위키
포럼
도구
바뀐글
랜덤

Killer Shell CKA - Apiserver Misconfigured

Jmnote (토론 | 기여)님의 2025년 9월 19일 (금) 04:36 판

1 개요

Killer Shell CKA - Apiserver Misconfigured
  • API 서버 설정에 잘못된 점이 있어 API 서버가 정상적으로 동작하지 않는 상황을 해결하는 실습
controlplane:~$ kubectl get pods -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps
CONTAINER           IMAGE               CREATED             STATE               NAME                      ATTEMPT             POD ID              POD                                       NAMESPACE
5272b8b2d3244       cfed1ff748928       4 minutes ago       Running             kube-scheduler            2                   3d56d63b384e3       kube-scheduler-controlplane               kube-system
631e616327f82       ff4f56c76b82d       4 minutes ago       Running             kube-controller-manager   2                   c1c72e2effc4c       kube-controller-manager-controlplane      kube-system
4ea9b111dfae2       3461b62f768ea       50 minutes ago      Running             local-path-provisioner    1                   842db28f0bc13       local-path-provisioner-5c94487ccb-gmwjg   local-path-storage
339d6a440984b       1cf5f116067c6       50 minutes ago      Running             coredns                   1                   e0aa3be507847       coredns-6ff97d97f9-85m5c                  kube-system
7fd9984d0e4f9       1cf5f116067c6       50 minutes ago      Running             coredns                   1                   50d62e6e2ba4b       coredns-6ff97d97f9-2rxsf                  kube-system
29a549c938673       e6ea68648f0cd       50 minutes ago      Running             kube-flannel              1                   b6448e92c3d42       canal-rtfc5                               kube-system
584c06c79a88b       75392e3500e36       50 minutes ago      Running             calico-node               1                   b6448e92c3d42       canal-rtfc5                               kube-system
2e9b6487dc965       661d404f36f01       50 minutes ago      Running             kube-proxy                1                   182fb5a2d60d1       kube-proxy-7kdz8                          kube-system
9307ade8ecca8       499038711c081       51 minutes ago      Running             etcd                      1                   e7f24efc83004       etcd-controlplane                         kube-system

controlplane:~$ cat /var/log/syslog | grep kube-apiserver
...
2025-09-18T18:31:09.374852+00:00 controlplane kubelet[1560]: I0918 18:31:09.374711    1560 kubelet.go:3309] "Creating a mirror pod for static pod" pod="kube-system/kube-apiserver-controlplane"
2025-09-18T18:31:09.420997+00:00 controlplane kubelet[1560]: E0918 18:31:09.420818    1560 kubelet.go:3311] "Failed creating a mirror pod" err="pods \"kube-apiserver-controlplane\" already exists" pod="kube-system/kube-apiserver-controlplane"
2025-09-18T19:16:58.792760+00:00 controlplane kubelet[1560]: E0918 19:16:58.792415    1560 file.go:108] "Unable to process watch event" err="can't process config file \"/etc/kubernetes/manifests/kube-apiserver.yaml\": /etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(yaml: line 4: could not find expected ':'), please check config file"
2025-09-18T19:17:15.763575+00:00 controlplane kubelet[1560]: E0918 19:17:15.762697    1560 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(yaml: line 4: could not find expected ':'), please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"
2025-09-18T19:17:25.933002+00:00 controlplane kubelet[1560]: E0918 19:17:25.932844    1560 mirror_client.go:138] "Failed deleting a mirror pod" err="Delete \"https://172.30.1.2:6443/api/v1/namespaces/kube-system/pods/kube-apiserver-controlplane\": dial tcp 172.30.1.2:6443: connect: connection refused" pod="kube-system/kube-apiserver-controlplane"

controlplane:~$ cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori
controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#metadata;
metadata:

controlplane:~$ crictl logs 7c71f2d1e1dac    
Error: unknown flag: --authorization-modus

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#- --authorization-modus=Node,RBAC
- --authorization-mode=Node,RBAC

controlplane:~$ crictl ps -a | grep apiserver
...
W0918 19:33:17.646932       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
W0918 19:33:17.646968       1 logging.go:55] [core] [Channel #2 SubChannel #5]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#- --etcd-servers=https://127.0.0.1:23000
- --etcd-servers=https://127.0.0.1:2379

2 참고

원본 주소 "https://zetawiki.com/w/index.php?title=Killer_Shell_CKA_-_Apiserver_Misconfigured&oldid=940891"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}