Azure kubernetes cluster set up

Pankaj Joshi 286 Reputation points
2023-11-26T12:33:43.2633333+00:00

I am trying to create azure kubernetes cluster (min node -3,max node -50) on test environment through azure devops pipeline but deployment is failing with error. "-------------aks deployment failed providers/microsoft.containerservice/managedclusters the resource write operation failed to complete successfully, because it reached terminal provisioning state --------" Please see attached error screen shot for detail. As a pre-requisite I have already created aks subnet (cidr /24). When I checked on portal it created AKS with failed state. Please NOTE that same pipeline is working on dev env and I am able to successfully create AKS cluster on dev env. Please see attached error and let me know what could be the error. pic_1mb.jpg

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,984 questions
{count} votes

Accepted answer
  1. shiva patpi 13,166 Reputation points Microsoft Employee
    2023-11-26T17:48:42.4933333+00:00

    @Pankaj Joshi

    From the screen shot it shows exitcode: 50 i.e. OUTBOUNDCONNECTIVITY issue from the agent nodes (i.e. vmss nodes).

    At the time of bootstrapping of the VMSS (Virtual Machine Scale Set ) nodes , as a part of post deployment - some additional software needs to be installed on those agent nodes by connecting to couple of internet resources like mcr.microsoft.com ; ubuntu.com etc. If those nodes are not able to reach out to the internet to deploy those additional software , it will keep retrying and after a particular timeout (90mins i guess) - it will give up and your AKS cluster will go to failed state !! - That's what is happening in your scenario !

    Kindly validate if you are using "Custom DNS Servers" - if those DNS servers have got DNS forwarder implemented.

    If you are using the Firewall , please validate the firewall logs - where exactly it is blocking !

    Also double check the NSG rules

    If you are using the UDR - kindly validate the whole traffic path ..

    The best way to test this outboundconnectivity is , try to create a test VM in the same VNET/Subnet as that of AKS cluster and try to do those connectivity tests !

    In Short:- Your worker nodes needs to have outbound connectivity to mcr.microsoft.com;

    0 comments No comments

0 additional answers

Sort by: Most helpful