4

I've created a cluster on Google Kubernetes Engine (previously Google Container Engine) and installed the Google Cloud SDK and the Kubernetes tools with it on my Windows machine.

It worked well for some time, and, out of nowhere, it stopped working. Every command I'm issuing with kubectl provokes the following:

Unable to connect to the server: net/http: TLS handshake timeout

I've searched Google, the Kubernetes Github Issues, Stack Overflow, Server Fault ... without success.

I've tried the following:

  • Restart my computer
  • Change wifi connection
  • Check that I'm not somehow using a proxy
  • Delete and re-create my cluster
  • Uninstall the Google Cloud SDK (and kubectl) from my machine and re-install them
  • Delete my .kube folder (config and cache)
  • Check my .kube/config
  • Change my cluster's version (tried 1.8.3-gke.0 and 1.7.8-gke.0)
  • Retry several hours later
  • Tried both on PowerShell and cmd.exe

Note that the cluster seem to work perfectly, since I have my application running on it and can interact with it normally through the Google Cloud Shell.

Running:

gcloud container clusters get-credentials cluster-2 --zone europe-west1-b --project ___

kubectl get pods

works on Google Cloud Shell and provokes the TLS handshake timeout on my machine.

Thomas Sauvajon
  • 1,660
  • 2
  • 13
  • 26
  • How are you setting your kube config? – vjdhama Nov 25 '17 at 07:12
  • `gcloud container clusters get-credentials cluster-2` – Thomas Sauvajon Nov 25 '17 at 14:05
  • Was this cluster running any workload? If yes, are you using Jobs? Did the response seem slow on google cloud shell too? An obfuscated snapshot of deployed pods would be helpful. – vjdhama Nov 25 '17 at 15:20
  • The cluster is running 1 deployement and 1 service. Not using Jobs. The response is quite fast, less than 1 second on Google Cloud Shell. Deployed pods: https://i.imgur.com/wTtBGbl.png – Thomas Sauvajon Nov 25 '17 at 17:04
  • Here's the description of my deployment : http://text-share.com/view/b9ee3e98. But I think the problem isn't with my workload / pods: `kubectl.exe cluster-info dump` gives me `Unable to connect to the server: net/http: TLS handshake timeout`. I can't connect to it at all ... – Thomas Sauvajon Nov 25 '17 at 18:02
  • Can you try creating a new cluster and see if that has same issues? I faced the same kind of issue, but that was because of the workload I was running on the cluster. – vjdhama Nov 26 '17 at 06:22
  • I've already created a new cluster and ran into the same issues – Thomas Sauvajon Nov 26 '17 at 14:58
  • Hi Thomas, did you discover what the source of this issue was? – neilH Dec 06 '17 at 09:29
  • No, I am still only able to access Kubernetes from the Google Cloud Shell – Thomas Sauvajon Dec 06 '17 at 10:02
  • Have you recently updated your network/firewall settings. Is your GCP project in a corporate organization that someone else might impose firewall rules on you? – ahmet alp balkan Dec 14 '17 at 18:24
  • I've not updated my settings but I have pretty strict firewall rules (that I can't change or even access...). I'm the only one accessing the GCP project at the moment. – Thomas Sauvajon Dec 17 '17 at 20:16
  • Does this command work on Mac/Linux? – ahmet alp balkan Jan 03 '18 at 22:48

3 Answers3

4

For others seeing this issue, there is another cause to consider.

After doing:

gcloud config set project $PROJECT_NAME
gcloud config set container/cluster $CLUSTER_NAME
gcloud config set compute/zone europe-west2
gcloud beta container clusters get-credentials $CLUSTER_NAME --region europe-west2 --project $PROJECT_NAME

I was then seeing:

kubectl cluster-info
Unable to connect to the server: net/http: TLS handshake timeout

I tried everything suggested here and elsewhere. When the above worked without issue from my home desktop, I discovered that shared workspace wifi was disrupting TLS/VPNs to control the internet access!

Oisin
  • 1,483
  • 12
  • 15
  • Thanks, I had the same issue. I would like to find a workaround as it is quite inconvenient to switch to tethering to update the cluster. Do you have any idea of how it could alter the connection? – Jonathan Muller Mar 21 '19 at 04:54
  • Sadly no. I used mobile tethering and my company was considering getting a work mifi for this. In the end we moved building and I didn't have any more problems. I wasted 6+ months with various IT people trying to get them to fix this :( – Oisin Apr 01 '19 at 16:38
2

This is what I did to solve the above problem. I simply ran the following commands::

> gcloud container clusters get-credentials {cluster_name} --zone {zone_name} --project {project_name}

> gcloud auth application-default login

Replace the placeholders appropriately.

James Wanderi
  • 31
  • 2
0

So this MAY NOT work for you on GKE, but Azure AKS (managed Kubernetes) has a similar problem with the same error message so who knows — this might be helpful to someone.

The solution to this for me was to scale the nodes in my Cluster from the Azure Kubernetes service blade web console.

Workaround / Solution

  1. Log into the Azure (or GKE) Console — Kubernetes Service UI.
  2. Scale your cluster up by 1 node.
  3. Wait for scale to complete and attempt to connect (you should be able to).
  4. Scale your cluster back down to the normal size to avoid cost increases.

Total time it took me ~2 mins.

More Background Info on the Issue

Added this to the full ticket description write up that I posted over here (if you want more info have a read):

'Unable to connect Net/http: TLS handshake timeout' — Why can't Kubectl connect to Azure AKS server?

Necevil
  • 2,802
  • 5
  • 25
  • 42