|
1 | 1 | --- |
2 | | -title: Troubleshoot the network isolated Azure Kubernetes Service (AKS) cluster |
3 | | -description: Learn how to troubleshoot the network isolated cluster to the Azure Kubernetes Service (AKS). |
| 2 | +title: Troubleshoot network isolated AKS clusters |
| 3 | +description: Learn how to troubleshoot network isolated cluster issues in Azure Kubernetes Service (AKS). |
4 | 4 | ms.service: azure-kubernetes-service |
5 | | -ms.date: 04/09/2025 |
6 | | -editor: charleswool |
7 | | -ms.reviewer: chasedmicrosoft |
| 5 | +ms.date: 04/14/2025 |
| 6 | +ms.reviewer: doveychase, yuewu2, v-weizhu |
8 | 7 | #Customer intent: As an Azure Kubernetes user, I want to troubleshoot problems that involve the network isolated cluster so that I can successfully use this feature on Azure Kubernetes Service (AKS). |
9 | 8 | ms.custom: sap:Extensions, Policies and Add-Ons |
10 | 9 | --- |
| 10 | +# Troubleshoot network isolated Azure Kubernetes Service (AKS) clusters issues |
11 | 11 |
|
12 | | -# Troubleshoot the network isolated Azure Kubernetes Service (AKS) cluster |
13 | | - |
14 | | -This article discusses how to troubleshoot the [network isolated cluster][network-isolated-cluster] to the Microsoft Azure Kubernetes Service (AKS). |
| 12 | +This article discusses how to troubleshoot issues on [network isolated Azure Kubernetes Service (AKS) clusters](/azure/aks/concepts-network-isolated). |
15 | 13 |
|
16 | 14 | ## Prerequisites |
17 | 15 |
|
18 | 16 | - The Kubernetes [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) tool. To install kubectl by using the [Azure CLI](/cli/azure/install-azure-cli), run the [az aks install-cli](/cli/azure/aks#az-aks-install-cli) command. |
19 | 17 |
|
20 | 18 | ## Network isolated cluster support |
21 | 19 |
|
22 | | -The network isolated cluster follows a similar support model to other [AKS add-ons](/azure/aks/integrations). There are two options available for the private Azure Container Registry (ACR) with network isolated clusters. If you're bringing your own ACR, then you're responsible for properly configuring your ACR and associated resources. |
| 20 | +The network isolated cluster follows a similar support model to other [AKS add-ons](/azure/aks/integrations). There are two options available for the private Azure Container Registry (ACR) with network isolated clusters. If you're using Bring your own (BYO) ACR, you're responsible for properly configuring your ACR and associated resources. |
23 | 21 |
|
24 | | -## Known issues |
| 22 | +## Issue 1: Cluster image pull fails due to network isolation |
25 | 23 |
|
26 | | -### Cluster image pulls failed |
27 | | -Network isolated clusters use ACR cache rules for image pull, when there is an image pull fail error due to network isolation: |
28 | | -- If you're using Bring your own (BYO) ACR, check your private ACR resources, including the cache rule and private endpoints to verify they're configured using recommendations outlined in the documentation. |
29 | | -- If you're using AKS Managed ACR, only MCR images are supported by default. If the image pull failure is on images from other registries, then you need go to the private ACR to create extra cache rules for those images. If the image pull failure is on MCR images, proceed to check if the associated ACR and private endpoint resource named with keyword `bootstrap` exists. If it doesn't exist, reconcile the cluster. |
| 24 | +Network isolated clusters use ACR cache rules for image pull. When an image pull faiure occurs due to network isolation: |
30 | 25 |
|
31 | | -### Cluster image pull fails after updating the existed cluster to network isolated cluster or updating the private ACR resource ID |
32 | | -The error is an intended behavior. You need to reimage the node to update the kubelet configuration in CSE (Container Service Extension) following the update actions mentioned. |
| 26 | +- If you're using Bring your own (BYO) ACR, check your private ACR resources, including the cache rule and private endpoints, to verify they're configured using recommendations outlined in the documentation. |
| 27 | +- If you're using AKS-managed ACR, only Microsoft Container Registry (MCR) images are supported by default. If the image pull failure occurs on images from other registries, go to the private ACR to create extra cache rules for those images. If the image pull failure occurs on MCR images,proceed to check if the associated ACR and private endpoint resource named with keyword `bootstrap` exist. If they don't exist, reconcile the cluster. |
33 | 28 |
|
34 | | -### ACR or associated cache rule, private endpoint and private DNS zone are deleted accidentally |
35 | | -If the cache rule is deleted from the managed ACR accidentally, the mitigation is to delete the ACR and then reconcile the cluster. If the ACR itself or private endpoint or private DNS zone is deleted by accident, the mitigation is just to reconcile the cluster. |
| 29 | +## Issue 2: Cluster image pull fails after updating the existed cluster to network isolated cluster or updating the private ACR resource ID |
36 | 30 |
|
| 31 | +The failure is an intended behavior. You need to reimage the node to update the kubelet configuration in Container Service Extension (CSE) following the update actions mentioned. |
37 | 32 |
|
| 33 | +## Issue 3: ACR or associated cache rule, private endpoint or private DNS zone are deleted |
38 | 34 |
|
39 | | -[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)] |
| 35 | +If the cache rule is deleted from the managed ACR accidentally, the mitigation is to delete the ACR and then reconcile the cluster. If the ACR itself, associated private endpoint, or associated private DNS zone is deleted by accident, the mitigation is just to reconcile the cluster. |
40 | 36 |
|
41 | | -[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
| 37 | +[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)] |
42 | 38 |
|
43 | | -[network-isolated-cluster]: /azure/aks/concepts-network-isolated |
| 39 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments