"Killer Shell CKA - Apiserver Crash"의 두 판 사이의 차이

2025년 9월 19일 (금) 20:10 기준 최신판

1 개요[ | ]

Killer Shell CKA - Apiserver Crash

https://killercoda.com/killer-shell-cka/scenario/apiserver-crash
Kubernetes의 kube-apiserver 매니페스트에 의도적으로 잘못된 인자를 추가하거나 YAML 문법 오류를 넣어 장애 상황을 만들어 보고 백업본으로 복구하는 실습

2 최초 상태[ | ]

controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   1 (27m ago)   31d

3 실험1[ | ]

3.1 수정1[ | ]

# 수정 전 원본 백업!
cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori

kube-apiserver를 Crash 시키기 위해 매니페스트 파일에 잘못된 인수를 추가한다.

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

...
  - command:
    - kube-apiserver
    - --this-is-very-wrong ## 추가
    - --advertise-address=172.30.1.2

3.2 확인1[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep apiserver
c2fd5e7298b80       ee794efa53d85       1 second ago        Exited              kube-apiserver            1                   395619c032af5       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs c2fd5e7298b80
Error: unknown flag: --this-is-very-wrong

3.3 복구1[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0               31d

4 실험2[ | ]

4.1 수정2[ | ]

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

...
    #- --etcd-servers=https://127.0.0.1:2379
    - --etcd-servers=this-is-very-wrong

4.2 확인2[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep api
3be4df346fbff       ee794efa53d85       28 seconds ago      Exited              kube-apiserver            0                   37291352696b2       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs 3be4df346fbff
...
W0919 11:05:34.885990       1 logging.go:55] [core] [Channel #1 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
W0919 11:05:35.683576       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
F0919 11:05:39.561206       1 instance.go:226] Error creating leases: error creating storage factory: context deadline exceeded

4.3 복구2[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0              31d

5 실험3[ | ]

5.1 수정3[ | ]

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#apiVersion: v1
apiVersionTHIS IS VERY ::::: WRONG v1

5.2 확인3[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep api
controlplane:~$

controlplane:~$ tail -f /var/log/syslog | grep apiserver
...
2025-09-19T11:09:32.736629+00:00 controlplane kubelet[1554]: E0919 11:09:32.736321    1554 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(Object 'apiVersion' is missing in '{\"apiVersionTHIS IS VERY ::::\":\"WRONG v1\",\"kind\":\"Pod\",..., please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"

5.3 복구3[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0              31d

6 같이 보기[ | ]

