Problem with Accessibility to GKE Cluster (control...

edeediong · 10-19-2023 12:12 AM

Hi there,
Can anyone help, please? Currently, we are encountering an issue related to accessing the GKE (Google Kubernetes Engine) cluster from outside of the cluster itself. To illustrate, on several occasions (at least 8 times within a 24-hour period).
We are unable to establish a connection to this cluster using kubectl, even when attempting to do so from the Cloud Shell or K8s Lens. During these periods, kubectl requests to the GKE cluster are failing with a "timeout exceeded" error. However, it's worth noting that this issue does not impact the workload running within the cluster.
For instance, we can receive responses from the ingress controller, which resides within this cluster. Nevertheless, we are unable to obtain responses from the Kubernetes control plane, and even the console.cloud.google.com platform is unable to retrieve information from the control plane during these instances.
What can I do to fix this?

VannGuce

Hi,

Based on the information you shared, here are the links[1][2] that can help you troubleshoot this concern based on the error message timeout exceeded. This could be a network concern and resolution may depend on the feature you used in your cluster when creating.

One example is authorized network[3] wherein it works to provide an IP-based firewall that controls access to GKE control planes. It could also be insufficient resources. This is possible when you are running out of resources like memory and CPU because this could lead the control plane to be unresponsive.

[1]https://cloud.google.com/anthos/fleet-management/docs/troubleshooting#error_failed_to_check_if_the_u...

[2]https://stackoverflow.com/questions/71524002/cant-connect-to-gke-cluster-with-kubectl-getting-timeou...

[3]https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks#how_authorized_networks_w...

Problem with Accessibility to GKE Cluster (control plane)