validate CRI v1 image API for endpoint “unix:///run/containerd/containerd.sock“

云游2025-07-08 10:25

1.现象

pull image failed: Failed to exec command: sudo -E /bin/bash -c "env PATH=$PATH crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9"

FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService: Process exited with status 1

2.原因

这个错误表明 crictl 无法通过当前配置与容器运行时(如 containerd)进行通信。具体来说,crictl 正在尝试使用 CRI v1 的 ImageService API,但目标端点(containerd)似乎没有实现该服务,或者其配置不正确。

3.解决方案

3.1查看当前 crictl 配置

cat /etc/crictl.yaml

说明它正在使用 containerd,而 containerd 没有启用 CRI 支持就会报错。

3.2使用 ctr 命令测试

ctr plugins ls

3.3 使用 crictl 测试连接

sudo crictl --runtime-endpoint unix:///run/containerd/containerd.sock info

3.4编辑 containerd 的config.toml配置文件

vi /etc/containerd/config.toml

disabled_plugins = []

plugins."io.containerd.grpc.v1.cri"

enable_selinux = false

sandbox_image = "172.23.123.117:8443/kubesphereio/pause:3.9"

plugins."io.containerd.grpc.v1.cri".registry

plugins."io.containerd.grpc.v1.cri".registry.configs

plugins."io.containerd.grpc.v1.cri".registry.configs."172.23.123.117:8443"

tls = true

cert_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert"

key_file = "/etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key"

ca_file = "/etc/containerd/certs.d/172.23.123.117:8443/ca.crt"

skip_verify = false

plugins."io.containerd.grpc.v1.cri".registry.mirrors

plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"

endpoint = ["https://172.23.123.117:8443"]

plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"

endpoint = ["https://172.23.123.117:8443"]

3.4创建证书目录并复制证书:

sudo mkdir -p /etc/containerd/certs.d/172.23.123.117:8443

sudo cp /etc/docker/certs.d/172.23.123.117:8443/ca.crt /etc/containerd/certs.d/172.23.123.117:8443/ca.crt

sudo cp /etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.cert /etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.cert

sudo cp /etc/docker/certs.d/172.23.123.117:8443/172.23.123.117.key /etc/containerd/certs.d/172.23.123.117:8443/172.23.123.117.key

3.5重启

sudo systemctl daemon-reload

sudo systemctl restart containerd

3.6手动测试是否可以拉取镜像

sudo crictl pull 172.23.123.117:8443/kubesphereio/pause:3.9

热门推荐
01UV安装并设置国内源02KGG转MP3工具|非KGM文件|解密音频03Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code04蜘蛛磁力 搜索引擎大全,如何使用蜘蛛磁力查找磁力链接05Claude Code VSCode集成开发指南:AI编程助手完整配置06DeepSeek更新!速览DeepSeek V3.1新特性07【2025.08.06最新版】Android Studio下载、安装及配置记录(自动下载sdk)082025最新国内服务器可用docker源仓库地址大全(2025年8月更新)09NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南10【踩坑笔记】50系显卡适配的 PyTorch 安装