Tencent Kubernetes Engine
- Release Notes and Announcements
- Release Notes
- Announcements
- Security Vulnerability Fix Description
- Release Notes
- Kubernetes Version Maintenance
- Runtime Version Maintenance Description
- Product Introduction
- Quick Start
- TKE General Cluster Guide
- Purchase a TKE General Cluster
- Permission Management
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Cluster Management
- Images
- Worker node introduction
- Normal Node Management
- Native Node Management
- Purchasing Native Nodes
- Supernode management
- Purchasing a Super Node
- Registered Node Management
- Memory Compression Instructions
- GPU Share
- qGPU Online/Offline Hybrid Deployment
- Kubernetes Object Management
- Workload
- Configuration
- Auto Scaling
- Service Management
- Ingress Management
- CLB Type Ingress
- API Gateway Type Ingress
- Storage Management
- Use File to Store CFS
- Use Cloud Disk CBS
- Add-On Management
- CBS-CSI Description
- Network Management
- GlobalRouter Mode
- VPC-CNI Mode
- Static IP Address Mode Instructions
- Cilium-Overlay Mode
- OPS Center
- Audit Management
- Event Management
- Monitoring Management
- Log Management
- Using CRD to Configure Log Collection
- Backup Center
- TKE Serverless Cluster Guide
- Purchasing a TKE Serverless Cluster
- TKE Serverless Cluster Management
- Super Node Management
- Kubernetes Object Management
- OPS Center
- Log Collection
- Using a CRD to Configure Log Collection
- Audit Management
- Event Management
- TKE Registered Cluster Guide
- Registered Cluster Management
- Ops Guide
- TKE Insight
- TKE Scheduling
- Job Scheduling
- Native Node Dedicated Scheduler
- Cloud Native Service Guide
- Cloud Service for etcd
- Version Maintenance
- Cluster Troubleshooting
- Practical Tutorial
- Cluster
- Serverless Cluster
- Mastering Deep Learning in Serverless Cluster
- Scheduling
- Security
- Service Deployment
- Proper Use of Node Resources
- Network
- DNS
- Self-Built Nginx Ingress Practice Tutorial
- Logs
- Monitoring
- OPS
- DevOps
- Construction and Deployment of Jenkins Public Network Framework Appications based on TKE
- Auto Scaling
- KEDA
- Containerization
- Microservice
- Cost Management
- Hybrid Cloud
- Fault Handling
- Pod Status Exception and Handling
- Pod exception troubleshooter
- API Documentation
- Making API Requests
- Elastic Cluster APIs
- Resource Reserved Coupon APIs
- Cluster APIs
- Third-party Node APIs
- Network APIs
- Node APIs
- Node Pool APIs
- TKE Edge Cluster APIs
- Cloud Native Monitoring APIs
- Super Node APIs
- TKE API 2022-05-01
- Making API Requests
- Node Pool APIs
- FAQs
- TKE General Cluster
- TKE Serverless Cluster
- About OPS
- Service Agreement
- User Guide(Old)
DocumentationTencent Kubernetes EngineFault HandlingCluster API Server Inaccessibility Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Last updated: 2024-12-13 14:48:39
Inaccessibility After Private Network Access Is Enabled
You can enable private network access in the TKE console. If resources still cannot be accessed, check the following based on your cluster type:
Managed cluster
Check whether the security group of the node in the cluster correctly opens the port range of 30000–32768 as instructed in "Viewing node security group configurations".
Self-deployed cluster
1. Check whether the security group of the node in the cluster correctly opens the port range of 30000–32768 as instructed in "Viewing node security group configurations".
2. When enabling private network access, you set the VPC subnet IP range in the console. Check whether the Master node in the cluster allows this VPC subnet IP range.
3. Check whether the security group of the Master node in the cluster correctly opens the VPC IP range and VPC subnet IP range where the Master node is located.
Inaccessibility After Public Network Access Is Enabled
You can enable public network access in the TKE console. If resources still cannot be accessed, check the following based on your cluster type:
Managed cluster
Check whether the source CIDR block of the security group is configured correctly. You can also set the source
0.0.0.0/0 to be fully open to the public network, and test the Internet access again.Self-deployed cluster
When public network access is enabled for the self-deployed cluster, the
default/kubelb-internet Service object will be automatically created in the cluster. This Service will be automatically bound to a public network CLB instance. By default, this CLB instance will not be bound to a security group (that is, fully open to the internet), and the EXTERNAL-IP field shows the VIP of the CLB instance.$ kubectl get service kubelb-internetNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubelb-internet LoadBalancer 172.16.252.94 152.136.8.98 443:32750/TCP 3m4s
1. Check whether the CLB bound to the
default/kubelb-internet Service object has a security group configured correctly.2. Check whether the security group of the master node in the cluster correctly opens the port range of 30000–32768 as instructed in "Viewing node security group configurations".
3. Check whether the security group of the Master node in the cluster correctly opens the VPC IP range and VPC subnet IP range where the Master node is located.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No