I’m getting an error like RuntimeHandler “runsc“ not supported

I’m getting an error like RuntimeHandler "runsc" not supported

This error indicates that the Kubernetes CRI runtime was not set up to handle runsc as a runtime handler. Please ensure that containerd configuration has been created properly and containerd has been restarted. See the containerd quick start for more details.

If you have ensured that containerd has been set up properly and you used kubeadm to create your cluster please check if Docker is also installed on that system. Kubeadm prefers using Docker if both Docker and containerd are installed.

Install latest release

To download and install the latest release manually follow these steps:

(
  set -e
  ARCH=$(uname -m)
  URL=https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}
  wget ${URL}/runsc ${URL}/runsc.sha512 \
    ${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512
  sha512sum -c runsc.sha512 \
    -c containerd-shim-runsc-v1.sha512
  rm -f *.sha512
  chmod a+rx runsc containerd-shim-runsc-v1
  sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin
)

To install gVisor as a Docker runtime, run the following commands:

/usr/local/bin/runsc install
sudo systemctl reload docker
docker run --rm --runtime=runsc hello-world

For more details about using gVisor with Docker, see Docker Quick Start

Note: It is important to copy runsc to a location that is readable and executable to all users, since runsc executes itself as user nobody to avoid unnecessary privileges. The /usr/local/bin directory is a good place to put the runsc binary.

Install from an apt repository

First, appropriate dependencies must be installed to allow apt to install packages via https:

sudo apt-get update && \
sudo apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg

Next, configure the key used to sign archives and the repository.

NOTE: The key was updated on 2021-07-13 to replace the expired key. If you get errors about the key being expired, run the curl command below again.

curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null

Now the runsc package can be installed:

sudo apt-get update && sudo apt-get install -y runsc

If you have Docker installed, it will be automatically configured.

要求

• runsc和containerd-shim-runsc-v1：请参阅安装指南。
• containerd：有关如何安装containerd的信息，请参阅 containerd 网站。支持的最低版本：1.3.9 或 1.4.3。

配置容器

更新。Update /etc/containerd/config.toml. Make sure containerd-shim-runsc-v1 is in ${PATH} or in the same directory as containerd binary.

sudo mkdir -p /etc/containerd
cat <<EOF | sudo tee /etc/containerd/config.toml
version = 2
[plugins."io.containerd.runtime.v1.linux"]
  shim_debug = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
  runtime_type = "io.containerd.runsc.v1"
EOF

重新启动：containerd

sudo systemctl restart containerd

其他

Install containerd:

• Linux
• Windows (PowerShell)

1. Install the containerd.io package from the official Docker repositories. Instructions for setting up the Docker repository for your respective Linux distribution and installing the containerd.io package can be found at Install Docker Engine.

2. Configure containerd:

   sudo mkdir -p /etc/containerd
   containerd config default | sudo tee /etc/containerd/config.toml
   

3. Restart containerd:

   sudo systemctl restart containerd

转载至https://gvisor.dev/docs/user_guide/faq/#runtime-handler

https://gvisor.dev/docs/user_guide/containerd/quick_start/

Installation - gVisor