This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
I have created 3 AKS clusters in 3 different regions. Then I tried to fetch them with Azure API (https://management.azure.com/subscriptions/sub_id_here/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01) from my location(Poland) and it worked like a charm, but it took up to 24h to Azure to return the same 3 clusters when running API call from different locations - UK or US. No matter if it was azure-go-sdk or curl.
Is it bug or feature? Eventual consistency level max
EDIT:
All clusters have been created around 11:35 CET.
When I run - from Poland - execution time - 11:45 CET :
curl -v -H "Authorization: Bearer <TOKEN_HERE>" https://management.azure.com/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters\?api-version=2022-04-01 | jq .
Got following response:
* Connected to management.azure.com (51.116.62.189) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [234 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [90 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3955 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [365 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=management.azure.com
* start date: May 3 19:07:04 2022 GMT
* expire date: Apr 28 19:07:04 2023 GMT
* subjectAltName: host "management.azure.com" matched cert's "management.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 01
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x148012800)
> GET /subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01 HTTP/2
> Host: management.azure.com
> user-agent: curl/7.77.0
> accept: */*
> authorization: Bearer <EDITED>
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0< HTTP/2 200
< cache-control: no-cache
< pragma: no-cache
< content-type: application/json; charset=utf-8
< expires: -1
< x-ms-original-request-ids: 993cc901-a197-47ae-97a2-61d9ace75e5d
< x-ms-original-request-ids: 3ec88a32-d956-4ec0-bac5-1b632eac755d
< x-ms-original-request-ids: c6b3e9e9-4936-463b-8b44-e369456b72c5
< x-ms-ratelimit-remaining-subscription-reads: 11985
< x-ms-request-id: 562ae47a-90bd-4f01-a258-3de42349246f
< x-ms-correlation-request-id: 562ae47a-90bd-4f01-a258-3de42349246f
< x-ms-routing-request-id: GERMANYNORTH:20220714T094544Z:562ae47a-90bd-4f01-a258-3de42349246f
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Thu, 14 Jul 2022 09:45:44 GMT
< content-length: 7398
<
{ [7398 bytes data]
100 7398 100 7398 0 0 2447 0 0:00:03 0:00:03 --:--:-- 2450
* Connection #0 to host management.azure.com left intact
{
"value": [
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/AKS/providers/Microsoft.ContainerService/managedClusters/aks-2",
"location": "uksouth",
"name": "aks-2",
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.22.11",
"currentKubernetesVersion": "1.22.11",
"dnsPrefix": "aks-2-dns",
"fqdn": "aks-2-dns-21a2cee0.hcp.uksouth.azmk8s.io",
"azurePortalFQDN": "aks-2-dns-21a2cee0.portal.hcp.uksouth.azmk8s.io",
"agentPoolProfiles": [
{
"name": "agentpool",
"count": 1,
"vmSize": "Standard_B2s",
"osDiskSizeGB": 128,
"osDiskType": "Managed",
"kubeletDiskType": "OS",
"maxPods": 110,
"type": "VirtualMachineScaleSets",
"enableAutoScaling": false,
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.22.11",
"currentOrchestratorVersion": "1.22.11",
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",
"nodeImageVersion": "AKSUbuntu-1804gen2containerd-2022.06.29",
"enableFIPS": false
}
],
"servicePrincipalProfile": {
"clientId": "msi"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": false,
"config": null
},
"azurepolicy": {
"enabled": false,
"config": null
},
"httpApplicationRouting": {
"enabled": false,
"config": null
}
},
"nodeResourceGroup": "MC_AKS_aks-2_uksouth",
"enableRBAC": true,
"networkProfile": {
"networkPlugin": "kubenet",
"loadBalancerSku": "Standard",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourceGroups/MC_AKS_aks-2_uksouth/providers/Microsoft.Network/publicIPAddresses/d1eafb09-f882-4972-b7c3-8d4c3457a430"
}
]
},
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"outboundType": "loadBalancer"
},
"maxAgentPools": 100,
"identityProfile": {
"kubeletidentity": {
"resourceId": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/MC_AKS_aks-2_uksouth/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-2-agentpool",
"clientId": "f800b6f9-e183-4cb3-b996-9bbcb168b2cc",
"objectId": "737f832f-0560-43e7-a994-a86fb771aeb0"
}
},
"securityProfile": {},
"storageProfile": {
"diskCSIDriver": {
"enabled": true
},
"fileCSIDriver": {
"enabled": true
},
"snapshotController": {
"enabled": true
}
}
},
"identity": {
"type": "SystemAssigned",
"principalId": "c4306c19-e5c7-4788-a9f8-2d89ad007232",
"tenantId": "4c815a73-a0c5-495b-a86d-cb611da4cf0d"
},
"sku": {
"name": "Basic",
"tier": "Free"
}
},
