Error: listen tcp :10250: bind: address already in use on Alibaba Cloud Serverless Kuberneters (ASK)
Encountered an error Back-off restarting failed container when deploying cert-manager-webhook on Alibaba Cloud Serverless Kuberneters (ASK)
1 2 3 4 5 6 7 8 9
shell@Alicloud:~$ kubectl logs -f cert-manager-webhook-7d6d4c78bc-lr9zh -n cert-manager W0603 09:48:28.403062 1 client_config.go:608] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. W0603 09:48:28.404700 1 client_config.go:608] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0603 09:48:28.404863 1 webhook.go:69] cert-manager/webhook "msg"="using dynamic certificate generating using CA stored in Secret resource" "secret_name"="cert-manager-webhook-ca" "secret_namespace"="cert-manager" I0603 09:48:28.405047 1 server.go:148] cert-manager/webhook "msg"="listening for insecure healthz connections" "address"=":6080" Error: listen tcp :10250: bind: address already in use ...
Maybe ASK uses a single working node by default, which make it easy to port conflicts.
We can change 10250 to another port to avoid port conflicts。
1 2 3 4 5 6 7 8 9 10 11
# values.yaml
webhook:
# The port that the webhook should listen on for requests. # In GKE private clusters, by default kubernetes apiservers are allowed to # talk to the cluster nodes only on 443 and 10250. so configuring # securePort: 10250, will work out of the box without needing to add firewall # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 # securePort: 10250 securePort:10251# change 10250 to another port.