I deployed kubernetes controller manager using binary packet, started kube-controller-manager service successfully, but HTTP probe failed with statuscode: 400 when kubectl got controler manager state
Environment description
Provider: VMware Workstation(Centos7.2.1511)
docker version: 18.09.6
kernel version: 4.4.184
kubernetes version: 1.14.2
1:This is the kubernetens controller manager state
[root@node1 conf]# /opt/kube/bin/kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Unhealthy HTTP probe failed with statuscode: 400
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
2:this is the kubernetens controller manager system unit file
[root@node1 conf]# cat /etc/systemd/system/kube-controller-manager.service
...
[Service]
WorkingDirectory=/opt/kube/data/kube-manager
ExecStart=/opt/kube/bin/kube-controller-manager \
--port=0 \
--secure-port=10252 \
--bind-address=127.0.0.1 \
--kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--authentication-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--authorization-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--service-cluster-ip-range=10.99.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kube/ssl/ca.pem \
--cluster-signing-key-file=/opt/kube/ssl/ca-key.pem \
--experimental-cluster-signing-duration=8760h \
--root-ca-file=/opt/kube/ssl/ca.pem \
--service-account-private-key-file=/opt/kube/ssl/ca-key.pem \
--leader-elect=true \
--controllers=*,bootstrapsigner,tokencleaner \
--tls-cert-file=/opt/kube/ssl/kube-controller-manager.pem \
--tls-private-key-file=/opt/kube/ssl/kube-controller-manager-key.pem \
--use-service-account-credentials=true \
--experimental-cluster-signing-duration=876000h \
--horizontal-pod-autoscaler-sync-period=10s \
--concurrent-deployment-syncs=10 \
--concurrent-gc-syncs=30 \
--node-cidr-mask-size=24 \
--kube-api-qps=1000 \
--kube-api-burst=2000 \
--logtostderr=true \
--v=2
...
Is there any good solution? Thank you
Since 1.13, kube-controller-manager and kube-scheduler exposing 10259, 10257 as a secure ports
Insecure ports 10251, 10252 has been deprecated. - #1327
You should use the secure ports as the default the livenessProbes going forward.
--secure-port=10257