validate CRI v1 image API for endpoint “unix:///run/containerd/containerd.sock“

1.現象

pull image failed: Failed to exec command: sudo -E /bin/bash -c "env PATH=$PATH crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9"
FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService: Process exited with status 1

2.原因

? ? ? 這個錯誤表明 crictl 無法通過當前配置與容器運行時（如 containerd）進行通信。具體來說，crictl 正在嘗試使用 CRI v1 的 ImageService API，但目標端點（containerd）似乎沒有實現該服務，或者其配置不正確。

3.解決方案

3.1查看當前 crictl?配置

cat /etc/crictl.yaml

說明它正在使用 containerd，而 containerd?沒有啟用 CRI 支持就會報錯。

3.2使用 ctr 命令測試?

ctr plugins ls

3.3 使用 crictl 測試連接

sudo crictl --runtime-endpoint unix:///run/containerd/containerd.sock info

3.4編輯 containerd 的config.toml配置文件?

vi?/etc/containerd/config.toml

disabled_plugins = []
[plugins."io.containerd.grpc.v1.cri"]
??enable_selinux = false
??sandbox_image = "172.23.123.117:8443/kubesphereio/pause:3.9"
[plugins."io.containerd.grpc.v1.cri".registry]
?[plugins."io.containerd.grpc.v1.cri".registry.configs]
??[plugins."io.containerd.grpc.v1.cri".registry.configs."172.23.123.117:8443"]
????tls = true
????cert_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert"
????key_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key"
????ca_file = "/etc/containerd/certs.d/172.23.123.117:8443/ca.crt"
????skip_verify = false
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
??[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
????endpoint = ["https://172.23.123.117:8443"]
??[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
????endpoint = ["https://172.23.123.117:8443"]

3.4創建證書目錄并復制證書：

sudo mkdir -p /etc/containerd/certs.d/172.23.123.117:8443
sudo cp?/etc/docker/certs.d/172.23.123.117:8443/ca.crt?/etc/containerd/certs.d/172.23.123.117:8443/ca.crt
sudo cp?/etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.cert?/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert?
sudo cp?/etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.key /etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key

3.5重啟

sudo systemctl daemon-reload

sudo systemctl restart containerd

3.6手動測試是否可以拉取鏡像

?sudo crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/diannao/90518.shtml
繁體地址，請注明出處：http://hk.pswp.cn/diannao/90518.shtml
英文地址，請注明出處：http://en.pswp.cn/diannao/90518.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！