Re: Unable to connect to GKE cluster with kubectl

fl-jj · 03-31-2024 10:13 AM

I am having trouble connecting to my public cluster on GKE. I mostly use kubectl for applying new deployment files.

It has been working fine for months, then 2 things happened one the same weekend that might have affected the ability to connect properly:

installed software (on ubuntu) that installed it's own version of kubectl
network settings were changed for cluster to give it a static ip address for the pods

The latter has been reversed.

Have gone through the installation steps several times on multiple machines, and still cannot get through at the step `kubectl get namespaces`

Keep getting this:
`E0331 09:27:00.491762 72508 memcache.go:265] couldn't get current server API group list: Get "https://CLUSTER_IP/api?timeout=32s": dial tcp CLUSTER_IP:443: connect: connection refused`

I have gone through the troubleshooting here:
https://cloud.google.com/kubernetes-engine/docs/troubleshooting

With the following results:

Connect to the cluster using curl does not give an error.
Configuring kubectl to not use google auth plugin gives an error stating that the plugin is required.

Running the following software versions:

Kubernetes: 1.26.11-gke.1055000
Google Cloud SDK 470.0.0
bq 2.1.2
bundled-python3-unix 3.11.8
core 2024.03.22
gcloud-crc32c 1.0.0
gke-gcloud-auth-plugin 0.5.8
gsutil 5.27
kubectl 1.26.15

And cluster has the following config:

Marvin_Lucero

Hi @fl-jj ,

Make sure that the cluster IP address is correct and resolvable. Do a ping test to the IP address to see if it connects or responds.

Also, check if there are any network restrictions that could be preventing kubectl from connecting to the cluster. For example, make sure that the firewall rules for the cluster allow incoming traffic on port 443.

An important thing also to check is make sure that your kubectl configuration is pointing to the correct cluster and namespace. Run the command kubectl config get-contexts to see the current context and kubectl config view to see the full configuration.

Lastly, try restarting the kubelet and kube-apiserver processes on the cluster nodes to see if that resolves the issue.

If none of these steps help, you can try creating a new cluster and testing the connectivity to see if the issue is specific to the current cluster.

Let me know if this helps.

fl-jj

Update - I tried creating another 'hello-world' cluster with all default settings (just pressed "CREAT") for my project and got this message during setup:

fl-jj

The IP address is the same as displayed in GKE on google console and I can ping it.

I can connect with `curl` using the instructions from the troubleshooting guide here: (at least I think I'm connecting, because I am not getting an error - the command just completes and returns to the prompt)

When getting contexts, the cluster is actually denoted asL `gke_PROJECT_ID_COMPUTE_LOCATION_CLUSTER_NAME` - do you think that might be wrong, concatenating all those pieces? its what gcloud has done automatically I guess, I have never touched a config file.

"kubelet and kube-apiserver processes on the cluster nodes" - I will have to look up what those even mean. I literally created a GKE cluster from quickstart, and started deploying services with simple deployment.yaml's. was working fine with default config until recently when the cluster external IP addresses were messed with.

I will try creating a new cluster though. That is a good idea. This one currently has about 45 services running on it, so hopefully I can figure this out.