kubeadm: kubedns container cannot connect to apiserver
kubedns logs:
I0303 20:17:56.595813 1 dns.go:42] version: v1.6.0-alpha.0.680+3872cb93abf948-dirty
I0303 20:17:56.596373 1 server.go:107] Using https://10.96.0.1:443 for kubernetes master, kubernetes API: <nil>
I0303 20:17:56.596882 1 server.go:68] Using configuration read from ConfigMap: kube-system:kube-dns
I0303 20:17:56.596925 1 server.go:113] FLAG: --alsologtostderr="false"
I0303 20:17:56.596943 1 server.go:113] FLAG: --config-map="kube-dns"
I0303 20:17:56.596949 1 server.go:113] FLAG: --config-map-namespace="kube-system"
I0303 20:17:56.596952 1 server.go:113] FLAG: --dns-bind-address="0.0.0.0"
I0303 20:17:56.596956 1 server.go:113] FLAG: --dns-port="10053"
I0303 20:17:56.596961 1 server.go:113] FLAG: --domain="cluster.local."
I0303 20:17:56.596967 1 server.go:113] FLAG: --federations=""
I0303 20:17:56.596971 1 server.go:113] FLAG: --healthz-port="8081"
I0303 20:17:56.596976 1 server.go:113] FLAG: --kube-master-url=""
I0303 20:17:56.596981 1 server.go:113] FLAG: --kubecfg-file=""
I0303 20:17:56.596985 1 server.go:113] FLAG: --log-backtrace-at=":0"
I0303 20:17:56.596992 1 server.go:113] FLAG: --log-dir=""
I0303 20:17:56.596996 1 server.go:113] FLAG: --log-flush-frequency="5s"
I0303 20:17:56.597001 1 server.go:113] FLAG: --logtostderr="true"
I0303 20:17:56.597005 1 server.go:113] FLAG: --stderrthreshold="2"
I0303 20:17:56.597009 1 server.go:113] FLAG: --v="2"
I0303 20:17:56.597014 1 server.go:113] FLAG: --version="false"
I0303 20:17:56.597019 1 server.go:113] FLAG: --vmodule=""
I0303 20:17:56.597113 1 server.go:155] Starting SkyDNS server (0.0.0.0:10053)
I0303 20:17:56.597414 1 server.go:165] Skydns metrics enabled (/metrics:10055)
I0303 20:17:56.597437 1 dns.go:144] Starting endpointsController
I0303 20:17:56.597443 1 dns.go:147] Starting serviceController
I0303 20:17:56.597531 1 logs.go:41] skydns: ready for queries on cluster.local. for tcp://0.0.0.0:10053 [rcache 0]
I0303 20:17:56.597554 1 logs.go:41] skydns: ready for queries on cluster.local. for udp://0.0.0.0:10053 [rcache 0]
E0303 20:17:57.601223 1 sync.go:105] Error getting ConfigMap kube-system:kube-dns err: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/kube-dns: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:17:57.601271 1 dns.go:190] Error getting initial ConfigMap: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps/kube-dns: dial tcp 10.96.0.1:443: getsockopt: no route to host, starting with default values
I0303 20:17:57.601317 1 dns.go:163] Waiting for Kubernetes service
I0303 20:17:57.601331 1 dns.go:169] Waiting for service: default/kubernetes
E0303 20:17:59.605100 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:01.607159 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:04.617151 1 reflector.go:199] pkg/dns/config/sync.go:114: Failed to list *api.ConfigMap: Get https://10.96.0.1:443/api/v1/namespaces/kube-system/configmaps?fieldSelector=metadata.name%3Dkube-dns&resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:05.613089 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:07.617099 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:09.619173 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:11.621183 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:15.629124 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:17.633140 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:19.635211 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:21.637134 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:25.645156 1 reflector.go:199] pkg/dns/dns.go:148: Failed to list *api.Service: Get https://10.96.0.1:443/api/v1/services?resourceVersion=0: dial tcp 10.96.0.1:443: getsockopt: no route to host
E0303 20:18:26.598781 1 reflector.go:199] pkg/dns/dns.go:145: Failed to list *api.Endpoints: Get https://10.96.0.1:443/api/v1/endpoints?resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout
kube-apiserver logs
I0303 20:02:55.656265 1 config.go:527] Will report 10.160.20.150 as public IP address.
