When trying to deploy a Helm chart (built in console) to a Kubernetes cluster using Rancher 1.4 I get this error:
Error: forwarding ports: error upgrading connection: error dialing backend: dial tcp 22.214.171.124:10250: getsockopt: connection timed out
It is a standard Kubernetes deployment using Rancher, is there a need to open additional ports between the Rancher server (Helm client) and Tiller server (Kube pod)? Any ideas?
Bumping this b/c I came across the same thing. In order to alleviate this issue I allowed ingress on port 10250 on my kubernetes hosts, but this does not seem to be documented anywhere in kubernetes setup.
I also noticed that kube-apiserver does not appear to be running in my cluster.
- Does the rancher master act as the kube-apiserver?
- Does it require direct access to all hosts at 10250 to work correctly?
- Can I run kube-apiserver in the cluster?
Ok, with a little playing I found that the rancher master does not need to access the hosts at 10250, but the hosts do need to access each other at 10250. This should probably be added to the docs.
I would still love a low level description of the relationship between the master and the kubelets with regard to kubetctl and helm.