Welcome to the Linux Foundation Forum!

Lab 3.2 failed to list bootstrap tokens

Options

Preface: I did successfully complete lab 3.1 just now.

I'm working through the exercises for lab 3.2 and when i try to run:

sudo kubeadm token list

an error occurs:

failed to list bootstrap tokens: Get "https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type%3Dbootstrap.kubernetes.io%2Ftoken": dial tcp 10.192.0.2:6443: connect: connection refused

also, any kubectl command ie kubectl get pods gives the error

The connection to the server k8scp:6443 was refused - did you specify the right host or port?

Some troubleshooting I have tried:

hostname -i
10.192.0.2
cat /etc/hosts
127.0.0.1 localhost
10.192.0.2 k8scp
sudo lsof -i -P -n|grep LISTEN
systemd-r   369 systemd-resolve   14u  IPv4  15680      0t0  TCP 127.0.0.53:53 (LISTEN)
container   441            root   14u  IPv4  16388      0t0  TCP 127.0.0.1:37753 (LISTEN)
kubelet    5790            root   30u  IPv6  35214      0t0  TCP *:10250 (LISTEN)
kubelet    5790            root   34u  IPv4  35218      0t0  TCP 127.0.0.1:10248 (LISTEN)
etcd      26744            root    7u  IPv4 122779      0t0  TCP 10.192.0.2:2380 (LISTEN)
etcd      26744            root    8u  IPv4 122783      0t0  TCP 10.192.0.2:2379 (LISTEN)
etcd      26744            root    9u  IPv4 122784      0t0  TCP 127.0.0.1:2379 (LISTEN)
etcd      26744            root   14u  IPv4 122790      0t0  TCP 127.0.0.1:2381 (LISTEN)
kube-sche 27279            root    7u  IPv4 126097      0t0  TCP 127.0.0.1:10259 (LISTEN)
kube-cont 27360            root    7u  IPv4 126355      0t0  TCP 127.0.0.1:10257 (LISTEN)

I believe the control plane should be running on 6443 as per this page

Does this mean the control panel has stopped, and if so, how do I bring it back and make sure it doesn't stop again?

Comments

  • chrispokorni
    chrispokorni Posts: 2,190
    edited October 2022
    Options

    Hi @lwarlik,

    Please run all 4 'student' user commands in step 24 of lab 3.1. This should resolve the kubectl CLI. In addition, please provide the output of:

    kubectl get nodes -o wide

    kubectl get pods -A -o wide

    Regards,
    -Chris

  • lwarlik
    Options

    Hi @chrispokorni

    Thanks for getting back to me.

    I just ran those 4 commands of step 24 again.

    kubectl get nodes -o wide
    NAME         STATUS     ROLES           AGE    VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
    instance-1   NotReady   control-plane   142m   v1.24.1   10.192.0.2    <none>        Ubuntu 22.04.1 LTS   5.15.0-1021-gcp   containerd://1.5.9-0ubuntu3
    

    So kubectl is working, then I tried

    sudo kubeadm token list
    TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
    73g7fq.3x8ksf9em94bsizv   <invalid>   2022-10-31T14:48:12Z   <none>                   Proxy for managing TTL for the kubeadm-certs secret        <none>
    uigis7.g8cqreuegqj9n9fh   21h         2022-11-01T12:48:12Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token
    

    Still working. Then I left my computer for 5 minutes, came back and tried

    kubectl get pods -A -o wide
    The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    kubectl get nodes -o wide
    The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    

    It looks like the service is running intermittently, is there anything that could be causing this?

  • chrispokorni
    chrispokorni Posts: 2,190
    Options

    Hi @lwarlik,

    How did you provision your environment? Local hypervisor VMs or cloud instances? Did you happen to watch the video guides from the introductory chapter? They highlight key configuration options such as recommended instance sizes, OS, networking and firewall considerations.

    Regards,
    -Chris

  • lwarlik
    lwarlik Posts: 3
    edited November 2022
    Options

    Hi @chrispokorni

    I'm running on google cloud platform. Must have skipped over that video guide because I didn't have the open network set up.

    I've just gone through and set up the network, firewall, cp and worker nodes as per the guide. That allowed me to get through lab 3.2 and 3.3, but now when i try the first command of lab 3.4 the same error happens

    kubectl create deployment nginx --image=nginx
    error: failed to create deployment: Post "https://k8scp:6443/apis/apps/v1/namespaces/default/deployments?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 10.2.0.4:6443: connect: connection refused
    
    kubectl get nodes -o wide
    The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    

    I also just noticed that the commands work for a short while after restarting the instance before failing again.

  • kmai007
    Options

    Same, here i'm in Digital Ocean - spun up VMs and they seem to sporadically fail and work.

  • kmai007
    Options

    student@ubuntu-s-4vcpu-8gb-nyc1-01-cp:~$ kubectl get nodes -o wide
    The connection to the server k8scp:6443 was refused - did you specify the right host or port?
    student@ubuntu-s-4vcpu-8gb-nyc1-01-cp:~$ kubectl get nodes -o wide
    NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
    ubuntu-s-4vcpu-8gb-nyc1-01-cp Ready control-plane 25m v1.24.1 10.116.0.2 Ubuntu 22.04.2 LTS 5.15.0-50-generic containerd://1.6.18

  • kmai007
    Options

    it appears stopping/starting the kubelet allowed me to more forward
    systemctl stop kubelet.service
    systemctl start kubelet.service
    systemctl stop kubelet.service
    kubeadm token list
    TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
    1h 2023-02-22T07:45:49Z Proxy for managing TTL for the kubeadm-certs secret
    23h 2023-02-23T05:45:49Z authentication,signing system:bootstrappers:kubeadm:default-node-token

  • nmendozac
    Options

    Hi all,
    I realized that "swapping" was enable after reboot.
    I had to turn it off again

    sudo swapoff -a

    Then, i check again.
    free -m

    sudo systemctl status kubelet.service

    kubectl get nodes -o wide

Categories

Upcoming Training