Share via

I can't connect to AKS cluster using kubectl command

A.K.A 0 Reputation points
2023-01-30T01:18:54.31+00:00

I am receiving below error whenever I am trying to connect to AKS cluster using kubectl from Azure CLI

E0129 19:58:13.417065 43337 memcache.go:238] couldn't get current server API group list: Get "https://XxXXXXXXXXXX.hcp.eastus.azmk8s.io:443/api?timeout=32s": read tcp XXX.XXX.XXX.XXX:64093->X.X.X.X:443: read: connection reset by peer - error from a previous attempt: read tcp X.X.X.X:64092->X.X.X.X:443: read: connection reset by peer

here are network settings

Network type (plugin) Azure CNI

Pod CIDR -

Service CIDR. 10.0.0.0/16

DNS service IP. 10.0.0.10

Docker bridge CIDR. 172.17.0.1/16

Network Policy. None

Load balancer Standard

HTTP application routing. Not enabled

Private cluster Not enabled

Authorized IP ranges. Not enabled

Application Gateway ingress controller. Enabled

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,457 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. A.K.A 0 Reputation points
    2023-01-30T13:54:11.1+00:00

    Hi Andrei,

    below is my response,

    1 - Are you facing this issue when trying to run kubectl from your terminal, from Azure Cloud Shell or both? If you tried only from one, please try to run the same command from the other and let me know the outcome.

    I am facing this issue when I run Kubectl from AZURE CLI from my work laptop, but same kubectl command is returning valid output when I am running from Azure Cloud Shell.

    2 - Is this something that worked before for you? If yes, did you perform any change before facing this issue?

    It didn't work me anytime, I just built this AKS cluster on my free tier subscription.

    3 - Does the same work for your colleagues?

    Since this is my free tier subscription, I havent had a chance to let my colleagues work in same environment.

    4 - Do you have Uptime SLA feature enabled on your AKS cluster?

    I dont think so.

    Thanks,

    Ajay A

  2. Ajay AK 0 Reputation points
    2023-01-30T15:03:28.53+00:00

    $ kubectl version

    WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.

    Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.1", GitCommit:"8f94681cd294aa8cfd3407b8191f6c70214973a4", GitTreeState:"clean", BuildDate:"2023-01-18T15:58:16Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"darwin/amd64"}

    Kustomize Version: v4.5.7

    error: Get "https://xxx-xxxx-5f7914-feee3de2.hcp.eastus.azmk8s.io:443/version?timeout=32s": read tcp

    x.x.x.x56036->y.y.y.y:443: read: connection reset by peer - error from a previous attempt: read tcp

    x.x.x.x:56035->y.y.y.y:443: read: connection reset by peer

    $ nc -v -w 2 xxx-xxx-5f7914-feee3de2.hcp.eastus.azmk8s.io 443

    Connection to lxxx-xxx5f7914-feee3de2.hcp.eastus.azmk8s.io port 443 [tcp/https] succeeded!

    0 comments
  3. Edgar Alves 0 Reputation points
    2023-02-15T12:40:24.91+00:00

    I'm facing the same issue! I able to connect o a old cluster, but the new one that is just created I can't

    0 comments
  4. Danilo Dantas 0 Reputation points
    2023-03-02T20:13:38.7866667+00:00

    With the arrival of v1.26 Kubernetes was dropped the support for azure (and gpc) auth plugins from inside kubectl. Now, each cloud provider should provide a cloud-specific replacement for the auth plug-in that was dropped from kubectl in v1.26

    Here follow some instructions for login on AKS after v1.26
    https://medium.com/@dannevesdantas/how-to-connect-to-aks-clusters-after-kubernetes-v1-26-update-cc27d87ab186

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.