectl apply -f [podnetwork].yaml\" with one of the options listed at:\r\n https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\r\n\r\nThen you can join any number of worker nodes by running the following on each as root:\r\n\r\nkubeadm join 172.xx.12.62:6443 --token 815j1e.wy5xkrhs0fkwkkcx \\\r\n --discovery-token-ca-cert-hash sha256:88abcd03f98035ef780d5a2455d89c6a3c8fc860bf2baf285396a78e349499f2 \r\n<\/code><\/pre>\n\u5982\u4e0a\u6240\u8ff0\uff0c\u5c06\u914d\u7f6e\u6587\u4ef6\u79fb\u5230\u4e3b\u76ee\u5f55\u3002<\/p>\n
# mkdir -p $HOME\/.kube\r\n# cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\r\n# chown $(id -u):$(id -g) $HOME\/.kube\/config\r\n# cat ~\/.kube\/config\r\napiVersion: v1\r\nclusters:\r\n- cluster:\r\n certificate-authority-data: \u306a\u304c\u3044\r\n server: https:\/\/172.xx.12.62:6443\r\n name: kubernetes\r\ncontexts:\r\n- context:\r\n cluster: kubernetes\r\n user: kubernetes-admin\r\n name: kubernetes-admin@kubernetes\r\ncurrent-context: kubernetes-admin@kubernetes\r\nkind: Config\r\npreferences: {}\r\nusers:\r\n- name: kubernetes-admin\r\n user:\r\n client-certificate-data: \u306a\u304c\u3044\r\n client-key-data: \u306a\u304c\u3044\r\n<\/code><\/pre>\n\u6211\u5e0c\u671b\u8fd9\u6837\u4f60\u5c31\u53ef\u4ee5\u901a\u8fc7kubectl\u6765\u770b\u4e86\u3002<\/p>\n
[root@localhost lib]# kubectl get all -A\r\nNAMESPACE NAME READY STATUS RESTARTS AGE\r\nkube-system pod\/coredns-565d847f94-b9p5t 0\/1 Pending 0 38s\r\nkube-system pod\/coredns-565d847f94-tm6lw 0\/1 Pending 0 38s\r\nkube-system pod\/etcd-localhost.localdomain 1\/1 Running 2 52s\r\nkube-system pod\/kube-apiserver-localhost.localdomain 1\/1 Running 2 54s\r\nkube-system pod\/kube-controller-manager-localhost.localdomain 1\/1 Running 2 53s\r\nkube-system pod\/kube-proxy-64t26 1\/1 Running 0 38s\r\nkube-system pod\/kube-scheduler-localhost.localdomain 1\/1 Running 2 52s\r\n\r\nNAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\r\ndefault service\/kubernetes ClusterIP 10.96.0.1 <none> 443\/TCP 54s\r\nkube-system service\/kube-dns ClusterIP 10.96.0.10 <none> 53\/UDP,53\/TCP,9153\/TCP 53s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\r\nkube-system daemonset.apps\/kube-proxy 1 1 1 1 1 kubernetes.io\/os=linux 53s\r\n\r\nNAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE\r\nkube-system deployment.apps\/coredns 0\/2 2 0 53s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY AGE\r\nkube-system replicaset.apps\/coredns-565d847f94 2 2 0 39s\r\n<\/code><\/pre>\n\u76ee\u524d\u9636\u6bb5\uff0ccoredns\u7684pod\u65e0\u6cd5\u8fd0\u884c\u3002<\/p>\n
CNI\u7684\u8bbe\u7f6e<\/h1>\n
\u4e3a\u4e86\u5c06Pod\u4e4b\u95f4\u7684\u7f51\u7edc\u8fde\u63a5\u8d77\u6765\uff0c\u9700\u8981\u4f7f\u7528\u63d2\u4ef6\u5b89\u88c5Calico\u3002\u6709\u51e0\u79cd\u7c7b\u578b\u7684\u63d2\u4ef6\u53ef\u4ee5\u9009\u62e9\uff0c\u5176\u4e2d\u4e00\u79cd\u662f\u5bb9\u5668\u7f51\u7edc\u63a5\u53e3\uff08CNI\uff09\u7684\u7f29\u5199\u3002<\/p>\n
<\/p>\n
\u5982\u679c\u6309\u7167\u8fd9\u4e2a\u6b65\u9aa4\u6765\u505a\uff0c\u5c31\u53ef\u4ee5\u4e86\u3002
\nhttps:\/\/projectcalico.docs.tigera.io\/getting-started\/kubernetes\/self-managed-onprem\/onpremises
