K
Q

Can't connect to Kubernetes API from any other host

11/24/2017

I installed a Kubernetes cluster (1 master + 1 node) on two Ubuntu 16.04.2 LTS machines.

From the master, I can easily access the API, for example using curl -v -k https://<IP>:6443/api

From any other host I just get a timeout error. Scanning the ports, port 6443 looks closed.

The thing is, I need to configure GitLab CI using Kubernetes integration. I give it:

  • API URL: https://<IP>:6443/api
  • Token I got from Kubernetes
  • Certificate I got from Kubernetes

I get the following when trying to configure my cluster for uploading containers:

$ kubectl config set-cluster my-cluster --server="$KUBE_URL" --certificate-authority="$KUBE_CA_PEM_FILE"
Cluster "my-cluster" set.
$ kubectl config set-credentials admin --token="$KUBE_TOKEN"
User "admin" set.
$ kubectl config set-context default-context --cluster=my-cluster --user=admin
Context "default-context" set.
$ kubectl config use-context default-context
Switched to context "default-context".
$ kubectl get cs
Unable to connect to the server: dial tcp <IP>:6443: i/o timeout

What am I doing wrong? Hint: I am completely new to Kubernetes but I still want to connect a private GitLab, a private Docker registry and a private Kubernetes cluster. Can't find any single online resource covering this...

Complementary information:

I could connect a node to this master by kubeadm join --token TOKEN <IP>:6443 --discovery-token-ca-cert-hash HASH without any problem.

netstat -nplt gives:

tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      1242/kubelet
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      2225/kube-proxy
tcp        0      0 127.0.0.1:10251         0.0.0.0:*               LISTEN      1978/kube-scheduler
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      1887/etcd
tcp        0      0 127.0.0.1:10252         0.0.0.0:*               LISTEN      1926/kube-controlle
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      1887/etcd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1289/sshd
tcp6       0      0 :::10250                :::*                    LISTEN      1242/kubelet
tcp6       0      0 :::6443                 :::*                    LISTEN      1904/kube-apiserver
tcp6       0      0 :::10255                :::*                    LISTEN      1242/kubelet
tcp6       0      0 :::10256                :::*                    LISTEN      2225/kube-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      1289/sshd
-- Havelock
gitlab-ci
kubernetes

Similar Questions

How can I clear the cache of postgresql in a docker container?
kubernetes development environment to reduce development time
How to define multiple containers in declarative pipeline?
Create a new image from a container’s changes in Google Cloud Container

1 Answer

11/24/2017

If you are getting a timeout error, it is highly likely that you have a firewall blocking the traffic. I advise to check your Cloud Provider firewall (for example, AWS Security groups) and see if the port is accessible.

If that is not the option, I advise you to execute the following command in your master:

sudo netstat -nplt

And check if kube-apiserver is listening in 127.0.0.1:6443 or 0.0.0.0:6443. In case of the former, then check the kube-apiserver systemd service for changing the API listening address.

-- Javier Salmeron
Source: StackOverflow