Login/Register
Port 6443 connection refused when setting up kubernetes
Asked Answered
Solved ubuntukubernetesnetworkingportufw
A

5

11

I am reading the documentation for using kubeadm to set up a Kubernetes cluster. I am running Ubuntu Server 20.04 on three VMs but am currently only working with one of them before doing the configuration on the other two. I have prepared containerd and disabled swap, but am getting stuck with enabling the required ports. I first configured ufw to only allow incoming traffic from port 22 using the OpenSSH application profile. After reading up on enabling required ports, I have run the commands:

sudo ufw allow 6443, sudo ufw allow 6443/tcp, and sudo ufw allow 6443/udp.

When I try using telnet to connect, it fails:

telnet 127.0.0.1 6443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

...and when using the private IP other computers connect to it with:

telnet 192.168.50.55 6443
Trying 192.168.50.55...
telnet: Unable to connect to remote host: Connection refused

If I tell telnet to use port 22, it works just fine:

telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
^]
telnet> close
Connection closed.

Is there something I am doing wrong with the firewall configuration? Or is it another thing?

Thank you for the help,

foxler2010

Aim answered 3/1, 2022 at 20:53 Comment(0)
O
11

  • Thats because there is no process listening on 6443.you can verify it using ss -nltp | grep 6443

  • 6443 will be listened by "kube-apiserver" which gets created after you initialize the cluster using kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=<pod cidr>

  • since you have not initialized cluster yet , kube-apiserver wont be running hence the error "connection refused".

  • In case if you want to verify that you firewall/ufw settings are done properly in order to accept traffic on port 6443(without installating kubernetes cluster) then you can try following :

1. Install nmap " sudo apt-get install nmap "

2. listen to port 6443 "nc -l 6443"

3. open a another terminal/window and connect to 6443 port "nc -zv 192.168.50.55 6443" . It should say connected.
Ortrud answered 4/1, 2022 at 2:58 Comment(0)
C
4

Should you check if the kubernetes has run on or not?
Try command:

kubectl cluster-info

Output looks like this:

enter image description here

If not, you have to initialize the master node of kubernetes with the command:

kubeadm init --apiserver-advertise-address=192.168.50.55 --pod-network-cidr=10.123.0.0/16

192.168.50.55: IP of the master node
10.123.0.0/16: IP range of network-plugin for kubernetes

Capacious answered 4/1, 2022 at 1:59 Comment(3)
For me, kubectl cluster-info looked good, but systemctl status k3s.service showed a problem that made my K3s startup fail.Unspeakable
adding --apiserver-advertise-address works for me and correctly use IP and IP range :). Thanks a lot!Clite
For the love of God and all that's holy PLEASE don't post screenshots of terminal windows. Just copy+paste the text.Shorts
P
1

The connection refused typically means that that the request reaches the server but there is no service running on the specified port. Are you sure the api-server is started on your node ?

Primer answered 3/1, 2022 at 21:0 Comment(2)
I did not do anything with kubeadm, I have only installed containerd so far. Am I not able to test it until the cluster is set up?Aim
Yes, exactly. . you have installed containerd but you need to run the kube-apiserver to be able to communicate with your cluster . This can be done using kubeadm init . kubernetes.io/docs/setup/production-environment/tools/kubeadm/…Primer
S
1

I did not do anything with kubeadm, I have only installed containerd so far.

Do the 6443 test after you have ran kubeadm to setup k8s. If you do it now you will not get any response.

Susiesuslik answered 4/1, 2022 at 2:1 Comment(0)
H
1

I had a hard time setting up a kubernetes cluster, in the end it was a cgroup driver/version problem.

Basically a mismatch between containerd and kubelet which led kubelet to kill legitimate pods.

See https://mcmap.net/q/1015931/-kube-apiserver-docker-shutting-down-got-signal-terminated

Hydrazine answered 6/12, 2022 at 0:15 Comment(1)
This problem still exists on Debian 12. You saved my day!Nauseating

© 2022 - 2024 — McMap. All rights reserved.