SELinux\u3092\u7121\u52b9\u5316\u3059\u308b\uff01<\/h2>\n
SELinux\u3092\u7121\u52b9\u5316\u3057\u307e\u3059\u3002<\/p>\n
\r\n# setenforce 0\r\n# sed -i 's\/^SELINUX=enforcing$\/SELINUX=permissive\/' \/etc\/selinux\/config\r\n<\/pre>\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6e08\u307f\u306eDocker\u95a2\u9023\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u524a\u9664\u3059\u308b\uff01<\/h2>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6e08\u307f\u306eDocker\u95a2\u9023\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u524a\u9664\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n
\r\n# dnf remove docker docker-common docker-selinux docker-engine -y\r\nNo match for argument: docker\r\nNo match for argument: docker-common\r\nNo match for argument: docker-engine\r\nDependencies resolved.\r\n========================================================================================================================\r\n Package Architecture Version Repository Size\r\n========================================================================================================================\r\nRemoving:\r\n container-selinux noarch 3:2.189.0-1.el9 @appstream 57 k\r\nRemoving dependent packages:\r\n flatpak-selinux noarch 1.12.7-2.el9 @appstream 12 k\r\n selinux-policy noarch 34.1.43-1.el9 @baseos 25 k\r\n selinux-policy-targeted noarch 34.1.43-1.el9 @baseos 18 M\r\nRemoving unused dependencies:\r\n rpm-plugin-selinux x86_64 4.16.1.3-19.el9_1 @baseos 16 k\r\n\r\nTransaction Summary\r\n========================================================================================================================\r\nRemove 5 Packages\r\n...\r\nComplete!\r\n<\/pre>\n\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8ffd\u52a0\u3067\u30ed\u30fc\u30c9\u3059\u308b\uff01<\/h2>\n
\u73fe\u5728\u306e\u4f7f\u7528\u4e2d\u306e\u74b0\u5883\u306b\u3082\u30b3\u30de\u30f3\u30c9\u3067\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ed\u30fc\u30c9\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\n# modprobe overlay\r\n# modprobe br_netfilter\r\n<\/pre>\n\u8d77\u52d5\u6642\u306b\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30ed\u30fc\u30c9\u3059\u308b\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\n# cat <<EOF | tee \/etc\/modules-load.d\/k8s.conf\r\noverlay\r\nbr_netfilter\r\nEOF\r\n<\/pre>\n\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\uff01<\/h2>\n
\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n
\r\n# cat <<EOF | tee \/etc\/sysctl.d\/k8s.conf\r\nnet.bridge.bridge-nf-call-iptables = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.ipv4.ip_forward = 1\r\nEOF\r\n<\/pre>\n\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u306e\u5909\u66f4\u3092\u53cd\u6620\u3059\u308b\uff01<\/h2>\n
\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u306e\u5909\u66f4\u3092\u53cd\u6620\u3057\u307e\u3059\u3002<\/p>\n
\r\n# sysctl --system\r\n<\/pre>\n\u30ab\u30fc\u30cd\u30eb\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u8aad\u307f\u8fbc\u307e\u308c\u305f\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n
\r\n$ lsmod | grep br_netfilter\r\nbr_netfilter 32768 0\r\nbridge 315392 1 br_netfilter\r\n$ lsmod | grep overlay\r\noverlay 155648 0\r\n<\/pre>\nDocker\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u3092\u767b\u9332\u3059\u308b\uff01<\/h2>\n
Docker\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u3092\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n
\r\n# dnf config-manager --add-repo https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo\r\nAdding repo from: https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo\r\n<\/pre>\n\u30ea\u30dd\u30b8\u30c8\u30ea\u306e\u60c5\u5831\u3092\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3057\u307e\u3059\u3002<\/p>\n
\r\n# dnf update\r\nDocker CE Stable - x86_64 23 kB\/s | 14 kB 00:00 \r\nRocky Linux 9 - BaseOS 3.8 kB\/s | 3.6 kB 00:00 \r\nRocky Linux 9 - AppStream 5.5 kB\/s | 4.1 kB 00:00 \r\nRocky Linux 9 - AppStream 2.8 MB\/s | 6.4 MB 00:02 \r\nRocky Linux 9 - Extras 3.1 kB\/s | 2.9 kB 00:00 \r\nRocky Linux 9 - Extras 6.9 kB\/s | 8.5 kB 00:01 \r\nError: \r\n Problem: package buildah-1:1.27.2-2.el9_1.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed\r\n - package containerd.io-1.6.14-3.1.el9.x86_64 conflicts with runc provided by runc-4:1.1.4-1.el9_1.x86_64\r\n - package containerd.io-1.6.14-3.1.el9.x86_64 obsoletes runc provided by runc-4:1.1.4-1.el9_1.x86_64\r\n - cannot install the best update candidate for package runc-4:1.1.4-1.el9_1.x86_64\r\n - cannot install the best update candidate for package buildah-1:1.27.2-2.el9_1.x86_64\r\n(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)\r\n<\/pre>\n\u79c1\u306e\u74b0\u5883\u3067\u306f\u3001\u30a8\u30e9\u30fc\u304c\u51fa\u529b\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002containerd\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u89e3\u6d88\u3092\u56f3\u308a\u307e\u3059\u3002<\/p>\n
conternerd\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\uff01<\/h2>\n
containerd\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002\u300c--allowerasing\u300d\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u4f9d\u5b58\u95a2\u4fc2\u306e\u30a8\u30e9\u30fc\u306e\u89e3\u6d88\u3092\u56f3\u308a\u307e\u3059\u3002<\/p>\n
\r\n# dnf install -y containerd.io --allowerasing\r\nLast metadata expiration check: 0:03:19 ago on Sun 08 Jan 2023 02:59:43 PM JST.\r\nDependencies resolved.\r\n========================================================================================================================\r\n Package Architecture Version Repository Size\r\n========================================================================================================================\r\nInstalling:\r\n containerd.io x86_64 1.6.14-3.1.el9 docker-ce-stable 32 M\r\n replacing runc.x86_64 4:1.1.4-1.el9_1\r\nInstalling dependencies:\r\n container-selinux noarch 3:2.189.0-1.el9 appstream 47 k\r\n flatpak-selinux noarch 1.12.7-2.el9 appstream 22 k\r\n rpm-plugin-selinux x86_64 4.16.1.3-19.el9_1 baseos 17 k\r\n selinux-policy noarch 34.1.43-1.el9 baseos 62 k\r\n selinux-policy-targeted noarch 34.1.43-1.el9 baseos 6.4 M\r\nRemoving dependent packages:\r\n buildah x86_64 1:1.27.2-2.el9_1 @appstream 26 M\r\n\r\nTransaction Summary\r\n========================================================================================================================\r\nInstall 6 Packages\r\nRemove 1 Package\r\n...\r\nComplete!\r\n<\/pre>\ncontainerd\u306e\u8a2d\u5b9a\u3092\u521d\u671f\u5316\u3059\u308b\uff01<\/h2>\n
containerd\u306e\u8a2d\u5b9a\u3092\u521d\u671f\u5316\u3057\u307e\u3059\u3002<\/p>\n
\r\n# containerd config default > \/etc\/containerd\/config.toml\r\n<\/pre>\n\u305d\u306e\u5f8c\u3001\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3092\u300cfalse\u300d\u304b\u3089\u300ctrue\u300d\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n
\r\nSystemdCgroup = true\r\n<\/pre>\nCNI\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u521d\u671f\u8a2d\u5b9a\u3092\u884c\u3046\uff01<\/h2>\n
CNI\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u521d\u671f\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\r\n# cat << EOF | tee \/etc\/cni\/net.d\/10-containerd-net.conflist\r\n{\r\n "cniVersion": "1.0.0",\r\n "name": "containerd-net",\r\n "plugins": [\r\n {\r\n "type": "bridge",\r\n "bridge": "cni0",\r\n "isGateway": true,\r\n "ipMasq": true,\r\n "promiscMode": true,\r\n "ipam": {\r\n "type": "host-local",\r\n "ranges": [\r\n [{\r\n "subnet": "10.88.0.0\/16"\r\n }],\r\n [{\r\n "subnet": "2001:4860:4860::\/64"\r\n }]\r\n ],\r\n "routes": [\r\n { "dst": "0.0.0.0\/0" },\r\n { "dst": "::\/0" }\r\n ]\r\n }\r\n },\r\n {\r\n "type": "portmap",\r\n "capabilities": {"portMappings": true}\r\n }\r\n ]\r\n}\r\nEOF\r\n<\/pre>\ncontainerd\u3092\u30b5\u30fc\u30d3\u30b9\u306b\u767b\u9332\u3057\u3066\u8d77\u52d5\u3059\u308b\uff01<\/h2>\n
containerd\u3092\u30b5\u30fc\u30d3\u30b9\u306b\u767b\u9332\u3057\u3066\u8d77\u52d5\u3057\u307e\u3059\u3002\u518d\u8d77\u52d5\u6642\u306b\u3082\u81ea\u52d5\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
\r\n# systemctl enable --now containerd.servicesystemctl enable --now containerd.service\r\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/containerd.service \u2192 \/usr\/lib\/systemd\/system\/containerd.service.\r\n# systemctl status containerd.service\r\n\u25cf containerd.service - containerd container runtime\r\n Loaded: loaded (\/usr\/lib\/systemd\/system\/containerd.service; enabled; vendor preset: disabled)\r\n Active: active (running) since Sun 2023-01-08 15:14:32 JST; 2s ago\r\n<\/pre>\n\u304a\u308f\u308a\u306b<\/h2>\n
Kubernates\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u305f\u3081\u306b\u3001Containerd\u3092Locky Linux 9\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u81ea\u52d5\u8d77\u52d5\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/p>\n
\u53c2\u8003\u60c5\u5831<\/h2>\n
![\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Kubernates\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01\"](\"https:\/\/lab4ict.com\/system\/wp-content\/uploads\/2023\/01\/eyecatch_kubernates_01-150x150.png\")
<\/div>