위키
포럼
도구
바뀐글
랜덤

"Killer Shell CKA - Apiserver Crash"의 두 판 사이의 차이

 
(같은 사용자의 중간 판 10개는 보이지 않습니다)
1번째 줄: 1번째 줄:
==개요==
==개요==
;Killer Shell CKA - Apiserver Crash
;[[Killer Shell CKA]] - Apiserver Crash
* https://killercoda.com/killer-shell-cka/scenario/apiserver-crash
* https://killercoda.com/killer-shell-cka/scenario/apiserver-crash
* Kubernetes의 kube-apiserver 매니페스트에 의도적으로 잘못된 인자를 추가하거나 YAML 문법 오류를 넣어 장애 상황을 만들어 보고 백업본으로 복구하는 실습
* Kubernetes의 kube-apiserver 매니페스트에 의도적으로 잘못된 인자를 추가하거나 YAML 문법 오류를 넣어 장애 상황을 만들어 보고 백업본으로 복구하는 실습
10번째 줄: 10번째 줄:
</syntaxhighlight>
</syntaxhighlight>


==수정1==
==실험1==
===수정1===
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
# 수정 전 원본 백업!
# 수정 전 원본 백업!
18번째 줄: 19번째 줄:
kube-apiserver를 Crash 시키기 위해 매니페스트 파일에 잘못된 인수를 추가한다.
kube-apiserver를 Crash 시키기 위해 매니페스트 파일에 잘못된 인수를 추가한다.
<syntaxhighlight lang='console'>
<syntaxhighlight lang='console'>
vim /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang='yaml'>
<syntaxhighlight lang='yaml'>
# - --etcd-servers=https://127.0.0.1:2379
...
- --etcd-servers=this-is-very-wrong
  - command:
    - kube-apiserver
    - --this-is-very-wrong ## 추가
    - --advertise-address=172.30.1.2
</syntaxhighlight>
</syntaxhighlight>


==확인 및 복구 1==
===확인1===
<syntaxhighlight lang='console'>
<syntaxhighlight lang='console'>
controlplane:~$ k get pod -A
controlplane:~$ k get pod -A
32번째 줄: 36번째 줄:
<syntaxhighlight lang='console'>
<syntaxhighlight lang='console'>
controlplane:~$ crictl ps -a | grep apiserver
controlplane:~$ crictl ps -a | grep apiserver
d4f2aead6efd1       ee794efa53d85      About a minute ago   Exited              kube-apiserver            5                   52e3a48665b8e       kube-apiserver-controlplane              kube-system
c2fd5e7298b80       ee794efa53d85      1 second ago        Exited              kube-apiserver            1                  395619c032af5      kube-apiserver-controlplane              kube-system
</syntaxhighlight>
<syntaxhighlight lang='console'>
controlplane:~$ crictl logs c2fd5e7298b80
Error: unknown flag: --this-is-very-wrong
</syntaxhighlight>
 
===복구1===
<syntaxhighlight lang='console'>
controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane              1/1    Running  0              31d
</syntaxhighlight>
 
==실험2==
===수정2===
<syntaxhighlight lang='console'>
controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
</syntaxhighlight>
<syntaxhighlight lang='yaml'>
...
    #- --etcd-servers=https://127.0.0.1:2379
    - --etcd-servers=this-is-very-wrong
</syntaxhighlight>
 
===확인2===
<syntaxhighlight lang='console'>
controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?
</syntaxhighlight>
<syntaxhighlight lang='console'>
controlplane:~$ crictl ps -a | grep api
3be4df346fbff      ee794efa53d85      28 seconds ago     Exited              kube-apiserver            0                   37291352696b2       kube-apiserver-controlplane              kube-system
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang='console'>
<syntaxhighlight lang='console'>
controlplane:~$ crictl logs d4f2aead6efd1   
controlplane:~$ crictl logs 3be4df346fbff
...
...
W0918 10:29:07.635469       1 logging.go:55] [core] [Channel #5 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
W0919 11:05:34.885990       1 logging.go:55] [core] [Channel #1 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
W0918 10:29:08.626327       1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
W0919 11:05:35.683576       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
F0919 11:05:39.561206      1 instance.go:226] Error creating leases: error creating storage factory: context deadline exceeded
</syntaxhighlight>
</syntaxhighlight>


==복구==
===복구2===
<syntaxhighlight lang='console'>
<syntaxhighlight lang='console'>
controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ kubectl get pod -A | grep api
controlplane:~$ k get pod -A | grep api
NAMESPACE            NAME                                      READY  STATUS    RESTARTS      AGE
kube-system          kube-apiserver-controlplane              1/1    Running  0              31d
kube-system          calico-kube-controllers-fdf5f5495-8jbqm  1/1    Running  1 (30m ago)  30d
</syntaxhighlight>
kube-system          canal-rtfc5                              2/2    Running  2 (30m ago)  30d
 
