I've been running my kubernetes masters separate from my kubernetes nodes. So I have kube-apiserver
, kube-scheduler
and kube-controllermanager
running on a server without kubelet
, kube-proxy
or flannel
.
So far this has worked perfectly. However, today I attempted to set up the Web UI and access it through an API server. I got the the following error when accessing http://kube-master-0:8080/ui
:
Error: 'dial tcp 172.16.72.12:9090: getsockopt: connection timed out' Trying to reach: 'http://172.16.72.12:9090/'
This suggests to me that the API server is trying to connect to the pod IP, as we don't have flannel or kube-proxy running on this host, the 172.16.72.12
IP will not be routed.
Am I expected to run kube-proxy and flannel on my API servers? Is there another way to let the API server proxy the UI?
It's not required, but it will certainly make your life easier.
The reason this isn't working is because kube-proxy isn't directing traffic to the service. Try kube-node:8080/ui
(assuming you have exposed it as with NodePort configuration
In theory, Kube apiserver does not expect the presence of kube-proxy. This means kube apiserver will run correctly, receives requests and handles them(mostly reads from and writes to etcd
).
But if you want the whole cluster working, you will need other components running, for example:
pods
or deployments
to be scheduled, kube-scheduler
should be runningpods
and containers
be running in nodes, kubelet
has to be runningreplications
can be guarded, controller-manager
should be runingAs for kube-proxy
and flannel
, they are critical parts to make sure networking is working. Load Balance
, service
, across-hosts pod communication
etc all depends on them.