Home > Software engineering >  Cant connect to GKE cluster with kubectl. getting timeout
Cant connect to GKE cluster with kubectl. getting timeout

Time:03-19

I executed followign command

gcloud container clusters get-credentials my-noice-cluter --region=asia-south2

and that command runs successfully. I can see the relevant config with kubectl config view

But when I try to kubectl, I get timeout

kubectl config view

❯ kubectl get pods -A -o wide
Unable to connect to the server: dial tcp <some noice ip>:443: i/o timeout

If I create a VM in gcp and use kubectl there or use gcp's cloud shell, It works but it does not work on our local laptops and PCs.

Some network info about our cluster:-

Private cluster     Disabled    
Network     default 
Subnet  default 
VPC-native traffic routing  Enabled     
Pod address range   10.122.128.0/17     
Service address range   10.123.0.0/22   
Intranode visibility    Enabled     
NodeLocal DNSCache  Enabled     
HTTP Load Balancing     Enabled     
Subsetting for L4 Internal Load Balancers   Disabled    
Control plane authorized networks   
office (192.169.1.0/24)
    
Network policy  Disabled    
Dataplane V2    Disabled

I also have firewall riles to allow http/s

❯ gcloud compute firewall-rules list
NAME                                       NETWORK  DIRECTION  PRIORITY  ALLOW                         DENY  DISABLED
default-allow-http                         default  INGRESS    1000      tcp:80                              False
default-allow-https                        default  INGRESS    1000      tcp:443                             False
....

CodePudding user response:

If it's work from your VPC and not from outside, it's because you created a private GKE cluster. The master is only reachable through the private IP or through the autorized network.

Speaking about the authorized network, you have one authorizer office (192.169.1.0/24). Sadly, you registered a private IP range in your office network and not the public IP used to access the internet.

To solve that, go to a site that provide you your public IP. Then update the authorized network for your cluster with that IP/32, and try again.

CodePudding user response:

If it works from the GCP VM, but does not work from your local that means that it's either related to the GCP Firewall or your GKE does not have a public IP.

First check if you cluster IP is public and if yes, then you need to add a firewall rule which allows the traffic over HTTPS (443 port). You can do it in the the gcloud tool or via the GCP Console "Firewall -> Create Firewall Rule".

  • Related