"Killer Shell CKA - Apiserver Misconfigured"의 두 판 사이의 차이

2025년 9월 19일 (금) 19:39 기준 최신판

1 개요[ | ]

Killer Shell CKA - Apiserver Misconfigured

https://killercoda.com/killer-shell-cka/scenario/apiserver-misconfigured
API 서버 매니페스트에 3가지 오류(YAML 구문, 잘못된 플래그, 잘못된 etcd 포트)가 포함되어 API 서버가 기동/정상동작하지 않는 상황을 진단·복구하는 실습

2 확인1: 기동 실패[ | ]

controlplane:~$ k get pods -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep api
controlplane:~$

controlplane:~$ cat /var/log/syslog | grep kube-apiserver
...
2025-09-18T18:31:09.374852+00:00 controlplane kubelet[1560]: I0918 18:31:09.374711    1560 kubelet.go:3309] "Creating a mirror pod for static pod" pod="kube-system/kube-apiserver-controlplane"
2025-09-18T18:31:09.420997+00:00 controlplane kubelet[1560]: E0918 18:31:09.420818    1560 kubelet.go:3311] "Failed creating a mirror pod" err="pods \"kube-apiserver-controlplane\" already exists" pod="kube-system/kube-apiserver-controlplane"
2025-09-18T19:16:58.792760+00:00 controlplane kubelet[1560]: E0918 19:16:58.792415    1560 file.go:108] "Unable to process watch event" err="can't process config file \"/etc/kubernetes/manifests/kube-apiserver.yaml\": /etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(yaml: line 4: could not find expected ':'), please check config file"
2025-09-18T19:17:15.763575+00:00 controlplane kubelet[1560]: E0918 19:17:15.762697    1560 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(yaml: line 4: could not find expected ':'), please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"
2025-09-18T19:17:25.933002+00:00 controlplane kubelet[1560]: E0918 19:17:25.932844    1560 mirror_client.go:138] "Failed deleting a mirror pod" err="Delete \"https://172.30.1.2:6443/api/v1/namespaces/kube-system/pods/kube-apiserver-controlplane\": dial tcp 172.30.1.2:6443: connect: connection refused" pod="kube-system/kube-apiserver-controlplane"

3 수정1: YAML 오류 복구[ | ]

세미콜론 잘못 입력 → 콜론으로 수정

controlplane:~$ cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori
controlplane:~$

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml </syntaxhighlight>

#metadata;
metadata:

4 확인2: 잘못된 플래그[ | ]

controlplane:~$ crictl ps -a | grep api
c157523014713       ee794efa53d85       20 seconds ago       Exited              kube-apiserver            3                   b1f63d8786efa       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs c157523014713
Error: unknown flag: --authorization-modus

5 수정2: 플래그 수정[ | ]

modus → mode 로 수정

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#- --authorization-modus=Node,RBAC
- --authorization-mode=Node,RBAC

6 확인3: 잘못된 etcd 포트[ | ]

controlplane:~$ crictl ps -a | grep api
b45956fb062a3       ee794efa53d85       3 seconds ago       Running             kube-apiserver            0                   9706cb8c7e023       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs b45956fb062a3
...
I0919 10:17:39.802967       1 instance.go:233] Using reconciler: lease
W0919 10:17:39.805015       1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
W0919 10:17:39.805294       1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"

7 수정3: 포트 수정[ | ]

23000 → 2379 로 수정

controlplane:~$ grep -n 23000 /etc/kubernetes/manifests/kube-apiserver.yaml
25:    - --etcd-servers=https://127.0.0.1:23000

controlplane:~$ grep -n advertise /etc/kubernetes/manifests/etcd.yaml
5:    kubeadm.kubernetes.io/etcd.advertise-client-urls: https://172.30.1.2:2379
16:    - --advertise-client-urls=https://172.30.1.2:2379
22:    - --initial-advertise-peer-urls=https://172.30.1.2:2380

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#- --etcd-servers=https://127.0.0.1:23000
- --etcd-servers=https://127.0.0.1:2379

8 최종 확인[ | ]

controlplane:~$ crictl ps | grep api
d64e6feb2879a       ee794efa53d85       5 seconds ago       Running             kube-apiserver            0                   b1ad8307333db       kube-apiserver-controlplane               kube-system

controlplane:~$ kubectl get pods -A
NAMESPACE            NAME                                      READY   STATUS    RESTARTS        AGE
kube-system          calico-kube-controllers-fdf5f5495-8jbqm   1/1     Running   7 (5m37s ago)   31d
kube-system          canal-rtfc5                               2/2     Running   2 (19m ago)     31d
kube-system          coredns-6ff97d97f9-2rxsf                  1/1     Running   1 (19m ago)     31d
kube-system          coredns-6ff97d97f9-85m5c                  1/1     Running   1 (19m ago)     31d
kube-system          etcd-controlplane                         1/1     Running   1 (19m ago)     31d
kube-system          kube-apiserver-controlplane               1/1     Running   0               31d
kube-system          kube-controller-manager-controlplane      1/1     Running   2 (15m ago)     31d
kube-system          kube-proxy-7kdz8                          1/1     Running   1 (19m ago)     31d
kube-system          kube-scheduler-controlplane               1/1     Running   2 (15m ago)     31d
local-path-storage   local-path-provisioner-5c94487ccb-gmwjg   1/1     Running   1 (19m ago)     31d

9 같이 보기[ | ]

