容器运行时 CRI-O 安装说明
李利
参考:容器运行时 笔记 / CRI-O / CRI-O 安装说明
CRI-O 是一个基于开放容器计划(Open Container Initiative (OCI))的 Kubernetes 容器运行时接口(Kubernetes Container Runtime Interface (CRI))
本文的环境为 Linux 操作系统
1 安装 CRI-O 的打包版本
CRI-O 用 openSUSE 的 OBS 为本地包管理器构建
1.1 支持的版本
CRI-O 遵循 Kubernetes 的 3 个次要版本的支持周期
CRI-O 还尝试为以下操作系统打包:
Fedora 31+
openSUSE
CentOS 8
CentOS 8 Stream
CentOS 7
Debian Unstable
Debian Testing
Debian 10
Debian 11
Rasbian 10
xUbuntu 22.04
xUbuntu 21.10
xUbuntu 20.04
xUbuntu 18.041234567891011121314要安装 CRI-O,请为操作系统选择支持的版本
然后将其导出为变量(供后边的命令使用),如: export VERSION=1.19
发行版还被保存为子项目
例如想使用 1.19.1,可以设置: export VERSION=1.19:1.19.1
1.2 安装说明
1.2.1 openSUSE
$. sudo zypperinstall cri-o1.2.2 Fedora 31 或更新的版本
$. sudo dnf module enable cri-o:$VERSION
$. sudo dnf install cri-o对于 Fedora,只支持设置次版本,即:VERSION=1.18,不支持设置补丁版本: VERSION=1.18.3
注意:从 1.24.0 开始, cri-o 包不再依赖 containernetworking-plugins 包
删除此依赖项允许用户在不删除文件的情况下就能安装自己的 CNI 插件
如果想要使用以前提供的那些 CNI 插件,还应运行:
sudo dnf install containernetworking-plugins1.2.3 其它基于 yum 的操作系统
要安装在以下操作系统上,请将环境变量 $OS 设置为下表中对应的值:
操作系统 | $OS |
Centos 8 | CentOS_8 |
Centos 8 Stream | CentOS_8_Stream |
Centos 7 | CentOS_7 |
然后以 root 身份运行:
$. sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
$. sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
$. sudo yum install cri-o -y注意:从 1.24.0 开始, cri-o 包不再依赖 containernetworking-plugins 包,已删除此依赖项,允许用户在不删除文件的情况下,就能安装自己的 CNI 插件。
如果想要使用以前提供的那些 CNI 插件,还应运行:
$. yum install containernetworking-plugins1.2.4 基于 APT 的操作系统
注意:请先安装 curl 与 gnupg
要安装在下边表格中的操作系统上,则请先将环境变量 $OS 设置为下表中对应的值:
操作系统 | $OS |
Debian Unstable | Debian_Unstable |
Debian Testing | Debian_Testing |
Debian 10 | Debian_10 |
Raspberry Pi OS | Raspbian_10 |
Ubuntu 22.04 | xUbuntu_22.04 |
Ubuntu 21.10 | xUbuntu_21.10 |
Ubuntu 20.04 | xUbuntu_20.04 |
Ubuntu 18.04 | xUbuntu_18.04 |
如果安装 cri-o-runc(推荐),则需要安装 libseccomp >= 2.4.1
注意:这在基于 Debian 10(buster)或更低版本的发行版中不可用
因此需要启用 buster 反向移植:
$. echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list
$. apt update
$. apt install -y -t buster-backports libseccomp2 || apt update -y -t buster-backports libseccomp2然后以 root 身份运行:
$. echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
$. echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
$. mkdir -p /usr/share/keyrings
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
$. apt-get update
$. apt-get install cri-o cri-o-runc注意:我们包含 cri-o-runc,是因为 Ubuntu 和 Debian 包含它们自己的打包版本的 runc
虽然这个版本应该也可以与 CRI-O 一起使用
但保持 CRI-O 与 runc 的打包版本同步可以确保它们能够一起工作
如果想使用操作系统发行版的 runc,则需要添加文件:
[crio.runtime.runtimes.runc]
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/runc"到 /etc/crio/crio.conf.d/ 目录
注意:从 1.24.0 开始, cri-o 包不再依赖 containernetworking-plugins 包
删除此依赖项允许用户在不删除文件的情况下就能安装自己的 CNI 插件
如果想要使用以前提供的那些 CNI 插件,还应运行:
$. apt-get install containernetworking-plugins2 用源码构建和安装 CRI-O
2.1 运行时依赖
runc,清除容器运行时或任何其它兼容 OCI 的运行时
iproute
iptables
预期会安装最新版本的 runc,CRI-O 会将其选为默认运行时
2.2 构建和运行依赖
2.2.1 Fedora -RHEL 7 - CentOS