\n\u6709\u4e24\u79cd\u65b9\u6cd5\u53ef\u4ee5\u52a0\u8f7dmanifest\uff0c\u4e00\u79cd\u662f\u76f4\u63a5\u8bfb\u53d6\uff0c\u4e00\u79cd\u662f\u7531operator\u7684pod\u6267\u884c\uff0c\u4f46\u8fd9\u6b21\u4f7f\u7528\u524d\u8005\u65b9\u6cd5\u3002<\/p>\n
\u203b2023\/04\/11 \u4f7f\u7528 tigera-operator.yaml \u6587\u4ef6\u7684\u65b9\u6cd5\u4e5f\u6ca1\u6709\u95ee\u9898\u3002\u6211\u4eec\u5c06\u5728 custom-resources.yaml \u6587\u4ef6\u4e2d\u8bbe\u7f6e ipPools\u3002calico \u7248\u672c\u4e3a v3.25.1\uff0ck8s \u7248\u672c\u4e3a v1.26.3\u3002<\/p>\n
\u6709\u4e00\u79cd\u540d\u4e3a”canal”\u7684\u7ec4\u5408\uff0c\u5b83\u7ed3\u5408\u4e86calico\u548cFlannel\u3002\u4f46\u662f\u7531\u4e8ecalico\u5df2\u7ecf\u5185\u7f6e\u4e86VXLAN\u529f\u80fd\uff0c\u9664\u975e\u6709\u7279\u6b8a\u7406\u7531\uff0c\u5426\u5219\u4e0d\u9700\u8981\u4f7f\u7528\u5b83\u3002<\/p>\n
\u5361\u91cc\u79d1.yaml<\/h2>\n
\u9700\u8981\u4e0b\u8f7d calico.yaml \u5e76\u7f16\u8f91 CIDR \u90e8\u5206\u3002
\n\u6211\u8bb0\u5f97\u4ee5\u524d\u7684\u4f8b\u5b50\u4e2d\u5199\u7684\u662f 10.244.0.0\/16\uff0c\u4f46\u73b0\u5728\u53d8\u6210\u4e86 192.168.0.0\/16\uff0c\u6240\u4ee5\u6211\u8981\u4e0b\u8f7d\u5e76\u7f16\u8f91\u5b83\u3002<\/p>\n
# curl https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.25.0\/manifests\/calico.yaml -O\r\n<\/code><\/pre>\n\u53d6\u6d88\u6ce8\u91ca\u4e2d\u7684CALICO_IPV4POOL_CIDR\uff0c\u5e76\u5c06\u5176\u4ece192.168.0.0\/16\u66f4\u6539\u4e3a10.244.0.0\/16\u3002<\/p>\n
# The default IPv4 pool to create on startup if none exists. Pod IPs will be\r\n # chosen from this range. Changing this value after installation will have\r\n # no effect. This should fall within `--cluster-cidr`.\r\n # - name: CALICO_IPV4POOL_CIDR\r\n # value: \"192.168.0.0\/16\"\r\n<\/code><\/pre>\n\u5c06\u5176\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u8fdb\u884c\u3002<\/p>\n
# The default IPv4 pool to create on startup if none exists. Pod IPs will be\r\n # chosen from this range. Changing this value after installation will have\r\n # no effect. This should fall within `--cluster-cidr`.\r\n - name: CALICO_IPV4POOL_CIDR\r\n value: \"10.244.0.0\/16\"\r\n<\/code><\/pre>\n\u5e94\u7528\u7f16\u8f91\u8fc7\u7684\u5ba3\u8a00\u3002<\/p>\n
[root@localhost ~]# kubectl apply -f .\/calico.yaml\r\npoddisruptionbudget.policy\/calico-kube-controllers created\r\nserviceaccount\/calico-kube-controllers created\r\nserviceaccount\/calico-node created\r\nconfigmap\/calico-config created\r\ncustomresourcedefinition.apiextensions.k8s.io\/bgpconfigurations.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/bgppeers.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/blockaffinities.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/caliconodestatuses.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/clusterinformations.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/felixconfigurations.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/globalnetworkpolicies.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/globalnetworksets.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/hostendpoints.