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/AKS/providers/Microsoft.ContainerService/managedClusters/aks-3",
"location": "australiaeast",
"name": "aks-3",
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.23.8",
"currentKubernetesVersion": "1.23.8",
"dnsPrefix": "aks-3-dns",
"fqdn": "aks-3-dns-98dc75e4.hcp.australiaeast.azmk8s.io",
"azurePortalFQDN": "aks-3-dns-98dc75e4.portal.hcp.australiaeast.azmk8s.io",
"agentPoolProfiles": [
{
"name": "agentpool",
"count": 1,
"vmSize": "Standard_B2s",
"osDiskSizeGB": 128,
"osDiskType": "Managed",
"kubeletDiskType": "OS",
"maxPods": 110,
"type": "VirtualMachineScaleSets",
"enableAutoScaling": false,
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.23.8",
"currentOrchestratorVersion": "1.23.8",
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",
"nodeImageVersion": "AKSUbuntu-1804gen2containerd-2022.06.29",
"enableFIPS": false
}
],
"servicePrincipalProfile": {
"clientId": "msi"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": false,
"config": null
},
"azurepolicy": {
"enabled": false,
"config": null
},
"httpApplicationRouting": {
"enabled": false,
"config": null
}
},
"nodeResourceGroup": "MC_AKS_aks-3_australiaeast",
"enableRBAC": true,
"networkProfile": {
"networkPlugin": "kubenet",
"loadBalancerSku": "Standard",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourceGroups/MC_AKS_aks-3_australiaeast/providers/Microsoft.Network/publicIPAddresses/9e2d83b8-a419-4c08-8664-e4e6547acd7d"
}
]
},
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"outboundType": "loadBalancer"
},
"maxAgentPools": 100,
"identityProfile": {
"kubeletidentity": {
"resourceId": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/MC_AKS_aks-3_australiaeast/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-3-agentpool",
"clientId": "910921aa-ba9e-4216-b4fd-f27416fbd8f6",
"objectId": "6b58567f-7616-4486-b81d-2ec17274e7d2"
}
},
"securityProfile": {},
"storageProfile": {
"diskCSIDriver": {
"enabled": true
},
"fileCSIDriver": {
"enabled": true
},
"snapshotController": {
"enabled": true
}
}
},
"identity": {
"type": "SystemAssigned",
"principalId": "b8d5fcbd-a469-4342-8a7a-0c47d194063c",
"tenantId": "4c815a73-a0c5-495b-a86d-cb611da4cf0d"
},
"sku": {
"name": "Basic",
"tier": "Free"
}
},
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/AKS/providers/Microsoft.ContainerService/managedClusters/aks-1",
"location": "westus3",
"name": "aks-1",
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.22.6",
"currentKubernetesVersion": "1.22.6",
"dnsPrefix": "aks-1-dns",
"fqdn": "aks-1-dns-124095fc.hcp.westus3.azmk8s.io",
"azurePortalFQDN": "aks-1-dns-124095fc.portal.hcp.westus3.azmk8s.io",
"agentPoolProfiles": [
{
"name": "agentpool",
"count": 1,
"vmSize": "Standard_B2s",
"osDiskSizeGB": 128,
"osDiskType": "Managed",
"kubeletDiskType": "OS",
"maxPods": 110,
"type": "VirtualMachineScaleSets",
"enableAutoScaling": false,
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.22.6",
"currentOrchestratorVersion": "1.22.6",
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",
"nodeImageVersion": "AKSUbuntu-1804gen2containerd-2022.06.22",
"enableFIPS": false
}
],
"servicePrincipalProfile": {
"clientId": "msi"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": false,
"config": null
},
"azurepolicy": {
"enabled": false,
"config": null
},
"httpApplicationRouting": {
"enabled": false,
"config": null
}
},
"nodeResourceGroup": "MC_AKS_aks-1_westus3",
"enableRBAC": true,
"networkProfile": {
"networkPlugin": "kubenet",
"loadBalancerSku": "Standard",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourceGroups/MC_AKS_aks-1_westus3/providers/Microsoft.Network/publicIPAddresses/41cbd266-46b4-412e-93e1-a6d9286a120d"
}
]
},
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"outboundType": "loadBalancer"
},
"maxAgentPools": 100,
"identityProfile": {
"kubeletidentity": {
"resourceId": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/MC_AKS_aks-1_westus3/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks-1-agentpool",
"clientId": "6b18a619-9ad2-497e-8092-55536f4e2d2a",
"objectId": "d58f89b6-205f-4253-81c6-464778dd0ec3"
}
},
"securityProfile": {},
"storageProfile": {
"diskCSIDriver": {
"enabled": true
},
"fileCSIDriver": {
"enabled": true
},
"snapshotController": {
"enabled": true
}
}
},
"identity": {
"type": "SystemAssigned",
"principalId": "04309146-3d11-496d-9a41-749cf10c43b3",
"tenantId": "4c815a73-a0c5-495b-a86d-cb611da4cf0d"
},
"sku": {
"name": "Basic",
"tier": "Free"
}
}
]
}
So as you can see - I have all 3 clusters - aks-1, aks-2 and aks-3
When I run - from UK - execution time - 11:53 CET:
curl -v -H "Authorization: Bearer <TOKEN_HERE>" https://management.azure.com/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters\?api-version=2022-04-01 | jq .
