K8s validate CRI v1 runtime API Error

들어가며

kubeadm 설치 후 kubeadm init을 처음 실행하면 CRI 오류가 발생합니다. 이때 발생하는 오류 해결 방법을 다룹니다.

해결 방법

K8 초기 설정을 진행하려고 kubeadm init을 실행하면 다음과 같은 오류가 발생합니다.

$ sudo kubeadm init
[init] Using Kubernetes version: v1.32.1
[preflight] Running pre-flight checks
W0123 09:15:42.464741 2606700 checks.go:1080] [preflight] WARNING: Couldn't create the interface used for talking to the container runtime: failed to create new CRI runtime service: validate service connection: validate CRI v1 runtime API for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
failed to create new CRI runtime service: validate service connection: validate CRI v1 runtime API for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

처음 설치 후 발생하는 CRI 오류는 containerd 설정 파일에서 CRI 플러그인이 비활성화되어 있어 발생합니다. Ubuntu 기준으로, /etc/containerd/config.toml 파일에 해당 설정이 정의되어 있습니다. 해당 파일을 열어 봅시다.

  1 #   Copyright 2018-2022 Docker Inc.
  2
  3 #   Licensed under the Apache License, Version 2.0 (the "License");
  4 #   you may not use this file except in compliance with the License.
  5 #   You may obtain a copy of the License at
  6
  7 #       http://www.apache.org/licenses/LICENSE-2.0
  8
  9 #   Unless required by applicable law or agreed to in writing, software
 10 #   distributed under the License is distributed on an "AS IS" BASIS,
 11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12 #   See the License for the specific language governing permissions and
 13 #   limitations under the License.
 14
 15 disabled_plugins = ["cri"]
 16
 17 #root = "/var/lib/containerd"
 18 #state = "/run/containerd"
 19 #subreaper = true
 20 #oom_score = 0
 21
 22 #[grpc]
 23 #  address = "/run/containerd/containerd.sock"
 24 #  uid = 0
 25 #  gid = 0
 26
 27 #[debug]
 28 #  address = "/run/containerd/debug.sock"

15번째 줄 맨 앞에 #를 추가하여 disabled_plugins를 주석처리합시다. 저장하고 containerd 서비스를 재시작한 뒤 다시 init을 실행해 봅시다.

$ kubeadm init
[init] Using Kubernetes version: v1.32.1
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action beforehand using 'kubeadm config images pull'
W0123 09:16:18.066020 2607470 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.
[certs] Using certificateDir folder "/etc/kubernetes/pki"

...

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.0.13:6443 --token adsfas.asdfasfadsfasfasf \
	--discovery-token-ca-cert-hash sha256:asdfasdfasfadfsdfdasdfsfasdf

성공했네요, 이제 정상적으로 배포할 수 있습니다.

참고