Reputation: 171
Kubectl logs returning tls handshake timeout
kubectl -n namespace1 logs -f podname
returns the following error.
Error from server: Get https://ipaddress:10250/containerLogs/namespace1/podname-xxkb9/podname?follow=true: net/http: TLS handshake timeout
Proxies are unset.
unset http_proxy
unset https_proxy
But Still the issue comes. Could anyone help me with this issue please.
Upvotes: 3
Views: 18520
Answers (4)
Reputation: 322
proxy will get added to this file /etc/systemd/system/k3s.service.env
You can add the node IP as NO_PROXY in this file
https://docs.k3s.io/advanced#configuring-an-http-proxy
Refer : https://github.com/k3s-io/k3s/issues/10357
Upvotes: 0
Reputation: 1000
In my case, I experienced this with AWS EKS and kubectl running on WSL:
I put in my .bashrc:
# fixed issue with tls handshake error of terraform EKS
export NO_PROXY="${NO_PROXY};eks.amazonaws.com"
The issue then dissapeared.
Upvotes: 0
Reputation: 8411
What I know for sure this is not a cert issue. This is API versions mismatching problem or something else related to API. There were a few discussions on stack in the past, I'll attach them in the end. Also, I experienced the same few years ago and at that time I also resolved this problem by kubeadm upgrade
First of all check real error message by running kubectl logs -v9 for maximum verbosity level.
Most probably you checked other commands like kubectl get pods, nodes, etc. None of those commands require the apiserver to contact the kubelet, only kubectl logs does.
And @Kamos asked you absolutely the right question re: exec/attach/portforward. 99% they also doesn't work for you because they also require contacting kubelet directly.
There are a lot of chances you will fix issue with Upgrading kubeadm clusters
References:
1. Kubernetes - net/http: TLS handshake timeout when fetching logs (BareMetal)
2. Kubernetes logs command TLS handshake timeout ANSWER1!!!
3. Kubernetes logs command TLS handshake timeout ANSWER2
4. kubectl logs failed with error: net/http: TLS handshake timeout #71343
Upvotes: 3
Reputation: 171
Reinstalling Kubernetes without proxy resolved this issue.
Upvotes: 0
Related Questions
- kubectl exec/logs on EKS returns "remote error: tls: internal error"
- kubectl: net/http: TLS handshake timeout
- Kubernetes Liveness and readiness probes causing error logs 'http: TLS handshake error from 10.234.0.1:49330: EOF'
- kubernetes pods http: TLS handshake error from x.x.x.x:38676: EOF
- Where Are TLS Handshake Errors In APISERVER Logs Coming From?
- Timeout on kubernetes api server logs
- Kubectl randomly returns "TLS handshake timeout" (running on localhost K8s)
- Azure Kubernetes: TLS handshake timeout
- TLS handshake timeout with kubernetes in GKE
- Kubernetes/Container Engine: TLS handshake timeout