# Error from server: error dialing backend: dial tcp 10.0.0.5:10250: connect: connection refused

- **ID:** `kubernetes/exec-in-pod-failed-unable-to-upgrade-connection`
- **Domain:** kubernetes
- **Category:** network_error
- **Verification:** ai_generated
- **Fix Rate:** 75%

## Root Cause

The kubelet on the node is not listening on the expected port (10250) or is unreachable due to network issues, preventing kubectl exec/attach/logs.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| kubectl v1.27.0 | active | — | — |
| kubelet v1.27.0 | active | — | — |
| kubelet v1.29.0 | active | — | — |
| Kubernetes v1.28.0 | active | — | — |

## Workarounds

1. **SSH into the node and restart kubelet: `ssh node-user@node-ip 'sudo systemctl restart kubelet'`.** (70% success)
   ```
   SSH into the node and restart kubelet: `ssh node-user@node-ip 'sudo systemctl restart kubelet'`.
   ```
2. **Check if kubelet is running and on the correct port: `ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`. If not, check kubelet config for `--port` flag.** (80% success)
   ```
   Check if kubelet is running and on the correct port: `ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`. If not, check kubelet config for `--port` flag.
   ```
3. **If firewall is blocking, verify network policies or cloud firewall rules allow traffic from control plane to node port 10250.** (75% success)
   ```
   If firewall is blocking, verify network policies or cloud firewall rules allow traffic from control plane to node port 10250.
   ```

## Dead Ends

- **Restarting the pod, assuming it's a container issue** — The error is node-level, not pod-level; restarting the pod won't fix kubelet connectivity. (90% fail)
- **Checking pod logs via kubectl logs, which also fails with the same error** — All kubectl commands that require kubelet interaction (exec, logs, attach) will fail identically. (80% fail)