下载 cri-dockerd

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.7/cri-dockerd-0.3.7.amd64.tgz

解压 cri-dockerd

tar xf cri-dockerd-0.3.7.amd64.tgz

cd cri-dockerd

安装 cri-dockerd

install -o root -g root -m 0755 cri-dockerd /usr/local/bin/cri-dockerd

cri-docker.service

cat >> /lib/systemd/system/cri-docker.service << EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd://  --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cri-docker.socket

cat >> /lib/systemd/system/cri-docker.socket << EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

运行 cri-dockerd

systemctl enable --now cri-docker.socket cri-docker.service

参考文档

https://github.com/Mirantis/cri-dockerd

本栏目推荐文章
• k8s 将 cri 从 docker 切换到 containerd
• 25-稳定基石：带你剖析容器运行时以及 CRI 原理.md
• cri-docker的学习和了解-番外
• 中龙技术 | HSCSEC CRY + MISC WP
• 2023浙江省大学生信息安全竞赛决赛 Cry+Misc wp
• 部署 cri-dockerd
• k8s 1.26.4的安装步骤（使用kubeadm安装master+1节点） ——( centos7.9，cri-dockerd插件)
• Kubernetes 无法join：[ERROR CRI]: container runtime is not running:
• Docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE) 错误
• K8S初始化报错：CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\"

cri-dockerd dockerd cricri-dockerd cri-dockerd dockerd docker k8sv cri-dockerd dockerd cri 节点cri-dockerd插件 步骤 dockerd cri crying cry cri-docker crying suns