需要:Fedora、RHEL 7、CentOS 与相关的软件:
yum install -y \
containers-common \
device-mapper-devel \
git \
glib2-devel \
glibc-devel \
glibc-static \
go \
gpgme-devel \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
pkgconfig \
make \
runc请注意:
CentOS 8(或更高版本):pkgconfig 包被 pkgconf-pkg-config 取代
btrfs 默认处于禁用状态,可通过安装 btrfs-progs-devel 包来添加 btrfs 支持
操作系统发行版打包版本的 runc 可能已经过期了,想要获取最新版本的 runc,可考虑使用:https://build.opensuse.org/project/show/devel:kubic:libcontainers:stable
2.2.2 RHEL 8
请确保已订阅了下边的仓库:
BaseOS/x86_64
Appstream/x86_64 CodeReady Linux Builder for x86_64
subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms
subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms
subscription-manager repos --enable=codeready-builder-for-rhel-8-x86_64-rpms如果没有订阅,请根据下边的指南进行订阅:
https://access.redhat.com/solutions/265523
这需要 1.12 或更改版本的 go:
$. yum module -y install go-toolsetyum install -y \
containers-common \
device-mapper-devel \
git \
make \
glib2-devel \
glibc-devel \
glibc-static \
runc \如何在 RHEL 上安装一个源 rpm:
https://www.itechlounge.net/2012/12/linux-how-to-install-source-rpm-on-rhelcentos/
依赖:gpgme-devel
http://download.eng.bos.redhat.com/brewroot/packages/gpgme/1.10.0/6.el8/x86_64/
依赖:go-md2man:
$. go get github.com/cpuguy83/go-md2man以下依赖:
libassuan \
libassuan-devel \
libgpg-error \
libseccomp \
libselinux \
pkgconf-pkg-config \1234562.2.3 Debian - RASPBIAN -Ubuntu
在 Debian、Raspbian 和 Ubuntu 发行版上
启用 Kubic 项目仓库(用于 containers-common 和 cri-o-runc 软件包)并安装以下软件包:
Debian 到 buster 版本之前 - Raspbian - Ubuntu 到 18.04 版本之前
apt update -qq && \
# For Debian 10(buster) or below: use "apt install -t buster-backports"
apt install -y \
btrfs-tools \
containers-common \
git \
golang-go \
libassuan-dev \
libdevmapper-dev \
libglib2.0-dev \
libc6-dev \
libgpgme11-dev \
libgpg-error-dev \
libseccomp-dev \
libsystemd-dev \
libbtrfs-dev \
libselinux1-dev \
pkg-config \
go-md2man \
cri-o-runc \
libudev-dev \
software-properties-common \
gcc \
make
Debian bullseye 或更高版本 - Ubuntu 20.04 或更高版本
apt-get update -qq && apt-get install -y \
libbtrfs-dev \
containers-common \
git \
golang-go \
libassuan-dev \
libdevmapper-dev \
libglib2.0-dev \
libc6-dev \
libgpgme-dev \
libgpg-error-dev \
libseccomp-dev \
libsystemd-dev \
libselinux1-dev \
pkg-config \
go-md2man \
cri-o-runc \
libudev-dev \
software-properties-common \
gcc \
make注意:
如果使用比较旧的版本或长期支持版本
请检查 runc 版本是否足够新(运行 runc --version 生成 spec: 1.0.0)
否则应该自己构建
检查 golang 的版本是否足够新,需要 1.12.x 或更高版本
如果需要,可以在 官方下载网站上获得更新的 golang 版本
2.3 获取源代码
克隆源代码:
git clone https://github.com/cri-o/cri-o # or your fork
cd cri-o确保 ORI-O 与 kubernetes 的主版本号匹配
2.4 构建
要使用默认构建标签,则用 seccomp 进行安装:
$. make
$. sudo make install如果不构建具有 seccomp 支持的 CRI-O,可在运行 make 时添加 BUILDTAGS=""
$. make BUILDTAGS=""
$. sudo make install2.4.1 用 Ansible 安装
可以用 Ansible 角色来自动执行上述步骤:
sudo su -
mkdir -p ~/.ansible/roles
cd ~/.ansible/roles
git clone https://github.com/alvistack/ansible-role-cri_o.git cri_o
