summaryrefslogtreecommitdiffhomepage
path: root/g3doc
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2021-01-22 16:24:17 -0800
committergVisor bot <gvisor-bot@google.com>2021-01-22 16:28:00 -0800
commit99aa5eedcfa3f2e458171cbc6b20ee6f78af3229 (patch)
tree83f5d1b2afca0b5bc9f2f44bd44ae4df15fc00b4 /g3doc
parent18ebec0ec957f1af0af3aa8fc2145c394552e042 (diff)
Update containerd minimal version
PiperOrigin-RevId: 353340554
Diffstat (limited to 'g3doc')
-rw-r--r--g3doc/user_guide/FAQ.md7
-rw-r--r--g3doc/user_guide/containerd/configuration.md25
-rw-r--r--g3doc/user_guide/containerd/quick_start.md5
3 files changed, 12 insertions, 25 deletions
diff --git a/g3doc/user_guide/FAQ.md b/g3doc/user_guide/FAQ.md
index 69033357c..8e5721ad1 100644
--- a/g3doc/user_guide/FAQ.md
+++ b/g3doc/user_guide/FAQ.md
@@ -137,9 +137,16 @@ sandbox isolation. There are a few different workarounds you can try:
* Use IPs instead of container names.
* Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes.
+### I'm getting an error like `dial unix /run/containerd/s/09e4...8cff: connect: connection refused: unknown` {#shim-connect}
+
+This error may happen when using `gvisor-containerd-shim` with a `containerd`
+that does not contain the fix for [CVE-2020-15257]. The resolve the issue,
+update containerd to 1.3.9 or 1.4.3 (or newer versions respectively).
+
[security-model]: /docs/architecture_guide/security/
[host-net]: /docs/user_guide/networking/#network-passthrough
[debugging]: /docs/user_guide/debugging/
[filesystem]: /docs/user_guide/filesystem/
[docker]: /docs/user_guide/quick_start/docker/
[k8s]: /docs/user_guide/quick_start/kubernetes/
+[CVE-2020-15257]: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
diff --git a/g3doc/user_guide/containerd/configuration.md b/g3doc/user_guide/containerd/configuration.md
index 4f5e721be..011af3b10 100644
--- a/g3doc/user_guide/containerd/configuration.md
+++ b/g3doc/user_guide/containerd/configuration.md
@@ -1,8 +1,8 @@
# Containerd Advanced Configuration
This document describes how to configure runtime options for
-`containerd-shim-runsc-v1`. This follows the
-[Containerd Quick Start](./quick_start.md) and requires containerd 1.2 or later.
+`containerd-shim-runsc-v1`. You can find the installation instructions and
+minimal requirements in [Containerd Quick Start](./quick_start.md).
## Shim Configuration
@@ -47,27 +47,6 @@ When you are done, restart containerd to pick up the changes.
sudo systemctl restart containerd
```
-### Containerd 1.2
-
-For containerd 1.2, the config file is not configurable. It should be named
-`config.toml` and located in the runtime root. By default, this is
-`/run/containerd/runsc`.
-
-### Example: Enable the KVM platform
-
-gVisor enables the use of a number of platforms. This example shows how to
-configure `containerd-shim-runsc-v1` to use gvisor with the KVM platform.
-
-Find out more about platform in the
-[Platforms Guide](../../architecture_guide/platforms.md).
-
-```shell
-cat <<EOF | sudo tee /etc/containerd/runsc.toml
-[runsc_config]
- platform = "kvm"
-EOF
-```
-
## Debug
When `shim_debug` is enabled in `/etc/containerd/config.toml`, containerd will
diff --git a/g3doc/user_guide/containerd/quick_start.md b/g3doc/user_guide/containerd/quick_start.md
index a98fe5c4a..132d80927 100644
--- a/g3doc/user_guide/containerd/quick_start.md
+++ b/g3doc/user_guide/containerd/quick_start.md
@@ -1,7 +1,7 @@
# Containerd Quick Start
This document describes how to use `containerd-shim-runsc-v1` with the
-containerd runtime handler support on `containerd` 1.2 or later.
+containerd runtime handler support on `containerd`.
> ⚠️ NOTE: If you are using Kubernetes and set up your cluster using kubeadm you
> may run into issues. See the [FAQ](../FAQ.md#runtime-handler) for details.
@@ -11,7 +11,8 @@ containerd runtime handler support on `containerd` 1.2 or later.
- **runsc** and **containerd-shim-runsc-v1**: See the
[installation guide](/docs/user_guide/install/).
- **containerd**: See the [containerd website](https://containerd.io/) for
- information on how to install containerd.
+ information on how to install containerd. **Minimal version supported: 1.3.9
+ or 1.4.3.**
## Configure containerd