Client IP address can't access the API server
This article describes how to fix issues that occur when you can't connect to an Azure Kubernetes Service (AKS) cluster because your client IP address can't access the AKS API server.
Prerequisites
Symptoms
You may see such errors as:
Unable to connect to the server: dial tcp <API-SERVER-IP>:443: i/o timeout
Unable to connect to the server: dial tcp <API-SERVER-IP>:443: connectex: A connection attempt failed because the connected party did not properly respond after a period, or established connection failed because connected host has failed to respond.
Cause
API server-authorized IP ranges may have been enabled on the cluster's API server, but the client's IP address wasn't included in the IP ranges. To check whether this feature has been enabled, see if the following az aks show command in Azure CLI produces a list of IP ranges:
az aks show --resource-group <cluster-resource-group> \
--name <cluster-name> \
--query apiServerAccessProfile.authorizedIpRanges
Solution
Look at the cluster's API server-authorized ranges, and add your client's IP address within that range using the following steps:
Note
Do you access the API server from a corporate network where traffic is routed through a proxy server or firewall? Then ask your network administrator before you add your client IP address to the list of authorized ranges for the API server.
Also ask your cluster administrator before you add your client IP address, because there might be security concerns with adding a temporary IP address to the list of authorized ranges.
Get your client IP address by running this curl command:
$ curl --silent checkip.dyndns.org <html><head><title>Current IP Check</title></head><body>Current IP Address: 0.255.127.63</body></html>
Update the API server-authorized range with the az aks update command in Azure CLI, using your client IP address:
az aks update --resource-group <cluster-resource-group> \ --name <cluster-name> \ --api-server-authorized-ip-ranges <ip-ranges-that-include-your-client-ip-address>
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Feedback
https://aka.ms/ContentUserFeedback.
Kommer snart: I hele 2024 udfaser vi GitHub-problemer som feedbackmekanisme for indhold og erstatter det med et nyt feedbacksystem. Du kan få flere oplysninger under:Indsend og få vist feedback om