报错描述:[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get http://localhost:10248/healthz: dial tcp [::1]:10248: connect: connection refused.
解决过程:
1、根据提示,查看kubelet,docker状态,需要确保启动了

systemctl status kubelet
systemctl status docker

2、查看日志

kubectl
kubectl get cs

3、防火墙开放端口
master

firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd --permanent --add-port=8472/udp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=9153/tcp
firewall-cmd --add-masquerade --permanent
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --add-masquerade --permanent
firewall-cmd --query-masquerade
firewall-cmd --remove-masquerade
firewall-cmd --query-masquerade
firewall-cmd --permanent --add-port=15010-15014/tcp
systemctl restart firewalld

node

firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd --permanent --add-port=8472/udp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=9153/tcp
firewall-cmd --add-masquerade --permanent
systemctl restart firewalld

4、修改镜像源daemon.json

cat > /etc/docker/daemon.json <<EOF
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}

5、修改/etc/systemd/system/kubelet.service.d/10-kubeadm.conf

# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

6、指定control-plane-endpoint

kubeadm init --control-plane-endpoint="192.168.1.116:6443" --apiserver-advertise-address="192.168.1.116" --image-repository="registry.aliyuncs.com/google_containers" --kubernetes-version="v1.22.1" --service-cidr="10.1.0.0/16" --pod-network-cidr="10.50.0.0/16" --upload-certs

**解决:**实际解决为最后一步

kubeadm init --control-plane-endpoint="192.168.1.116:6443" --apiserver-advertise-address="192.168.1.116" --image-repository="registry.aliyuncs.com/google_containers" --kubernetes-version="v1.22.1" --service-cidr="10.1.0.0/16" --pod-network-cidr="10.50.0.0/16"

端口说明(1.17.3的)
kube-apiserver 安全端口 --secure-port 6443 HTTPS 是 -
kube-apiserver 非安全端口 --insecure-port 8080 HTTP 否,0表示关闭 deprecated
kubelet 健康检测端口 --healthz-port 10248 HTTP 否,0表示关闭 -
kube-proxy 指标端口 --metrics-port 10249 HTTP 否,0表示关闭 -
kubelet 安全端口 --port 10250 HTTPS 是 认证与授权
kube-scheduler 非安全端口 --insecure-port 10251 HTTP 否,0表示关闭 deprecated
kube-controller-manager 非安全端口 --insecure-port 10252 HTTP 否,0表示关闭 deprecated
kubelet 非安全端口 --read-only-port 10255 HTTP 否,0表示关闭 -
kube-proxy 健康检测端口 --healthz-port 10256 HTTP 否,0表示关闭 -
kube-controller-manager 安全端口 --secure-port 10257 HTTPS 否,0表示关闭 认证与授权
kube-scheduler 安全端口 --secure-port 10259 HTTPS 否,0表示关闭 认证与授权

Logo

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