Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I installed a Kubernetes cluster (1 master + 1 node) on two Ubuntu 16.04.2 LTS machines.
From the master, I can easily access the API, for example using
curl -v -k https://<IP>:6443/api
From any other host I just get a timeout error. Scanning the ports, port 6443 looks closed.
The thing is, I need to configure GitLab CI using Kubernetes integration. I give it:
API URL:
https://<IP>:6443/api
Token I got from Kubernetes
Certificate I got from Kubernetes
I get the following when trying to configure my cluster for uploading containers:
$ kubectl config set-cluster my-cluster --server="$KUBE_URL" --certificate-authority="$KUBE_CA_PEM_FILE"
Cluster "my-cluster" set.
$ kubectl config set-credentials admin --token="$KUBE_TOKEN"
User "admin" set.
$ kubectl config set-context default-context --cluster=my-cluster --user=admin
Context "default-context" set.
$ kubectl config use-context default-context
Switched to context "default-context".
$ kubectl get cs
Unable to connect to the server: dial tcp <IP>:6443: i/o timeout
What am I doing wrong? Hint: I am completely new to Kubernetes but I still want to connect a private GitLab, a private Docker registry and a private Kubernetes cluster. Can't find any single online resource covering this...
Complementary information:
I could connect a node to this master by kubeadm join --token TOKEN <IP>:6443 --discovery-token-ca-cert-hash HASH without any problem.
netstat -nplt gives:
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 1242/kubelet
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 2225/kube-proxy
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 1978/kube-scheduler
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 1887/etcd
tcp 0 0 127.0.0.1:10252 0.0.0.0:* LISTEN 1926/kube-controlle
tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 1887/etcd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1289/sshd
tcp6 0 0 :::10250 :::* LISTEN 1242/kubelet
tcp6 0 0 :::6443 :::* LISTEN 1904/kube-apiserver
tcp6 0 0 :::10255 :::* LISTEN 1242/kubelet
tcp6 0 0 :::10256 :::* LISTEN 2225/kube-proxy
tcp6 0 0 :::22 :::* LISTEN 1289/sshd
If you are getting a timeout error, it is highly likely that you have a firewall blocking the traffic. I advise to check your Cloud Provider firewall (for example, AWS Security groups) and see if the port is accessible.
If that is not the option, I advise you to execute the following command in your master:
sudo netstat -nplt
And check if kube-apiserver is listening in 127.0.0.1:6443 or 0.0.0.0:6443. In case of the former, then check the kube-apiserver systemd service for changing the API listening address.
–
–
As you are in a private network cluster I recommend you to check the firewall and also the authorized master networks 1. You may test the connectivity and also ensure node has the port opened (sudo ufw allow 6443 to open port in Ubuntu OS firewall). Give a look at this private cluster architecture diagram 2.
There's can also kubectl config view to get information about the client-server status, the k8s context can be updated with kubectl config use-context XXX 3.
Related 4.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
