[Solved] ClusterInformation: connection is unauthorized: Unauthorized - Failed to create pod sandbox: rpc error

Bibin Wilson
1 min read
[Solved] ClusterInformation: connection is unauthorized: Unauthorized - Failed to create pod sandbox: rpc error

Issue: When working with Kubeadm cluster with Calico CNI plugin, the container fails to launch and if you describe the pod you may get the following error.

Warning  FailedCreatePodSandBox  16m                 kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_webserver-667ddc69b6-wq689_default_ffa6a237-7dc6-4bc4-9444-b0146a5b7f21_0(6dfe713911b0d60f98cf464a11928b041c885ff9dd3c59323ca5271be1df632b): error adding pod default_webserver-667ddc69b6-wq689 to CNI network "k8s-pod-network": plugin type="calico" failed (add): error getting ClusterInformation: connection is unauthorized: Unauthorized

Solution

This error can be rectified by restarting the Calico pods running in the kube-system namespace.

Get the labels of calico pods using the following command.

kubectl get pods -n kube-system --show-labels

First delete all the calico pods using the following command.

kubectl delete pods -n kube-system -l k8s-app=calico-node

Once the calico pods are restarted, you you shouldn't see the error.

If you dont have enough CPU and memory available in the cluster, consider increasing the nodes so that calico pods will have enough resources to startup up. Otherwise the calico pods will crash again due to resource crunch.

Root Cause

This error primary happens in kubeadm due to temporary glitches. Restarting the pods will clear all the temporary problems. At least it did in my case.

Another reason could be the race condition in Calico configurations. This also gets rectified with calico pod restarts.

If pod restart doest solve the issue, then you can check the folllwing.

  1. Not enough resources on node: If you a running a cluster with very less resources you might face this issue. When there is not resources for calico pods, it will create this calico issue. So ensure you have enough CPU memory resources available in the cluster.
  2. Network Policies Blocking Access: check if there is any network policy blocking calico access to other components.
  3. Incorrect Calico Configuration: A misconfiguration in calico could also lead to unauthorized errors. Check all the calico configurations.
HOW TO GUIDES Kubernetes TROUBLESHOOTING
About the author
Bibin Wilson

Bibin Wilson

Bibin Wilson (authored over 300 tech tutorials) is a cloud and DevOps consultant with over 12+ years of IT experience. He has extensive hands-on experience with public cloud platforms and Kubernetes.

Read next

How to Setup Pritunl VPN on EC2 (Complete Guide)

Linux AppArmor: A Beginner-Friendly Guide

AWS Route53 Private Hosted Zone - Beginners Guide

Linux Syscall Explained For Beginners

Linux Capabilities In Containers & Kubernetes

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to DevOpsCube – Easy DevOps, SRE Guides & Reviews.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.