How to fix kubernetes controller manager probe failed: HTTP probe failed with statuscode: 400

7/2/2019

I deployed kubernetes controller manager using binary packet, started kube-controller-manager service successfully, but HTTP probe failed with statuscode: 400 when kubectl got controler manager state

Environment description

Provider: VMware Workstation(Centos7.2.1511)

docker version: 18.09.6

kernel version: 4.4.184

kubernetes version: 1.14.2

1:This is the kubernetens controller manager state

[root@node1 conf]# /opt/kube/bin/kubectl get cs
NAME                 STATUS      MESSAGE                                  ERROR
controller-manager   Unhealthy   HTTP probe failed with statuscode: 400   
scheduler            Healthy     ok                                       
etcd-0               Healthy     {"health":"true"}                        
etcd-1               Healthy     {"health":"true"}                        
etcd-2               Healthy     {"health":"true"}  

2:this is the kubernetens controller manager system unit file

[root@node1 conf]# cat /etc/systemd/system/kube-controller-manager.service 
...
[Service]
WorkingDirectory=/opt/kube/data/kube-manager
ExecStart=/opt/kube/bin/kube-controller-manager \
  --port=0 \
  --secure-port=10252 \
  --bind-address=127.0.0.1 \
  --kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
  --authentication-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
  --authorization-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
  --service-cluster-ip-range=10.99.0.0/16 \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/opt/kube/ssl/ca.pem \
  --cluster-signing-key-file=/opt/kube/ssl/ca-key.pem \
  --experimental-cluster-signing-duration=8760h \
  --root-ca-file=/opt/kube/ssl/ca.pem \
  --service-account-private-key-file=/opt/kube/ssl/ca-key.pem \
  --leader-elect=true \
  --controllers=*,bootstrapsigner,tokencleaner \
  --tls-cert-file=/opt/kube/ssl/kube-controller-manager.pem \
  --tls-private-key-file=/opt/kube/ssl/kube-controller-manager-key.pem \
  --use-service-account-credentials=true \
  --experimental-cluster-signing-duration=876000h \
  --horizontal-pod-autoscaler-sync-period=10s \
  --concurrent-deployment-syncs=10 \
  --concurrent-gc-syncs=30 \
  --node-cidr-mask-size=24 \
  --kube-api-qps=1000 \
  --kube-api-burst=2000 \
  --logtostderr=true \
  --v=2
...

Is there any good solution? Thank you

-- Beck
kubernetes

1 Answer

7/4/2019

Since 1.13, kube-controller-manager and kube-scheduler exposing 10259, 10257 as a secure ports

Insecure ports 10251, 10252 has been deprecated. - #1327

You should use the secure ports as the default the livenessProbes going forward.

  --secure-port=10257
-- A_Suh
Source: StackOverflow