This happens when I’m preparing CKS certificates, sometimes the configuration file is messed up by misconfiguration, but I have no idea how to locate and catch the syntax error. For instance:
Question 1:
vi /etc/kubernetes/manifests/etcd.yaml
- –cipher-suite=TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
I made a TYPO on purpose (the correct keyword is cipher-suites), then lost connectivity to the apiserver. Tried to check logs under this directory, but didn’t get clear clues
tail -f /var/log/pods/kube-system_etcd-master01
Is there any way to investigate & catch this syntax error?
Question 2:
vi /var/lib/kubelet/config.yaml
authorization:
mode: Webhookxxxxx
Again, I made a TYPO on purpose, then lost connectivity to the apiserver. I was stuck here, is there any way to investigate and catch the error?
(1) You have access to the etcd docs in the CKS exam, although you can also do something like
k -n kube-system exec etcd-controlplane -- etcd --help
in order to get a list of flags. As far as getting logs for this: if etcd is a static pod, then it is launched by kubelet, and you can look at kubelet’s logs using journalctl -u kubelet and grep to find etcd related errors.
(2) Here you could use the docs for kubelet’s config.yaml file, although this is a common setting and you might know it just from doing the mock exams. Again, kubelet’s logs are gathered by journalctl, so you can check there.
If you made errors as you describe, then you should be able to find them from logs
- If you’ve found the correct log for the etcd pod, then the error message should be referencing something about “flags” being incorrect. "“Flags” are what refers to the arguments - e.g.
2024-04-13T06:25:37.849818225Z stderr F flag provided but not defined: -cipher-suite
- For errors restarting kubelet, the following should get you the logs
journalctl -u kubelet
e.g. thisApr 13 06:20:51 controlplane kubelet[177198]: E0413 06:20:51.588267 177198 run.go:74] "command failed" err="failed to run Kubelet: unknown authorization mode Webhookx"
thanks both, that really helps:-)