This document describes steps to troubleshoot kubectl error:
The connection to the server x.x.x.x:6443 was refused - did you specify the right host or port?
1. The kubectl should be executed on the Master Node.
2. Current user must have Kubernetes cluster configuration environment variable (Details of how to are listed under section Preparing to Use Kubernetes as a Regular User), e.g.:
$ env | grep -i kube KUBECONFIG=/root/.kube/config
3. The docker service must be running:
$ systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/docker.service.d └─docker-sysconfig.conf, http-proxy.conf, nfs.conf Active: active (running) since Wed 2019-01-30 13:14:36 NZDT; 21h ago Docs: https://docs.docker.com Main PID: 5834 (dockerd) Tasks: 89 Memory: 189.2M ...
4. The kubelet service must be running:
$ systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: active (running) since Thu 2019-01-31 10:36:55 NZDT; 8min ago Docs: http://kubernetes.io/docs/ Main PID: 16249 (kubelet) Tasks: 18 Memory: 48.4M ...
5. TCP port 6443 should be listed as listening port:
# netstat -pnlt | grep 6443 tcp6 0 0 :::6443 :::* LISTEN 4546/kube-apiserver
If TCP port 6443 is not available, check firewall/iptables Rules matching requirements:
$ firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: ssh dhcpv6-client ports: 10250/tcp 8472/udp 6443/tcp protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules:
Also check kubelet logs:
# journalctl -xeu kubelet
6. Try restarting Kubernetes cluster which will also do some basic checks:
$ kubeadm-setup.sh restart Restarting containers now ... Detected node is master ... Checking if env is ready ... Checking whether docker can pull busybox image ... Checking access to ca-docker-registry.us.oracle.com/kubernetes_developer ... Trying to pull repository ca-docker-registry.us.oracle.com/kubernetes_developer/pause-amd64 ... 3.0: Pulling from ca-docker-registry.us.oracle.com/kubernetes_developer/pause-amd64 Digest: sha256:f037e4f1990d76b0711e00035d0aeb0869ff9c4ece517e0a90af4ea3f601760e Status: Image is up to date for ca-docker-registry.us.oracle.com/kubernetes_developer/pause-amd64:3.0 Checking firewalld settings ... Checking iptables default rule ... Checking br_netfilter module ... Checking sysctl variables ... Restarting kubelet ... Waiting for node to restart ... .... Restarting pod kube-flannel-ds-6htqw pod "kube-flannel-ds-6htqw" deleted Restarting pod kube-flannel-ds-fmjjw pod "kube-flannel-ds-fmjjw" deleted Restarting pod kube-flannel-ds-j982j pod "kube-flannel-ds-j982j" deleted Master node restarted. Complete synchronization between nodes may take a few minutes.