Merge pull request #38836 from windsonsea/conrun

[zh] sync container-runtimes.md

Author: k8s-ci-robot

content/zh-cn/docs/setup/production-environment/container-runtimes.md

@@ -99,20 +99,11 @@ For more information, see [Network Plugin Requirements](/docs/concepts/extend-ku
 <!-- 
 ### Forwarding IPv4 and letting iptables see bridged traffic
 
-Verify that the `br_netfilter` module is loaded by running `lsmod | grep br_netfilter`. 
-
-To load it explicitly, run `sudo modprobe br_netfilter`.
-
-In order for a Linux node's iptables to correctly view bridged traffic, verify that `net.bridge.bridge-nf-call-iptables` is set to 1 in your `sysctl` config. For example: 
+Execute the below mentioned instructions:
 -->
 ### 转发 IPv4 并让 iptables 看到桥接流量
 
-通过运行 `lsmod | grep br_netfilter` 来验证 `br_netfilter` 模块是否已加载。
-
-若要显式加载此模块，请运行 `sudo modprobe br_netfilter`。
-
-为了让 Linux 节点的 iptables 能够正确查看桥接流量，请确认 `sysctl` 配置中的
-`net.bridge.bridge-nf-call-iptables` 设置为 1。例如：
+执行下述指令：
 
 ```bash
 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
@@ -134,6 +125,26 @@ EOF
 sudo sysctl --system
 ```
 
+<!--
+Verify that the `br_netfilter`, `overlay` modules are loaded by running below instructions:
+-->
+通过运行以下指令确认 `br_netfilter` 和 `overlay` 模块被加载：
+
+```bash
+lsmod | grep br_netfilter
+lsmod | grep overlay
+```
+
+<!--
+Verify that the `net.bridge.bridge-nf-call-iptables`, `net.bridge.bridge-nf-call-ip6tables`, `net.ipv4.ip_forward` system variables are set to 1 in your `sysctl` config by running below instruction:
+-->
+通过运行以下指令确认 `net.bridge.bridge-nf-call-iptables`、`net.bridge.bridge-nf-call-ip6tables`
+和 `net.ipv4.ip_forward` 系统变量在你的 `sysctl` 配置中被设置为 1：
+
+```bash
+sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
+```
+
 <!--
 ## Cgroup drivers
 
@@ -378,6 +389,20 @@ CRI 集成插件。
 你需要启用 CRI 支持才能在 Kubernetes 集群中使用 containerd。
 要确保 `cri` 没有出现在 `/etc/containerd/config.toml` 文件中 `disabled_plugins`
 列表内。如果你更改了这个文件，也请记得要重启 `containerd`。
+
+<!--
+If you experience container crash loops after the initial cluster installation or after
+installing a CNI, the containerd configuration provided with the package might contain
+incompatible configuration parameters. Consider resetting the containerd configuration
+with `containerd config default > /etc/containerd/config.toml` as specified in
+[getting-started.md](https://github.com/containerd/containerd/blob/main/docs/getting-started.md#advanced-topics)
+and then set the configuration parameters specified above accordingly.
+-->
+如果你在初次安装集群后或安装 CNI 后遇到容器崩溃循环，则随软件包提供的 containerd
+配置可能包含不兼容的配置参数。考虑按照
+[getting-started.md](https://github.com/containerd/containerd/blob/main/docs/getting-started.md#advanced-topics)
+中指定的 `containerd config default > /etc/containerd/config.toml` 重置 containerd
+配置，然后相应地设置上述配置参数。
 {{< /note >}}
 
 <!--
@@ -495,11 +520,11 @@ Docker Engine with Kubernetes.
 -->
 以下操作假设你使用 [`cri-dockerd`](https://github.com/Mirantis/cri-dockerd) 适配器来将
 Docker Engine 与 Kubernetes 集成。
-{{< /note >}} 
+{{< /note >}}
 
 <!--
 1. On each of your nodes, install Docker for your Linux distribution as per
-   [Install Docker Engine](https://docs.docker.com/engine/install/#server). 
+  [Install Docker Engine](https://docs.docker.com/engine/install/#server).
 -->
 1. 在你的每个节点上，遵循[安装 Docker Engine](https://docs.docker.com/engine/install/#server)
    指南为你的 Linux 发行版安装 Docker。
@@ -539,7 +564,8 @@ visit [MCR Deployment Guide](https://docs.mirantis.com/mcr/20.10/install.html).
 请访问 [MCR 部署指南](https://docs.mirantis.com/mcr/20.10/install.html)。
 
 <!-- 
-Check the systemd unit named `cri-docker.socket` to find out the path to the CRI socket.
+Check the systemd unit named `cri-docker.socket` to find out the path to the CRI
+socket.
 -->
 检查名为 `cri-docker.socket` 的 systemd 单元以找出 CRI 套接字的路径。