Who needs Docker to run K8S? I don't.
It's quite simple to setup, and brings additional benefits, including hassle-free upgrades for k8s 1.20+, which recently announced dropping a support for Docker.
Lets start from a quick guide.
Install CRI-ContainerD
cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# Setup required sysctl params, these persist across reboots.
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
export VERSION=1.4.1
curl -LO https://github.com/containerd/containerd/releases/download/v${VERSION}/cri-containerd-cni-${VERSION}-linux-amd64.tar.gz
sudo tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${VERSION}-linux-amd64.tar.gz
sudo mkdir -p /etc/containerd/
containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl enable --now containerd
sudo systemctl status containerd
crictl versionInstall Kubernetes
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
# KubeADM to create cluster;
kubeadm init
# update kubeconfig
rm -rf .kube/
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Apply networking plugin. I use weave
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
# Untaint master
kubectl taint nodes --all node-role.kubernetes.io/master-Persistent storage: (Poor mans single node version)
kubectl create -f https://raw.githubusercontent.com/xor22h/hostpath-provisioner/master/manifests/rbac.yaml
kubectl create -f https://raw.githubusercontent.com/xor22h/hostpath-provisioner/master/manifests/deployment.yaml
kubectl create -f https://raw.githubusercontent.com/xor22h/hostpath-provisioner/master/manifests/storageclass.yamlPrepare HELM:
curl -LO https://get.helm.sh/helm-v3.2.2-linux-amd64.tar.gz
tar -xvzf helm-v3.2.2-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
chmod +x /usr/local/bin/helm
helm repo add stable https://kubernetes-charts.storage.googleapis.com
# Metrics (kubectl top support)
helm upgrade --install metrics --namespace=kube-system stable/metrics-server --set args="{--v=2,--kubelet-insecure-tls=true,--kubelet-preferred-address-types=InternalIP,--metric-resolution=10s}"Add NGINX / CertManager
# Some variables
export EMAIL=admin@xor22h.net
# Install CertManager
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.0.1 \
--set installCRDs=true
echo -e "apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ${EMAIL}
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx" | kubectl apply -f -
# Install nginx-ingress-controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm upgrade --install --namespace kube-system nginx ingress-nginx/ingress-nginx --set controller.stats.enabled=true,controller.metrics.enabled=true,controller.hostNetwork=true,controller.kind=DaemonSet,controller.service.type=ClusterIPThese steps covers basic daily needs.
Why using this way?
- Updating ContainerD doesn't require to restart all running containers. With a Docker thats a main problem for me.
- ContainerD cli (crictl) offers a very easy way to remove unused images.
crictl rmi --pruneis everything you need. - Works well with K8S 1.20+