cd ~/.ansible/roles/cri_o
pip3 install --upgrade --ignore-installed --requirement requirements.txt
molecule converge
molecule verify2.4.2 构建标签
CRI-O 支持可选的构建标签来编译对各种特性的支持
要为 make 选项添加构建标签,需要设置 BUILDTAGS 变量
$. make BUILDTAGS='seccomp apparmor'构建标签 | 特性 | 依赖 |
seccomp | 系统调用过滤 | libseccomp |
selinux | selinux 进程与挂载标签 | libselinux |
apparmor | apparmor 配置文件支持 |
CRI-O 使用 containers/image 管理镜像,使用以下构建标签
构建标签 | 特性 | 依赖 |
containers_image_openpgp | 使用 native golang pgp 代替 cgo | |
containers_image_ostree_stub | 禁止将 ostree 用于图像传输 |
CRI-O 还使用 containers/storage 来管理容器存储
构建标签 | 特性 | 依赖 |
exclude_graphdriver_btrfs | 将 btrfs 排除在存储选项之外 | |
btrfs_noversion | 用于构建 < 3.16.1 的 btrfs 版本 | btrfs |
exclude_graphdriver_devicemapper | 将 devicemapper 排除在存储选项之外 | |
libdm_no_deferred_remove | 不要使用 devicemapper 编译 deferred remove | devicemapper |
exclude_graphdriver_overlay | 将 overlay 排除在存储选项之外 | |
ostree | 用 ostree 构建存储 | ostree |
2.5 静态构建
可以用官方提供的 nix 包及其在这个 仓库中的衍生物来构建 CRI-O 的静态链接二进制文件
这些构建是可重现的,并将为 glibc 创建一个剥离 x86_64 / amd64 或 aarch64 / arm64 的 ELF 二进制文件
这些二进制文件也经过集成测试并支持以下特性:
apparmor
btrfs
device mapper
gpgme
seccomp
selinux
要在本地构建二进制文件,要么 安装 nix 包管理器
要么使用 make build-static 目标,它依赖于 nixos/nix 容器镜像
整个构建过程可能会占用大量的 CPU 时间,具体时间取决于使用的硬件
生成的二进制文件应该在 bin/static/crio
要在没有任何现成容器的情况下并通过安装的 nix 包管理器构建二进制文件
只需在此仓库的根目录中运行以下命令:
$. nix build -f nix生成的二进制文件应该在 result/bin
要构建二进制的 arm 变体,只需运行:
nix build -f nix/default-arm64.nix2.5.1 创建一个发行存档
发布包包含所有静态二进制文件、手册页和配置文件,如 00-default.conf
release-bundle 目标可用于在当前仓库中构建新的发布存档:
make release-bundle
…
Created ./bundle/cri-o.amd64.v1.20.0.tar.gz2.6 下载 conmon
conmon 是 CRI-O 用于监视容器日志和退出信息的守护程序,每个容器各一个
运行下边的命令下载 conmon 到 $PATH
$. git clone https://github.com/containers/conmon
$. cd conmon
$. make
$. sudo make install2.7 设置 CNI 网络
contrib/cni README 中提供了设置 CNI 网络的描述
要点是需要启用一些基本的网络配置并在系统上安装 CNI 插件
2.8 CRI-O 配置
如果是第一次安装,请使用以下命令生成和安装配置文件:
sudo make install.config2.8.1 验证 registries.conf 中的注册表
编辑 /etc/containers/registries.conf 并验证 registry 选项中是否包含有效值,如:
[registries.search]
registries = ['registry.access.redhat.com', 'registry.fedoraproject.org', 'quay.io', 'docker.io']
[registries.insecure]
registries = []
[registries.block]
registries = []有关此文件的更多信息,请参阅 registry.conf(5)
2.8.2 可选的 - 修改日志级别
用户可以通过指定像 /etc/crio/crio.conf.d/01-log-level.conf 这样的覆盖来修改 log_level
从而更改日志级别, 可选项:fatal、panic、error、warn、info (default)、debug、trace
[crio.runtime]
log_level = "info"2.8.3 可选的 - 修改 capabilities 与 sysctls
CRI-O 默认使用以下能力:
default_capabilities = [
"CHOWN",
"DAC_OVERRIDE",
"FSETID",
"FOWNER",
"SETGID",
"SETUID",
"SETPCAP",
"NET_BIND_SERVICE",
"KILL",
]
并且默认没有设置 sysctls
default_sysctls = [
]用户可以通过向 /etc/crio/crio.conf.d 添加覆盖来更改任一默认值
2.9 启动 CRI-O
运行 make install 会将 CRI-O 下载到目录:
/usr/local/bin/crio可以在该目录手动运行它,或者也可以设置一个 systemd 单元文件:
sudo make install.systemd让 systemd 负责运行 CRI-O:
sudo systemctl daemon-reload
sudo systemctl enable crio
sudo systemctl start crio2.10 使用 CRI-O
按照 教程快速开始运行简单的 pod 和容器
运行一个完整的集群见 说明
用 kubeadm 运行,见 kubeadm 说明
2.11 更新 CRI-O
2.11.1 openSUSE
$. sudo zypper update
$. sudo zypper update cri-o2.11.2 Fedora 31 or later
sudo dnf update
sudo dnf update cri-o2.11.3 其它基于 yum 的操作系统
sudo yum update
sudo yum update cri-o2.11.4 基于 APT 的操作系统
如果更新到补丁版本(如 VERSION=1.8.3 ),运行:
apt update cri-o cri-o-runc否则,请确保将环境变量 $OS 设置为下表中与操作系统对应的字段:
操作系统 | $OS |
Debian Unstable | Debian_Unstable |
Debian Testing | Debian_Testing |
Ubuntu 20.04 | xUbuntu_20.04 |
Ubuntu 19.10 | xUbuntu_19.10 |
Ubuntu 19.04 | xUbuntu_19.04 |
Ubuntu 18.04 | xUbuntu_18.04 |
要升级,请为操作系统选择支持的版本,并将其导出为变量:export VERSION=1.18
然后以 root 身份运行以下命令:
sudo rm /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
sudo echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
sudo curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | apt-key add -
sudo apt update
sudo apt install cri-o cri-o-runc
3 CRI-O 功能说明
3.1 CRI-O 目前支持的功能
Pod和container的lifecycle
Image lifecycle
CNI网络集成
Logging
Exec(sync/streaming)
Attach/Detach
Port forwarding
OOM 检测和汇报
daemon 重启
支持多种存储插件(overlay,devicemapper,aufs,btrfs)
Selinux
Seccomp
13.清除容器
支持runc
Gpg check on image pull
Mixed runtimes (runc and Clear Containers)
3.2 调试container
使用runc list可以列出当前环境中所有的container,ID表示containerID PID表示容器的进程ID,其中stopped的容器进程ID为0。
[root@master0 ~]# runc list
ID PID STATUS BUNDLE CREATED OWNER
000d9eb1fd510da73ce8c5cd12223c9bfcc343f465b8b9a04028c59b85b2f8a9 0 stopped /run/containers/storage/overlay-containers/000d9eb1fd510da73ce8c5cd12223c9bfcc343f465b8b9a04028c59b85b2f8a9/userdata 2019-11-11T08:53:39.787606019Z root
016e7b606545ed6479b45cc111b58a20f54f6c0064cdb34ba0e56da6715ae6be 0 stopped /run/containers/storage/overlay-containers/016e7b606545ed6479b45cc111b58a20f54f6c0064cdb34ba0e56da6715ae6be/userdata 2019-11-12T06:14:14.549141586Z root
03ff0c15e16ae3a23ab657e60ff567041e58d3430c24d679378b850e6a94ba27 31456 running /run/containers/storage/overlay-containers/03ff0c15e16ae3a23ab657e60ff567041e58d3430c24d679378b850e6a94ba27/userdata 2019-11-11T08:59:08.850697068Z root
042ed31210e8d51c514e93d08f353c5165064d78367e099998b2e5d3bd59b986 0 stopped /run/containers/storage/overlay-containers/042ed31210e8d51c514e93d08f353c5165064d78367e099998b2e5d3bd59b986/userdata 2019-11-11T08:52:59.286627769Z root
05303f0aa04026cad3d216389278ce12d4e5cbb44141703e8e2cb54c7850e628 39237 running /run/containers/storage/overlay-containers/05303f0aa04026cad3d216389278ce12d4e5cbb44141703e8e2cb54c7850e628/userdata 2019-11-12T06:13:43.119771581Z root
058a9282710ed7cd2aac5647648530b42fa084496e850f0ba1e1dab15432d7bc 0 stopped /run/containers/storage/overlay-containers/058a9282710ed7cd2aac5647648530b42fa084496e850f0ba1e1dab15432d7bc/userdata 2019-11-11T08:55:57.856985896Z root
072fc279b2a9bc7f5b3f62412b32b96860f49e9641f308a2da4d3303a2607ba7 26299 running /run/containers/storage/overlay-containers/072fc279b2a9bc7f5b3f62412b32b96860f49e9641f308a2da4d3303a2607ba7/userdata 2019-11-12T03:55:27.859988398Z root