Killer Shell CKA

@@ 3번째 줄: / 3번째 줄: @@
 * https://killercoda.com/killer-shell-cka/scenario/apiserver-misconfigured
 * API 서버 매니페스트에 3가지 오류(YAML 구문, 잘못된 플래그, 잘못된 etcd 포트)가 포함되어 API 서버가 기동/정상동작하지 않는 상황을 진단·복구하는 실습
-* 선행: [[Killer Shell CKA - Apiserver Crash]]
-==문제 상황==
+==확인1: 기동 실패==
 <syntaxhighlight lang='console'>
 controlplane:~$ k get pods -A
@@ 14번째 줄: / 13번째 줄: @@
 controlplane:~$
 </syntaxhighlight>
-==확인==
 <syntaxhighlight lang='console'>
 controlplane:~$ cat /var/log/syslog | grep kube-apiserver
@@ 26번째 줄: / 23번째 줄: @@
 </syntaxhighlight>
-==수정 (1): YAML 오류 복구==
+==수정1: YAML 오류 복구==
+세미콜론 잘못 입력 → 콜론으로 수정
 <syntaxhighlight lang='console'>
 controlplane:~$ cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori
+controlplane:~$
+</syntaxhighlight>
 controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
 </syntaxhighlight>
@@ 36번째 줄: / 36번째 줄: @@
 </syntaxhighlight>
-==확인 (1): 잘못된 플래그 확인 및 수정==
+==확인2: 잘못된 플래그==
 <syntaxhighlight lang='console'>
 controlplane:~$ crictl ps -a | grep api
@@ 45번째 줄: / 45번째 줄: @@
 Error: unknown flag: --authorization-modus
 </syntaxhighlight>
+==수정2: 플래그 수정==
+modus → mode 로 수정
 <syntaxhighlight lang='console'>
 controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
@@ 53번째 줄: / 56번째 줄: @@
 </syntaxhighlight>
-==수정 (2): etcd 포트 복구==
+==확인3: 잘못된 etcd 포트==
 <syntaxhighlight lang='console'>
-controlplane:~$ crictl ps -a | grep apiserver
+controlplane:~$ crictl ps -a | grep api
+b45956fb062a3       ee794efa53d85       3 seconds ago       Running             kube-apiserver            0                   9706cb8c7e023       kube-apiserver-controlplane               kube-system
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ crictl logs b45956fb062a3
 ...
-W0918 19:33:17.646932       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
+I0919 10:17:39.802967       1 instance.go:233] Using reconciler: lease
-W0918 19:33:17.646968       1 logging.go:55] [core] [Channel #2 SubChannel #5]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
+W0919 10:17:39.805015       1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
+W0919 10:17:39.805294       1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:23000", ServerName: "127.0.0.1:23000", }. Err: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:23000: connect: connection refused"
+</syntaxhighlight>
+==수정3: 포트 수정==
+→ 2379 로 수정
+<syntaxhighlight lang='console'>
+controlplane:~$ grep -n 23000 /etc/kubernetes/manifests/kube-apiserver.yaml
+:    - --etcd-servers=https://127.0.0.1:23000
+</syntaxhighlight>
+<syntaxhighlight lang='console'>
+controlplane:~$ grep -n advertise /etc/kubernetes/manifests/etcd.yaml
+:    kubeadm.kubernetes.io/etcd.advertise-client-urls: https://172.30.1.2:2379
+:    - --advertise-client-urls=https://172.30.1.2:2379
+:    - --initial-advertise-peer-urls=https://172.30.1.2:2380
 </syntaxhighlight>
 <syntaxhighlight lang='console'>
@@ 68번째 줄: / 89번째 줄: @@
 </syntaxhighlight>
-==검증==
+==최종 확인==
 <syntaxhighlight lang='console'>
-controlplane:~$ crictl ps
+controlplane:~$ crictl ps | grep api
-CONTAINER           IMAGE               CREATED                  STATE               NAME                      ATTEMPT             POD ID              POD                                       NAMESPACE
+d64e6feb2879a       ee794efa53d85       5 seconds ago       Running             kube-apiserver            0                   b1ad8307333db       kube-apiserver-controlplane               kube-system
-c8093e6b8e       ee794efa53d85       Less than a second ago   Running             kube-apiserver            0                   71ec1447ba526       kube-apiserver-controlplane               kube-system
-...
 </syntaxhighlight>
 <syntaxhighlight lang='console'>
 controlplane:~$ kubectl get pods -A
-NAMESPACE            NAME                                      READY   STATUS    RESTARTS      AGE
+NAMESPACE            NAME                                      READY   STATUS    RESTARTS        AGE
-kube-system          calico-kube-controllers-fdf5f5495-8jbqm   1/1     Running   1 (66m ago)   30d
+kube-system          calico-kube-controllers-fdf5f5495-8jbqm   1/1     Running   7 (5m37s ago)   31d
-kube-system          canal-rtfc5                               2/2     Running   2 (66m ago)   30d
+kube-system          canal-rtfc5                               2/2     Running   2 (19m ago)     31d
-kube-system          coredns-6ff97d97f9-2rxsf                  1/1     Running   1 (66m ago)   30d
+kube-system          coredns-6ff97d97f9-2rxsf                  1/1     Running   1 (19m ago)     31d
-kube-system          coredns-6ff97d97f9-85m5c                  1/1     Running   1 (66m ago)   30d
+kube-system          coredns-6ff97d97f9-85m5c                  1/1     Running   1 (19m ago)     31d
-kube-system          etcd-controlplane                         1/1     Running   1 (66m ago)   30d
+kube-system          etcd-controlplane                         1/1     Running   1 (19m ago)     31d
-kube-system          kube-apiserver-controlplane               1/1     Running   1 (66m ago)   30d
+kube-system          kube-apiserver-controlplane               1/1     Running   0               31d
-kube-system          kube-controller-manager-controlplane      1/1     Running   1 (66m ago)   30d
+kube-system          kube-controller-manager-controlplane      1/1     Running   2 (15m ago)     31d
-kube-system          kube-proxy-7kdz8                          1/1     Running   1 (66m ago)   30d
+kube-system          kube-proxy-7kdz8                          1/1     Running   1 (19m ago)     31d
-kube-system          kube-scheduler-controlplane               1/1     Running   1 (66m ago)   30d
+kube-system          kube-scheduler-controlplane               1/1     Running   2 (15m ago)     31d
-local-path-storage   local-path-provisioner-5c94487ccb-gmwjg   1/1     Running   1 (66m ago)   30d
+local-path-storage   local-path-provisioner-5c94487ccb-gmwjg   1/1     Running   1 (19m ago)     31d
 </syntaxhighlight>
+==같이 보기==
+* [[Killer Shell CKA]]
 [[분류: Killer Shell CKA]]