Error with AKS certificates

Question

I`m trying to renew certificates for AKS, but I receive this erro message:

(ErrorCodeRotateClusterCertificates) We are unable to serve this request due to an internal error, Correlation ID: 1b6eb12f-467b-44b9-ae3e-4c16b482735a, Operation ID: f503e62d-3b7b-4d63-b9e9-4f1ec1d345de, Timestamp: 2021-12-29T14:24:20Z.

Answer 1

Hello @Marcus Tulyo N. Ribeiro ,
Based upon the error code, it seems cluster certificates got renewed on control plane successfully. To confirm that can you try connecting to the cluster again using below commands and run kubectl commands - Commands should go through:

az account set --subscription <subid>
az aks get-credentials -g <resourcegroup> -n <clustername>

Then run kubectl get nodes or kubectl get pods.

You should be able to run kubectl commands but I think PODS will be in pending state because the corresponding Virtual Machine Scale Set is in "FAILED" state with exit code 50. (You can see this error message in MC_* resource group -> VMSS -> Overview -> Select Failed -> It will display the complete error message.

Based upon my experience, this happens if you have an unsupported AKS version (Minimum supported AKS version is 1.19.*).

Let's do this:-

1. run the command: (If the AKS cluster is in Failed state , it will take the cluster to Succeeded state)
   az resource update -n <aksclustername> -g <aksresourcegroupname> --namespace Microsoft.ContainerService --resource-type ManagedClusters

2) Try to update your AKS cluster to supported version using azure CLI ( Ref: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster )

First check for available AKS upgrade version:

az aks get-upgrades --resource-group myResourceGroup --name myAKSCluster --output table

Then upgrade the cluster using the required version:

az aks upgrade \
--resource-group myResourceGroup \
--name myAKSCluster \
--kubernetes-version KUBERNETES_VERSION

Once the upgrades completes successfully , you should be good .

Regards,
Shiva.