How to access a Private AKS cluster with az cli commands?

Question

I'm currently having some issues to sign in to a private AKS Cluster with the following commands:

az account set --subscription [subscription_id]

az aks get-credentials --resource-group [resource-group] --name [AKS_cluster_name]

After I typed those two commands it ask me to authenticate through the web with a code that is generated by AZ CLI, and after that, I have the following issue on the terminal:

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code RTEEREDTE to authenticate.
Unable to connect to the server: dial tcp: lookup aksdusw2aks01-0581cf8f.hcp.westus2.azmk8s.io: i/o timeout

What could be the potential issue? How can I successfully login to a private AKS Cluster?

Notes:

I have some other clusters and I'm able to login to them through the terminal without having any type or kind of errors.

Answer 1

In order to interact with the private cluster you'll need to run your command lines from endpoint that has access to the VNET that the AKS cluster is in. So you'll need a VM in that VNET, or a VNET that is peered, VPN in etc.

The point of the private cluster is to prevent access from external sources, only connected networks are allowed. You can also, as mentioned by Wlez, use command invoke, but this is probably suited to occasional use, rather than responsive, frequent access.

Answer 2

You cant use kubectl to access the API Server of a private AKS cluster, thats the design by making it private (no public access). You will need to use az aks command invoke to invoke commands through the Azure API:

az aks command invoke -n <CLUSTER_NAME> -g <CLUSTER_RG> -c "kubectl get pods -A"

Answer 3

Timeouts typically mean something somewhere is dropping packets and there is no response. This might be the security policies and/or traffic rules inside your Azure cloud that are configured for your AKS cluster. You can double check this is coherent with the one where you say your cluster is accessible.