kubernetes · vincepri · Sep 4, 2018 · bart0sh · Sep 10, 2018 · vincepri
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -249,7 +249,7 @@ networking:
   podSubnet: ""
   serviceSubnet: 10.96.0.0/12
 nodeRegistration:
-  criSocket: /var/run/dockershim.sock
+  criSocket: /var/run/containerd/containerd.sock
   name: your-host-name
   taints:
   - effect: NoSchedule
@@ -368,41 +368,22 @@ Here's a breakdown of what/why:
    certificates from the `kube-apiserver` when the certificate expiration approaches.
 * `--cert-dir`the directory where the TLS certs are located.
 
-### Use kubeadm with other CRI runtimes
+### Use kubeadm with containerd
 
-Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
-The container runtime used by default is Docker, which is enabled through the built-in
-`dockershim` CRI implementation inside of the `kubelet`.
+From v1.12.0 the suggested kubeadm CRI is containerd. For further information refer to [CRI Installation](/docs/setup/cri/cri-installation/) instructions.
 
-Other CRI-based runtimes include:
-
-- [cri-containerd](https://github.com/containerd/cri-containerd)
-- [cri-o](https://github.com/kubernetes-incubator/cri-o)
-- [frakti](https://github.com/kubernetes/frakti)
-- [rkt](https://github.com/kubernetes-incubator/rktlet)
-
-After you have successfully installed `kubeadm` and `kubelet`, execute
-these two additional steps:
-
-1. Install the runtime shim on every node, following the installation
-   document in the runtime shim project listing above.
-
-1. Configure kubelet to use the remote CRI runtime. Please remember to change
-   `RUNTIME_ENDPOINT` to your own value like `/var/run/{your_runtime}.sock`:
-
-```shell
-cat > /etc/systemd/system/kubelet.service.d/20-cri.conf <<EOF
-[Service]
-Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=$RUNTIME_ENDPOINT"
-EOF
-systemctl daemon-reload
+After installing containerd, you should set `--cri-socket` in kubeadm init and kubeadm reset. Or, in alternative to command line flags, supply the containerd socket in your kubeadm configuration as shown in the example below:
+```yaml
+nodeRegistration:
+  criSocket: /var/run/containerd/containerd.sock
 ```
 
-Now `kubelet` is ready to use the specified CRI runtime, and you can continue
-with the `kubeadm init` and `kubeadm join` workflow to deploy Kubernetes cluster.
-
-You may also want to set `--cri-socket` to `kubeadm init` and `kubeadm reset` when
-using an external CRI implementation.
+In addition, you should set kubectl flag `--container-runtime-endpoint` to containerd socket address. This can be done through kubeadm configuration as shown in the example below:
+```yaml
+nodeRegistration:
+  kubeletExtraArgs:
+    container-runtime-endpoint: unix:///var/run/containerd/containerd.sock
+```
 
 ### Using internal IPs in your cluster
 

diff --git a/content/en/docs/setup/cri/_index.md b/content/en/docs/setup/cri/_index.md
@@ -0,0 +1,4 @@
+---
+title: Kubernetes CRI
+weight: 30
+---
diff --git a/content/en/docs/setup/cri/cri-installation.md b/content/en/docs/setup/cri/cri-installation.md
@@ -0,0 +1,140 @@
+---
+reviewers:
+- vincepri
+title: CRI installation
+content_template: templates/concept
+weight: 100
+---
+{{% capture overview %}}
+Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
+This page contains installation instruction for various runtimes.
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+### Containerd
+
+This section contains the necessary steps to use `containerd` as CRI with kubeadm.
+
+#### Prerequisites
+
+```shell
+modprobe overlay
+modprobe br_netfilter
+
+# Setup required sysctl params, these persist across reboots.
+cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sysctl --system
+```
+
+{{< tabs name="tab-cri-containerd-installation" >}}
+{{< tab name="Ubuntu 16.04+" codelang="bash" >}}
+apt-get install -y libseccomp2
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+yum install -y libseccomp
+{{< /tab >}}
+{{< /tabs >}}
+
+#### Install containerd
+
