Kube-probe TCP probe failed: host unreachable

The probe cannot reach the host due to network issues.

Understanding Kube-probe

Kube-probe is a diagnostic tool used in Kubernetes to monitor the health of applications running in a cluster. It helps ensure that applications are running smoothly by checking their readiness and liveness. Probes can be configured to use HTTP, TCP, or command execution to verify the application's state.

Identifying the Symptom

One common issue encountered with Kube-probe is the error message: TCP probe failed: host unreachable. This indicates that the probe is unable to establish a TCP connection to the specified host, which can lead to the application being marked as unhealthy.

Explaining the Issue

The error TCP probe failed: host unreachable typically arises when the network configuration prevents the probe from reaching the target host. This could be due to incorrect IP addresses, network policies, or firewall rules blocking the connection.

Common Causes

  • Incorrect service or pod IP address configuration.
  • Network policies restricting traffic to the host.
  • Firewall rules blocking the TCP connection.

Steps to Fix the Issue

To resolve the TCP probe failed: host unreachable issue, follow these steps:

Step 1: Verify Network Configuration

Ensure that the network configuration allows the probe to reach the host. Check the IP address and port specified in the probe configuration:

kubectl describe pod <pod-name> | grep -A 10 'Liveness:'

Verify that the IP address and port are correct and accessible.

Step 2: Check Network Policies

Review any network policies that might be restricting traffic to the host. Use the following command to list network policies:

kubectl get networkpolicy -n <namespace>

Ensure that the policies allow traffic from the probe to the target host.

Step 3: Inspect Firewall Rules

Check the firewall settings to ensure that they are not blocking the TCP connection. You may need to consult your cloud provider's documentation for specific firewall configurations. For example, see Google Cloud Firewall Rules.

Step 4: Test Connectivity

Manually test the connectivity from the probe's network to the host using tools like telnet or nc:

telnet <host-ip> <port>

If the connection fails, further investigate network configurations and permissions.

Conclusion

By following these steps, you should be able to diagnose and resolve the TCP probe failed: host unreachable issue. Ensuring proper network configurations and permissions is key to maintaining the health of applications in a Kubernetes cluster. For more information on configuring probes, refer to the Kubernetes Probes Documentation.

Master

Kube-probe

in Minutes — Grab the Ultimate Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands
Real-world configs/examples
Handy troubleshooting shortcuts
Your email is safe with us. No spam, ever.

Thankyou for your submission

We have sent the whitepaper on your email!
Oops! Something went wrong while submitting the form.

Kube-probe

Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands
Your email is safe with us. No spam, ever.

Thankyou for your submission

We have sent the whitepaper on your email!
Oops! Something went wrong while submitting the form.

