Port 6443 connection refused when setting up kubernetes

1/3/2022

I am reading the documentation for using kubeadm to set up a Kubernetes cluster. I am running Ubuntu Server 20.04 on three VMs but am currently only working with one of them before doing the configuration on the other two. I have prepared containerd and disabled swap, but am getting stuck with enabling the required ports. I first configured ufw to only allow incoming traffic from port 22 using the OpenSSH application profile. After reading up on enabling required ports, I have run the commands:

sudo ufw allow 6443, sudo ufw allow 6443/tcp, and sudo ufw allow 6443/udp.

When I try using telnet to connect, it fails:

telnet 127.0.0.1 6443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

...and when using the private IP other computers connect to it with:

telnet 192.168.50.55 6443
Trying 192.168.50.55...
telnet: Unable to connect to remote host: Connection refused

If I tell telnet to use port 22, it works just fine:

telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
^]
telnet> close
Connection closed.

Is there something I am doing wrong with the firewall configuration? Or is it another thing?

Thank you for the help,

foxler2010

-- Foxler2010
kubernetes
networking
port
ubuntu
ufw

4 Answers

1/4/2022
  • Thats because there is no process listening on 6443.you can verify it using ss -nltp | grep 6443

  • 6443 will be listened by "kube-apiserver" which gets created after you initialize the cluster using kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=<pod cidr>

  • since you have not initialized cluster yet , kube-apiserver wont be running hence the error "connection refused".

  • In case if you want to verify that you firewall/ufw settings are done properly in order to accept traffic on port 6443(without installating kubernetes cluster) then you can try following :

1. Install nmap " sudo apt-get install nmap "

2. listen to port 6443 "nc -l 6443"

3. open a another terminal/window and connect to 6443 port "nc -zv 192.168.50.55 6443" . It should say connected.
-- confused genius
Source: StackOverflow

1/3/2022

The connection refused typically means that that the request reaches the server but there is no service running on the specified port. Are you sure the api-server is started on your node ?

-- behanzin777
Source: StackOverflow

1/4/2022

Should you check if the kubernetes has run on or not?
Try command:

kubectl cluster-info

Output looks like this:

enter image description here

If not, you have to initialize the master node of kubernetes with the command:

kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=10.123.0.0/16

192.168.50.55: IP of the master node
10.123.0.0/16: IP range of network-plugin for kubernetes

-- quoc9x
Source: StackOverflow

1/4/2022

I did not do anything with kubeadm, I have only installed containerd so far.

Do the 6443 test after you have ran kubeadm to setup k8s. If you do it now you will not get any response.

-- gohm&#39;c
Source: StackOverflow