kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix and update zh doc

pull/23468/head
zhangguanzhang 2020-08-27 11:43:50 +08:00
parent 46bd27df8f
commit 91b8a10376
1 changed files with 87 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
content/zh/docs/setup/production-environment/container-runtimes.md
View File

@ -35,13 +35,13 @@ A flaw was found in the way runc handled system file descriptors when running co
A malicious container could use this flaw to overwrite contents of the runc binary and
consequently run arbitrary commands on the container host system.
Please refer to this link for more information about this issue
[cve-2019-5736 : runc vulnerability ] (https://access.redhat.com/security/cve/cve-2019-5736)
Please refer to [CVE-2019-5736](https://access.redhat.com/security/cve/cve-2019-5736) for more
information about the issue.
-->
我们发现 runc 在运行容器,处理系统文件描述符时存在一个漏洞。
恶意容器可以利用此漏洞覆盖 runc 二进制文件的内容,并以此在主机系统的容器上运行任意的命令。
请参考此链接以获取有关此问题的更多信息 [cve-2019-5736 : runc vulnerability ](https://access.redhat.com/security/cve/cve-2019-5736)
请参考此链接以获取有关此问题的更多信息 [cve-2019-5736: runc vulnerability](https://access.redhat.com/security/cve/cve-2019-5736)
{{< /caution >}}
<!--
@ -120,7 +120,7 @@ is to drain the Node from its workloads, remove it from the cluster and re-join
## Docker
On each of your machines, install Docker.
Version 19.03.4 is recommended, but 1.13.1, 17.03, 17.06, 17.09, 18.06 and 18.09 are known to work as well.
Version 19.03.11 is recommended, but 1.13.1, 17.03, 17.06, 17.09, 18.06 and 18.09 are known to work as well.
Keep track of the latest verified Docker version in the Kubernetes release notes.
Use the following commands to install Docker on your system:
@ -128,7 +128,7 @@ Use the following commands to install Docker on your system:
## Docker
在您的每台机器上安装 Docker。
推荐安装 19.03.4 版本,但是 1.13.1、17.03、17.06、17.09、18.06 和 18.09 版本也是可以的。
推荐安装 19.03.11 版本,但是 1.13.1、17.03、17.06、17.09、18.06 和 18.09 版本也是可以的。
请跟踪 Kubernetes 发行说明中经过验证的 Docker 最新版本变化。
使用以下命令在您的系统上安装 Docker
@ -244,10 +244,10 @@ yum-config-manager \
https://download.docker.com/linux/centos/docker-ce.repo
## Install Docker CE.
yum update && yum install \
containerd.io-1.2.10 \
docker-ce-19.03.4 \
docker-ce-cli-19.03.4
yum update -y && yum install -y \
containerd.io-1.2.13 \
docker-ce-19.03.11 \
docker-ce-cli-19.03.11
## Create /etc/docker directory.
mkdir /etc/docker
@ -285,7 +285,10 @@ yum-config-manager \
```shell
## 安装 Docker CE.
yum update && yum install docker-ce-18.06.2.ce
yum update -y && yum install -y \
containerd.io-1.2.13 \
docker-ce-19.03.11 \
docker-ce-cli-19.03.11
```
```shell
@ -525,24 +528,52 @@ apt-get update
apt-get install cri-o-1.15
```
{{% /tab %}}
{{% tab name="CentOS/RHEL 7.4+" codelang="bash" %}}
{{% tab name="CentOS" %}}
<!--
# Install prerequisites
yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/
To install on the following operating systems, set the environment variable $OS to the appropriate field in the following table:
# Install CRI-O
yum install --nogpgcheck cri-o
| Operating system | $OS |
| ---------------- | ----------------- |
| Centos 8 | `CentOS_8` |
| Centos 8 Stream | `CentOS_8_Stream` |
| Centos 7 | `CentOS_7` |
<br />
Then, set `$VERSION` to the CRI-O version that matches your Kubernetes version.
For instance, if you want to install CRI-O 1.18, set `VERSION=1.18`.
You can pin your installation to a specific release.
To install version 1.18.3, set `VERSION=1.18:1.18.3`.
<br />
Then run
```shell
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
yum install cri-o
```
-->
```shell
# 安装必备软件
yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/
```
要在以下操作系统上安装,请将环境变量 `$OS` 设置为下表中的相应字段:
| 操作系统 | $OS |
| ---------------- | ----------------- |
| Centos 8 | `CentOS_8` |
| Centos 8 Stream | `CentOS_8_Stream` |
| Centos 7 | `CentOS_7` |
<br />
然后将 `$VERSION` 设置为与你的 Kubernetes 相匹配的 CRI-O 版本。
例如,如果要安装 CRI-O 1.18,请设置 `VERSION=1.18`
你也可以安装特定版本,例如 1.18.3,请设置 `VERSION=1.18:1.18.3`
<br />
确保声明变量后,使用下面命令安装
```shell
# 安装 CRI-O
yum install --nogpgcheck cri-o
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
yum install cri-o
```
{{% /tab %}}
@ -552,8 +583,43 @@ yum install --nogpgcheck cri-o
```shell
sudo zypper install cri-o
```
{{% /tab %}}
{{% tab name="Fedora" %}}
<!--
Set `$VERSION` to the CRI-O version that matches your Kubernetes version.
For instance, if you want to install CRI-O 1.18, `VERSION=1.18`
You can find available versions with:
```shell
dnf module list cri-o
```
CRI-O does not support pinning to specific releases on Fedora.
Then run
```shell
dnf module enable cri-o:$VERSION
dnf install cri-o
```
-->
`$VERSION` 设置为与你的 Kubernetes 相匹配的 CRI-O 版本。
例如,如果要安装 CRI-O 1.18,请设置 `VERSION=1.18`
你可以用下列命令查找可用的版本:
```shell
dnf module list cri-o
```
CRI-O 不支持在 Fedora 上固定到特定的版本。
运行下列命令安装
```shell
dnf module enable cri-o:$VERSION
dnf install cri-o
```
{{% /tab %}}
{{< /tabs >}}
<!--