Killer Shell CKA

@@ 1번째 줄: / 1번째 줄: @@
 ==개요==
-;killercoda CKA - Apiserver Crash
+;Killer Shell CKA - Apiserver Crash
-* Kubernetes의 kube-apiserver 매니페스트에 의도적으로 잘못된 인자를 추가하거나 YAML 문법 오류를 넣어 장애 상황을 만드는 실습
+* https://killercoda.com/killer-shell-cka/scenario/apiserver-crash
+* Kubernetes의 kube-apiserver 매니페스트에 의도적으로 잘못된 인자를 추가하거나 YAML 문법 오류를 넣어 장애 상황을 만들어 보고 백업본으로 복구하는 실습
 ==최초 상태==
 <syntaxhighlight lang='console'>
-controlplane:~$ k get pod -A
+controlplane:~$ k get pod -A | grep api
-NAMESPACE            NAME                                      READY   STATUS    RESTARTS      AGE
+kube-system          kube-apiserver-controlplane               1/1     Running   1 (27m ago)   31d
-kube-system          calico-kube-controllers-fdf5f5495-8jbqm   1/1     Running   1 (14m ago)   30d
-kube-system          canal-rtfc5                               2/2     Running   2 (14m ago)   30d
-kube-system          coredns-6ff97d97f9-2rxsf                  1/1     Running   1 (14m ago)   30d
-kube-system          coredns-6ff97d97f9-85m5c                  1/1     Running   1 (14m ago)   30d
-kube-system          etcd-controlplane                         1/1     Running   1 (14m ago)   30d
-kube-system          kube-apiserver-controlplane               1/1     Running   1 (14m ago)   30d
-kube-system          kube-controller-manager-controlplane      1/1     Running   1 (14m ago)   30d
-kube-system          kube-proxy-7kdz8                          1/1     Running   1 (14m ago)   30d
-kube-system          kube-scheduler-controlplane               1/1     Running   1 (14m ago)   30d
-local-path-storage   local-path-provisioner-5c94487ccb-gmwjg   1/1     Running   1 (14m ago)   30d
 </syntaxhighlight>
-==변경==
+==실험1==
-kube-apiserver를 Crash 시키기 위해 매니페스트 파일([[/etc/kubernetes/manifests/kube-apiserver.yaml]])에 잘못된 인수를 추가한다.
+===수정1===
 <syntaxhighlight lang='bash'>
-# 일단 백업!
+# 수정 전 원본 백업!
 cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori
+</syntaxhighlight>
-# 수정
+kube-apiserver를 Crash 시키기 위해 매니페스트 파일에 잘못된 인수를 추가한다.
-vim /etc/kubernetes/manifests/kube-apiserver.yaml
+<syntaxhighlight lang='console'>
+controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
 </syntaxhighlight>
 <syntaxhighlight lang='yaml'>
-# - --etcd-servers=https://127.0.0.1:2379
+...
-- --etcd-servers=this-is-very-wrong
+  - command:
+    - kube-apiserver
+    - --this-is-very-wrong ## 추가
+    - --advertise-address=172.30.1.2
 </syntaxhighlight>
-==확인==
+===확인1===
 <syntaxhighlight lang='console'>
-controlplane:~$ k -n kube-system get pod
+controlplane:~$ k get pod -A
 The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?
 </syntaxhighlight>
 <syntaxhighlight lang='console'>
 controlplane:~$ crictl ps -a | grep apiserver
-d4f2aead6efd1       ee794efa53d85       About a minute ago   Exited              kube-apiserver            5                   52e3a48665b8e       kube-apiserver-controlplane               kube-system
+c2fd5e7298b80       ee794efa53d85       1 second ago        Exited              kube-apiserver            1                   395619c032af5       kube-apiserver-controlplane               kube-system
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ crictl logs c2fd5e7298b80
+Error: unknown flag: --this-is-very-wrong
+</syntaxhighlight>
+===복구1===
+<syntaxhighlight lang='console'>
+controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
+controlplane:~$ k get pod -A | grep api
+kube-system          kube-apiserver-controlplane               1/1     Running   0               31d
+</syntaxhighlight>
+==실험2==
+===수정2===
+<syntaxhighlight lang='console'>
+controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
+</syntaxhighlight>
+<syntaxhighlight lang='yaml'>
+...
+    #- --etcd-servers=https://127.0.0.1:2379
+    - --etcd-servers=this-is-very-wrong
+</syntaxhighlight>
+===확인2===
+<syntaxhighlight lang='console'>
+controlplane:~$ k get pod -A
+The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ crictl ps -a | grep api
+be4df346fbff       ee794efa53d85       28 seconds ago      Exited              kube-apiserver            0                   37291352696b2       kube-apiserver-controlplane               kube-system
 </syntaxhighlight>
 <syntaxhighlight lang='console'>
-controlplane:~$ crictl logs d4f2aead6efd1
+controlplane:~$ crictl logs 3be4df346fbff
 ...
-I0918 10:29:07.634977       1 shared_informer.go:350] "Waiting for caches to sync" controller="*generic.policySource[*k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy,*k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding,k8s.io/apiserver/pkg/admission/plugin/policy/validating.Validator]"
+W0919 11:05:34.885990       1 logging.go:55] [core] [Channel #1 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
-W0918 10:29:07.635469       1 logging.go:55] [core] [Channel #5 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
+W0919 11:05:35.683576       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
-W0918 10:29:08.626327       1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
+F0919 11:05:39.561206       1 instance.go:226] Error creating leases: error creating storage factory: context deadline exceeded
-W0918 10:29:08.626403       1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
 </syntaxhighlight>
-==복구==
+===복구2===
 <syntaxhighlight lang='console'>
 controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
-controlplane:~$ kubectl get pod -A
+controlplane:~$ k get pod -A | grep api
-NAMESPACE            NAME                                      READY   STATUS    RESTARTS      AGE
+kube-system          kube-apiserver-controlplane               1/1     Running   0              31d
-kube-system          calico-kube-controllers-fdf5f5495-8jbqm   1/1     Running   1 (30m ago)   30d
+</syntaxhighlight>
-kube-system          canal-rtfc5                               2/2     Running   2 (30m ago)   30d
-kube-system          coredns-6ff97d97f9-2rxsf                  1/1     Running   1 (30m ago)   30d
+==실험3==
-kube-system          coredns-6ff97d97f9-85m5c                  1/1     Running   1 (30m ago)   30d
+===수정3===
-kube-system          etcd-controlplane                         1/1     Running   1 (30m ago)   30d
+<syntaxhighlight lang='console'>
-kube-system          kube-apiserver-controlplane               1/1     Running   1 (30m ago)   30d
+controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
-kube-system          kube-controller-manager-controlplane      1/1     Running   1 (30m ago)   30d
+</syntaxhighlight>
-kube-system          kube-proxy-7kdz8                          1/1     Running   1 (30m ago)   30d
+<syntaxhighlight lang='yaml'>
-kube-system          kube-scheduler-controlplane               1/1     Running   1 (30m ago)   30d
+#apiVersion: v1
-local-path-storage   local-path-provisioner-5c94487ccb-gmwjg   1/1     Running   1 (30m ago)   30d
+apiVersionTHIS IS VERY ::::: WRONG v1
+</syntaxhighlight>
+===확인3===
+<syntaxhighlight lang='console'>
+controlplane:~$ k get pod -A
+The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ crictl ps -a | grep api
+controlplane:~$
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ tail -f /var/log/syslog | grep apiserver
+...
+-09-19T11:09:32.736629+00:00 controlplane kubelet[1554]: E0919 11:09:32.736321    1554 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(Object 'apiVersion' is missing in '{\"apiVersionTHIS IS VERY ::::\":\"WRONG v1\",\"kind\":\"Pod\",..., please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"
+</syntaxhighlight>
+===복구3===
+<syntaxhighlight lang='console'>
+controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
+controlplane:~$ k get pod -A | grep api
+kube-system          kube-apiserver-controlplane               1/1     Running   0              31d
 </syntaxhighlight>
 ==같이 보기==
-* [[killercoda CKA]]
+* [[Killer Shell CKA]]
-==참고==
-* https://killercoda.com/killer-shell-cka/scenario/apiserver-crash
 [[분류: Killer Shell CKA]]