E0303 20:02:55.658840 1 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go:103: Failed to list *api.ServiceAccount: Get http://127.0.0.1:8080/api/v1/serviceaccounts?resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
E0303 20:02:55.661056 1 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go:119: Failed to list *api.Secret: Get http://127.0.0.1:8080/api/v1/secrets?fieldSelector=type%3Dkubernetes.io%2Fservice-account-token&resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
E0303 20:02:55.661974 1 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/storageclass/default/admission.go:75: Failed to list *storage.StorageClass: Get http://127.0.0.1:8080/apis/storage.k8s.io/v1beta1/storageclasses?resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
E0303 20:02:55.662031 1 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/resourcequota/resource_access.go:83: Failed to list *api.ResourceQuota: Get http://127.0.0.1:8080/api/v1/resourcequotas?resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
E0303 20:02:55.709032 1 reflector.go:199] pkg/controller/informers/factory.go:89: Failed to list *api.LimitRange: Get http://127.0.0.1:8080/api/v1/limitranges?resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
E0303 20:02:55.709152 1 reflector.go:199] pkg/controller/informers/factory.go:89: Failed to list *api.Namespace: Get http://127.0.0.1:8080/api/v1/namespaces?resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
[restful] 2017/03/03 20:02:55 log.go:30: [restful/swagger] listing is available at https://10.160.20.150:6443/swaggerapi/
[restful] 2017/03/03 20:02:55 log.go:30: [restful/swagger] https://10.160.20.150:6443/swaggerui/ is mapped to folder /swagger-ui/
I0303 20:02:55.771165 1 serve.go:88] Serving securely on 0.0.0.0:6443
I0303 20:02:55.771302 1 serve.go:102] Serving insecurely on 127.0.0.1:8080
I0303 20:02:56.730792 1 trace.go:61] Trace "Update /api/v1/namespaces/kube-system/pods/kube-apiserver-wyml01/status" (started 2017-03-03 20:02:55.825739356 +0000 UTC):
[63.968µs] [63.968µs] About to convert to expected version
[275.186µs] [211.218µs] Conversion done
[283.347µs] [8.161µs] About to store object in database
[904.938318ms] [904.654971ms] Object stored in database
[904.9425ms] [4.182µs] Self-link added
[905.006032ms] [63.532µs] END
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 59 (8 by maintainers)
systemctl stop kubelet systemctl stop docker iptables --flush iptables -tnat --flush systemctl start kubelet systemctl start docker
The route problem can be solved by flush iptables.
@jeffchanjunwei It is the problem of iptables.Please try the follow command
If the command solve your problem,please tell me.
Running
iptables -P FORWARD ACCEPTon master and nodes solved the problem for me. I was running flannel.I have found the solution to my problem:
Client Version: version.Info{Major:“1”, Minor:“5”, GitVersion:“v1.5.2”, GitCommit:“a55267932d501b9fbd6d73e5ded47d79b5763ce5”, GitTreeState:“clean”, BuildDate:“2017-04-14T13:36:25Z”, GoVersion:“go1.7.4”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“5”, GitVersion:“v1.5.2”, GitCommit:“a55267932d501b9fbd6d73e5ded47d79b5763ce5”, GitTreeState:“clean”, BuildDate:“2017-04-14T13:36:25Z”, GoVersion:“go1.7.4”, Compiler:“gc”, Platform:“linux/amd64”}
1.First,we should make sure the ip-forward enabled on the linux kernel of every node.Just execute command: sysctl net.ipv4.conf.all.forwarding = 1
2.Secondly,if your docker’s version >=1.13,the default FORWARD chain policy was DROP,you should set default policy of the FORWARD chain to ACCEPT:$ sudo iptables -P FORWARD ACCEPT.
3.Then the configuration of the kube-proxy must be pass in : –cluster-cidr=<cluster-cidr>.
ps: --cluster-cidr string The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed. Refer to this:https://github.com/kubernetes/kubernetes/issues/36835
You may need to execute the below command to ensure that the default policy is ACCEPT, to avoiding you are kicked out of your machine when using ssh.
And then you can safely flush your rules:
I suspect you’re hitting issue https://github.com/kubernetes/kubeadm/issues/196. You can verify that this is the root cause by manually editing
/etc/kubernetes/manifests/kube-apiserver.yamlon the master and changing the liveness probe:kubectl delete svc kubernetes
@mhsabbagh, I have the exact version as yours, 1 master, 3 nodes, the dashboard was setup on node 2 automatically when apply dashboard.yaml. and dashboard error looks like the same as others.
