I have the following problem when I want to use the client for CRI

[jhonfcp]

transport: dial unix /var/run/dockershim.sock: connect: no such file or directory

any suggest..?

[yujuhong]

You should set the runtime-endpoint and image-endpoint to wherever your CRI server is running.

[jhonfcp]

But those parameters where I look for them kubelet..?
Other question... what is the difference with crt and crictl ?? are the same..?? my problem was the second command

[feiskyer]

@jhonfcp Which version of kubernetes are you running? dockershim.sock only exist after CRI is introduced in kubelet, e.g. v1.6+.

what is the difference with crt and crictl

crictl is the command line interface for CRI, but I'm not sure what is crt, where does it comes from?

[nicolaiskogheim]

I may have the same issue.
I

• built crictl from master [1]
• scped it to my server:/usr/local/bin
• ran kubeadm init

Output:

 [ERROR CRI]: unable to check if the container runtime at "/var/run/dockershim.sock" is running: exit status 1`.

The file/socket /var/run/dockershim.sock does not exist.

crictl does, obviously, not work by itself either.

$ crictl ps
2017/12/23 02:57:23 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: dial unix /var/run/dockershim.sock: connect: no such file or directory"; Reconnecting to {/var/run/dockershim.sock <nil>}
FATA[0000] listing containers failed: rpc error: code = Unavailable desc = grpc: the connection is unavailable

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

$ uname -a
Linux hostname 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux

$ file /usr/local/bin/crictl
/usr/local/bin/crictl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped

$ crictl --version
crictl version 1.0.0-alpha.0

$ docker --version
Docker version 17.03.1-ce, build c6d412e

[1] At the time of writing it's the same as v1.0.0-alpha.0 except changes code of conduct.

---

Any words of advice would be much appreciated.

I did not understand the following either

You should set the runtime-endpoint and image-endpoint to wherever your CRI server is running.

[nicolaiskogheim]

You should set the runtime-endpoint and image-endpoint to wherever your CRI server is running.

How do I know where it is running? What is that server? Is docker-engine a CRI server? Can I create the socket with crictl? Should I? Can crictl start a CRI server?
I have so many questions. kubeadm suddenly requires a working crictl to pass preflight, but I cannot find any info to help me debug this. The only thing I know is that the dockershim concept comes from kubectl (or was is kubelet?), and so kubectl should maybe create the socket somewhere? But that doesn't make sense either, cause it would be strange if kubeadm preflight checked for the socket before starting kubectl.

[feiskyer]

@nicolaiskogheim I'm assuming you are using docker runtime with kubelet. The file "/var/run/dockershim.sock" is created by kubelet. So could you verify whether kubelet is started properly?

[nicolaiskogheim]

I'm assuming you are using docker runtime with kubelet

Yes.

I just install kubelet, kubeadm and kubectl and then run kubeadm init. kubelet hasn't created that socket after just installing it, but the cluster works fine if I just ignore the kubeadm precheck for cri with kubeadm init --ignore-preflight-errors cri. Kubeadm falls back to regular docker stuff and probably uses /var/run/docker.sock or something.

This all is very strange to me, especially the part where kubeadm want to use something but it's very hard to find instructions to get everything installed and running. It wants crictl, which needs ocid/ocic from libpod, which is in alpha with no releases. Nothing has binary realeases, and has loads of deps. One is a prerelease of runc, (binary download, yay), and skopeo (no binaries, pre v1). I guess my gripe is with kubeadm failing precheck if you don't install loads of alpha/beta ware that's difficult to install. Sorry for ranting in your repo, I'm just so surprised that I'm the only one confused by the new cri check in kubeadm 1.9. /rant

[feiskyer]

It wants crictl, which needs ocid/ocic from libpod, which is in alpha with no releases.

Where is this from? crictl doesn't require ocid or ocic

[zamnuts]

CRI is complaining about the lack of the shim sock, which gets checked during kubeadm init preflight: [ERROR CRI]: unable to check if the container runtime at "/var/run/dockershim.sock" is running: exit status 1. I don't think this is crictl because kubeadm still complains about it even without crictl installed. FYI, CRI is a kubelet concept which is exposed as a JSON API, crictl/cri-tools is just a CLI to access kubelet's CRI API.

Also, kubeadm only warns with the lack of crictl, but doesn't require it. So, the additional dependencies only come into play when you want to use a different container runtime interface other than the dockershim that ships with kubelet. This is where you might use cri-o (formerly ocid), which must be manually built and additionally depends on runc.

Aside: on centos 7, runc v1.0.0 is available via extras, so a yum install runc should do the trick. i'm not sure about other centos versions or distros.

[zcalusic]

I also attempted to copy crictl binary manually to a new node, so that kubeadm doesn't complain. If it's true that /var/run/dockershim.sock is created by kubelet, then the issue at hand is circular dependency:

1. to start kubelet for the first time, kubeadm join must be run (resolves kubelet error: unable to load client CA file /etc/kubernetes/pki/ca.crt: open /etc/kubernetes/pki/ca.crt: no such file or directory)
2. to run kubeadm join without it complaining, crictl must be manually copied AND /var/run/dockershim.sock MUST already exist.
3. but, for that socket to exist, kubelet should have be already running, which is back to step 1)

Until this circular dependency is broken, --ignore-preflight-errors cri seems to be required to join node to a cluster.

[feiskyer]

@zcalusic Seems this is a kubeadm issue. Could you open an issue at https://github.com/kubernetes/kubeadm?

[feiskyer]

Closing it since it's actually a kubeadm issue.

[barleyer]

crictl -h
--runtime-endpoint value, -r value  Endpoint of CRI container runtime service (default: "unix:///var/run/dockershim.sock") [$CRI_RUNTIME_ENDPOINT]

[abifol]

running this command resolved the issue for me

crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock

[hub4ops]

crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock --set image-endpoint=unix:///run/containerd/containerd.sock