Closed ryuzakyl closed 3 years ago
@ryuzakyl Thank you for the informative response! I see the problem, I will fix it. I will update you once it will be ready.
@ryuzakyl Can you try:
kubeletctl -s 172.18.0.3 -i healthz
There is the -i
switch that ignores the config file.
I had also previously tried with the -i switch, but didn't include it on the initial bug report. I suspect the URL being queried is not the proper one and that's why I'm getting the HTTP 404.
$ kubeletctl -s 172.18.0.3 -i healthz
[*] The reponse failed with status: 404
[*] Message: 404 page not found
It would be nice to have some sort of verbose mode (-v or -vv, etc.) to know which URLs are being queried and thus, having a better understanding of the kubelet
API.
I see what is the problem. I debugged it and if there is not input arguments it creates a url like that: https://<node_ip>:10250/healthz/
instead of https://<node_ip>:10250/healthz/
(without the last /
).
Can you please try a differnt command? Like that:
kubeletctl -s 172.18.0.3 -i pods
Does this commands works?
Regarding the verbose, this is a great idea, I will add it to the TODO list.
You can try version 1.7:
https://github.com/cyberark/kubeletctl/releases/tag/v1.7
It works!!! :thumbsup: :ok_hand: :clap:
Healthcheck:
$ kubeletctl -s 172.18.0.3 -i healthz
ok
Node pods:
$ kubeletctl -s 172.18.0.3 -i pods
┌─────────────────────────────────────────────────────────┐
│ Pods from Kubelet │
├───┬─────────────────────────┬─────────────┬─────────────┤
│ │ POD │ NAMESPACE │ CONTAINERS │
├───┼─────────────────────────┼─────────────┼─────────────┤
│ 1 │ kube-proxy-6jtcx │ kube-system │ kube-proxy │
│ │ │ │ │
├───┼─────────────────────────┼─────────────┼─────────────┤
│ 2 │ kindnet-886fl │ kube-system │ kindnet-cni │
│ │ │ │ │
├───┼─────────────────────────┼─────────────┼─────────────┤
│ 3 │ coredns-74ff55c5b-r5llh │ kube-system │ coredns │
│ │ │ │ │
└───┴─────────────────────────┴─────────────┴─────────────┘
kubelet
config:
$ kubeletctl -s 172.18.0.3 -i configz
{
"kubeletconfig": {
"enableServer": true,
"staticPodPath": "/etc/kubernetes/manifests",
"syncFrequency": "1m0s",
"fileCheckFrequency": "20s",
"httpCheckFrequency": "20s",
"address": "0.0.0.0",
"port": 10250,
"tlsCertFile": "/var/lib/kubelet/pki/kubelet.crt",
"tlsPrivateKeyFile": "/var/lib/kubelet/pki/kubelet.key",
"rotateCertificates": true,
"authentication": {
"x509": {
"clientCAFile": "/etc/kubernetes/pki/ca.crt"
},
"webhook": {
"enabled": true,
"cacheTTL": "2m0s"
},
"anonymous": {
"enabled": true
}
},
"authorization": {
"mode": "AlwaysAllow",
"webhook": {
"cacheAuthorizedTTL": "5m0s",
"cacheUnauthorizedTTL": "30s"
}
},
"registryPullQPS": 5,
"registryBurst": 10,
"eventRecordQPS": 5,
"eventBurst": 10,
"enableDebuggingHandlers": true,
"healthzPort": 10248,
"healthzBindAddress": "127.0.0.1",
"oomScoreAdj": -999,
"clusterDomain": "cluster.local",
"clusterDNS": ["10.96.0.10"],
"streamingConnectionIdleTimeout": "4h0m0s",
"nodeStatusUpdateFrequency": "10s",
"nodeStatusReportFrequency": "5m0s",
"nodeLeaseDurationSeconds": 40,
"imageMinimumGCAge": "2m0s",
"imageGCHighThresholdPercent": 100,
"imageGCLowThresholdPercent": 80,
"volumeStatsAggPeriod": "1m0s",
"cgroupRoot": "/kubelet",
"cgroupsPerQOS": true,
"cgroupDriver": "cgroupfs",
"cpuManagerPolicy": "none",
"cpuManagerReconcilePeriod": "10s",
"topologyManagerPolicy": "none",
"topologyManagerScope": "container",
"runtimeRequestTimeout": "2m0s",
"hairpinMode": "promiscuous-bridge",
"maxPods": 110,
"podPidsLimit": -1,
"resolvConf": "/etc/resolv.conf",
"cpuCFSQuota": true,
"cpuCFSQuotaPeriod": "100ms",
"nodeStatusMaxImages": 50,
"maxOpenFiles": 1000000,
"contentType": "application/vnd.kubernetes.protobuf",
"kubeAPIQPS": 5,
"kubeAPIBurst": 10,
"serializeImagePulls": true,
"evictionHard": {
"imagefs.available": "0%",
"nodefs.available": "0%",
"nodefs.inodesFree": "0%"
},
"evictionPressureTransitionPeriod": "5m0s",
"enableControllerAttachDetach": true,
"makeIPTablesUtilChains": true,
"iptablesMasqueradeBit": 14,
"iptablesDropBit": 15,
"failSwapOn": false,
"containerLogMaxSize": "10Mi",
"containerLogMaxFiles": 5,
"configMapAndSecretChangeDetectionStrategy": "Watch",
"enforceNodeAllocatable": ["pods"],
"volumePluginDir": "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/",
"providerID": "kind://docker/tfm-k8s/tfm-k8s-worker",
"logging": {
"format": "text"
},
"enableSystemLogHandler": true,
"shutdownGracePeriod": "0s",
"shutdownGracePeriodCriticalPods": "0s"
}
}
Summary
Due to a possible misconfiguration on my side of
kubeletctl
or perhaps another reason, the port being used to comunicate with thekubelet
API is not correct. The port being used (39261
) is the cluster port specified on mykubeconfig
file (see Environment setup section).Steps to Reproduce
Steps to reproduce the behavior:
kubeletctl
binary with:kubelet
's health:Expected Results
Get the proper output from the
kubelet
. In this case the endpoint tested washealthz
. This is the output obtained usingcurl
instead ofkubeletctl
:Actual Results (including error logs, if applicable)
Using the default port for
kubelet
(port10250
) or setting it manually both result in the wrong address being used.With the default port:
Reproducible
Version/Tag number
Product version is the following:
Environment setup
Running on local development box:
Kubernetes version and cluster info:
Config file pointed by $KUBECONFIG env var:
Additional Information
The
kubernetes
flavor used for this scenario is KinDThe extra configuration for the worker nodes is the following:
This is mainly to allow unauthenticated requests to the
kubelet
api.