Reputation: 133
Port 6443 connection refused when setting up kubernetes
I am reading the documentation for using kubeadm to set up a Kubernetes cluster. I am running Ubuntu Server 20.04 on three VMs but am currently only working with one of them before doing the configuration on the other two. I have prepared containerd and disabled swap, but am getting stuck with enabling the required ports. I first configured ufw to only allow incoming traffic from port 22 using the OpenSSH application profile. After reading up on enabling required ports, I have run the commands:
sudo ufw allow 6443,
sudo ufw allow 6443/tcp, and
sudo ufw allow 6443/udp.
When I try using telnet to connect, it fails:
telnet 127.0.0.1 6443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
...and when using the private IP other computers connect to it with:
telnet 192.168.50.55 6443
Trying 192.168.50.55...
telnet: Unable to connect to remote host: Connection refused
If I tell telnet to use port 22, it works just fine:
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
^]
telnet> close
Connection closed.
Is there something I am doing wrong with the firewall configuration? Or is it another thing?
Upvotes: 11
Views: 88121
Answers (5)
Reputation: 538
I had a hard time setting up a kubernetes cluster, in the end it was a cgroup driver/version problem.
Basically a mismatch between containerd and kubelet which led kubelet to kill legitimate pods.
See https://stackoverflow.com/a/74695838/9036077
Upvotes: 2
Reputation: 3274
Thats because there is no process listening on 6443.you can verify it using
ss -nltp | grep 64436443 will be listened by "kube-apiserver" which gets created after you initialize the cluster using
kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=<pod cidr>since you have not initialized cluster yet , kube-apiserver wont be running hence the error "connection refused".
In case if you want to verify that you firewall/ufw settings are done properly in order to accept traffic on port 6443(without installating kubernetes cluster) then you can try following :
1. Install nmap " sudo apt-get install nmap "
2. listen to port 6443 "nc -l 6443"
3. open a another terminal/window and connect to 6443 port "nc -zv 192.168.50.55 6443" . It should say connected.
Upvotes: 12
Reputation: 15530
I did not do anything with kubeadm, I have only installed containerd so far.
Do the 6443 test after you have ran kubeadm to setup k8s. If you do it now you will not get any response.
Upvotes: 1
Reputation: 2181
Should you check if the kubernetes has run on or not?
Try command:
kubectl cluster-info
Output looks like this:
If not, you have to initialize the master node of kubernetes with the command:
kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=10.123.0.0/16
192.168.50.55: IP of the master node
10.123.0.0/16: IP range of network-plugin for kubernetes
Upvotes: 4
Reputation: 119
The connection refused typically means that that the request reaches the server but there is no service running on the specified port. Are you sure the api-server is started on your node ?
Upvotes: 1
Related Questions
- The connection to the server xxxx:6443 was refused - did you specify the right host or port?
- The connection to the server x.x.x.x:6443 was refused - did you specify the right host or port? Kubernetes
- Kubernetes Port Forwarding - Connection refused
- Kubernetes Connection refused
- connection refused to localhost:8080
- The connection to the server 10.117.xxx.xxx:6443 was refused - did you specify the right host or port?
- Connection refused when trying to connect to services in Kubernetes
- kubernetes master 6443 connection refused from other hosts
- Connection refused with kubectl on EC2 ubuntu instance?