kubernetes
network_error
ai_generated
partial
来自服务器的错误:拨号后端时出错:拨号 tcp 10.0.0.5:10250:连接:连接被拒绝
Error from server: error dialing backend: dial tcp 10.0.0.5:10250: connect: connection refused
ID: kubernetes/exec-in-pod-failed-unable-to-upgrade-connection
75%修复率
80%置信度
1证据数
2024-01-20首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| kubectl v1.27.0 | active | — | — | — |
| kubelet v1.27.0 | active | — | — | — |
| kubelet v1.29.0 | active | — | — | — |
| Kubernetes v1.28.0 | active | — | — | — |
根因分析
节点上的 kubelet 未在预期端口(10250)上监听,或因网络问题无法访问,导致 kubectl exec/attach/logs 失败。
English
The kubelet on the node is not listening on the expected port (10250) or is unreachable due to network issues, preventing kubectl exec/attach/logs.
官方文档
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/解决方案
-
SSH 到节点并重启 kubelet:`ssh node-user@node-ip 'sudo systemctl restart kubelet'`。
-
检查 kubelet 是否在运行并在正确端口上:`ssh node-user@node-ip 'sudo netstat -tulpn | grep 10250'`。如果没有,检查 kubelet 配置中的 `--port` 参数。
-
如果防火墙阻止,检查网络策略或云防火墙规则是否允许从控制平面到节点端口 10250 的流量。
无效尝试
常见但无效的做法:
-
Restarting the pod, assuming it's a container issue
90% 失败
The error is node-level, not pod-level; restarting the pod won't fix kubelet connectivity.
-
Checking pod logs via kubectl logs, which also fails with the same error
80% 失败
All kubectl commands that require kubelet interaction (exec, logs, attach) will fail identically.