Sunday, May 31, 2026
DevOps Kubernetes

Kubernetes Connection Refused 6443? Fix Step-by-Step (2026 Guide)

admin

🚨 Problem

Getting this error when running kubectl?

The connection to the server <IP>:6443 was refused - did you specify the right host or port?

This means your Kubernetes cluster is not reachable via the API server (port 6443).

Don’t worry β€” this is a common issue, especially in:

  • fresh installations
  • multi-node clusters
  • misconfigured environments

⚑ What is Port 6443 in Kubernetes?

Port 6443 is used by the Kubernetes API Server.

πŸ‘‰ If this port is down or blocked:

  • kubectl will fail
  • cluster becomes inaccessible

πŸ” Common Causes

Here are the most frequent reasons:

  • kube-apiserver is not running
  • kubelet service is down
  • wrong kubeconfig file
  • firewall blocking port 6443
  • etcd not running
  • incorrect cluster initialization

βœ… Step-by-Step Fix

Follow these steps in order.

1. Check kubelet status

systemctl status kubelet

πŸ‘‰ If not running:

systemctl restart kubelet
systemctl enable kubelet

2. Check Kubernetes containers

If using Docker:

docker ps | grep kube

If using containerd:

crictl ps

πŸ‘‰ Look for:

  • kube-apiserver
  • kube-controller-manager
  • kube-scheduler

If missing β†’ cluster not properly initialized.

3. Check if port 6443 is listening

netstat -tulnp | grep 6443

Or:

ss -tulnp | grep 6443

πŸ‘‰ If no output:

  • API server is not running

4. Verify kubeconfig file

Check your config:

cat ~/.kube/config

Or:

echo $KUBECONFIG

πŸ‘‰ Fix by copying admin config:

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

5. Check API server container logs

docker logs <kube-apiserver-container-id>

Or:

crictl logs <container-id>

πŸ‘‰ Look for:

  • certificate errors
  • etcd connection issues

6. Check etcd status

systemctl status etcd

Or container:

docker ps | grep etcd

πŸ‘‰ If etcd is down β†’ API server won’t start.

7. Disable firewall (for testing)

ufw disable

Or:

systemctl stop firewalld

πŸ‘‰ If it works after disabling:

  • open port 6443 permanently

8. Reinitialize cluster (last option)

If everything fails:

kubeadm reset -f
kubeadm init

Then reconfigure kubeconfig.

🧠 Most Common Fix (Quick Answer)

In many cases, the issue is:

πŸ‘‰ kubelet not running OR kubeconfig missing

Quick fix:

systemctl restart kubelet
cp /etc/kubernetes/admin.conf ~/.kube/config

❓ FAQ

What does β€œconnection refused 6443” mean?

It means the Kubernetes API server is not reachable on port 6443.

Why kube-apiserver is not running?

Common reasons:

  • etcd failure
  • invalid certificates
  • incorrect kubeadm setup

Can firewall block Kubernetes?

Yes. If port 6443 is closed, kubectl cannot connect.

πŸš€ Pro Tips

  • Always check logs first (faster debugging)
  • Use kubectl cluster-info to verify cluster
  • Monitor kubelet service after reboot

🎯 Conclusion

The β€œconnection refused 6443” error is usually caused by:

  • stopped services
  • misconfiguration
  • networking issues

By following the steps above, you should be able to:
βœ… identify the root cause
βœ… fix the issue quickly
βœ… restore cluster access

Similar Posts