Lab 3.2 failed to list bootstrap tokens

lwarlik

Preface: I did successfully complete lab 3.1 just now.

I'm working through the exercises for lab 3.2 and when i try to run:

sudo kubeadm token list

an error occurs:

failed to list bootstrap tokens: Get "https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type%3Dbootstrap.kubernetes.io%2Ftoken": dial tcp 10.192.0.2:6443: connect: connection refused

also, any kubectl command ie kubectl get pods gives the error

The connection to the server k8scp:6443 was refused - did you specify the right host or port?

Some troubleshooting I have tried:

hostname -i
10.192.0.2

cat /etc/hosts
127.0.0.1 localhost
10.192.0.2 k8scp

sudo lsof -i -P -n|grep LISTEN
systemd-r   369 systemd-resolve   14u  IPv4  15680      0t0  TCP 127.0.0.53:53 (LISTEN)
container   441            root   14u  IPv4  16388      0t0  TCP 127.0.0.1:37753 (LISTEN)
kubelet    5790            root   30u  IPv6  35214      0t0  TCP *:10250 (LISTEN)
kubelet    5790            root   34u  IPv4  35218      0t0  TCP 127.0.0.1:10248 (LISTEN)
etcd      26744            root    7u  IPv4 122779      0t0  TCP 10.192.0.2:2380 (LISTEN)
etcd      26744            root    8u  IPv4 122783      0t0  TCP 10.192.0.2:2379 (LISTEN)
etcd      26744            root    9u  IPv4 122784      0t0  TCP 127.0.0.1:2379 (LISTEN)
etcd      26744            root   14u  IPv4 122790      0t0  TCP 127.0.0.1:2381 (LISTEN)
kube-sche 27279            root    7u  IPv4 126097      0t0  TCP 127.0.0.1:10259 (LISTEN)
kube-cont 27360            root    7u  IPv4 126355      0t0  TCP 127.0.0.1:10257 (LISTEN)

I believe the control plane should be running on 6443 as per this page

Does this mean the control panel has stopped, and if so, how do I bring it back and make sure it doesn't stop again?

chrispokorni

Hi @lwarlik,

Please run all 4 'student' user commands in step 24 of lab 3.1. This should resolve the kubectl CLI. In addition, please provide the output of:

kubectl get nodes -o wide

kubectl get pods -A -o wide

Regards,
-Chris

lwarlik

Hi @chrispokorni

Thanks for getting back to me.

I just ran those 4 commands of step 24 again.

kubectl get nodes -o wide
NAME         STATUS     ROLES           AGE    VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
instance-1   NotReady   control-plane   142m   v1.24.1   10.192.0.2    <none>        Ubuntu 22.04.1 LTS   5.15.0-1021-gcp   containerd://1.5.9-0ubuntu3

So kubectl is working, then I tried

sudo kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
73g7fq.3x8ksf9em94bsizv   <invalid>   2022-10-31T14:48:12Z   <none>                   Proxy for managing TTL for the kubeadm-certs secret        <none>
uigis7.g8cqreuegqj9n9fh   21h         2022-11-01T12:48:12Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token

Still working. Then I left my computer for 5 minutes, came back and tried

kubectl get pods -A -o wide
The connection to the server k8scp:6443 was refused - did you specify the right host or port?
kubectl get nodes -o wide
The connection to the server k8scp:6443 was refused - did you specify the right host or port?

It looks like the service is running intermittently, is there anything that could be causing this?

chrispokorni

Hi @lwarlik,

How did you provision your environment? Local hypervisor VMs or cloud instances? Did you happen to watch the video guides from the introductory chapter? They highlight key configuration options such as recommended instance sizes, OS, networking and firewall considerations.

Regards,
-Chris

lwarlik

Hi @chrispokorni

I'm running on google cloud platform. Must have skipped over that video guide because I didn't have the open network set up.

I've just gone through and set up the network, firewall, cp and worker nodes as per the guide. That allowed me to get through lab 3.2 and 3.3, but now when i try the first command of lab 3.4 the same error happens

kubectl create deployment nginx --image=nginx
error: failed to create deployment: Post "https://k8scp:6443/apis/apps/v1/namespaces/default/deployments?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 10.2.0.4:6443: connect: connection refused

kubectl get nodes -o wide
The connection to the server k8scp:6443 was refused - did you specify the right host or port?

I also just noticed that the commands work for a short while after restarting the instance before failing again.

kmai007

Same, here i'm in Digital Ocean - spun up VMs and they seem to sporadically fail and work.

kmai007

[email protected]:~$ kubectl get nodes -o wide
The connection to the server k8scp:6443 was refused - did you specify the right host or port?
[email protected]:~$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
ubuntu-s-4vcpu-8gb-nyc1-01-cp Ready control-plane 25m v1.24.1 10.116.0.2 Ubuntu 22.04.2 LTS 5.15.0-50-generic containerd://1.6.18

kmai007

it appears stopping/starting the kubelet allowed me to more forward
systemctl stop kubelet.service
systemctl start kubelet.service
systemctl stop kubelet.service
kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
1h 2023-02-22T07:45:49Z Proxy for managing TTL for the kubeadm-certs secret
23h 2023-02-23T05:45:49Z authentication,signing system:bootstrappers:kubeadm:default-node-token

nmendozac

Hi all,
I realized that "swapping" was enable after reboot.
I had to turn it off again

sudo swapoff -a

Then, i check again.
free -m

sudo systemctl status kubelet.service

kubectl get nodes -o wide