Using HTTP port: 8443 Using in-cluster config to connect to apiserver Using service account token for csrf signing No request provided. Skipping authorization header Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service accounts configuration) or the --apiserver-host param points to a server that does not exist. Reason: Get https://10.96.0.1:443/version: dial tcp 10.96.0.1:443: i/o timeout Refer to the troubleshooting guide for more information: https://github.com/kubernetes/dashboard/blob/master/docs/user-guide/troubleshooting.mdI have been searching for an solution, but still cannot find a solution. I could telnet to 10.96.0.1 on port 443 from any of the master and nodes
Are we sure it has been fixed in v1.6?
This is still here on 1.7.3 with Ubuntu 16.04. Same exact problem. Have been trying all the possible solutions from disabling apparmor, changing the ports, making sure nothing blocks it… It still doesn’t work.
I tried it on a completely fresh droplet from DigitalOcean and it’s still the same. Doesn’t look like a configuration problem from my side. I just ran the commands as they are in https://medium.com/@SystemMining/setup-kubenetes-cluster-on-ubuntu-16-04-with-kubeadm-336f4061d929
@phagunbaya If you do try the above, I would also kill/restart kubelet for it to take effect faster. When I hit this problem myself, kubelet’s exponential backoff was making it take forever to try to restart the kube-apiserver pod.
I had this issue with Kubernetes 1.18 and docker 19 my cluster was working perfectly earlier. and there was nothing unusual like upgrading or else. restarting docker solved it.
systemctl stop kubelet systemctl stop docker iptables --flush iptables -t nat --flush systemctl start kubelet systemctl start docker
Same problem here with K8S 1.10.5 and weave 2.3.0.
The problem is solved temporarily thanks to lastboy1228 (https://github.com/kubernetes/kubeadm/issues/193#issuecomment-330060848)
I set k8s cluster using virtualbox, 1-kube-master, 2-kube-workers.
When google, there are lots of similar issue, although many ticket shows closed, I tried a lot, but no luck. I tried “$sudo iptables -P FORWARD ACCEPT”, “$ sudo iptables --flush”, this doesn’t work for me.
The root cause should be in kube-dns, flannel and kube-proxy, anyone can tell exactly what is wrong in them ? 😃
kube-dns has 3 components/container: kubedns, dnsmasq,sidecar
` kube-system kube-dns-598d7bf7d4-dzbn8 2/3 CrashLoopBackOff 43 10h kube-system kube-dns-598d7bf7d4-v99tk 2/3 CrashLoopBackOff 45 10h kube-system kube-flannel-ds-mvrt5 1/1 Running 8 20h kube-system kube-flannel-ds-vt2w6 1/1 Running 5 20h kube-system kube-flannel-ds-xrsq8 1/1 Running 5 20h kube-system kube-proxy-jrw6f 1/1 Running 5 21h kube-system kube-proxy-mt6mz 1/1 Running 8 21h kube-system kube-proxy-wwd95 1/1 Running 5 21h
`
try use kubectl exec to check each container
(1) kubedns = always down with error in log.
` Waiting for services and endpoints to be initialized from apiserver…
`
(2) dnsmasq = ok, but it seems the default /etc/resolv.conf might have issue, why it uses my HOST machine’s DNS setting? should it use “nameserver 10.96.0.10” ?
` dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain ip6.arpa dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain in-addr.arpa dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain cluster.local dnsmasq[12]: reading /etc/resolv.conf dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain ip6.arpa dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain in-addr.arpa dnsmasq[12]: using nameserver 127.0.0.1#10053 for domain cluster.local dnsmasq[12]: using nameserver 10.158.54.11#53 dnsmasq[12]: using nameserver 10.158.54.12#53 dnsmasq[12]: using nameserver 10.158.57.11#53 dnsmasq[12]: read /etc/hosts - 7 addresses
`
(3)sidecar = ok, with failure on dnsProbe, this seems NOT a big issue.
` dnsprobe.go:75] Starting dnsProbe {Label:kubedns Server:127.0.0.1:10053 Name:kubernetes.default.svc.cluster.local. Interval:5s Type:33}
`
10.96.0.1:443 is the cluster ip of kubernetes service, this service is in “default” namespace, can kube-dns from namesapce “kube-system” able to access this in namespace “default” ? I suspect here might have problem ?
` $ kubectl describe service kubernetes
`
@WanChengHu Does pod bind with ip? Most of reason is iptables and flannel network.
I also have this problem in kubernetes v1.7.4, and after I restart docker, it fix.
I am not entierly sure this has to do with #196, I think there is a race condition elsewhere. I’ve just hit this in something I’m working on at the moment, I will update if I figure out what causes it, as seem to have a way of reproducing is reliably.
Also killing DNS pod seems to resolve this for me…