Got following response:
* Connected to management.azure.com (51.105.78.0) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [325 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [90 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3934 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [365 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=management.azure.com
* start date: May 1 16:45:11 2022 GMT
* expire date: Apr 26 16:45:11 2023 GMT
* subjectAltName: host "management.azure.com" matched cert's "management.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 01
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x15700d600)
> GET /subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01 HTTP/2
> Host: management.azure.com
> user-agent: curl/7.79.1
> accept: */*
> authorization: Bearer <EDITED>
>
< HTTP/2 200
< cache-control: no-cache
< pragma: no-cache
< content-type: application/json; charset=utf-8
< expires: -1
< x-ms-ratelimit-remaining-subscription-reads: 11999
< x-ms-request-id: 3401ae87-0f84-4967-b792-0fe9498f2dca
< x-ms-correlation-request-id: 3401ae87-0f84-4967-b792-0fe9498f2dca
< x-ms-routing-request-id: UKSOUTH:20220714T095302Z:3401ae87-0f84-4967-b792-0fe9498f2dca
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Thu, 14 Jul 2022 09:53:01 GMT
< content-length: 12
<
{ [12 bytes data]
100 12 100 12 0 0 48 0 --:--:-- --:--:-- --:--:-- 50
* Connection #0 to host management.azure.com left intact
{
"value": []
}
As you can see - 0 clusters has been returned by Azure API, they will appear in the response after few hours
When I run - from UK - execution time - 12:26 CET:
curl -v -H "Authorization: Bearer <TOKEN_HERE>" https://management.azure.com/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters\?api-version=2022-04-01 | jq .
Got following response:
* Connected to management.azure.com (51.105.78.0) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [325 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [90 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3934 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [365 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=management.azure.com
* start date: May 1 16:45:11 2022 GMT
* expire date: Apr 26 16:45:11 2023 GMT
* subjectAltName: host "management.azure.com" matched cert's "management.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 01
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x14a80f600)
> GET /subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01 HTTP/2
> Host: management.azure.com
> user-agent: curl/7.79.1
> accept: */*
> authorization: Bearer <EDITED>
>
< HTTP/2 200
< cache-control: no-cache
< pragma: no-cache
< content-type: application/json; charset=utf-8
< expires: -1
< x-ms-ratelimit-remaining-subscription-reads: 11999
< x-ms-request-id: 20d37ddc-6102-4817-82d3-35999dd98206
< x-ms-correlation-request-id: 20d37ddc-6102-4817-82d3-35999dd98206
< x-ms-routing-request-id: UKSOUTH:20220714T102647Z:20d37ddc-6102-4817-82d3-35999dd98206
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Thu, 14 Jul 2022 10:26:47 GMT
< content-length: 12
<
{ [12 bytes data]
100 12 100 12 0 0 36 0 --:--:-- --:--:-- --:--:-- 37
* Connection #0 to host management.azure.com left intact
{
"value": []
}
As you can see - still no clusters has been returned by Azure API - after 50 mins from the time when clusters have been created
UPDATE:
After 4:30h from the time when I have created clusters API is still not returning the clusters - when request is made from UK
* Connected to management.azure.com (51.143.210.130) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [325 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [90 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3934 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [365 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=management.azure.com
* start date: May 1 16:45:11 2022 GMT
* expire date: Apr 26 16:45:11 2023 GMT
* subjectAltName: host "management.azure.com" matched cert's "management.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 01
