Hi Team,
Solution specified for the question mentioned below in the mock exam is NOT resolving the issue. Kindly assist with this. Thanks!
Q:
Solve this question on: ssh cluster4-controlplane
Identify and fix the issue that occurs while running kubectl commands on cluster4?
My solution
cluster4-controlplane ~ ➜ k get pods
The connection to the server cluster4-controlplane:6443 was refused - did you specify the right host or port?
cluster4-controlplane ~ ✖ cat /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.13.250:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=192.168.13.250
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=http://127.0.0.1:2379
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=6443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
- --service-cluster-ip-range=172.20.0.0/16
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
image: registry.k8s.io/kube-apiserver:v1.32.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 192.168.13.250
path: /livez
port: 6443
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
name: kube-apiserver
readinessProbe:
failureThreshold: 3
httpGet:
host: 192.168.13.250
path: /readyz
port: 6443
scheme: HTTPS
periodSeconds: 1
timeoutSeconds: 15
resources:
requests:
cpu: 250m
startupProbe:
failureThreshold: 24
httpGet:
host: 192.168.13.250
path: /livez
port: 6443
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
volumeMounts:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
- mountPath: /etc/ca-certificates
name: etc-ca-certificates
readOnly: true
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
- mountPath: /usr/local/share/ca-certificates
name: usr-local-share-ca-certificates
readOnly: true
- mountPath: /usr/share/ca-certificates
name: usr-share-ca-certificates
readOnly: true
hostNetwork: true
priority: 2000001000
priorityClassName: system-node-critical
securityContext:
seccompProfile:
type: RuntimeDefault
volumes:
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
- hostPath:
path: /etc/ca-certificates
type: DirectoryOrCreate
name: etc-ca-certificates
- hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
name: k8s-certs
- hostPath:
path: /usr/local/share/ca-certificates
type: DirectoryOrCreate
name: usr-local-share-ca-certificates
- hostPath:
path: /usr/share/ca-certificates
type: DirectoryOrCreate
name: usr-share-ca-certificates
status: {}
cluster4-controlplane ~ ➜ k get pods
The connection to the server cluster4-controlplane:6443 was refused - did you specify the right host or port?
cluster4-controlplane ~ ✖ crictl ps -a
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD NAMESPACE
5c9628d1be750 6331715a2ae96 53 seconds ago Running calico-kube-controllers 15 1dda7ea052795 calico-kube-controllers-5745477d4d-c9v78 kube-system
a0a9af6666442 6331715a2ae96 About a minute ago Exited calico-kube-controllers 14 1dda7ea052795 calico-kube-controllers-5745477d4d-c9v78 kube-system
44096bb1db21f c2e17b8d0f4a3 About a minute ago Exited kube-apiserver 8 ae1bbe1186475 kube-apiserver-cluster4-controlplane kube-system
167569426c22b a389e107f4ff1 35 minutes ago Running kube-scheduler 1 784f02caa94ea kube-scheduler-cluster4-controlplane kube-system
bd2e6ff910ad8 8cab3d2a8bd0f 35 minutes ago Running kube-controller-manager 1 d21263f9a0d50 kube-controller-manager-cluster4-controlplane kube-system
b306797da49db ead0a4a53df89 About an hour ago Running coredns 0 af723b01bbb60 coredns-7484cd47db-ps8sf kube-system
c935d537b17f0 ead0a4a53df89 About an hour ago Running coredns 0 e6eb689d9157a coredns-7484cd47db-vdl6g kube-system
07792e16c4ed1 c9fe3bce8a6d8 About an hour ago Running kube-flannel 0 1d2c50873cc11 canal-g6t7d kube-system
196a77e198da9 feb26d4585d68 About an hour ago Running calico-node 0 1d2c50873cc11 canal-g6t7d kube-system
935574c04e1ad 7dd6ea186aba0 About an hour ago Exited install-cni 0 1d2c50873cc11 canal-g6t7d kube-system
a1c8d4a0d6c7d 040f9f8aac8cd About an hour ago Running kube-proxy 0 42a36957cbf99 kube-proxy-z5256 kube-system
3f730370d9423 a9e7e6b294baf About an hour ago Running etcd 0 0574009ae6a1b etcd-cluster4-controlplane kube-system
f674cb9d8560c 8cab3d2a8bd0f About an hour ago Exited kube-controller-manager 0 d21263f9a0d50 kube-controller-manager-cluster4-controlplane kube-system
cd64014121343 a389e107f4ff1 About an hour ago Exited kube-scheduler 0 784f02caa94ea kube-scheduler-cluster4-controlplane kube-system
cluster4-controlplane ~ ➜ crictl logs 44096bb1db21f | tail -10
W0730 02:56:50.023367 1 registry.go:256] calling componentGlobalsRegistry.AddFlags more than once, the registry will be set by the latest flags
I0730 02:56:50.023817 1 options.go:238] external host was not specified, using 192.168.13.250
I0730 02:56:50.025737 1 server.go:143] Version: v1.32.0
I0730 02:56:50.025768 1 server.go:145] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
W0730 02:56:50.323024 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:50.323030 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
I0730 02:56:50.323537 1 shared_informer.go:313] Waiting for caches to sync for node_authorizer
I0730 02:56:50.330579 1 shared_informer.go:313] Waiting for caches to sync for *generic.policySource[*k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy,*k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding,k8s.io/apiserver/pkg/admission/plugin/policy/validating.Validator]
I0730 02:56:50.337906 1 plugins.go:157] Loaded 13 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,RuntimeClass,DefaultIngressClass,MutatingAdmissionPolicy,MutatingAdmissionWebhook.
I0730 02:56:50.337932 1 plugins.go:160] Loaded 13 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,PodSecurity,Priority,PersistentVolumeClaimResize,RuntimeClass,CertificateApproval,CertificateSigning,ClusterTrustBundleAttest,CertificateSubjectRestriction,ValidatingAdmissionPolicy,ValidatingAdmissionWebhook,ResourceQuota.
I0730 02:56:50.338168 1 instance.go:233] Using reconciler: lease
W0730 02:56:50.339440 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:40906->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:51.324226 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:40926->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:51.324321 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:40924->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:51.340261 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:40942->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:52.626315 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:53.009783 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:53.028853 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:55.517032 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:55.727971 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:35776->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:55.920348 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:56:59.240064 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:35802->127.0.0.1:2379: read: connection reset by peer"
W0730 02:56:59.885026 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: read tcp 127.0.0.1:35804->127.0.0.1:2379: read: connection reset by peer"
W0730 02:57:00.182306 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:57:04.711572 1 logging.go:55] [core] [Channel #1 SubChannel #3]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:57:05.134564 1 logging.go:55] [core] [Channel #2 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
W0730 02:57:05.740246 1 logging.go:55] [core] [Channel #7 SubChannel #8]grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1:2379", }. Err: connection error: desc = "error reading server preface: EOF"
F0730 02:57:10.338902 1 instance.go:226] Error creating leases: error creating storage factory: context deadline exceeded
$ crictl logs 3f730370d9423 | tail -2
{"level":"warn","ts":"2025-07-30T02:57:05.134319Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"127.0.0.1:49724","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2025-07-30T02:57:05.739954Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"127.0.0.1:49730","server-name":"","error":"tls: first record does not look like a TLS handshake"}