kube-system          coredns-6ff97d97f9-2rxsf                  1/1    Running  1 (30m ago)  30d
==실험3==
kube-system          coredns-6ff97d97f9-85m5c                  1/1    Running  1 (30m ago)  30d
===수정3===
kube-system          etcd-controlplane                         1/1    Running  1 (30m ago)  30d
<syntaxhighlight lang='console'>
kube-system          kube-apiserver-controlplane              1/1    Running  1 (30m ago)  30d
controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
kube-system          kube-controller-manager-controlplane     1/1    Running  1 (30m ago)  30d
</syntaxhighlight>
kube-system          kube-proxy-7kdz8                          1/1    Running  1 (30m ago)  30d
<syntaxhighlight lang='yaml'>
kube-system          kube-scheduler-controlplane              1/1    Running  1 (30m ago)  30d
#apiVersion: v1
local-path-storage  local-path-provisioner-5c94487ccb-gmwjg  1/1    Running  1 (30m ago)  30d
apiVersionTHIS IS VERY ::::: WRONG v1
</syntaxhighlight>
 
===확인3===
<syntaxhighlight lang='console'>
controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?
</syntaxhighlight>
<syntaxhighlight lang='console'>
controlplane:~$ crictl ps -a | grep api
controlplane:~$
</syntaxhighlight>
<syntaxhighlight lang='console'>
controlplane:~$ tail -f /var/log/syslog | grep apiserver
...
2025-09-19T11:09:32.736629+00:00 controlplane kubelet[1554]: E0919 11:09:32.736321    1554 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(Object 'apiVersion' is missing in '{\"apiVersionTHIS IS VERY ::::\":\"WRONG v1\",\"kind\":\"Pod\",..., please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"
</syntaxhighlight>
 
===복구3===
<syntaxhighlight lang='console'>
controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane              1/1    Running  0              31d
</syntaxhighlight>
</syntaxhighlight>


2025년 9월 23일 (화) 13:15 기준 최신판

1 개요[ | ]

Killer Shell CKA - Apiserver Crash

2 최초 상태[ | ]

controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   1 (27m ago)   31d

3 실험1[ | ]

3.1 수정1[ | ]

# 수정 전 원본 백업!
cp /etc/kubernetes/manifests/kube-apiserver.yaml ~/kube-apiserver.yaml.ori

kube-apiserver를 Crash 시키기 위해 매니페스트 파일에 잘못된 인수를 추가한다. 

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

...
  - command:
    - kube-apiserver
    - --this-is-very-wrong ## 추가
    - --advertise-address=172.30.1.2

3.2 확인1[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep apiserver
c2fd5e7298b80       ee794efa53d85       1 second ago        Exited              kube-apiserver            1                   395619c032af5       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs c2fd5e7298b80
Error: unknown flag: --this-is-very-wrong

3.3 복구1[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0               31d

4 실험2[ | ]

4.1 수정2[ | ]

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

...
    #- --etcd-servers=https://127.0.0.1:2379
    - --etcd-servers=this-is-very-wrong

4.2 확인2[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep api
3be4df346fbff       ee794efa53d85       28 seconds ago      Exited              kube-apiserver            0                   37291352696b2       kube-apiserver-controlplane               kube-system

controlplane:~$ crictl logs 3be4df346fbff
...
W0919 11:05:34.885990       1 logging.go:55] [core] [Channel #1 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
W0919 11:05:35.683576       1 logging.go:55] [core] [Channel #3 SubChannel #6]grpc: addrConn.createTransport failed to connect to {Addr: "this-is-very-wrong", ServerName: "this-is-very-wrong", }. Err: connection error: desc = "transport: Error while dialing: dial tcp: address this-is-very-wrong: missing port in address"
F0919 11:05:39.561206       1 instance.go:226] Error creating leases: error creating storage factory: context deadline exceeded

4.3 복구2[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0              31d

5 실험3[ | ]

5.1 수정3[ | ]

controlplane:~$ vim /etc/kubernetes/manifests/kube-apiserver.yaml

#apiVersion: v1
apiVersionTHIS IS VERY ::::: WRONG v1

5.2 확인3[ | ]

controlplane:~$ k get pod -A
The connection to the server 172.30.1.2:6443 was refused - did you specify the right host or port?

controlplane:~$ crictl ps -a | grep api
controlplane:~$

controlplane:~$ tail -f /var/log/syslog | grep apiserver
...
2025-09-19T11:09:32.736629+00:00 controlplane kubelet[1554]: E0919 11:09:32.736321    1554 file.go:187] "Could not process manifest file" err="/etc/kubernetes/manifests/kube-apiserver.yaml: couldn't parse as pod(Object 'apiVersion' is missing in '{\"apiVersionTHIS IS VERY ::::\":\"WRONG v1\",\"kind\":\"Pod\",..., please check config file" path="/etc/kubernetes/manifests/kube-apiserver.yaml"

5.3 복구3[ | ]

controlplane:~$ cp ~/kube-apiserver.yaml.ori /etc/kubernetes/manifests/kube-apiserver.yaml
controlplane:~$ k get pod -A | grep api
kube-system          kube-apiserver-controlplane               1/1     Running   0              31d

6 같이 보기[ | ]

원본 주소 "https://zetawiki.com/w/index.php?title=Killer_Shell_CKA_-_Apiserver_Crash&oldid=941162"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}