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/ipamblocks.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/ipamconfigs.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/ipamhandles.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/ippools.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/ipreservations.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/kubecontrollersconfigurations.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/networkpolicies.crd.projectcalico.org created\r\ncustomresourcedefinition.apiextensions.k8s.io\/networksets.crd.projectcalico.org created\r\nclusterrole.rbac.authorization.k8s.io\/calico-kube-controllers created\r\nclusterrole.rbac.authorization.k8s.io\/calico-node created\r\nclusterrolebinding.rbac.authorization.k8s.io\/calico-kube-controllers created\r\nclusterrolebinding.rbac.authorization.k8s.io\/calico-node created\r\ndaemonset.apps\/calico-node created\r\ndeployment.apps\/calico-kube-controllers created\r\n<\/code><\/pre>\n\u6b63\u5728\u5236\u4f5c\u4e2d\u3002<\/p>\n
[root@localhost ~]# kubectl get all -A\r\nNAMESPACE NAME READY STATUS RESTARTS AGE\r\nkube-system pod\/calico-kube-controllers-74677b4c5f-7mm8p 0\/1 ContainerCreating 0 17s\r\nkube-system pod\/calico-node-bpznj 0\/1 Init:2\/3 0 17s\r\nkube-system pod\/coredns-565d847f94-b9p5t 0\/1 ContainerCreating 0 8m51s\r\nkube-system pod\/coredns-565d847f94-tm6lw 0\/1 ContainerCreating 0 8m51s\r\nkube-system pod\/etcd-localhost.localdomain 1\/1 Running 2 9m5s\r\nkube-system pod\/kube-apiserver-localhost.localdomain 1\/1 Running 2 9m7s\r\nkube-system pod\/kube-controller-manager-localhost.localdomain 1\/1 Running 2 9m6s\r\nkube-system pod\/kube-proxy-64t26 1\/1 Running 0 8m51s\r\nkube-system pod\/kube-scheduler-localhost.localdomain 1\/1 Running 2 9m5s\r\n\r\nNAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\r\ndefault service\/kubernetes ClusterIP 10.96.0.1 <none> 443\/TCP 9m7s\r\nkube-system service\/kube-dns ClusterIP 10.96.0.10 <none> 53\/UDP,53\/TCP,9153\/TCP 9m6s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\r\nkube-system daemonset.apps\/calico-node 1 1 0 1 0 kubernetes.io\/os=linux 17s\r\nkube-system daemonset.apps\/kube-proxy 1 1 1 1 1 kubernetes.io\/os=linux 9m6s\r\n\r\nNAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE\r\nkube-system deployment.apps\/calico-kube-controllers 0\/1 1 0 17s\r\nkube-system deployment.apps\/coredns 0\/2 2 0 9m6s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY AGE\r\nkube-system replicaset.apps\/calico-kube-controllers-74677b4c5f 1 1 0 17s\r\nkube-system replicaset.apps\/coredns-565d847f94 2 2 0 8m52s\r\n<\/code><\/pre>\n\u6240\u6709\u7684pod\u90fd\u4f1a\u53d8\u4e3arunning\u72b6\u6001\u3002<\/p>\n
