Client IP address can't access the API server
This article describes how to fix issues that occur when you can't connect to an Azure Kubernetes Service (AKS) cluster because your client IP address can't access the AKS API server.
Prerequisites
Symptoms
When you try to access Kubernetes resources such as mamespaces and workloads from the Azure portal, you might encounter the following errors:
Network error
Unable to reach the api server 'https://<API-server-FQDN>' or api server is too busy to respond. Check your network settings and refresh to try again.
Cause
API server-authorized IP ranges may have been enabled on the cluster's API server, but the client's IP address wasn't included in the IP ranges. To check whether this feature has been enabled, see if the following az aks show command in Azure CLI produces a list of IP ranges:
az aks show --resource-group <cluster-resource-group> \
--name <cluster-name> \
--query apiServerAccessProfile.authorizedIpRanges
Solution
Look at the cluster's API server-authorized ranges, and add your client's IP address within that range.
Note
Do you access the API server from a corporate network where traffic is routed through a proxy server or firewall? Then ask your network administrator before you add your client IP address to the list of authorized ranges for the API server.
Also ask your cluster administrator before you add your client IP address, because there might be security concerns with adding a temporary IP address to the list of authorized ranges.
Navigate to the cluster from the Azure portal.
In the left menu, locate Settings and then select Networking.
On the Networking page, select the Overview tab.
Select Manage under Resource settings.
In the Authorized IP ranges pane, add your client IP address as shown in the following screenshot:
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.