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x12000b600)
> GET /subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01 HTTP/2
> Host: management.azure.com
> user-agent: curl/7.79.1
> accept: */*
> authorization: Bearer <EDITED>
>
< HTTP/2 200
< cache-control: no-cache
< pragma: no-cache
< content-type: application/json; charset=utf-8
< expires: -1
< x-ms-ratelimit-remaining-subscription-reads: 11999
< x-ms-request-id: b3e96855-54ce-4b2b-a842-3359a3faae49
< x-ms-correlation-request-id: b3e96855-54ce-4b2b-a842-3359a3faae49
< x-ms-routing-request-id: UKSOUTH:20220714T142706Z:b3e96855-54ce-4b2b-a842-3359a3faae49
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Thu, 14 Jul 2022 14:27:05 GMT
< content-length: 12
<
{ [12 bytes data]
100 12 100 12 0 0 26 0 --:--:-- --:--:-- --:--:-- 27
* Connection #0 to host management.azure.com left intact
{
"value": []
}
UPDATE:
After almost 24h I have response from Azure API with 3 clusters:
* Connected to management.azure.com (51.143.210.130) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=management.azure.com
* start date: May 1 16:45:11 2022 GMT
* expire date: Apr 26 16:45:11 2023 GMT
* subjectAltName: host "management.azure.com" matched cert's "management.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 01
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x14780b600)
> GET /subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/providers/Microsoft.ContainerService/managedClusters?api-version=2022-04-01 HTTP/2
> Host: management.azure.com
> user-agent: curl/7.79.1
> accept: */*
> authorization: Bearer <EDITED>
>
< HTTP/2 200
< cache-control: no-cache
< pragma: no-cache
< content-type: application/json; charset=utf-8
< expires: -1
< x-ms-original-request-ids: ef19e17d-53ea-4214-8b0e-b89077c3b6cf
< x-ms-original-request-ids: d85870b2-5564-4b65-bb92-587fc1b8b67a
< x-ms-original-request-ids: 55500cc7-f9cb-4a1b-8027-7efa89336e7b
< x-ms-ratelimit-remaining-subscription-reads: 11999
< x-ms-request-id: 49a23a7c-6bad-4d9f-a120-48c61cfd7c90
< x-ms-correlation-request-id: 49a23a7c-6bad-4d9f-a120-48c61cfd7c90
< x-ms-routing-request-id: UKSOUTH:20220715T095747Z:49a23a7c-6bad-4d9f-a120-48c61cfd7c90
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< date: Fri, 15 Jul 2022 09:57:47 GMT
< content-length: 7398
{
"value": [
{
"id": "/subscriptions/4a3fe8c7-ab73-4892-b88c-2e110d387900/resourcegroups/AKS/providers/Microsoft.ContainerService/managedClusters/aks-2",
"location": "uksouth",
"name": "aks-2",
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.22.11",
"currentKubernetesVersion": "1.22.11",
"dnsPrefix": "aks-2-dns",
"fqdn": "aks-2-dns-21a2cee0.hcp.uksouth.azmk8s.io",
"azurePortalFQDN": "aks-2-dns-21a2cee0.portal.hcp.uksouth.azmk8s.io",
"agentPoolProfiles": [
{
"name": "agentpool",
"count": 1,
"vmSize": "Standard_B2s",
"osDiskSizeGB": 128,
"osDiskType": "Managed",
"kubeletDiskType": "OS",
"maxPods": 110,
"type": "VirtualMachineScaleSets",
"enableAutoScaling": false,
"provisioningState": "Succeeded",
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.22.11",
"currentOrchestratorVersion": "1.22.11",
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",
"nodeImageVersion": "AKSUbuntu-1804gen2containerd-2022.06.29",
"enableFIPS": false
}
],
"servicePrincipalProfile": {
"clientId": "msi"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": false,
"config": null
},
"azurepolicy": {
"enabled": false,
"
Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Thanks for sharing more details on the issue.
I am checking internally on this and will update you back.
Thanks for your patience on this and sharing detailed description with timestamps.
Based on the details shared, this looks like a caching issue, where list resources lags in different regions.
In this case, AKS service was not called/reached.
This needs deeper investigation on where the ARM caching failed. I would recommend you to open a support case to investigate this further.