Hello @zenith ,
Support has reviewed the cluster resources and observed that the tunnel has been disconnected which connects the control plane & worker plane.
Solution Suggested:
Can you try deleting the tunnel front pods in the kube-system namespace from the cluster, they will be re-created again. Please ensure that the pod is running, and the node is healthy and that all the required ports are open, the list can be found here: Restrict egress traffic in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn
If restarting/deleting tunnelfront pod is not working, ssh to the agent node which running the tunnelfront pod and do following:
1) get tunnelfront logs: "docker ps" -> "docker logs <tunnelfront_container_id>"
2) "nslookup <ssh-server_fqdn>" whose fqdn can be get from above command -> if it resolves ip, which means dns works, then go to the following step
3) "ssh -vv azureuser@<ssh-server_fqdn> -p 9000" ->if port is working, go to the next step
4) "docker exec -it <tunnelfront_container_id> /bin/bash", type "ping google.com", if it is no response, which means tunnel front pod doesn't have external network, then do following step
5) restart kube-proxy, using "kubectl delete po <kube-proxy_pod> -n kube-system", choose the kube-proxy which is running on the same node with tunnelfront. customer can use "kubectl get po -n kube-system -o wide"
--please don't forget to upvote and Accept as answer if the reply is helpful--