3

I created a 2 node cluster with OS as UBUNTU. After deploying a container, trying a kubectl exec or logs fail with following error :-

Error from server: error dialing backend: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user

Please tell how to make it work. Nodes are part of default pool only. I am trying to do kubectl exec from my laptop which has credentials to cluster.

Output of default firewall :

gcloud compute firewall-rules list --filter network=default
default-allow-http                        default  INGRESS    1000      tcp:80
default-allow-https                       default  INGRESS    1000      tcp:443
default-allow-icmp                        default  INGRESS    65534     icmp
default-allow-internal                    default  INGRESS    65534     tcp:0-65535,udp:0-65535,icmp
default-allow-rdp                         default  INGRESS    65534     tcp:3389
default-allow-ssh                         default  INGRESS    65534     tcp:22
gke-ks-gke-test-cluster-0725bebf-all      default  INGRESS    1000      ah,sctp,tcp,udp,icmp,esp
gke-ks-gke-test-cluster-0725bebf-ssh      default  INGRESS    1000      tcp:22
gke-ks-gke-test-cluster-0725bebf-vms      default  INGRESS    1000      icmp,tcp:1-65535,udp:1-65535
kronjob
  • 41
  • 2
  • It works for image-type as COS or unspecified(default COS). This even works if I add a COS node to above cluster. – kronjob Apr 13 '18 at 07:25

2 Answers2

1

For some reason, it has started working after cleanup of project metadata although it was within 32kb limit.

kronjob
  • 41
  • 2
0

When the cluster is deployed initially, there are multiple firewall rules created to allow for internal communication between the cluster nodes. There is also a default firewall rule created to allow communication from your internal network (named default-allow-internal). You probably should add an firewall rule in order to permit your PC to connect to the K8S master node.

Alessio
  • 68
  • 2
  • Ok. Can you please give me an example of such a rule that allows my PC to connect to master. – kronjob Apr 23 '18 at 16:39
  • Your PC will try to open a socket on the K8s master node (public ip port 443) in order to make API queries. In order to discard this issue would you try before to do a telnet master-publicIP 443 ? – Alessio Apr 25 '18 at 11:29
  • telnet to masterIp works. In fact, there is also a response coming from master when trying to do a kubectl exec :- Error from server: error dialing backend: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-cccb9 – kronjob May 02 '18 at 06:33