'Unable to connect Net/http: TLS handshake timeout' — Why can't Kubectl connect to Azure Kubernetes server? (AKS)

Question

My question (to MS and anyone else) is: Why is this issue occurring and what work around can be implemented by the users / customers themselves as opposed to

Answer 1

Adding another answer since this is now the Azure Support official solution when the above attempts do not work. I haven't experienced the issue in a while so I can't verify this one but it seems like it would make sense to me (based on previous experience).

Credit on this one / full thread found here (https://github.com/Azure/AKS/issues/14#issuecomment-424828690)

Check for Tunneling Issues

1. ssh to the agent node which running the tunnelfront pod
2. get tunnelfront logs: "docker ps" -> "docker logs "
3. "nslookup " whose fqdn can be get from above command -> if it resolves ip, which means dns works, then go to the following step
4. "ssh -vv azureuser@ -p 9000" ->if port is working, go to the next step
5. "docker exec -it /bin/bash", type "ping google.com", if it is no response, which means tunnel front pod doesn't have external network, then do following step
6. restart kube-proxy, using "kubectl delete po -n kube-system", choose the kube-proxy which is runing on the same node with tunnelfront. customer can use "kubectl get po -n kube-system -o wide"

I feel like this particular work-around could PROBABLY be automated (for sure on Azure side but probably on the community side).

Email Azure AKS Specific Support

If after all the diagnosis you still suffer from this issue, please don't hesitate to send email to aks-help@service.microsoft.com