I’m getting an error like RuntimeHandler "runsc" not supported
This error indicates that the Kubernetes CRI runtime was not set up to handle runsc
as a runtime handler. Please ensure that containerd configuration has been created properly and containerd has been restarted. See the containerd quick start for more details.
If you have ensured that containerd has been set up properly and you used kubeadm to create your cluster please check if Docker is also installed on that system. Kubeadm prefers using Docker if both Docker and containerd are installed.
Install latest release
To download and install the latest release manually follow these steps:
(
set -e
ARCH=$(uname -m)
URL=https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}
wget ${URL}/runsc ${URL}/runsc.sha512 \
${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512
sha512sum -c runsc.sha512 \
-c containerd-shim-runsc-v1.sha512
rm -f *.sha512
chmod a+rx runsc containerd-shim-runsc-v1
sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin
)
To install gVisor as a Docker runtime, run the following commands:
/usr/local/bin/runsc install
sudo systemctl reload docker
docker run --rm --runtime=runsc hello-world
For more details about using gVisor with Docker, see Docker Quick Start
Note: It is important to copy runsc
to a location that is readable and executable to all users, since runsc
executes itself as user nobody
to avoid unnecessary privileges. The /usr/local/bin
directory is a good place to put the runsc
binary.
Install from an apt
repository
First, appropriate dependencies must be installed to allow apt
to install packages via https:
sudo apt-get update && \
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg
Next, configure the key used to sign archives and the repository.
NOTE: The key was updated on 2021-07-13 to replace the expired key. If you get errors about the key being expired, run the curl
command below again.
curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
Now the runsc package can be installed:
sudo apt-get update && sudo apt-get install -y runsc
If you have Docker installed, it will be automatically configured.
要求
- runsc和containerd-shim-runsc-v1:请参阅安装指南。
- containerd:有关如何安装containerd的信息,请参阅 containerd 网站。支持的最低版本:1.3.9 或 1.4.3。
配置容器
更新。Update /etc/containerd/config.toml
. Make sure containerd-shim-runsc-v1
is in ${PATH}
or in the same directory as containerd
binary.
sudo mkdir -p /etc/containerd
cat <<EOF | sudo tee /etc/containerd/config.toml
version = 2
[plugins."io.containerd.runtime.v1.linux"]
shim_debug = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
runtime_type = "io.containerd.runsc.v1"
EOF
重新启动:containerd
sudo systemctl restart containerd
其他
Install containerd:
-
Install the
containerd.io
package from the official Docker repositories. Instructions for setting up the Docker repository for your respective Linux distribution and installing thecontainerd.io
package can be found at Install Docker Engine. -
Configure containerd:
sudo mkdir -p /etc/containerd containerd config default | sudo tee /etc/containerd/config.toml
-
Restart containerd:
sudo systemctl restart containerd
转载至https://gvisor.dev/docs/user_guide/faq/#runtime-handler