Misconfigured kubeletctl or the port config is ignored #12
Description
Summary
Due to a possible misconfiguration on my side of kubeletctl or perhaps another reason, the port being used to comunicate with the kubelet API is not correct. The port being used (39261) is the cluster port specified on my kubeconfig file (see Environment setup section).
Steps to Reproduce
Steps to reproduce the behavior:
- Download the precompiled
kubeletctlbinary with:
$ curl -LO https://github.com/cyberark/kubeletctl/releases/download/v1.6/kubeletctl_linux_amd64 && chmod a+x ./kubeletctl_linux_amd64 && mv ./kubeletctl_linux_amd64 /usr/local/bin/kubeletctl- Try to check worker node
kubelet's health:
$ kubeletctl -s 172.18.0.3 healthz👀 NOTE:
The target worker node has the IP172.18.0.3.
Expected Results
Get the proper output from the kubelet. In this case the endpoint tested was healthz. This is the output obtained using curl instead of kubeletctl:
$ curl -k https://172.18.0.2:10250/healthz
ok
Actual Results (including error logs, if applicable)
Using the default port for kubelet (port 10250) or setting it manually both result in the wrong address being used.
With the default port:
$ kubeletctl -s 172.18.0.3 healthz
[*] Using KUBECONFIG environment variable
[*] You can ignore it by modifying the KUBECONFIG environment variable, file "~/.kube/config" or use the "-i" switch
[*] Failed to run HTTP request with error: Get "https://172.18.0.3:39261/healthz/": dial tcp 172.18.0.3:39261: connect: connection refused$ kubeletctl -s 172.18.0.3 --port 10250 healthz
[*] Using KUBECONFIG environment variable
[*] You can ignore it by modifying the KUBECONFIG environment variable, file "~/.kube/config" or use the "-i" switch
[*] The reponse failed with status: 404
[*] Message: 404 page not foundReproducible
- Always
- Sometimes
- Non-Reproducible
Version/Tag number
Product version is the following:
$ kubeletctl version
[*] Using KUBECONFIG environment variable
[*] You can ignore it by modifying the KUBECONFIG environment variable, file "~/.kube/config" or use the "-i" switch
_ _ _ _
| | | | | | _ _ | |
| | _ _ _| |__ _____| | _____ _| |_ ____ _| |_| |
| |_/ ) | | | _ \| ___ | || ___ (_ _) ___|_ _) |
| _ (| |_| | |_) ) ____| || ____| | |( (___ | |_| |
|_| \_)____/|____/|_____)\_)_____) \__)____) \__)\_)
Author: Eviatar Gerzi
Version: 1.6
Environment setup
Running on local development box:
$ uname -a
Linux <box-name> 5.0.0-32-generic #34~18.04.2-Ubuntu SMP Thu Oct 10 10:36:02 UTC 2019 x86_64 x86_64 x86_64 GNU/LinuxKubernetes version and cluster info:
$ kubectl cluster-info
Kubernetes master is running at https://127.0.0.1:39261
KubeDNS is running at https://127.0.0.1:39261/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyConfig file pointed by $KUBECONFIG env var:
$ cat $KUBECONFIG
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: BASE64_CERTIFICATE_AUTHORITY_DATA
server: https://127.0.0.1:39261
name: kind-cluster-name
contexts:
- context:
cluster: kind-cluster-name
user: kind-cluster-name
name: kind-cluster-name
current-context: kind-cluster-name
kind: Config
preferences: {}
users:
- name: kind-cluster-name
user:
client-certificate-data: BASE64_ENCODED_CERTIFICATE_DATA
client-key-data: BASE64_ENCODED_KEY_DATAAdditional Information
The kubernetes flavor used for this scenario is KinD
The extra configuration for the worker nodes is the following:
- role: worker
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
anonymous-auth: "true"
authorization-mode: "AlwaysAllow"This is mainly to allow unauthenticated requests to the kubelet api.