07542e2fd225ce3faa757a22edf8a62bc90befe521fa93ac2d7a4b65121e946d 1868 running /run/containers/storage/overlay-containers/07542e2fd225ce3faa757a22edf8a62bc90befe521fa93ac2d7a4b65121e946d/userdata 2019-11-11T08:51:47.300206259Z root通过containerID我们可以查看container的监控进程:
[root@master0 ~]# ps -ef | grep f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381
root 2788110 Nov11 ?00:00:00/usr/libexec/crio/conmon -s -c f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381 -n k8s_node-exporter_node-exporter-cbkqp_openshift-monitoring_5b772849-0461-11ea-9404-00000a100c0b_0 -u f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381 -r /usr/bin/runc -b /var/run/containers/storage/overlay-containers/f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381/userdata -p /var/run/containers/storage/overlay-containers/f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381/userdata/pidfile -l /var/log/pods/openshift-monitoring_node-exporter-cbkqp_5b772849-0461-11ea-9404-00000a100c0b/node-exporter/0.log --exit-dir /var/run/crio/exits --socket-dir-path /var/run/crio --log-level error
root 9409449040002:52 pts/000:00:00 grep --color=auto f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381conmon会负责为每一个container起一个进程来监控容器额定运行,从它的启动参数我们可以看出,它会监控容器的log,socket信息,退出信息,还可以通过pidfile查看监控进程所监控的容器的服务进程ID:
#cat /var/run/containers/storage/overlay-containers/f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381/userdata/pidfile
27913看容器的服务进程:
[root@master0~]# ps -ef | grep 27913
nobody 27913278810Nov11?00:22:00/bin/node_exporter --web.listen-address=127.0.0.1:9100--path.procfs=/host/proc --path.sysfs=/host/sys --path.rootfs=/host/root --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$ --no-collector.wifi
root 11649249040003:03 pts/000:00:00 grep --color=auto 27913查看cri-o 的状态,cri-o是一个daemon进程:
[root@master0 ~]# systemctl status crio
● crio.service - Open Container Initiative Daemon
Loaded: loaded (/usr/lib/systemd/system/crio.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/crio.service.d
└─10-default-env.conf
Active: active (running) since Mon 2019-11-11 08:47:57 UTC; 2 days ago
Docs: https://github.com/cri-o/cri-o
Main PID: 1083 (crio)
Tasks: 38
Memory: 540.2M
CPU: 3h 42min 56.238s
CGroup: /system.slice/crio.service
├─ 1083 /usr/bin/crio --enable-metrics=true --metrics-port=9537
├─121183 /usr/libexec/crio/conmon -c 6b02031122564f9410db50e61f4694b4c429a89cb16c5bf0f1c136ba4177a14a -n k8s_guard_etcd-quorum-guard-845d699494-sqvn9_openshift-machine-config-operator_c8ba4b6d-0460-11ea-a0f4-00000a1006c9_0 -r /usr/bin/runc -p /tmp/pidfil>
└─121184 /usr/bin/runc exec -d --pid-file /tmp/pidfile770198600 --process /tmp/exec-process-355304634 6b02031122564f9410db50e61f4694b4c429a89cb16c5bf0f1c136ba4177a14a
Nov 12 04:12:40 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T04:12:40Z [verbose] Del: openshift-kube-apiserver:installer-9-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","name":"openshift-sdn","type":"openshift-sdn"}
