Learn Fix: Unable to connect to the server: dial tcp ...: i/o timeout

Q: How do I increase the timeout for kubectl?

Pass the --request-timeout flag: kubectl get pods --request-timeout=60s. The default timeout is 0 (no timeout). Increasing this won’t fix a network problem but can help diagnose intermittent connectivity.

Fix These Errors

Unable to connect to the server: dial tcp ...: i/o timeout

DodaTech 3 min read

The “Unable to connect: dial tcp i/o timeout” error means kubectl reached the network but the API server connection timed out without receiving a response.

What It Means

Kubectl resolved the API server address and attempted a TCP connection, but the server did not respond within the timeout period. This differs from “connection refused” — the server exists but is unresponsive, or a firewall is silently dropping packets.

Why It Happens

The Kubernetes API server is down or restarting.
A firewall or security group is blocking the port (6443 by default).
You’re on a VPN that doesn’t route to the cluster network.
The cluster is behind a private network and you’re not connected.
The API server is overloaded and not accepting new connections.
The kubeconfig points to the wrong server address.

How to Fix It

Step 1: Verify the cluster endpoint

Check which server your kubeconfig points to:

kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'

Make sure this URL is correct. Common formats:

https://api.your-cluster.com:6443
https://192.168.1.100:6443

Step 2: Test connectivity to the API server

Use curl or telnet to test the connection:

curl -k https://<api-server>:6443
telnet <api-server> 6443

If curl hangs or telnet shows no connection, the server is unreachable.

Step 3: Check your VPN and network

Ensure your VPN client is connected and routing traffic correctly.
Verify you can reach other services on the same network.
Check if the cluster uses a private endpoint requiring VPN.

ping <api-server>
traceroute <api-server>

Step 4: Check firewall rules

For cloud clusters, verify security group or firewall rules allow your IP:

# AWS
aws ec2 describe-security-groups --group-ids <sg-id>

# GCP
gcloud compute firewall-rules list

# Azure
az network nsg rule list --nsg-name <nsg-name>

Step 5: Check cluster health (if you have cluster access)

kubectl cluster-health  # Some distributions
ssh <master-node> systemctl status kube-apiserver

Step 6: Switch context or refresh credentials

kubectl config get-contexts
kubectl config use-context <correct-context>

What port does the Kubernetes API server use?

The default port is 6443 for HTTPS. Port 8080 is sometimes used for HTTP (insecure) in local development clusters like minikube. Make sure your network allows egress to the correct port for your cluster.

Can a firewall cause i/o timeout vs connection refused?

Yes — a firewall that silently drops packets causes an i/o timeout (the connection attempt hangs until timeout). A firewall that actively rejects packets causes “connection refused.” Timeout means the packets are being dropped without a response.

How do I increase the timeout for kubectl?

Pass the --request-timeout flag: kubectl get pods --request-timeout=60s. The default timeout is 0 (no timeout). Increasing this won’t fix a network problem but can help diagnose intermittent connectivity.

Previous Thread 1: Fatal error: Unexpectedly found nil while unwrapping an Optional value Next Unresolved reference: ...

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Fix These Errors