kind: Can't connect to API server when using docker-in-docker

What happened: I’m trying to use kind to run some tests during CI in our CI server. The CI server runs jobs inside Docker containers. I’m creating the kind cluster from my job’s container, and that works just fine. But when I try to connect to the API server using kubectl, I get “connection refused”. To make it clear, the scenario is a host running the Docker daemon, where I start a container for my CI job using docker-in-docker. From that container I create the kind container.

What you expected to happen: Being able to connect to the API server and issue kubectl commands.

How to reproduce it (as minimally and precisely as possible): Create “docker-in-docker” Docker container and try to create a kind cluster and execute kubectl commands. Anything else we need to know?:

Environment:

  • kind version: (use kind version): 0.3.0-alpha
  • Kubernetes version: (use kubectl version): 1.13.4
  • Docker version: (use docker info): 18.09.6
  • OS (e.g. from /etc/os-release):

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 21 (19 by maintainers)

Most upvoted comments

It seems that you need a way to expose the port of the kind cluster in your host, since this is inside docker I guess that we need to do some kind of tunnel or port mapping over port mapping, so you can connect directly to the API port.

You can tell kind in which port you want the API server to listen using the API, this way you can do a port forwarding of that port in the outer docker

kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha3
networking:
  apiServerPort: 19090
  apiServerAddress: 0.0.0.0
nodes:
# the control plane node
- role: control-plane

with that config you can reach your API on port 19090, so you only need to forward that port to your host and point your kubectl config to it

+8
aojea on May 13, 2019

https://kind.sigs.k8s.io/docs/user/resources/#using-kind-in-ci

documented CI setups are there.

anyone having issues running in any way can also file a new issue and we’ll do our best to help, particularly if you include all the info requested in the bug template.

+2
BenTheElder on Jun 24, 2021

So replace “docker in docker” with “docker in a VM” for the mental model for a moment:

Since docker is on another host, and we’re binding / port forwarding the apiServer on localhost by default, this means that you cannot talk to it.

This can be fixed by configuring the networking.apiServerAddress config field as @aojea mentioned above. (though probably it should be the dind container IP, rather than 0.0.0.0, so we correctly set it in the kuebeconfig… 🤔 )

docker-in-docker is just like this case, the containers are in a different network namespace and the apiServer is only available on that loopback (which is NOT the hosts’ loopback).

The fix for this should be configuring that field.

/remove-kind bug /kind documentation /triage support

+2
BenTheElder on May 13, 2019
Read more comments on GitHub
← kind: Cannot talk to cluster inside dind container
kind: Can't run KIND on ChromeOS Linux VM →