![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 88%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 47%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Welcome to Microsoft Q&A Platform. Thank you for posting your query here!
I suggest you check for expiration of certificates by running below command:
az connectedk8s show -n <cluster-name> -g <resource-group> --query "managedIdentityCertificateExpirationTime"
https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/workload-identity
Check for Network/firewall restrictions blocking outbound HTTPS traffic to this domain.
Checking the logs of the Azure Arc agent extension-agent pod logs. You can find the pod by running: kubectl logs -n kube-system extension-agent-<pod-guid>
Suggested documents:
https://learn.microsoft.com/en-us/azure/aks/aksarc/certificates-overview
https://learn.microsoft.com/en-us/azure/aks/aksarc/update-certificates
https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/extensions/cluster-extension-deployment-errors#cause-3-the-traffic-is-not-authorizedHope this helps!
If you have any further queries, please tag me in the comments.
If the answer is helpful, please accept answer and click "upvote".