Nov 12 04:13:06 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T04:13:06Z [verbose] Add: openshift-kube-apiserver:revision-pruner-9-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","interfaces":[{"name":"eth0","sandbox":"/proc/6>
Nov 12 04:13:07 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T04:13:07Z [verbose] Del: openshift-kube-apiserver:revision-pruner-9-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","name":"openshift-sdn","type":"openshift-sdn"}
Nov 12 06:13:50 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T06:13:50Z [verbose] Add: kube-system:metering-reader-7rg8z:openshift-sdn:eth0 {"cniVersion":"0.3.1","interfaces":[{"name":"eth0","sandbox":"/proc/39237/ns/net"}],"ips":[{"version":"4","interf>
Nov 12 08:39:28 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:39:28Z [verbose] Add: openshift-kube-apiserver:installer-10-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","interfaces":[{"name":"eth0","sandbox":"/proc/65636/>
Nov 12 08:39:39 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:39:39Z [verbose] Del: openshift-controller-manager:controller-manager-rd987:openshift-sdn:eth0 {"cniVersion":"0.3.1","name":"openshift-sdn","type":"openshift-sdn"}
Nov 12 08:40:46 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:40:46Z [verbose] Del: openshift-kube-apiserver:installer-10-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","name":"openshift-sdn","type":"openshift-sdn"}
Nov 12 08:41:17 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:41:17Z [verbose] Add: openshift-kube-apiserver:revision-pruner-10-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","interfaces":[{"name":"eth0","sandbox":"/proc/>
Nov 12 08:41:18 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:41:18Z [verbose] Del: openshift-kube-apiserver:revision-pruner-10-master0.gzhifangha.os.fyre.ibm.com:openshift-sdn:eth0 {"cniVersion":"0.3.1","name":"openshift-sdn","type":"openshift-sdn"}
Nov 12 08:41:27 master0.gzhifangha.os.fyre.ibm.com crio[1083]: 2019-11-12T08:41:27Z [verbose] Add: openshift-controller-manager:controller-manager-8dnc7:openshift-sdn:eth0 {"cniVersion":"0.3.1","interfaces":[{"name":"eth0","sandbox":"/proc/70871/ns/net"}],"ips":[{">[root@master0 ~]# runc state f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381
{
"ociVersion": "1.0.1-dev",
"id": "f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381",
"pid": 27913,
"status": "running",
"bundle": "/run/containers/storage/overlay-containers/f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381/userdata",
"rootfs": "/var/lib/containers/storage/overlay/d814fa5be7bbf3b659162caa399fc52ec9bacf3b0e02997c99592d0d3c6922dc/merged",
"created": "2019-11-11T08:58:15.914588316Z",
"annotations": {
"io.kubernetes.container.hash": "a08e7c7d",
"io.kubernetes.container.name": "node-exporter",
"io.kubernetes.container.restartCount": "0",
