All Products
Document Center

:How do I troubleshoot cluster access issues?

Last Updated:May 19, 2022

Problem description

When cluster access issues occur, a timeout error message may be returned when you try to log on to the Alibaba Cloud Container Service for Kubernetes (ACK) console.



Possible causes of the timeout error include:

  • The Server Load Balancer (SLB) instance is deleted due to user errors.
  • Access control list (ACL) rules are configured for the internal SLB instance.
  • The master node of a cluster of ACK Proprietary Edition is deleted due to user errors.
  • A whitelist is configured for the security group of master nodes in a cluster of ACK Proprietary Edition.



  1. Use kubelet to log on to master nodes. For more information, see Connect to Kubernetes clusters through kubectl.
    kubectl get ns
    The following figure shows a sample output that indicates nodes are running properly.
    • If the output indicates that nodes are running properly, perform Step 2.
    • If the output is an empty result or an error message, it indicates that an internal error occurred. In this case, perform Step 3.
  2. Log on to the ACK console. In the left-side navigation pane, click Namespaces to check whether the Namespaces page is available.
    • If the Namespaces page is available and displays namespaces properly, it indicates that you can access to the cluster properly.
    • If the Namespaces page is unavailable and cannot display namespaces properly, perform Step 4.
  3. In the left-side navigation pane, click Overview to check whether the Overview page is available.
    • If you can view the node status, component status, and warning events on the Overview page, you can fix the warnings based on the given instructions.
    • You can also run kubectl commands on cluster nodes to query the status of nodes and components.
    • If the issue persists, perform the following step.
  4. Log on to the SLB console. In the left-side navigation pane, choose Instances > Instances. On the Instances page, find and click the target SLB instance.
  5. Click the Listeners tab to check the port number of listeners. If the port number of these listeners is 6443, it indicates that the port number is correct.
  6. Click the Default Server Group tab to check the public and internal IP addresses of backend servers. 
  7. Click the Listeners tab and choose More > Set Access Control in the Actions column to check the access control settings. 
    Note: You must rectify the invalid settings based on the instructions in the preceding figures.



  • Clusters of ACK Proprietary Edition
  • Clusters of ACK Managed Edition