Cannot connect to the Kubernetes API server
Production Risk
This is a catastrophic failure of the control plane. No new workloads can be scheduled, no changes can be made, and the cluster cannot be managed until the API server is restored.
A client, such as kubectl or a controller, is unable to establish a TCP connection with the Kubernetes API server. This indicates that the control plane is unhealthy or unreachable.
- 1The API server process on the master node has crashed or is not running
- 2A firewall is blocking access to the API server's port (usually 6443)
- 3Network routing issues are preventing traffic from reaching the master node
- 4The API server address configured in the kubeconfig file is incorrect
Any `kubectl` command fails immediately with a connection refused error.
kubectl get nodes
expected output
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Fix 1
Check the API server process on the master node
WHEN You have SSH access to the master node(s)
ssh master-node "systemctl status kube-apiserver"
Why this works
This command checks the status of the kube-apiserver service. If it is not active, you should check its logs for errors.
Fix 2
Verify the server address in your kubeconfig
WHEN The error might be with the client configuration
kubectl config view | grep server
Why this works
This command displays the API server URL your kubectl is configured to use. Verify that the IP address or hostname and port are correct.
✕ Immediately reboot the master node
While it might solve the problem, rebooting destroys important state and logs that could be used to diagnose the root cause of the API server failure.
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev