> For the complete documentation index, see [llms.txt](https://bohans.gitbook.io/devops/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://bohans.gitbook.io/devops/kubernetes/ji-chu-zhi-shi/an-zhuang/ji-qun/dan-ji-pei-zhi-zhun-bei-gong-zuo/runtime-an-zhuang.md).

# Runtime 安装

## Containerd作为Runtime

> 由于 Kubernetes 1.24 以上版本将不再直接支持 Docker，因此需要将 Kubernetes 的 Runtime 改为 Containerd。
>
> <mark style="color:blue;">**安装 Docker 时会自动安装 Containerd**</mark>

### 1. 配置Docker源

{% code overflow="wrap" %}

```properties
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
```

{% endcode %}

### 2.安装docker-ce

<pre class="language-bash"><code class="lang-bash"><strong>yum install -y docker-ce docker-ce-cli
</strong></code></pre>

由于并不是每个节点都需要 Docker 引擎，因此**无须启动 Docker**，只需要配置和启动 Containerd 即可。

### 3. 配置 Containerd 所需的模块

<pre class="language-bash"><code class="lang-bash">echo 'overlay
<strong>br_netfilter' > /etc/modules-load.d/containerd.conf
</strong></code></pre>

### 4. 加载模块

```properties
modprobe overlay
modprobe br_netfilter
```

### 5. 配置 Containerd 所需的内核

```bash
echo 'net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1' > /etc/sysctl.d/99-kubernetes-cri.conf
```

加载内核：

```bash
sysctl --system
```

### 6. 配置 Containerd 的配置文件

```bash
mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml
```

所有节点将 Containerd 的 Cgroup 改为 Systemd：

<pre class="language-bash"><code class="lang-bash"><strong>vim /etc/containerd/config.toml
</strong></code></pre>

* 找到 **containerd.runtimes.runc.options**，修改 **SystemdCgroup = true**
* 所有节点将 **sandbox\_image** 的 Pause 镜像改成符合自己版本的地址：**registry.cn-hangzhou.aliyuncs.com/google\_containers/pause:3.6**

### 7. 启动 Containerd，并配置开机自启动

```bash
 systemctl daemon-reload
 systemctl enable --now containerd
```

检查 containerd 是否启动成功：

```properties
systemctl status containerd
```

### 8. 配置 crictl 客户端连接的 Runtime 位置

```bash
echo 'runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false' > /etc/crictl.yaml
```

##


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bohans.gitbook.io/devops/kubernetes/ji-chu-zhi-shi/an-zhuang/ji-qun/dan-ji-pei-zhi-zhun-bei-gong-zuo/runtime-an-zhuang.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.