[root@localhost ~]# kubectl get all -A\r\nNAMESPACE NAME READY STATUS RESTARTS AGE\r\nkube-system pod\/calico-kube-controllers-74677b4c5f-7mm8p 1\/1 Running 0 45s\r\nkube-system pod\/calico-node-bpznj 1\/1 Running 0 45s\r\nkube-system pod\/coredns-565d847f94-b9p5t 1\/1 Running 0 9m19s\r\nkube-system pod\/coredns-565d847f94-tm6lw 1\/1 Running 0 9m19s\r\nkube-system pod\/etcd-localhost.localdomain 1\/1 Running 2 9m33s\r\nkube-system pod\/kube-apiserver-localhost.localdomain 1\/1 Running 2 9m35s\r\nkube-system pod\/kube-controller-manager-localhost.localdomain 1\/1 Running 2 9m34s\r\nkube-system pod\/kube-proxy-64t26 1\/1 Running 0 9m19s\r\nkube-system pod\/kube-scheduler-localhost.localdomain 1\/1 Running 2 9m33s\r\n\r\nNAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\r\ndefault service\/kubernetes ClusterIP 10.96.0.1 <none> 443\/TCP 9m35s\r\nkube-system service\/kube-dns ClusterIP 10.96.0.10 <none> 53\/UDP,53\/TCP,9153\/TCP 9m34s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\r\nkube-system daemonset.apps\/calico-node 1 1 1 1 1 kubernetes.io\/os=linux 45s\r\nkube-system daemonset.apps\/kube-proxy 1 1 1 1 1 kubernetes.io\/os=linux 9m34s\r\n\r\nNAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE\r\nkube-system deployment.apps\/calico-kube-controllers 1\/1 1 1 45s\r\nkube-system deployment.apps\/coredns 2\/2 2 2 9m34s\r\n\r\nNAMESPACE NAME DESIRED CURRENT READY AGE\r\nkube-system replicaset.apps\/calico-kube-controllers-74677b4c5f 1 1 1 45s\r\nkube-system replicaset.apps\/coredns-565d847f94 2 2 2 9m20s\r\n<\/code><\/pre>\n\u505a\u597d\u4e86\u3002<\/p>\n
\u5f53\u8fd0\u884c”ip a”\u547d\u4ee4\u65f6\uff0c\u53ef\u4ee5\u770b\u5230NIC\u589e\u52a0\u4e86\u3002\u5176\u4e2d\u7684”tunl0″\u548c”cali”\u662f\u5b83\u4eec\u3002<\/p>\n
[root@localhost etc]# ip a\r\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\r\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\r\n inet 127.0.0.1\/8 scope host lo\r\n valid_lft forever preferred_lft forever\r\n inet6 ::1\/128 scope host \r\n valid_lft forever preferred_lft forever\r\n2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\r\n link\/ether 52:54:00:ae:20:df brd ff:ff:ff:ff:ff:ff\r\n inet 172.xx.12.62\/24 brd 172.xx.12.255 scope global noprefixroute enp1s0\r\n valid_lft forever preferred_lft forever\r\n inet6 fe80::5054:ff:feae:20df\/64 scope link \r\n valid_lft forever preferred_lft forever\r\n3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000\r\n link\/ipip 0.0.0.0 brd 0.0.0.0\r\n inet 10.244.102.128\/32 scope global tunl0\r\n valid_lft forever preferred_lft forever\r\n6: cali9cc271e60ca@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1480 qdisc noqueue state UP group default \r\n link\/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns 38b565cd-5099-43f6-a21e-82ccd68eda6c\r\n inet6 fe80::ecee:eeff:feee:eeee\/64 scope link \r\n valid_lft forever preferred_lft forever\r\n7: cali015e1fca632@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1480 qdisc noqueue state UP group default \r\n link\/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns 86d781d2-7ad6-4f84-9a1b-febd17732b48\r\n inet6 fe80::ecee:eeff:feee:eeee\/64 scope link \r\n valid_lft forever preferred_lft forever\r\n8: cali2db521aeade@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1480 qdisc noqueue state UP group default \r\n link\/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns c1ac37af-9a8d-45a0-93ae-4f6a0cdda07f\r\n inet6 fe80::ecee:eeff:feee:eeee\/64 scope link \r\n valid_lft forever preferred_lft forever\r\n<\/code><\/pre>\n\u5982\u679c\u8981\u5728\u63a7\u5236\u5e73\u9762\u4e0a\u8fd0\u884cPod\uff0c\u9700\u8981\u6e05\u9664\u8282\u70b9\u7684\u6c61\u70b9\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u8c03\u5ea6Pod\u3002\uff08\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u63a7\u5236\u5e73\u9762\u4e0a\u65e0\u6cd5\u8fd0\u884cPod\u3002\uff09<\/p>\n