MORE ISSUES

Kube-probe Probe failed: invalid probe configuration
The probe configuration contains invalid parameters or syntax errors.
Kube-probe Probe failed: invalid response length
The application returned a response with an unexpected length.
Kube-probe Exec probe failed: file not found
The file required by the exec probe command is not present in the container.
Kube-probe TCP probe failed: address in use
The port specified for the TCP probe is already in use by another process.
Kube-probe Probe failed: invalid character encoding
The application returned a response with an unexpected character encoding.
Kube-probe HTTP probe failed with status code 429
The application is rate limiting requests and the probe exceeded the limit.
Kube-probe Liveness probe failed: application out of memory
The application has run out of memory and cannot respond to the probe.
Kube-probe Readiness probe failed: application misconfiguration
The application is misconfigured and cannot become ready.
Kube-probe HTTP probe failed with status code 405
The application does not allow the HTTP method used by the probe.
Kube-probe Exec probe failed: insufficient memory
The command executed by the exec probe requires more memory than available.
Kube-probe Probe failed: invalid JSON response
The application returned a JSON response that is not well-formed.
Kube-probe HTTP probe failed with status code 408
The application took too long to respond to the probe request.
Kube-probe Liveness probe failed: application deadlock
The application is in a deadlock state and cannot respond to the probe.
Kube-probe TCP probe failed: protocol error
There is a protocol mismatch between the probe and the application.
Kube-probe Probe failed: invalid SSL certificate
The SSL certificate used by the application is invalid or expired.
Kube-probe Probe failed: invalid content type
The application returned a response with an unexpected content type.
Kube-probe Readiness probe failed: application initialization error
The application failed to initialize properly.
Kube-probe Probe failed: invalid response code
The application returned an unexpected HTTP status code.
Kube-probe HTTP probe failed with status code 302
The application is redirecting the probe request temporarily.
Kube-probe Exec probe failed: environment variable missing
The command executed by the exec probe relies on an environment variable that is not set.
Kube-probe HTTP probe failed with status code 400
The application received a bad request from the probe.
Kube-probe TCP probe failed: host unreachable
The probe cannot reach the host due to network issues.
Kube-probe Probe failed: invalid header format
The probe is sending headers in an incorrect format.
Kube-probe HTTP probe failed with status code 404
The HTTP probe is trying to access a path that does not exist on the application.
Kube-probe Probe failed: unsupported protocol
The probe is attempting to use a protocol not supported by the application.
Kube-probe Liveness probe failed: resource starvation
The application is unable to respond to the probe due to lack of resources.
Kube-probe Probe failed: malformed URL
The URL specified in the probe configuration is not correctly formatted.
Kube-probe HTTP probe failed with status code 301
The application is redirecting the probe request to a different URL.
Kube-probe Readiness probe failed: dependency service down
A dependent service required by the application is not available.
Kube-probe Exec probe failed: exit code non-zero
The command executed by the exec probe returned a non-zero exit code, indicating failure.
Kube-probe TCP probe failed: connection timed out
The probe is unable to establish a connection to the application within the timeout period.
Kube-probe Probe failed: invalid HTTP method
The probe is using an HTTP method that the application does not support.
Kube-probe HTTP probe failed with status code 503
The application is temporarily unavailable, possibly due to overload or maintenance.
Kube-probe Probe failed: SSL handshake error
There is an issue with the SSL/TLS configuration between the probe and the application.
Kube-probe Liveness probe failed: application crash
The application has crashed and is unable to respond to the liveness probe.
Kube-probe Readiness probe failed: resource limit exceeded
The application is unable to allocate necessary resources to handle the probe request.
Kube-probe TCP probe failed: network unreachable
The network is not properly configured, preventing the probe from reaching the application.
Kube-probe Probe failed: invalid response format
The application returned a response in an unexpected format that the probe cannot interpret.
Kube-probe Exec probe failed: permission denied
The command specified in the exec probe lacks the necessary permissions to execute.
Kube-probe HTTP probe failed with status code 502
The application is acting as a gateway or proxy and received an invalid response from the upstream server.
Kube-probe HTTP probe failed with status code 403
The application is denying access to the probe due to insufficient permissions.
Kube-probe HTTP probe failed with status code 401
The probe is not authenticated to access the endpoint.
Kube-probe Readiness probe failed: service unavailable
The application is not ready to serve traffic.
Kube-probe Liveness probe failed: container not running
The container has crashed or is not running.
Kube-probe Probe failed: DNS resolution error
The probe is unable to resolve the DNS name of the application.
Kube-probe Probe failed: no route to host
Network connectivity issues between the probe and the application.
Kube-probe Exec probe failed: command not found
The command specified in the exec probe is not available in the container's environment.
Kube-probe Liveness probe failed: HTTP 500
The application is returning an internal server error for the liveness probe request.
Kube-probe TCP probe failed: connection refused
The application is not listening on the specified port, or the service is not running.
Kube-probe Readiness probe failed: timeout
The application is taking too long to respond to the readiness probe.

Backed by

Resources

DocumentationFun For DevsBlog

Contact

Contact UsAbout UsCareersTerms and ConditionsPrivacy PolicyShipping & and Delivery PolicyCancellation & Refund Policy

Platform

AI OpsAlert Grouping & De-DuplicationPlayBooksKubernetes Bot

Connect

Slack CommunityGithubLinkedInX (Twitter)
Made with ❤️ in Bangalore & San Francisco 🏢

Doctor Droid