Merge pull request #23468 from zhangguanzhang/update-zh-container-runtimes

[zh] fix and update setup/production-environment/container-runtimes.md

Author: k8s-ci-robot

content/zh/docs/setup/production-environment/container-runtimes.md

@@ -35,13 +35,13 @@ A flaw was found in the way runc handled system file descriptors when running co
 A malicious container could use this flaw to overwrite contents of the runc binary and
 consequently run arbitrary commands on the container host system.
 
-Please refer to this link for more information about this issue
-[cve-2019-5736 : runc vulnerability ] (https://access.redhat.com/security/cve/cve-2019-5736)
+Please refer to [CVE-2019-5736](https://access.redhat.com/security/cve/cve-2019-5736) for more
+information about the issue.
 -->
 我们发现 runc 在运行容器，处理系统文件描述符时存在一个漏洞。
 恶意容器可以利用此漏洞覆盖 runc 二进制文件的内容，并以此在主机系统的容器上运行任意的命令。
 
-请参考此链接以获取有关此问题的更多信息 [cve-2019-5736 : runc vulnerability ](https://access.redhat.com/security/cve/cve-2019-5736)
+请参考此链接以获取有关此问题的更多信息 [cve-2019-5736: runc vulnerability](https://access.redhat.com/security/cve/cve-2019-5736)
 {{< /caution >}}
 
 <!--
@@ -120,15 +120,15 @@ is to drain the Node from its workloads, remove it from the cluster and re-join
 ## Docker
 
 On each of your machines, install Docker.
-Version 19.03.4 is recommended, but 1.13.1, 17.03, 17.06, 17.09, 18.06 and 18.09 are known to work as well.
+Version 19.03.11 is recommended, but 1.13.1, 17.03, 17.06, 17.09, 18.06 and 18.09 are known to work as well.
 Keep track of the latest verified Docker version in the Kubernetes release notes.
 
 Use the following commands to install Docker on your system:
 -->
 ## Docker
 
 在您的每台机器上安装 Docker。
-推荐安装 19.03.4 版本，但是 1.13.1、17.03、17.06、17.09、18.06 和 18.09 版本也是可以的。
+推荐安装 19.03.11 版本，但是 1.13.1、17.03、17.06、17.09、18.06 和 18.09 版本也是可以的。
 请跟踪 Kubernetes 发行说明中经过验证的 Docker 最新版本变化。
 
 使用以下命令在您的系统上安装 Docker：
@@ -244,10 +244,10 @@ yum-config-manager \
     https://download.docker.com/linux/centos/docker-ce.repo
 
 ## Install Docker CE.
-yum update && yum install \
-  containerd.io-1.2.10 \
-  docker-ce-19.03.4 \
-  docker-ce-cli-19.03.4
+yum update -y && yum install -y \
+  containerd.io-1.2.13 \
+  docker-ce-19.03.11 \
+  docker-ce-cli-19.03.11
 
 ## Create /etc/docker directory.
 mkdir /etc/docker
@@ -285,7 +285,10 @@ yum-config-manager \
 
 ```shell
 ## 安装 Docker CE.
-yum update && yum install docker-ce-18.06.2.ce
+yum update -y && yum install -y \
+  containerd.io-1.2.13 \
+  docker-ce-19.03.11 \
+  docker-ce-cli-19.03.11
 ```
 
 ```shell
@@ -525,24 +528,52 @@ apt-get update
 apt-get install cri-o-1.15
 ```
 {{% /tab %}}
-{{% tab name="CentOS/RHEL 7.4+" codelang="bash" %}}
+{{% tab name="CentOS" %}}
 
 <!--
-# Install prerequisites
-yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/
+To install on the following operating systems, set the environment variable $OS to the appropriate field in the following table:
 
-# Install CRI-O
-yum install --nogpgcheck cri-o
--->
+| Operating system | $OS               |
+| ---------------- | ----------------- |
+| Centos 8         | `CentOS_8`        |
+| Centos 8 Stream  | `CentOS_8_Stream` |
+| Centos 7         | `CentOS_7`        |
+
+<br />
+Then, set `$VERSION` to the CRI-O version that matches your Kubernetes version.
+For instance, if you want to install CRI-O 1.18, set `VERSION=1.18`.
+You can pin your installation to a specific release.
+To install version 1.18.3, set `VERSION=1.18:1.18.3`.
+<br />
 
+Then run
 ```shell
-# 安装必备软件
-yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/
+curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
+curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
+yum install cri-o
 ```
+-->
+
+要在以下操作系统上安装，请将环境变量 `$OS` 设置为下表中的相应字段：
+
+| 操作系统          | $OS               |
+| ---------------- | ----------------- |
+| Centos 8         | `CentOS_8`        |
+| Centos 8 Stream  | `CentOS_8_Stream` |
+| Centos 7         | `CentOS_7`        |
+
+<br />
+然后将 `$VERSION` 设置为与你的 Kubernetes 相匹配的 CRI-O 版本。
+例如，如果要安装 CRI-O 1.18，请设置 `VERSION=1.18`。
+你也可以安装特定版本，例如 1.18.3，请设置 `VERSION=1.18:1.18.3`。
+<br />
+
+确保声明变量后，使用下面命令安装
 
 ```shell
-# 安装 CRI-O
-yum install --nogpgcheck cri-o
+curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
+curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
+yum install cri-o
 ```
 
 {{% /tab %}}
@@ -552,8 +583,43 @@ yum install --nogpgcheck cri-o
 ```shell
 sudo zypper install cri-o
 ```
+
 {{% /tab %}}
 
+{{% tab name="Fedora" %}}
+<!--
+Set `$VERSION` to the CRI-O version that matches your Kubernetes version.
+For instance, if you want to install CRI-O 1.18, `VERSION=1.18`                                                                                                                                                                               
+You can find available versions with:
+```shell
+dnf module list cri-o
+```
+CRI-O does not support pinning to specific releases on Fedora.
+
+Then run
+```shell
+dnf module enable cri-o:$VERSION
+dnf install cri-o
+```
+-->
+
+将 `$VERSION` 设置为与你的 Kubernetes 相匹配的 CRI-O 版本。
+例如，如果要安装 CRI-O 1.18，请设置 `VERSION=1.18`。
+你可以用下列命令查找可用的版本：
+
+```shell
+dnf module list cri-o
+```
+
+CRI-O 不支持在 Fedora 上固定到特定的版本。
+运行下列命令安装
+
+```shell
+dnf module enable cri-o:$VERSION
+dnf install cri-o
+```
+
+{{% /tab %}}
 {{< /tabs >}}
 
 <!--