Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to identify and resolve the "failed to either reach kube-apiserver or control plane IP of Kubernetes cluster from Arc Resource Bridge IP" error that occurs when you try to create and deploy a Microsoft Azure Kubernetes Service Arc cluster.
Symptoms
When you try to create an AKS cluster, you receive the following error message:
Failed to either reach kube-apiserver or control plane IP %s:%d of Kubernetes cluster %s from Arc Resource Bridge IP %v. Read aka.ms/aks-arc-kubeapiserver-unreachable for more information.
Possible causes and follow-ups
- Check whether the logical network into which you deployed the AKS cluster is reachable from the management IP pool.
- Check whether the
control plane IPaddress of the AKS cluster is reachable from the management IP pool. You can find the control plane IP address by running theaz aksarc showcommand. - One possible reason for connectivity issues here is if the Arc Resource Bridge is in a different vlan than the logical network in which you created the AKS cluster. If the Arc Resource Bridge is in a different vlan, ensure that cross-vlan communication is enabled.
- Another frequent issue occurs if you have a firewall that isolates the management network from logical networks. Ensure that you opened the required ports so the management network can reach AKS Arc VMs. Review the network requirements for more information about required ports.
- Duplicate IPs and IP address collisions are other reasons why the API server might be unreachable. Ensure that you didn't use the IP addresses provided in the management network anywhere else. Likewise, ensure that the control plane IP provided during the AKS cluster creation operation isn't used anywhere else.
Use the diagnostic checker tool
The diagnostic checker is a PowerShell-based tool that can help identify AKS cluster creation failures due to potential issues in the environment. Use the diagnostic checker tool to identify some of the common networking issues that can lead to an AKS cluster creation failure due to the API server being unreachable.
Contact Microsoft Support
If the problem persists, collect the following information before creating a support request. Collect AKS cluster logs before creating the support request.