This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I am not able to connect to the AKS Cluster. I am trying to connect to private AKS Cluster. It gives me error as : couldn't get current server API group list: Get ":443/api?timeout=32s": dial tcp: lookup
Unable to connect to the server: dial tcp: lookup no such host
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 60%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hi @Anonymous
If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 1%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
I was facing the same issues and I was able to resolve it by setting up the Azure default DNS IP(168.63.129.16) into DNS server's setting under the VNET
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
A private cluster cannot be accessed outside of that VNET were AKS cluster was created.
Can you try accessing the private AKS cluster by creating a test VM in the same VNET as that of AKS cluster ?
Or you can have a VM in different VNET but that VNET needs to be paired with VNET of AKS cluster.
See different ways of connecting to private AKS cluster:
To quickly test it out you can use the command-invoke (Example below)
https://learn.microsoft.com/en-us/azure/aks/command-invoke
az aks command invoke \
--resource-group myResourceGroup \
--name myPrivateCluster \
--command "kubectl get pods -n kube-system"
Let us know if that helps !
Regards,
Shiva.
Hi We have similar issue. Our AKS cluster is private cluster. We have a jumpbox in same vnet and when connecting we are seeing
E0810 07:08:01.220744 14885 memcache.go:265] couldn't get current server API group list: Get "https://icx-test-aks-dns-0y1vk8k7.d8d70a3c-f192-4572-a2de-e63dab0708a8.privatelink.centralindia.azmk8s.io:443/api?timeout=32s": dial tcp: lookup icx-preprod-aks-dns-0y9vk8k7.d8d70a3c-fe92-4572-a2de-e63dab0708a8.privatelink.centralindia.azmk8s.io on 10.1.2.103:53: no such host
Unable to connect to the server: dial tcp: lookup icx-preprod-aks-dns-0y9vk8k7.d8d70a3c-fe92-4572-a2de-e63dab0708a8.privatelink.centralindia.azmk8s.io on 10.1.2.103:53: no such host
But replicated same with another VM in same Vnet there we are able to connect. How can we resolve this issue?
So both the Replicated VM and the Jumpbox are in the same VNET but it's not working from the Jumpbox VM ? and working in the Replicated VM ? Interesting....
You might have to validate the any NSGs or firewall rules blocking...
Regards,
Shiva.
I was using also Azure Private AKS cluster and facing this issue when I was trying to access the private AKS cluster using kubectl from hub Virtual Network's jump server wherein the Private AKS cluster was deployed in spoke Virtual Network. I was using Azure Firewall for network traffic management.
In my case this happened because the Azure Private AKS uses private DNS zone and private endpoint, and my hub VNET jump box was unable to resolve the DNS for k8s control plane's kubeapi server, so in order to resolve I had manually added DNS record in jump server's C:\Windows\System32\drivers\etc\hosts file like below.
10.0.1.11 aks-xxx-test-dns-xxxxxx.xxxx-xx-axx-2xxxxxxx.privatelink.eastus.azmk8s.io
Replace the Kubernetes service IP and endpoint private DNS FQDN as per your environment.
Also this is just for testing purpose, in production scenario you should add correct firewall rules to resolve the private DNS of AKS control plan API server endpoint and configure correct route tables routes if you are using any for AKS VNET subnets and jump server subnets.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 77%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
when i perform this command i get all the list of pods (-A) az aks command invoke \
--resource-group myResourceGroup \
--name myPrivateCluster \
--command "kubectl get pods -n kube-system"
but same when i perform kubectl get pods -A , i get below error.
E0326 19:07:09.731652 16053 memcache.go:265] couldn't get current server API group list: Get "https://bdkd***** * * * * * * * * * * * * * * * * */api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority