{"id":13625,"date":"2026-02-28T10:07:00","date_gmt":"2026-02-28T04:37:00","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13625"},"modified":"2026-02-28T10:07:02","modified_gmt":"2026-02-28T04:37:02","slug":"fix-kubernetes-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/fix-kubernetes-on-linux","title":{"rendered":"How to Fix Kubernetes on Linux Server in 2026"},"content":{"rendered":"\n<p><strong>To fix Kubernetes on a Linux server<\/strong>, start with a quick health triage: confirm OS prerequisites (swap off, cgroups, kernel modules), verify kubelet and the container runtime, check kubectl and cluster components, repair CNI networking and DNS, validate certificates and etcd, then apply targeted fixes or safely reset and rejoin nodes if needed.<\/p>\n\n\n\n<p>If you\u2019re wondering how to fix Kubernetes on a Linux server, this guide walks you through a practical, step by step troubleshooting workflow I use in real environments.<\/p>\n\n\n\n<p>We\u2019ll diagnose kubelet, container runtimes, networking (CNI), DNS, certificates, etcd, and performance issues, using simple commands, minimal downtime tips, and safe rollback options.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-diagnosis-checklist\">Quick Diagnosis Checklist<\/h2>\n\n\n\n<p>Before deep diving, run through this rapid checklist to pinpoint the layer causing the failure. Fixes become much faster when you narrow scope early.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"720\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Quick-Diagnosis-Checklist.jpg\" alt=\"Fix Kubernetes on Linux Server\" class=\"wp-image-19130\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Quick-Diagnosis-Checklist.jpg 1280w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/Quick-Diagnosis-Checklist-150x84.jpg 150w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-validate-node-and-os-prerequisites\">1) Validate Node and OS Prerequisites<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable swap (or configure kubelet to tolerate it).<\/li>\n\n\n\n<li>Load required kernel modules and sysctls for bridging and forwarding.<\/li>\n\n\n\n<li>Confirm time sync and unique hostnames.<\/li>\n\n\n\n<li>Check firewall rules and open Kubernetes\/CNI ports.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Swap should be off\nsudo swapoff -a\nsudo sed -ri 's\/^(&#91;^#].*\\sswap\\s)\/# \\1\/' \/etc\/fstab\n\n# Kernel modules\nsudo modprobe overlay\nsudo modprobe br_netfilter\n\n# Sysctls\ncat &lt;&lt;'EOF' | sudo tee \/etc\/sysctl.d\/99-kubernetes.conf\nnet.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1\nEOF\nsudo sysctl --system\n\n# Time sync\ntimedatectl\nsudo systemctl status chronyd || systemctl status systemd-timesyncd\n\n# Hostname must be unique and resolvable\nhostnamectl<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-check-kubelet-and-container-runtime\">2) Check kubelet and Container Runtime<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure kubelet is running and able to talk to the container runtime (containerd\/CRI-O).<\/li>\n\n\n\n<li>Look for cgroup driver mismatches and CRI errors.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Kubelet\nsudo systemctl status kubelet --no-pager\nsudo journalctl -u kubelet -b --no-pager\n\n# Containerd (example runtime)\nsudo systemctl status containerd --no-pager\ncontainerd --version\nsudo crictl info\nsudo crictl ps -a<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-verify-kubectl-context-and-control-plane-health\">3) Verify kubectl Context and Control Plane Health<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl config get-contexts\nkubectl cluster-info\nkubectl get nodes -o wide\nkubectl get pods -A --field-selector=status.phase!=Running\nkubectl get componentstatuses # deprecated info, prefer:\nkubectl -n kube-system get pods\nkubectl -n kube-system logs -l component=kube-apiserver --tail=200<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-confirm-networking-and-dns\">4) Confirm Networking and DNS<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure a single CNI is installed and healthy (Calico, Flannel, Cilium, etc.).<\/li>\n\n\n\n<li>Check CoreDNS logs and service discovery from inside a Pod.<\/li>\n\n\n\n<li>Inspect iptables\/ipvs and MTU settings.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># CNI presence\nls \/etc\/cni\/net.d\nls \/opt\/cni\/bin\n\n# CoreDNS\nkubectl -n kube-system get pods -l k8s-app=kube-dns\nkubectl -n kube-system logs -l k8s-app=kube-dns --tail=200\n\n# kube-proxy and iptables\/ipvs\nkubectl -n kube-system get pods -l k8s-app=kube-proxy\nsudo iptables -L -n -v\nip link | grep -E 'mtu|cali|flannel|cilium'<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-storage-and-events\">5) Storage and Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Describe failing Pods for Events and volume errors.<\/li>\n\n\n\n<li>Check CSI drivers and node disk pressure.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl describe pod &lt;name&gt; -n &lt;ns&gt;\nkubectl get csidrivers\nkubectl describe node &lt;node&gt; | egrep -i 'taints|pressure|memory|disk'<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-kubernetes-issues-on-linux-and-how-to-fix-them\">Common Kubernetes Issues on Linux and How to Fix Them<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"kubelet-wont-start-swap-cgroups-runtime\">Kubelet Won\u2019t Start (Swap, Cgroups, Runtime)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable swap. Kubernetes expects swap off unless kubelet is run with <code>--fail-swap-on=false<\/code> (not recommended).<\/li>\n\n\n\n<li>Align cgroup drivers. On modern distros, Kubernetes + containerd with systemd cgroups is recommended.<\/li>\n\n\n\n<li>Ensure container runtime socket is reachable by kubelet.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Containerd systemd cgroup example (config.toml)\nsudo mkdir -p \/etc\/containerd\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml &gt;\/dev\/null\nsudo sed -i 's\/SystemdCgroup = false\/SystemdCgroup = true\/' \/etc\/containerd\/config.toml\nsudo systemctl restart containerd\nsudo systemctl restart kubelet<\/code><\/pre>\n\n\n\n<p>If logs show \u201cFailed to run kubelet\u201d or \u201cfailed to run Kubelet: validate service connection\u201d confirm <code>--container-runtime-endpoint<\/code> matches your runtime socket (e.g., <code>unix:\/\/\/run\/containerd\/containerd.sock<\/code> ).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"pods-stuck-in-container-creating-cni-problems\">Pods Stuck in Container Creating (CNI Problems)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make sure only one CNI plugin is configured.<\/li>\n\n\n\n<li>Reapply the correct CNI manifest after wiping stale configs.<\/li>\n\n\n\n<li>Open overlay\/VXLAN ports and fix MTU on <a href=\"https:\/\/www.youstable.com\/blog\/tally-on-cloud-vs-local-installation\/\">cloud<\/a> networks.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Remove stale CNI configs carefully (multi-tenant warning!)\nsudo rm -f \/etc\/cni\/net.d\/*\n\n# Reapply your chosen CNI (example: Calico docs provide latest URL)\nkubectl apply -f https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.27.0\/manifests\/calico.yaml\n\n# Example MTU for encapsulation networks (adjust to your infra, often 1450 or 1440)\n# Calico: set vethMTU in configmap or operator CR\n# Flannel: net-conf.json \"MTU\": 1450<\/code><\/pre>\n\n\n\n<p>On RHEL\/CentOS, ensure <code>firewalld<\/code> or <code>iptables<\/code> isn\u2019t blocking pod traffic. On Ubuntu with UFW, allow inter-node traffic or disable UFW for Kubernetes nodes when testing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"dns-failures-coredns-crashloop-timeouts\">DNS Failures (CoreDNS CrashLoop\/Timeouts)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check CoreDNS logs for loop or forwarding errors.<\/li>\n\n\n\n<li>Validate the <code>kube-dns<\/code> service and clusterDNS IP in kubelet config.<\/li>\n\n\n\n<li>Test DNS from a debug pod.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Quick DNS test\nkubectl run -it dnsutils --image=ghcr.io\/k8s-at-home\/dnsutils:latest --restart=Never --rm --overrides='{\"spec\":{\"dnsPolicy\":\"ClusterFirst\"}}' -- nslookup kubernetes.default\n\n# Check kubelet resolv.conf flags\ncat \/var\/lib\/kubelet\/config.yaml | egrep 'clusterDNS|clusterDomain'\nkubectl -n kube-system get svc kube-dns<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"certificates-expired-apiserver-kubelets\">Certificates Expired (APIServer, Kubelets)<\/h3>\n\n\n\n<p>If your control plane is built with kubeadm, use the built in cert utilities. Renewing certs is fast and low risk when done early.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo kubeadm certs check-expiration\nsudo kubeadm certs renew all\nsudo systemctl restart kubelet<\/code><\/pre>\n\n\n\n<p>For worker nodes failing to join due to certs or tokens, create a fresh token and rejoin using the printed command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubeadm token create --print-join-command<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"etcd-health-and-data-store-issues\">etcd Health and Data Store Issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check etcd endpoint health with proper certs.<\/li>\n\n\n\n<li>Watch for disk latency and space exhaustion; etcd is sensitive to I\/O.<\/li>\n\n\n\n<li>Ensure time sync across control plane nodes.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>export ETCDCTL_API=3\netcdctl --endpoints=https:\/\/127.0.0.1:2379 \\\n  --cacert=\/etc\/kubernetes\/pki\/etcd\/ca.crt \\\n  --cert=\/etc\/kubernetes\/pki\/etcd\/server.crt \\\n  --key=\/etc\/kubernetes\/pki\/etcd\/server.key endpoint health<\/code><\/pre>\n\n\n\n<p>If etcd is unhealthy, avoid \u201cquick fixes\u201d that risk data loss. Snapshot first, then recover. Consider restoring from a verified etcd snapshot if corruption is suspected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"kubeadm-join-upgrade-fails\">kubeadm Join\/Upgrade Fails<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Match Kubernetes versions: upgrade kubeadm first, then control plane, then kubelet\/kubectl.<\/li>\n\n\n\n<li>Regenerate a join command and ensure ports to the API server are reachable.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Plan an upgrade\nsudo kubeadm upgrade plan\n\n# Upgrade components (Ubuntu example)\nsudo apt-get update\nsudo apt-get install -y kubeadm=&lt;version&gt;-00\nsudo kubeadm upgrade apply &lt;version&gt;\n\n# Then upgrade kubelet\/kubectl and restart kubelet\nsudo apt-get install -y kubelet=&lt;version&gt;-00 kubectl=&lt;version&gt;-00\nsudo systemctl daemon-reload &amp;&amp; sudo systemctl restart kubelet<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"persistent-volume-mount-attach-errors\">Persistent Volume Mount\/Attach Errors<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check CSI driver logs and node dmesg for attach\/mount errors.<\/li>\n\n\n\n<li>Validate cloud credentials\/permissions for dynamic provisioning.<\/li>\n\n\n\n<li>Ensure matching filesystem and access modes.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl -n kube-system logs -l app=csi-controller --tail=200\nkubectl describe pvc &lt;name&gt; -n &lt;ns&gt;\ndmesg | tail -n 100<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-and-stability-tuning\">Performance and Stability Tuning<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use containerd with systemd cgroups for modern Linux.<\/li>\n\n\n\n<li>Prefer kube proxy ipvs on larger clusters; otherwise iptables is fine.<\/li>\n\n\n\n<li>Enable log rotation for containers and keep OS\/disk clean.<\/li>\n\n\n\n<li>Pin tested kernel versions and avoid unexpected kernel jumps.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># kube-proxy mode (check ConfigMap)\nkubectl -n kube-system get cm kube-proxy -o yaml | grep mode\n\n# Example container log rotation (containerd via CRI)\n# Configure containerd &amp; CRI log options or use logrotate for \/var\/log\/containers<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-to-reset-or-rebuild-safely\">When to Reset or Rebuild Safely<\/h3>\n\n\n\n<p>If a node is deeply misconfigured (broken CNI, runtime conflicts, or stale state), a clean reset can be fastest. Drain the node, reset kubeadm, and rejoin with a fresh token. This preserves cluster workloads by rescheduling pods elsewhere.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Move workloads off the node\nkubectl drain &lt;node&gt; --ignore-daemonsets --delete-emptydir-data --force\n\n# Reset node state\nsudo kubeadm reset -f\nsudo systemctl restart containerd || sudo systemctl restart crio\nsudo rm -rf ~\/.kube\n\n# Rejoin node (from control plane)\nkubeadm token create --print-join-command\n# Run the printed join command on the node\n\n# Mark schedulable again\nkubectl uncordon &lt;node&gt;<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"preventing-future-incidents\">Preventing Future Incidents<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Configuration management:<\/strong> codify kubelet, containerd, sysctls, and CNI with Ansible\/Terraform.<\/li>\n\n\n\n<li><strong>Monitoring and alerts:<\/strong> watch kubelet, etcd, CoreDNS, API latencies, and node pressures.<\/li>\n\n\n\n<li><strong>Backups:<\/strong> automate etcd snapshots and offsite backups.<\/li>\n\n\n\n<li><strong>Security baseline:<\/strong> restrict SSH, patch OS, rotate tokens\/certs, and use RBAC least privilege.<\/li>\n\n\n\n<li><strong>Change control:<\/strong> test CNI\/runtime\/kube-proxy changes in staging before production.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-you-need-hands-on-help\">When You Need Hands On Help<\/h2>\n\n\n\n<p>Running Kubernetes on bare metal or cloud Linux servers can be unforgiving. If you <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-web-hosting-control-panel-for-managed-hosting\/\">host your control<\/a> plane or workers with YouStable, our engineers can audit your cluster, tune kernel and cgroups, right size networking (MTU, ipvs\/iptables), implement etcd backups, and establish reliable monitoring, so fixes become routine and outages rare.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"actionable-fix-recipes-copy-paste\">Actionable Fix Recipes (Copy\/Paste)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-required-ports-example\">Open Required Ports (Example)<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Control-plane node (firewalld example)\nsudo firewall-cmd --permanent --add-port=6443\/tcp    # kube-apiserver\nsudo firewall-cmd --permanent --add-port=2379-2380\/tcp # etcd\nsudo firewall-cmd --permanent --add-port=10250\/tcp   # kubelet\nsudo firewall-cmd --permanent --add-port=10257\/tcp   # kube-controller-manager\nsudo firewall-cmd --permanent --add-port=10259\/tcp   # kube-scheduler\nsudo firewall-cmd --reload\n\n# Worker node\nsudo firewall-cmd --permanent --add-port=10250\/tcp\nsudo firewall-cmd --permanent --add-port=30000-32767\/tcp  # NodePort range\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-networkmanager-interference\">Fix NetworkManager Interference<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Tell NetworkManager to ignore CNI bridges (e.g., cni0, flannel.1, cali*)\ncat &lt;&lt;'EOF' | sudo tee \/etc\/NetworkManager\/conf.d\/90-k8s-cni.conf\n&#91;keyfile]\nunmanaged-devices=interface-name:cni*,interface-name:flannel*,interface-name:cali*,interface-name:tunl*\nEOF\nsudo systemctl reload NetworkManager<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-considerations-rhel-centos\">SELinux Considerations (RHEL\/CentOS)<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># For quick testing only (prefer proper policies in production)\nsudo setenforce 0\n# To make permissive across reboots (evaluate security impact)\nsudo sed -i 's\/^SELINUX=enforcing\/SELINUX=permissive\/' \/etc\/selinux\/config<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\">FAQs<\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765867152954\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"why-is-kubelet-not-starting-on-my-linux-server\">Why is kubelet not starting on my Linux server?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Most often because swap is enabled, the container runtime socket is unreachable, or cgroup drivers don\u2019t match. Disable swap, set containerd\u2019s <code>SystemdCgroup=true<\/code>, restart containerd and kubelet, and review <code>journalctl -u kubelet<\/code> for CRI errors.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765867164931\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-fix-crashloopbackoff-pods\">How do I fix CrashLoopBackOff pods?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Describe the pod to see the last exit codes and reasons. Then check container logs. Common fixes include correcting image pull secrets, fixing environment variables, increasing resources, or resolving ConfigMap\/Secret mount paths. If it\u2019s a node issue, look for disk pressure or runtime errors.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765867178218\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"coredns-is-pending-or-timing-out-what-should-i-check\">CoreDNS is Pending or timing out, what should I check?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Ensure a CNI is installed and functioning, verify the <code>kube-dns<\/code> service, and inspect CoreDNS logs for loop\/forwarding errors. Test DNS from a debug pod. If you\u2019re on cloud networks, confirm MTU and that firewall rules allow pod to pod traffic.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765867189724\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-it-safe-to-run-kubeadm-reset-to-fix-a-broken-node\">Is it safe to run kubeadm reset to fix a broken node?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, if you drain the node first. <code>kubeadm reset<\/code> clears local state so you can rejoin cleanly. Always drain with <code>kubectl drain<\/code>, reset, then use a fresh join command. For control plane nodes, plan downtime and have etcd backups.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765867206826\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"which-ports-must-be-open-for-kubernetes-to-work\">Which ports must be open for Kubernetes to work?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Commonly: 6443\/tcp (API), 2379\u20132380\/tcp (etcd control plane), 10250\/tcp (kubelet), 10257\/tcp (controller-manager), 10259\/tcp (scheduler), and 30000\u201332767\/tcp for NodePort services. Your CNI may require additional ports (e.g., 8472\/udp for Flannel VXLAN, 179\/tcp for Calico BGP).<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To fix Kubernetes on a Linux server, start with a quick health triage: confirm OS prerequisites (swap off, cgroups, kernel [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":19128,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13625","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Fix-Kubernetes-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13625"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13625\/revisions"}],"predecessor-version":[{"id":19132,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13625\/revisions\/19132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/19128"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}