Client IP address can't access the API server
This article describes how to fix issues that occur when you can't connect to an Azure Kubernetes Service (AKS) cluster because your client IP address can't access the AKS API server.
Prerequisites
Symptoms
You may see such errors as:
Unable to connect to the server: dial tcp <API-SERVER-IP>:443: i/o timeout
Unable to connect to the server: dial tcp <API-SERVER-IP>:443: connectex: A connection attempt failed because the connected party did not properly respond after a period, or established connection failed because connected host has failed to respond.
Cause
API server-authorized IP ranges may have been enabled on the cluster's API server, but the client's IP address wasn't included in the IP ranges. To check whether this feature has been enabled, see if the following az aks show command in Azure CLI produces a list of IP ranges:
az aks show --resource-group <cluster-resource-group> \
--name <cluster-name> \
--query apiServerAccessProfile.authorizedIpRanges
Solution
Look at the cluster's API server-authorized ranges, and add your client's IP address within that range using the following steps:
Note
Do you access the API server from a corporate network where traffic is routed through a proxy server or firewall? Then ask your network administrator before you add your client IP address to the list of authorized ranges for the API server.
Also ask your cluster administrator before you add your client IP address, because there might be security concerns with adding a temporary IP address to the list of authorized ranges.
Get your client IP address by running this curl command:
$ curl --silent checkip.dyndns.org <html><head><title>Current IP Check</title></head><body>Current IP Address: 0.255.127.63</body></html>Update the API server-authorized range with the az aks update command in Azure CLI, using your client IP address:
az aks update --resource-group <cluster-resource-group> \ --name <cluster-name> \ --api-server-authorized-ip-ranges <ip-ranges-that-include-your-client-ip-address>
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for