How do I fix : couldn't get current server API group list dail tcp lookup 443 timeout

KHALSA, GURLEEN KAUR 10 Reputation points
2023-08-04T19:57:33.17+00:00

I am not able to connect to the AKS Cluster. I am trying to connect to private AKS Cluster. It gives me error as : couldn't get current server API group list: Get ":443/api?timeout=32s": dial tcp: lookup

Unable to connect to the server: dial tcp: lookup no such host

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,203 questions
{count} votes

4 answers

Sort by: Most helpful
  1. shiva patpi 13,256 Reputation points Microsoft Employee
    2023-08-05T22:40:16.16+00:00

    @KHALSA, GURLEEN KAUR,

    A private cluster cannot be accessed outside of that VNET were AKS cluster was created.

    Can you try accessing the private AKS cluster by creating a test VM in the same VNET as that of AKS cluster ?

    Or you can have a VM in different VNET but that VNET needs to be paired with VNET of AKS cluster.

    See different ways of connecting to private AKS cluster:

    https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal#options-for-connecting-to-the-private-cluster

    To quickly test it out you can use the command-invoke (Example below)

    https://learn.microsoft.com/en-us/azure/aks/command-invoke

    az aks command invoke \
      --resource-group myResourceGroup \
      --name myPrivateCluster \
      --command "kubectl get pods -n kube-system"
    
    
    

    Let us know if that helps !

    Regards,

    Shiva.

    1 person found this answer helpful.

  2. Viresh Mathapati 6 Reputation points
    2024-12-16T08:04:52.9533333+00:00

    I was facing the same issues and I was able to resolve it by setting up the Azure default DNS IP(168.63.129.16) into DNS server's setting under the VNET

    1 person found this answer helpful.
    0 comments No comments

  3. Manohar V 20 Reputation points
    2024-03-26T13:38:46.0066667+00:00

    @shiva patpi

    when i perform this command i get all the list of pods (-A) az aks command invoke \

    --resource-group myResourceGroup \

    --name myPrivateCluster \

    --command "kubectl get pods -n kube-system"

    but same when i perform kubectl get pods -A , i get below error.

    E0326 19:07:09.731652 16053 memcache.go:265] couldn't get current server API group list: Get "https://bdkd***** * * * * * * * * * * * * * * * * */api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority

    0 comments No comments

  4. Viresh Mathapati 6 Reputation points
    2024-11-30T21:44:43.5433333+00:00

    I was using also Azure Private AKS cluster and facing this issue when I was trying to access the private AKS cluster using kubectl from hub Virtual Network's jump server wherein the Private AKS cluster was deployed in spoke Virtual Network. I was using Azure Firewall for network traffic management.

    In my case this happened because the Azure Private AKS uses private DNS zone and private endpoint, and my hub VNET jump box was unable to resolve the DNS for k8s control plane's kubeapi server, so in order to resolve I had manually added DNS record in jump server's C:\Windows\System32\drivers\etc\hosts file like below.

    10.0.1.11 aks-xxx-test-dns-xxxxxx.xxxx-xx-axx-2xxxxxxx.privatelink.eastus.azmk8s.io

    Replace the Kubernetes service IP and endpoint private DNS FQDN as per your environment.

    Also this is just for testing purpose, in production scenario you should add correct firewall rules to resolve the private DNS of AKS control plan API server endpoint and configure correct route tables routes if you are using any for AKS VNET subnets and jump server subnets.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.