When you ask the API server to retrieve pod logs (i.e. kubectl logs <pod name>, it does this be connecting to kube-proxy on port 10250 (not quite sure where this is defined yet but will find out and update this post) on the node hosting the pod. You can check this manually with curl as follows
curl -k https://<k8s node main IP address>:10250/containerLogs/<pod namespace>/<pod name>/<container name>
The no route to host message is misleading because it implies that you have a IP routing problem, which is not the case, as you'll notice if you ping the host. The actually error is caused by the kube-proxy port being blocked by firewalld on the target hosting the pod in question. Not sure why the no route to host message is given because this is obviously not a routing issue. Allowing port 10250 on the host in question resolved the issue when I experienced this problem.
re-running the curl command above will show you the logs from the container in question (no authentication needed)
NOTE: Make sure you don't have HTTP_PROXY and/or HTTPS_PROXY env vars set on the box you're running curl from 
No comments:
Post a Comment