Kubectl logs returning tls handshake timeout

0
votes

kubectl -n namespace1 logs -f podname

returns the following error.

Error from server: Get https://ipaddress:10250/containerLogs/namespace1/podname-xxkb9/podname?follow=true: net/http: TLS handshake timeout

Proxies are unset.

unset http_proxy
unset https_proxy

But Still the issue comes. Could anyone help me with this issue please.

2
dockerkubernetesdeploymentkubernetes-helmkubernetes-pod
Do other kubectl commands work? - Kamol Hasan
yes kubectl get pods -n namespace are working @KamolHasan - Mani Gopal
how about kubectl exec/attach/portforward....? - Kamol Hasan
kubectl logs only not working. @KamolHasan - Mani Gopal
@ManiGopal could you please post the result of the command kubectl get pods and kubectl describe pod_name ? - Mr.KoopaKiller

2 Answers

1
votes

What I know for sure this is not a cert issue. This is API versions mismatching problem or something else related to API. There were few discussions on stack in the past, ill attach them in the end. Also I experienced the same few years ago and at that time I also resolved this problem by kubeadm upgrade

First of all check real error message by running kubectl logs -v9 for maximum verbosity level.

Most probably you checked other commands like kubect get pods,nodes, etc. None of those commands ,require the apiserver to contact the kubelet, only kubectl logs does. And @Kamos asked you absolutelly right question re exec/attach/portforward. 99% they also doesnt work for you because they also require contacting kubelet directly.

There are a lot of chances you will fix issue with Upgrading kubeadm clusters

References:

1. Kubernetes - net/http: TLS handshake timeout when fetching logs (BareMetal)

2. Kubernetes logs command TLS handshake timeout ANSWER1!!!

3. Kubernetes logs command TLS handshake timeout ANSWER2

4. kubectl logs failed with error: net/http: TLS handshake timeout #71343

0
votes

Reinstalling Kubernetes without proxy resolved this issue.