Error from server: Get “https:IP:10250/*“:dial tcp IP:10250: connect: no route to host

Error from server: Get “https://10.23.XX:10250/containerLogs/kpanda-system/kpanda-controller-manager-6c77785f75-htwbd/kpanda-controller-manager”: dial tcp 10.23.XX:10250: connect: no route to host

问题发现：
在集群中部署应用，查看状态，发现某个pod一直起不来。

kubectl get pod -A

问题追踪及解决：
查看该pod的日志发现如下：

kubectl logs $POD -n $NS
Error from server: Get "https://10.23.XX:10250/containerLogs/kpanda-system/kpanda-controller-manager-6c77785f75-htwbd/kpanda-controller-manager": dial tcp 10.23.XX:10250: connect: no route to host

在master节点上ping连接不上的这台主机发现可以ping通：

[root@10-23-xx-xx ~]#  ping node-1
PING node-1 (10.23.75.169) 56(84) bytes of data.
64 bytes from node-1 (10.23.xx.xx): icmp_seq=1 ttl=63 time=1.16 ms
64 bytes from node-1 (10.23.xx.xx): icmp_seq=2 ttl=63 time=0.257 ms
^C
--- node-1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.257/0.592/1.161/0.405 ms

再次检查端口是否打开，发现端口不通：

[root@10-23-xx-xx ~]# telnet 10.23.xx.xx 10250
Trying 10.23.xx.xx...

去该node节点上查看防火墙状态，发现防火墙是开着的，原因找到啦，问题就很好解决了。

[root@10-23-xx-xx ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since 四 2022-01-20 12:52:25 CST; 1h 6min ago
     Docs: man:firewalld(1)
 Main PID: 843 (firewalld)
    Tasks: 2
   Memory: 27.2M
   CGroup: /system.slice/firewalld.service
           └─843 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

1月 20 12:52:35 10-23-xx-xx firewalld[843]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i doc...in?).
1月 20 12:52:35 10-23-75-169 firewalld[843]: WARNING: COMMAND_FAILED: 
'/usr/sbin/iptables -w2 -t filter -C FORW...name.
Hint: Some lines were ellipsized, use -l to show in full.
[root@10-23-xx-xx ~]# systemctl stop firewalld
[root@10-23-xx-xx ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

再次查看pod状态，已经正常running。