the connection to the server 6443 was refused – did you specify the right host or port?
Quote from moshe on 23/10/2020, 7:38 pmProblem
Kubernetes not restarting and cant connect to the server using kubectl
Solution
There is no clear solution and you should check various components to understand what is the exact problem
Check The log files
check the mail log /var/log/messages ( on CentOS / Redhat ) and search for error if the log not to large run the following command
grep kube messages
if logs are too large you can try to restart docker and kubelet and check the status
systemctl restart docker systemctl status docker # systemctl restart kubelet systemctl status kubeletCheck if server listen on the port using netstat
sudo netstat -lnpt|grep kube netstat -a | grep 6443Check that firewall is enabled and port 6443 ( or 8080, 8443 etc… ) is set ( Post replies includes all ports needed on CentOS)
sudo systemctl status firewalld sudo systemctl stop firewalld # turn firewall on sudo systemctl start firewalld # Check if port is opened telnet <YOUR SERVER IP> 6443
Check0 Docker container kube-apiserver logs
docker ps -a | grep kube-apiserver | awk ‘{print $1}’ | head -1 | xargs docker logs
Problem
Kubernetes not restarting and cant connect to the server using kubectl
Solution
There is no clear solution and you should check various components to understand what is the exact problem
Check The log files
check the mail log /var/log/messages ( on CentOS / Redhat ) and search for error if the log not to large run the following command
grep kube messages
if logs are too large you can try to restart docker and kubelet and check the status
systemctl restart docker systemctl status docker # systemctl restart kubelet systemctl status kubelet
Check if server listen on the port using netstat
sudo netstat -lnpt|grep kube netstat -a | grep 6443
Check that firewall is enabled and port 6443 ( or 8080, 8443 etc… ) is set ( Post replies includes all ports needed on CentOS)
sudo systemctl status firewalld sudo systemctl stop firewalld # turn firewall on sudo systemctl start firewalld # Check if port is opened telnet <YOUR SERVER IP> 6443
Check0 Docker container kube-apiserver logs
docker ps -a | grep kube-apiserver | awk ‘{print $1}’ | head -1 | xargs docker logs
Quote from moshe on 23/10/2020, 7:41 pmEnable all Firewall ports for kubernetes On the Master Node
firewall-cmd –permanent –add-port=6443/tcp firewall-cmd –permanent –add-port=2379-2380/tcp firewall-cmd –permanent –add-port=10250/tcp firewall-cmd –permanent –add-port=10251/tcp firewall-cmd –permanent –add-port=10252/tcp firewall-cmd –permanent –add-port=10255/tcp firewall-cmd –permanent –add-port=8472/udp firewall-cmd –add-masquerade –permanent # only if you want NodePorts exposed on control plane IP as well firewall-cmd –permanent –add-port=30000-32767/tcp # Restart firewalld systemctl restart firewalld
Enable all Firewall ports for kubernetes On the Master Node
firewall-cmd –permanent –add-port=6443/tcp firewall-cmd –permanent –add-port=2379-2380/tcp firewall-cmd –permanent –add-port=10250/tcp firewall-cmd –permanent –add-port=10251/tcp firewall-cmd –permanent –add-port=10252/tcp firewall-cmd –permanent –add-port=10255/tcp firewall-cmd –permanent –add-port=8472/udp firewall-cmd –add-masquerade –permanent # only if you want NodePorts exposed on control plane IP as well firewall-cmd –permanent –add-port=30000-32767/tcp # Restart firewalld systemctl restart firewalld
Quote from moshe on 23/10/2020, 7:42 pmEnable all Firewall ports for kubernetes On the Worker Node
firewall-cmd --permanent --add-port=10250/tcp firewall-cmd --permanent --add-port=10255/tcp firewall-cmd --permanent --add-port=8472/udp firewall-cmd --permanent --add-port=30000-32767/tcp firewall-cmd --add-masquerade --permanentsystemctl restart firewalld
Enable all Firewall ports for kubernetes On the Worker Node
firewall-cmd --permanent --add-port=10250/tcp firewall-cmd --permanent --add-port=10255/tcp firewall-cmd --permanent --add-port=8472/udp firewall-cmd --permanent --add-port=30000-32767/tcp firewall-cmd --add-masquerade --permanentsystemctl restart firewalld