Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot connect to microk8s from another machine

See original GitHub issue

I just ran a fresh install of microk8s with this command:

sudo snap install microk8s --classic --channel=1.14/stable

I can access everything while I’m SSH’ed into the box this is running on, with commands much like this:

microk8s.kubectl get pods

However when I set my ~/.kube/config file - on another machine on the same network - to this:

apiVersion: v1
clusters:
- cluster:
    server: http://192.168.1.123:8080
  name: microk8s-cluster
contexts:
- context:
    cluster: microk8s-cluster
    user: admin
  name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
  user:
    username: admin

And then try to run this command:

kubectl get pods

I get this error message:

The connection to the server 192.168.1.123:8080 was refused - did you specify the right host or port?

In fact, when I run curl localhost:8080 while on the box, I see valid K8S output, but if I try running curl 192.168.1.123:8080 from outside the box, even that returns:

curl: (7) Failed to connect to 192.168.1.123 port 8080: Connection refused

I’ve tried a couple of things to get this working, first of which was allowing access to 8080 on the firewall with this command:

sudo ufw allow 8080
sudo ufw enable

Unfortunately that doesn’t solve the problem. When I run netstat -an | grep "LISTEN " I can see an entry for port 8080 as follows:

tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN

But because it says 127.0.0.1 instead of 0.0.0.0, this would explain why it’s not working off the box. Is there some microk8s.* command I don’t know about, to open up access?

Issue Analytics

State:
Created 4 years ago
Reactions:6
Comments:25 (7 by maintainers)

Top GitHub Comments

20reactions

ktsakalozoscommented, Apr 9, 2019

In v1.14 we restricted the insecure access to MicroK8s from port 8080 to local users only.

You have two options:

Open insecure port 8080 to everyone. To do this you need to edit /var/snap/microk8s/current/args/kube-apiserver and set the --insecure-bind-address=127.0.0.1 to 0.0.0.0. Then restart MicroK8s with microk8s.stop and microk8s.start.
Use the secure port 16443. Due to a recent bug fix you need to get MicroK8s from edge sudo snap install microk8s --channel=1.14/edge --classic. This bug fix will soon reach stable. Then use the config you get with microk8s.config to reach the cluster.

7reactions

kawsarkcommented, Apr 5, 2020

@shoover Thank you so much for that suggestion, that was indeed the issue! The /var/snap/microk8s/current/certs/csr.conf file had up to IP.4. So I added my public IP as IP.5 and was able to connect without issue. Thanks again!