[k8s] pod 내부에서 apt update

쿠버네티스에서 pod를 생성하고, pod의 내부에 진입해서 apt update나 install을 하면 네트워크 에러를 뱉으면서 실행되지 않습니다.

해결하는 방법을 알아보겠습니다.

 

1. Pod 진입

kubectl exec -it nginx01 -- bash

root@nginx01:/# netstat
bash: netstat: command not found
root@nginx01:/# ps
bash: ps: command not found

 

처음에 pod에 진입하면 패키지 설치가 되어있지 않기 때문에 자주 사용하는 netstat이나 ps같은 명령어가 실행되지 않습니다.

apt update 명령어를 실행하면 다음과 같은 에러가 발생합니다.

 

root@nginx:/# apt -y update
Get:1 http://deb.debian.org/debian bookworm InRelease [796 B]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [796 B]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [796 B]
Err:1 http://deb.debian.org/debian bookworm InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
Reading package lists... Done
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
E: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://deb.debian.org/debian-security/dists/bookworm-security/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

 

레포지토리와 통신이 잘 이루어지지 않는 모습입니다.

 

 

2. resolv파일 확인

네임서버를 확인해보니 다음과 같이 알 수 없는 네임서버가 설정되어 있습니다.

root@nginx01:/# cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 169.254.25.10
options ndots:5

 

 

3.  resolv파일 수정

다음과 같이 네임서버를 수정해줍니다. vi나 nano를 사용할 수 없으니 echo를 통해 파일에 덮어씌워줍니다.

root@nginx01:/# echo nameserver '8.8.8.8' > /etc/resolv.conf

 

 

4. 설치 및 테스트

다시 apt update와 install로 net-tools를 설치해보겠습니다.

root@nginx01:/# apt -y update
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 Packages [8685 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [12.5 kB]
Get:6 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [132 kB]
Fetched 9080 kB in 2s (5952 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@nginx01:/# apt -y install net-tools
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 241 kB of archives.
After this operation, 1401 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main arm64 net-tools arm64 2.10-0.1 [241 kB]
Fetched 241 kB in 0s (1072 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 7584 files and directories currently installed.)
Preparing to unpack .../net-tools_2.10-0.1_arm64.deb ...
Unpacking net-tools (2.10-0.1) ...
Setting up net-tools (2.10-0.1) ...
root@nginx01:/# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1/nginx: master pro
tcp        0      0 10.233.104.201:42908    151.101.110.132:80      TIME_WAIT   -
tcp        0      0 10.233.104.201:58168    151.101.110.132:80      TIME_WAIT   -
tcp6       0      0 :::80                   :::*                    LISTEN      1/nginx: master pro
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  3      [ ]         STREAM     CONNECTED     138442   1/nginx: master pro

 

작동이 잘 되는걸 확인할 수 있습니다.