validate CRI v1 image API for endpoint “unix:///run/containerd/containerd.sock“

云游2025-07-08 10:25

1.现象

pull image failed: Failed to exec command: sudo -E /bin/bash -c "env PATH=$PATH crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9"

FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService: Process exited with status 1

2.原因

这个错误表明 crictl 无法通过当前配置与容器运行时(如 containerd)进行通信。具体来说,crictl 正在尝试使用 CRI v1 的 ImageService API,但目标端点(containerd)似乎没有实现该服务,或者其配置不正确。

3.解决方案

3.1查看当前 crictl 配置

cat /etc/crictl.yaml

说明它正在使用 containerd,而 containerd 没有启用 CRI 支持就会报错。

3.2使用 ctr 命令测试

ctr plugins ls

3.3 使用 crictl 测试连接

sudo crictl --runtime-endpoint unix:///run/containerd/containerd.sock info

3.4编辑 containerd 的config.toml配置文件

vi /etc/containerd/config.toml

disabled_plugins = []

plugins."io.containerd.grpc.v1.cri"

enable_selinux = false

sandbox_image = "172.23.123.117:8443/kubesphereio/pause:3.9"

plugins."io.containerd.grpc.v1.cri".registry

plugins."io.containerd.grpc.v1.cri".registry.configs

plugins."io.containerd.grpc.v1.cri".registry.configs."172.23.123.117:8443"

tls = true

cert_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert"

key_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key"

ca_file = "/etc/containerd/certs.d/172.23.123.117:8443/ca.crt"

skip_verify = false

plugins."io.containerd.grpc.v1.cri".registry.mirrors

plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"

endpoint = ["https://172.23.123.117:8443"]

plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"

endpoint = ["https://172.23.123.117:8443"]

3.4创建证书目录并复制证书:

sudo mkdir -p /etc/containerd/certs.d/172.23.123.117:8443

sudo cp /etc/docker/certs.d/172.23.123.117:8443/ca.crt /etc/containerd/certs.d/172.23.123.117:8443/ca.crt

sudo cp /etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.cert /etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert

sudo cp /etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.key /etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key

3.5重启

sudo systemctl daemon-reload

sudo systemctl restart containerd

3.6手动测试是否可以拉取镜像

sudo crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9

热门推荐
01Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code02全球最强模型Grok4,国内已可免费使用!(附教程)03MSPM0G3507——读取引脚的高低电平方法(数字信号循迹模块)04VMware Workstation Pro虚拟机的下载和安装图文保姆级教程(附下载链接)05KGG转MP3工具|非KGM文件|解密音频06腾讯还是太全面了,限时免费!超全CodeBuddy IDE保姆级教程!(附案例)07Coze 开源了,送上保姆级私有化部署方案【建议收藏】082025电赛e题:openmv识别过程丢失矩形09扣子开源本地部署教程 丨Coze智能体小白喂饭级指南102025年电子设计大赛G题《电路模型探究装置》各小问数学推导及个人思路