[root@localhost ~]# kubectl taint nodes --all node-role.kubernetes.io\/control-plane-\r\nnode\/localhost.localdomain untainted\r\n<\/code><\/pre>\n\u786e\u8ba4\u52a8\u4f5c<\/h1>\n
\u6211\u5c06\u5c1d\u8bd5\u90e8\u7f72Nginx\u3002<\/p>\n
cat <<EOF | kubectl apply -f -\r\nkind: Deployment\r\napiVersion: apps\/v1\r\nmetadata:\r\n name: nginx-test\r\nspec:\r\n replicas: 1\r\n selector:\r\n matchLabels:\r\n app: nginx-test\r\n template:\r\n metadata:\r\n labels:\r\n app: nginx-test\r\n spec:\r\n containers:\r\n - args:\r\n image: nginx:latest\r\n imagePullPolicy: IfNotPresent\r\n name: nginx-test\r\n ports:\r\n - containerPort: 80\r\n protocol: TCP\r\n\r\n---\r\nkind: Service\r\napiVersion: v1\r\nmetadata:\r\n name: nginx-test-svc\r\nspec:\r\n ports:\r\n - name: \"http-port\"\r\n protocol: TCP\r\n port: 8080\r\n targetPort: 80\r\n selector:\r\n app: nginx-test\r\n\r\nEOF\r\ndeployment.apps\/nginx-test created\r\nservice\/nginx-test-svc created\r\n<\/code><\/pre>\n\u5b8c\u6210\u4e86\u3002<\/p>\n
[root@localhost ~]# kubectl get all \r\nNAME READY STATUS RESTARTS AGE\r\npod\/nginx-test-54cdc496f7-zbg6p 1\/1 Running 0 40s\r\n\r\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\r\nservice\/kubernetes ClusterIP 10.96.0.1 <none> 443\/TCP 17m\r\nservice\/nginx-test-svc ClusterIP 10.96.28.133 <none> 8080\/TCP 5m45s\r\n\r\nNAME READY UP-TO-DATE AVAILABLE AGE\r\ndeployment.apps\/nginx-test 1\/1 1 1 5m45s\r\n\r\nNAME DESIRED CURRENT READY AGE\r\nreplicaset.apps\/nginx-test-54cdc496f7 1 1 1 40s\r\nreplicaset.apps\/nginx-test-64d5bd95d7 0 0 0 5m45s\r\n<\/code><\/pre>\n\u786e\u8ba4<\/p>\n
[murata@localhost ~]$ curl 10.96.28.133:8080 -I\r\nHTTP\/1.1 200 OK\r\nServer: nginx\/1.23.3\r\nDate: Thu, 19 Jan 2023 09:41:05 GMT\r\nContent-Type: text\/html\r\nContent-Length: 615\r\nLast-Modified: Tue, 13 Dec 2022 15:53:53 GMT\r\nConnection: keep-alive\r\nETag: \"6398a011-267\"\r\nAccept-Ranges: bytes\r\n<\/code><\/pre>\n\u80fd\u591f\u6b63\u786e\u5730\u63a5\u6536\u5230\u54cd\u5e94\u3002<\/p>\n
\u7d50\u8ad6\u3002<\/h1>\n
\u7531\u4e8e\u8fd8\u6ca1\u6709\u8bbe\u7f6eIngress\uff08\u8d1f\u8f7d\u5747\u8861\u5668\uff09\uff0c\u6240\u4ee5\u65e0\u6cd5\u4ece\u5916\u90e8\u8fdb\u884c\u901a\u4fe1\uff0c\u4f46\u4f7f\u7528kubeadm\u8fdb\u884c\u6784\u5efa\u4f1a\u662f\u8fd9\u6837\u7684\u3002\u5f53\u5411\u96c6\u7fa4\u6dfb\u52a0\u8282\u70b9\uff08\u670d\u52a1\u5668\uff09\u65f6\uff0c\u53ea\u9700\u8fd0\u884ckubeadm join\u547d\u4ee4\uff0c\u5b83\u4f1a\u81ea\u52a8\u8fde\u63a5\u4e0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4eceKubernetes 1.24\u7248\u672c\u5f00\u59cb\uff0cDockershim\u88ab\u5e9f\u6b62\uff0c\u9700\u8981\u4f7f\u7528cri\u6765\u53d6\u800c\u4ee3\u4e4b\u3002 \u6211\u8ba4\u4e3a\u53ef\u4ee5\u7ee7 […]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36117","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528-kubeadm-\u5e73\u53f0\u642d\u5efa-cri-o-\u7248\u672c\u7684-k8s-\u96c6\u7fa4\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4\" \/>\n<meta property=\"og:description\" content=\"\u4eceKubernetes 1.24\u7248\u672c\u5f00\u59cb\uff0cDockershim\u88ab\u5e9f\u6b62\uff0c\u9700\u8981\u4f7f\u7528cri\u6765\u53d6\u800c\u4ee3\u4e4b\u3002 \u6211\u8ba4\u4e3a\u53ef\u4ee5\u7ee7 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528-kubeadm-\u5e73\u53f0\u642d\u5efa-cri-o-\u7248\u672c\u7684-k8s-\u96c6\u7fa4\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-07T11:40:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-04T03:33:47+00:00\" \/>\n<meta name=\"author\" content=\"\u96c5, \u609f\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u96c5, \u609f\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/\",\"name\":\"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-10-07T11:40:33+00:00\",\"dateModified\":\"2024-05-04T03:33:47+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6\",\"name\":\"\u96c5, \u609f\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g\",\"caption\":\"\u96c5, \u609f\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yawu\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528-kubeadm-\u5e73\u53f0\u642d\u5efa-cri-o-\u7248\u672c\u7684-k8s-\u96c6\u7fa4\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4","og_description":"\u4eceKubernetes 1.24\u7248\u672c\u5f00\u59cb\uff0cDockershim\u88ab\u5e9f\u6b62\uff0c\u9700\u8981\u4f7f\u7528cri\u6765\u53d6\u800c\u4ee3\u4e4b\u3002 \u6211\u8ba4\u4e3a\u53ef\u4ee5\u7ee7 […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528-kubeadm-\u5e73\u53f0\u642d\u5efa-cri-o-\u7248\u672c\u7684-k8s-\u96c6\u7fa4\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-10-07T11:40:33+00:00","article_modified_time":"2024-05-04T03:33:47+00:00","author":"\u96c5, \u609f","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u96c5, \u609f","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"14 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/","name":"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-10-07T11:40:33+00:00","dateModified":"2024-05-04T03:33:47+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528 kubeadm \u5e73\u53f0\u642d\u5efa CRI-O \u7248\u672c\u7684 k8s \u96c6\u7fa4"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/f044a4b7fa4ee2701702942002419ca6","name":"\u96c5, \u609f","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e71a913e914f1aad1efc391f92084294bac54bc782acd289638580134cf667a6?s=96&d=mm&r=g","caption":"\u96c5, \u609f"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yawu\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8-kubeadm-%e5%b9%b3%e5%8f%b0%e6%90%ad%e5%bb%ba-cri-o-%e7%89%88%e6%9c%ac%e7%9a%84-k8s-%e9%9b%86%e7%be%a4%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36117"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36117\/revisions"}],"predecessor-version":[{"id":98077,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36117\/revisions\/98077"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}