Welcome to the Linux Foundation Forum!

Lab 3.2 failed to list bootstrap tokens

Preface: I did successfully complete lab 3.1 just now.

I'm working through the exercises for lab 3.2 and when i try to run:

  1. sudo kubeadm token list

an error occurs:

  1. failed to list bootstrap tokens: Get "https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type%3Dbootstrap.kubernetes.io%2Ftoken": dial tcp 10.192.0.2:6443: connect: connection refused

also, any kubectl command ie kubectl get pods gives the error

  1. The connection to the server k8scp:6443 was refused - did you specify the right host or port?

Some troubleshooting I have tried:

  1. hostname -i
  2. 10.192.0.2
  1. cat /etc/hosts
  2. 127.0.0.1 localhost
  3. 10.192.0.2 k8scp
  1. sudo lsof -i -P -n|grep LISTEN
  2. systemd-r 369 systemd-resolve 14u IPv4 15680 0t0 TCP 127.0.0.53:53 (LISTEN)
  3. container 441 root 14u IPv4 16388 0t0 TCP 127.0.0.1:37753 (LISTEN)
  4. kubelet 5790 root 30u IPv6 35214 0t0 TCP *:10250 (LISTEN)
  5. kubelet 5790 root 34u IPv4 35218 0t0 TCP 127.0.0.1:10248 (LISTEN)
  6. etcd 26744 root 7u IPv4 122779 0t0 TCP 10.192.0.2:2380 (LISTEN)
  7. etcd 26744 root 8u IPv4 122783 0t0 TCP 10.192.0.2:2379 (LISTEN)
  8. etcd 26744 root 9u IPv4 122784 0t0 TCP 127.0.0.1:2379 (LISTEN)
  9. etcd 26744 root 14u IPv4 122790 0t0 TCP 127.0.0.1:2381 (LISTEN)
  10. kube-sche 27279 root 7u IPv4 126097 0t0 TCP 127.0.0.1:10259 (LISTEN)
  11. kube-cont 27360 root 7u IPv4 126355 0t0 TCP 127.0.0.1:10257 (LISTEN)

I believe the control plane should be running on 6443 as per this page

Does this mean the control panel has stopped, and if so, how do I bring it back and make sure it doesn't stop again?

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 2,449
    edited October 2022

    Hi @lwarlik,

    Please run all 4 'student' user commands in step 24 of lab 3.1. This should resolve the kubectl CLI. In addition, please provide the output of:

    kubectl get nodes -o wide

    kubectl get pods -A -o wide

    Regards,
    -Chris

  • Hi @chrispokorni

    Thanks for getting back to me.

    I just ran those 4 commands of step 24 again.

    1. kubectl get nodes -o wide
    2. NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
    3. instance-1 NotReady control-plane 142m v1.24.1 10.192.0.2 <none> Ubuntu 22.04.1 LTS 5.15.0-1021-gcp containerd://1.5.9-0ubuntu3

    So kubectl is working, then I tried

    1. sudo kubeadm token list
    2. TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
    3. 73g7fq.3x8ksf9em94bsizv <invalid> 2022-10-31T14:48:12Z <none> Proxy for managing TTL for the kubeadm-certs secret <none>
    4. uigis7.g8cqreuegqj9n9fh 21h 2022-11-01T12:48:12Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token

    Still working. Then I left my computer for 5 minutes, came back and tried

    1. kubectl get pods -A -o wide
    2. The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    3. kubectl get nodes -o wide
    4. The connection to the server k8scp:6443 was refused - did you specify the right host or port?

    It looks like the service is running intermittently, is there anything that could be causing this?

  • Posts: 2,449

    Hi @lwarlik,

    How did you provision your environment? Local hypervisor VMs or cloud instances? Did you happen to watch the video guides from the introductory chapter? They highlight key configuration options such as recommended instance sizes, OS, networking and firewall considerations.

    Regards,
    -Chris

  • Posts: 3
    edited November 2022

    Hi @chrispokorni

    I'm running on google cloud platform. Must have skipped over that video guide because I didn't have the open network set up.

    I've just gone through and set up the network, firewall, cp and worker nodes as per the guide. That allowed me to get through lab 3.2 and 3.3, but now when i try the first command of lab 3.4 the same error happens

    1. kubectl create deployment nginx --image=nginx
    2. error: failed to create deployment: Post "https://k8scp:6443/apis/apps/v1/namespaces/default/deployments?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 10.2.0.4:6443: connect: connection refused
    1. kubectl get nodes -o wide
    2. The connection to the server k8scp:6443 was refused - did you specify the right host or port?

    I also just noticed that the commands work for a short while after restarting the instance before failing again.

  • Same, here i'm in Digital Ocean - spun up VMs and they seem to sporadically fail and work.

  • student@ubuntu-s-4vcpu-8gb-nyc1-01-cp:~$ kubectl get nodes -o wide
    The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    student@ubuntu-s-4vcpu-8gb-nyc1-01-cp:~$ kubectl get nodes -o wide
    NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
    ubuntu-s-4vcpu-8gb-nyc1-01-cp Ready control-plane 25m v1.24.1 10.116.0.2 Ubuntu 22.04.2 LTS 5.15.0-50-generic containerd://1.6.18

  • it appears stopping/starting the kubelet allowed me to more forward
    systemctl stop kubelet.service
    systemctl start kubelet.service
    systemctl stop kubelet.service
    kubeadm token list
    TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
    1h 2023-02-22T07:45:49Z Proxy for managing TTL for the kubeadm-certs secret
    23h 2023-02-23T05:45:49Z authentication,signing system:bootstrappers:kubeadm:default-node-token

  • Hi all,
    I realized that "swapping" was enable after reboot.
    I had to turn it off again

    sudo swapoff -a

    Then, i check again.
    free -m

    sudo systemctl status kubelet.service

    kubectl get nodes -o wide

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training