{
  "id": "kubernetes/kubectl-exec-tcp-timeout",
  "signature": "error: unable to upgrade connection: dial tcp: i/o timeout",
  "signature_zh": "错误：无法升级连接：拨号 tcp：输入/输出超时",
  "regex": "unable to upgrade connection: dial tcp: i/o timeout",
  "domain": "kubernetes",
  "category": "network_error",
  "subcategory": null,
  "root_cause": "The kube-apiserver cannot establish a connection to the kubelet on the node for exec/logs/attach operations, usually due to network policies, firewall rules, or node unavailability.",
  "root_cause_type": "generic",
  "root_cause_zh": "kube-apiserver 无法与节点上的 kubelet 建立用于 exec/logs/attach 操作的连接，通常是由于网络策略、防火墙规则或节点不可用。",
  "versions": [
    {
      "version": "kubernetes 1.22",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "kubernetes 1.23",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "kubernetes 1.24",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "kubernetes 1.27",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Restart the kube-apiserver pod.",
      "why_fails": "The issue is on the node side (kubelet or network), not the API server; restarting the API server won't help.",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    },
    {
      "action": "Increase the kubelet's timeout settings.",
      "why_fails": "The timeout is due to connectivity, not latency; increasing timeouts only delays the failure.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Verify network connectivity from the control plane node to the target node on port 10250 (kubelet port): `nc -zv <node-ip> 10250`. If blocked, update firewall rules or network policies to allow traffic.",
      "success_rate": 0.9,
      "how": "Verify network connectivity from the control plane node to the target node on port 10250 (kubelet port): `nc -zv <node-ip> 10250`. If blocked, update firewall rules or network policies to allow traffic.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check if the node is in a 'NotReady' state. If so, investigate kubelet logs on the node (`journalctl -u kubelet`) and restart the kubelet service.",
      "success_rate": 0.8,
      "how": "Check if the node is in a 'NotReady' state. If so, investigate kubelet logs on the node (`journalctl -u kubelet`) and restart the kubelet service.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "验证从控制平面节点到目标节点在端口 10250（kubelet 端口）上的网络连通性：`nc -zv <node-ip> 10250`。如果被阻止，更新防火墙规则或网络策略以允许流量。",
    "检查节点是否处于 'NotReady' 状态。如果是，在节点上调查 kubelet 日志（`journalctl -u kubelet`）并重启 kubelet 服务。"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://kubernetes.io/docs/reference/kubectl/kubectl-exec/",
  "official_doc_section": null,
  "error_code": "K8S-EXEC-005",
  "verification_tier": "ai_generated",
  "confidence": 0.86,
  "fix_success_rate": 0.82,
  "resolvable": "true",
  "first_seen": "2023-11-02",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}