使用 cri-dockerd 适配器来将 Docker Engine 与 Kubernetes 集成。

安装docker engine

此处不再详细介绍安装Docker Engine，在每个k8s节点上，遵循安装 Docker Engine 指南为你的 Linux 发行版安装 Docker。或者直接手动安装Docker Engine。

使用docker作为容器运行时注意调整cgroup为systemd。

在/etc/docker/daemon.json上面添加

"exec-opts": ["native.cgroupdriver=systemd"]

安装cri-dockerd

在V0.3.15之后移除了centOS7和centos8的rpm安装包，所以redhat系安装新版本需要选用tar包来安装。

包管理器安装

下载对应的rpm包或者deb包，使用yum或者apt命令来安装

手动安装

下载对应版本的tgz压缩包

解压后生成一个可执行的二进制文件cri-dockerd

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.20/cri-dockerd-0.3.20.amd64.tgz

tar zxvf cri-dockerd-0.3.20.amd64.tgz

install -o root -g root -m 0755 cri-dockerd /usr/bin/cri-dockerd

curl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service  -o /etc/systemd/system/cri-docker.service

curl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket  -o /etc/systemd/system/cri-docker.socket

编辑 /etc/systemd/system/cri-docker.service

[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

修改启动文件

sed -i 's,^ExecStart.*,& --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10.1,' /etc/systemd/system/cri-docker.service

# 应用配置
systemctl daemon-reload
systemctl enable cri-docker.service
systemctl enable --now cri-docker.socket
systemctl start cri-docker.service

# 验证状态（确保为active (running)）
systemctl status cri-docker.service