K8s集群健康检查出现connect: connection refused

在查看K8s系统组件时，发现scheduler及controller-manager组件状态存在异常，链接必要端口失败。

[[email protected] ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Unhealthy   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused   
etcd-0               Healthy     {"health":"true"}

[[email protected] ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.15", GitCommit:"8f1e5bf0b9729a899b8df86249b56e2c74aebc55", GitTreeState:"clean", BuildDate:"2022-01-19T17:26:37Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
[[email protected] ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.15", GitCommit:"8f1e5bf0b9729a899b8df86249b56e2c74aebc55", GitTreeState:"clean", BuildDate:"2022-01-19T17:27:39Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.0", GitCommit:"af46c47ce925f4c4ad5cc8d1fca46c7b77d13b38", GitTreeState:"clean", BuildDate:"2020-12-08T17:51:19Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

解决办法

在kubeadm中，集群健康检查监听scheduler默认10251及controller-manager默认10252的不安全端口。为了安全起见，该报错可以忽略。

开启监听

如需开启10251及10252端口的监听，则需进入/etc/kubernetes/manifests/目录编辑kube-scheduler.yaml及kube-controller-manager.yaml文件。

在- --port=0前添加注释即可。

[[email protected] manifests]# vi kube-scheduler.yaml 
      1 apiVersion: v1
      2 kind: Pod
      3 metadata:
      4   creationTimestamp: null
      5   labels:
      6     component: kube-scheduler
      7     tier: control-plane
      8   name: kube-scheduler
      9   namespace: kube-system
     10 spec:
     11   containers:
     12   - command:
     13     - kube-scheduler
     14     - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
     15     - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf
     16     - --bind-address=127.0.0.1
     17     - --kubeconfig=/etc/kubernetes/scheduler.conf
     18     - --leader-elect=true
     19 #    - --port=0

[[email protected] manifests]# vi kube-controller-manager.yaml
      1 apiVersion: v1
      2 kind: Pod
      3 metadata:
      4   creationTimestamp: null
      5   labels:
      6     component: kube-controller-manager
      7     tier: control-plane
      8   name: kube-controller-manager
      9   namespace: kube-system
     10 spec:
     11   containers:
     12   - command:
     13     - kube-controller-manager
     14     - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
     15     - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
     16     - --bind-address=127.0.0.1
     17     - --client-ca-file=/etc/kubernetes/pki/ca.crt
     18     - --cluster-name=kubernetes
     19     - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
     20     - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
     21     - --controllers=*,bootstrapsigner,tokencleaner
     22     - --kubeconfig=/etc/kubernetes/controller-manager.conf
     23     - --leader-elect=true
     24 #    - --port=0

编辑完成后等待一段时间即可。

[[email protected] manifests]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}

文章来源于互联网:K8s集群健康检查出现connect: connection refused