K
Q

AKS: --api-server-authorized-ip-ranges filter

4/7/2020

I have a trouble with enabling --api-server-authorized-ip-ranges feature, let me describe my case:

  1. I have AKS without enabled feature, but want to add it using this command:
az aks update --resource-group test-aks-service-rg -n test-aksCluster --api-server-authorized-ip-ranges 1.2.3.4/32

I got a result that ip address has been successfully added as allowed for API.

  1. Then, I'm trying to get logs of the pods, but I'm getting timeout issue:
Error from server ... dail tcp ... i/o timeout.

What is wrong with my configuration? How to properly add auth ip ranges?

Note: I verified that my ip outbound address is 1.2.3.4

-- DariyN
azure
azure-aks
kubernetes

Similar Questions

Resolving nginx 404 error in staging that didn't occur in development
Discover Kubernetes Service DNS Record
Can I enable pod to pod (via pod IP) communication with Istio?
how to delete all files related to k8s

1 Answer

4/7/2020

It was my fault, I have missed important thing in Microsoft documentation. An answer is here:

https://docs.microsoft.com/bs-cyrl-ba/azure/aks/api-server-authorized-ip-ranges

I forgot to add firewall public ip addresses into auth ip ranges list.

The following addresses must be in the list, to get it work:

  • The firewall public IP address
  • Any range that represents networks that you'll administer the cluster from
  • If you are using Azure Dev Spaces on your AKS cluster, you have to allow additional ranges based on your region.
-- DariyN
Source: StackOverflow