{
  "id": "kubernetes/exec-in-pod-failed-unable-to-upgrade-connection",
  "signature": "Error from server: error dialing backend: dial tcp 10.0.0.5:10250: connect: connection refused",
  "signature_zh": "来自服务器的错误：拨号后端时出错：拨号 tcp 10.0.0.5:10250：连接：连接被拒绝",
  "regex": "error dialing backend: dial tcp \\d+\\.\\d+\\.\\d+\\.\\d+:10250: connect: connection refused",
  "domain": "kubernetes",
  "category": "network_error",
  "subcategory": null,
  "root_cause": "The kubelet on the node is not listening on the expected port (10250) or is unreachable due to network issues, preventing kubectl exec/attach/logs.",
  "root_cause_type": "generic",
  "root_cause_zh": "节点上的 kubelet 未在预期端口（10250）上监听，或因网络问题无法访问，导致 kubectl exec/attach/logs 失败。",
  "versions": [
    {
      "version": "kubectl v1.27.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "kubelet v1.27.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "kubelet v1.29.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Kubernetes v1.28.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Restarting the pod, assuming it's a container issue",
      "why_fails": "The error is node-level, not pod-level; restarting the pod won't fix kubelet connectivity.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "Checking pod logs via kubectl logs, which also fails with the same error",
      "why_fails": "All kubectl commands that require kubelet interaction (exec, logs, attach) will fail identically.",
      "fail_rate": 0.8,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "SSH into the node and restart kubelet: `ssh node-user@node-ip 'sudo systemctl restart kubelet'`.",
      "success_rate": 0.7,
      "how": "SSH into the node and restart kubelet: `ssh node-user@node-ip 'sudo systemctl restart kubelet'`.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check if kubelet is running and on the correct port: `ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`. If not, check kubelet config for `--port` flag.",
      "success_rate": 0.8,
      "how": "Check if kubelet is running and on the correct port: `ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`. If not, check kubelet config for `--port` flag.",
      "condition": "",
      "sources": []
    },
    {
      "action": "If firewall is blocking, verify network policies or cloud firewall rules allow traffic from control plane to node port 10250.",
      "success_rate": 0.75,
      "how": "If firewall is blocking, verify network policies or cloud firewall rules allow traffic from control plane to node port 10250.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "SSH 到节点并重启 kubelet：`ssh node-user@node-ip 'sudo systemctl restart kubelet'`。",
    "检查 kubelet 是否在运行并在正确端口上：`ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`。如果没有，检查 kubelet 配置中的 `--port` 参数。",
    "如果防火墙阻止，检查网络策略或云防火墙规则是否允许从控制平面到节点端口 10250 的流量。"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.8,
  "fix_success_rate": 0.75,
  "resolvable": "partial",
  "first_seen": "2024-01-20",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}