"io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
"io.kubernetes.container.terminationMessagePolicy": "File",
"io.kubernetes.cri-o.Annotations": "{\"io.kubernetes.container.hash\":\"a08e7c7d\",\"io.kubernetes.container.restartCount\":\"0\",\"io.kubernetes.container.terminationMessagePath\":\"/dev/termination-log\",\"io.kubernetes.container.terminationMessagePolicy\":\"File\",\"io.kubernetes.pod.terminationGracePeriod\":\"30\"}",
"io.kubernetes.cri-o.ContainerID": "f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381",
"io.kubernetes.cri-o.ContainerType": "container",
"io.kubernetes.cri-o.Created": "2019-11-11T08:58:15.422124413Z",
"io.kubernetes.cri-o.IP": "10.16.12.11",
"io.kubernetes.cri-o.Image": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb559dae37782e6cccb56ffbec74104989979ad6e8b34b1803bb630b4431b3b6",
"io.kubernetes.cri-o.ImageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb559dae37782e6cccb56ffbec74104989979ad6e8b34b1803bb630b4431b3b6",
"io.kubernetes.cri-o.ImageRef": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fb559dae37782e6cccb56ffbec74104989979ad6e8b34b1803bb630b4431b3b6",
"io.kubernetes.cri-o.Labels": "{\"io.kubernetes.container.name\":\"node-exporter\",\"io.kubernetes.pod.name\":\"node-exporter-cbkqp\",\"io.kubernetes.pod.namespace\":\"openshift-monitoring\",\"io.kubernetes.pod.uid\":\"5b772849-0461-11ea-9404-00000a100c0b\"}",
"io.kubernetes.cri-o.LogPath": "/var/log/pods/openshift-monitoring_node-exporter-cbkqp_5b772849-0461-11ea-9404-00000a100c0b/node-exporter/0.log",
"io.kubernetes.cri-o.Metadata": "{\"name\":\"node-exporter\"}",
"io.kubernetes.cri-o.MountPoint": "/var/lib/containers/storage/overlay/d814fa5be7bbf3b659162caa399fc52ec9bacf3b0e02997c99592d0d3c6922dc/merged",
"io.kubernetes.cri-o.Name": "k8s_node-exporter_node-exporter-cbkqp_openshift-monitoring_5b772849-0461-11ea-9404-00000a100c0b_0",
"io.kubernetes.cri-o.ResolvPath": "/var/run/containers/storage/overlay-containers/99d5ee6dd67aed5d4d5cbc476cff80f079a8dd18a8c78baafe3ba4625276a6ac/userdata/resolv.conf",
"io.kubernetes.cri-o.SandboxID": "99d5ee6dd67aed5d4d5cbc476cff80f079a8dd18a8c78baafe3ba4625276a6ac",
"io.kubernetes.cri-o.SandboxName": "k8s_POD_node-exporter-cbkqp_openshift-monitoring_5b772849-0461-11ea-9404-00000a100c0b_0",
"io.kubernetes.cri-o.SeccompProfilePath": "",
"io.kubernetes.cri-o.Stdin": "false",
"io.kubernetes.cri-o.StdinOnce": "false",
"io.kubernetes.cri-o.TTY": "false",
"io.kubernetes.cri-o.Volumes": "[{\"container_path\":\"/host/proc\",\"host_path\":\"/proc\",\"readonly\":false},{\"container_path\":\"/host/sys\",\"host_path\":\"/sys\",\"readonly\":false},{\"container_path\":\"/host/root\",\"host_path\":\"/\",\"readonly\":true},{\"container_path\":\"/etc/hosts\",\"host_path\":\"/var/lib/kubelet/pods/5b772849-0461-11ea-9404-00000a100c0b/etc-hosts\",\"readonly\":false},{\"container_path\":\"/dev/termination-log\",\"host_path\":\"/var/lib/kubelet/pods/5b772849-0461-11ea-9404-00000a100c0b/containers/node-exporter/d61b4508\",\"readonly\":false},{\"container_path\":\"/var/run/secrets/kubernetes.io/serviceaccount\",\"host_path\":\"/var/lib/kubelet/pods/5b772849-0461-11ea-9404-00000a100c0b/volumes/kubernetes.io~secret/node-exporter-token-7lbm8\",\"readonly\":true}]",