+[Containerd releases](https://github.com/containerd/containerd/releases) are published regularly, the values below are hardcoded to the latest version available at the time of writing. Please check for newer versions and hashes [here](https://storage.googleapis.com/cri-containerd-release).
+
+```shell
+# Export required environment variables.
+export CONTAINERD_VERSION="1.1.2"
+export CONTAINERD_SHA256="d4ed54891e90a5d1a45e3e96464e2e8a4770cd380c21285ef5c9895c40549218"
+
+# Download containerd tar.
+wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# Check hash.
+echo "${CONTAINERD_SHA256} cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" | sha256sum --check -
+
+# Unpack.
+tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# Start containerd.
+systemctl start containerd
+```
+
+### Docker
+
+{{< tabs name="tab-cri-docker-installation" >}}
+{{< tab name="Ubuntu 16.04" codelang="bash" >}}
+# Install prerequisites.
+apt-get install apt-transport-https ca-certificates curl software-properties-common
+
+# Download GPG key.
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+# Add docker apt repository. 
+add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+
+# Install docker.
+apt-get update && apt-get install docker-ce=17.03.2~ce-0~ubuntu-xenial
+
+# Setup daemon.
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# Restart docker.
+systemctl daemon-reload
+systemctl restart docker
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+# Install prerequisites.
+yum install yum-utils device-mapper-persistent-data lvm2
+
+# Add docker repository. 
+yum-config-manager \
+    --add-repo \
+    https://download.docker.com/linux/centos/docker-ce.repo
+
+# Install docker.
+apt-get update && yum install docker-ce-17.03.2.ce
+
+# Setup daemon.
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# Restart docker.
+systemctl daemon-reload
+systemctl restart docker
+{{< /tab >}}
+{{< /tabs >}}
+
+
+{{% /capture %}}
diff --git a/content/en/docs/setup/independent/install-kubeadm.md b/content/en/docs/setup/independent/install-kubeadm.md
@@ -79,57 +79,9 @@ The pod network plugin you use (see below) may also require certain ports to be
 open. Since this differs with each pod network plugin, please see the
 documentation for the plugins about what port(s) those need.
 
-## Installing Docker
+## Installing a CRI
 
-On each of your machines, install Docker.
-Version 17.03 is recommended, but 1.11, 1.12 and 1.13 are known to work as well.
-Versions 17.06+ _might work_, but have not yet been tested and verified by the Kubernetes node team.
-Keep track of the latest verified Docker version in the Kubernetes release notes.
-
-Please proceed with executing the following commands based on your OS as root. You may become the root user by executing `sudo -i` after SSH-ing to each host.
-
-If you already have the required versions of the Docker installed, you can move on to next section.
-If not, you can use the following commands to install Docker on your system:
-
-{{< tabs name="docker_install" >}}
-{{% tab name="Ubuntu, Debian or HypriotOS" %}}
-Install Docker from Ubuntu's repositories:
-
-```bash
-apt-get update
-apt-get install -y docker.io
-```
-
-or install Docker CE 17.03 from Docker's repositories for Ubuntu or Debian:
-
-```bash
-apt-get update
-apt-get install -y apt-transport-https ca-certificates curl software-properties-common
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
-apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
-```
-{{% /tab %}}
-{{% tab name="CentOS, RHEL or Fedora" %}}
-Install Docker using your operating system's bundled package:
-
-```bash
-yum install -y docker
-systemctl enable docker && systemctl start docker
-```
-{{% /tab %}}
-{{% tab name="Container Linux" %}}
-Enable and start Docker:
-
-```bash
-systemctl enable docker && systemctl start docker
-```
-{{% /tab %}}
-{{< /tabs >}}
-
-
-Refer to the [official Docker installation guides](https://docs.docker.com/engine/installation/)
-for more information.
+Refer to the [CRI installation](/docs/setup/cri/cri-installation/) guide for more information.
 
 ## Installing kubeadm, kubelet and kubectl