I am reading the documentation for using kubeadm to set up a Kubernetes cluster. I am running Ubuntu Server 20.04 on three VMs but am currently only working with one of them before doing the configuration on the other two. I have prepared containerd and disabled swap, but am getting stuck with enabling the required ports. I first configured ufw to only allow incoming traffic from port 22 using the OpenSSH application profile. After reading up on enabling required ports, I have run the commands:
sudo ufw allow 6443
,
sudo ufw allow 6443/tcp
, and
sudo ufw allow 6443/udp
.
When I try using telnet to connect, it fails:
telnet 127.0.0.1 6443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
...and when using the private IP other computers connect to it with:
telnet 192.168.50.55 6443
Trying 192.168.50.55...
telnet: Unable to connect to remote host: Connection refused
If I tell telnet to use port 22, it works just fine:
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
^]
telnet> close
Connection closed.
Is there something I am doing wrong with the firewall configuration? Or is it another thing?
Thank you for the help,
foxler2010
Thats because there is no process listening on 6443.you can verify it using ss -nltp | grep 6443
6443 will be listened by "kube-apiserver" which gets created after you initialize the cluster using kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=<pod cidr>
since you have not initialized cluster yet , kube-apiserver wont be running hence the error "connection refused".
In case if you want to verify that you firewall/ufw settings are done properly in order to accept traffic on port 6443(without installating kubernetes cluster) then you can try following :
1. Install nmap " sudo apt-get install nmap "
2. listen to port 6443 "nc -l 6443"
3. open a another terminal/window and connect to 6443 port "nc -zv 192.168.50.55 6443" . It should say connected.
The connection refused typically means that that the request reaches the server but there is no service running on the specified port. Are you sure the api-server is started on your node ?
Should you check if the kubernetes has run on or not?
Try command:
kubectl cluster-info
Output looks like this:
If not, you have to initialize the master node of kubernetes with the command:
kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=10.123.0.0/16
192.168.50.55: IP
of the master node
10.123.0.0/16: IP
range of network-plugin for kubernetes
I did not do anything with kubeadm, I have only installed containerd so far.
Do the 6443 test after you have ran kubeadm to setup k8s. If you do it now you will not get any response.