"io.kubernetes.pod.name": "node-exporter-cbkqp",
"io.kubernetes.pod.namespace": "openshift-monitoring",
"io.kubernetes.pod.terminationGracePeriod": "30",
"io.kubernetes.pod.uid": "5b772849-0461-11ea-9404-00000a100c0b"
},
"owner": ""[root@master0 ~]# runc exec f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381 ps
PID TTY TIME CMD
27913 ? 00:22:02 node_exporter
28674 ? 00:00:27 kube-rbac-proxy
43479 ? 00:00:00 startup.sh
43535 ? 00:00:00 npm
43571 ? 00:01:08 nginx
43572 ? 00:00:00 nginx
43588 ? 00:04:15 node
126089 ? 00:00:00 ps[root@master0 ~]# systemctl status crio-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope
● crio-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope - libcontainer container f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381
Loaded: loaded (/run/systemd/transient/crio-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope; transient)
Transient: yes
Active: active (running) since Mon 2019-11-11 08:58:15 UTC; 2 days ago
Tasks: 18 (limit: 1024)
Memory: 19.7M
CPU: 22min 2.475s
CGroup: /kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod5b772849_0461_11ea_9404_00000a100c0b.slice/crio-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope
└─27913 /bin/node_exporter --web.listen-address=127.0.0.1:9100 --path.procfs=/host/proc --path.sysfs=/host/sys --path.rootfs=/host/root --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/) --collector.filesystem.ignored-fs->
Nov 11 08:58:15 master0.gzhifangha.os.fyre.ibm.com systemd[1]: Started libcontainer container f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.[root@master0 ~]# systemctl status crio-conmon-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope
● crio-conmon-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope
Loaded: loaded (/run/systemd/transient/crio-conmon-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope; transient)
Transient: yes
Active: active (running) since Mon 2019-11-11 08:58:15 UTC; 2 days ago
Tasks: 2 (limit: 26213)
Memory: 1.0M
CPU: 61ms
CGroup: /kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod5b772849_0461_11ea_9404_00000a100c0b.slice/crio-conmon-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope
└─27881 /usr/libexec/crio/conmon -s -c f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381 -n k8s_node-exporter_node-exporter-cbkqp_openshift-monitoring_5b772849-0461-11ea-9404-00000a100c0b_0 -u f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16>
Nov 11 08:58:15 master0.gzhifangha.os.fyre.ibm.com systemd[1]: Started crio-conmon-f784bca78cbfc88ac0a1aa11ac87e70d5bee8cdecc5b16845658fd04afa0b381.scope.
类似资料: