AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : notes_client_ftp_lftp notes_sed_grep_regex notes_varnish notes_cloud_aws_-_ansible notes_xorg notes_kubernetes_k8s_-_securite notes_logrotate notes_stockage notes_debmirror notes_containerd_et_cri
tech:notes_containerd_et_cri

Ceci est une ancienne révision du document !

Table des matières

, ,

Notes Containerd et CRI

Install

Voir :

CRI ctr crictl

Voir : 

sudo ctr containers ls
sudo ctr -n k8s.io containers ls
$ sudo crictl ps --label=io.kubernetes.container.name=etcd
WARN[0000] runtime connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
WARN[0000] image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
CONTAINER           IMAGE               CREATED             STATE               NAME                ATTEMPT             POD ID              POD
26ad6c508d95f       2e96e5913fc06       53 minutes ago      Running             etcd                3                   7adfdae770dbc       etcd-vmdeb01.local
$ sudo ctr -n k8s.io containers ls |grep etcd
26ad6c508d95f60c42468e683334b01ac46a983d0dc145f05c50e94fb27ab2a4    registry.k8s.io/etcd:3.5.15-0                      io.containerd.runc.v2    
e2deef7ab12b892a88ec02e1b4956617a95bc2418ebd05d9112d650b4a6827a4    registry.k8s.io/etcd:3.5.15-0                      io.containerd.runc.v2 

$ sudo crictl inspect 26ad6c508d95f60c42468e683334b01ac46a983d0dc145f05c50e94fb27ab2a4 2>/dev/null | jq '.status.state' 
"CONTAINER_RUNNING"
$ sudo crictl inspect e2deef7ab12b892a88ec02e1b4956617a95bc2418ebd05d9112d650b4a6827a4 2>/dev/null | jq '.status.state'
"CONTAINER_EXITED"
$ sudo crictl pods --name etcd
WARN[0000] runtime connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
POD ID              CREATED             STATE               NAME                 NAMESPACE           ATTEMPT             RUNTIME
7adfdae770dbc       About an hour ago   Ready               etcd-vmdeb01.local   kube-system         1                   (default)
d258693e868f9       21 hours ago        NotReady            etcd-vmdeb01.local   kube-system         0                   (default)
sudo crictl pods --name etcd -o yaml
 
# list pods by label
$ crictl pods --label component=kube-apiserver
 
# get the latest pod
$ crictl pods --latest
 
crictl logs 87d3992f84f74

Pb

Pb Kubeadm 1

root@vmdeb02:~# kubeadm init
[init] Using Kubernetes version: v1.29.0
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR CRI]: container runtime is not running: output: time="2023-12-19T04:03:10-06:00" level=fatal msg="validate service connection: validate CRI v1 runtime API for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

Et / ou 

# systemctl status containerd.service
Sep 10 09:35:34 vmdeb01 containerd[18699]: time="2024-09-10T09:35:34.364662398Z" level=error msg="copy shim log" error="read /proc/self/fd/17: file already closed" namespace=k8s.io

Solution

/etc/containerd/config.toml
#disabled_plugins = ["cri"]
disabled_plugins = []

Et 

systemctl restart containerd.service

Voir 

zcat /usr/share/man/man5/containerd-config.toml.5.gz |sed -ne '/\.EX/,/\.EE/p' > /etc/containerd/config.toml.exemple1
containerd config default > /etc/containerd/config.toml.exemple2
/etc/containerd/config.toml
disabled_plugins = [""]
 
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
 
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
 
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"
 
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

Voir https://k8s.myprivatelab.tech/deploiement_serveur_kubernetes_v2

Autres

zcat /usr/share/man/man5/containerd-config.toml.5.gz |sed -ne '/\.EX/,/\.EE/p' > /etc/containerd/config.toml.exemple

En cas de Pb désactiver Faut-il désactiver AppArmor / SELinux

Désactiver AppArmor 

systemctl disable --now apparmor
tech/notes_containerd_et_cri.1742825205.txt.gz · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki