Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article discusses how to identify and resolve the OrasPullNetworkTimeoutVMExtensionError error (error code 211) that occurs when you try to create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
Symptoms
When you try to create an AKS cluster with the outbound type none or block, you receive the following error message:
VMExtensionProvisioningError: VM has reported a failure when processing extension 'vmssCSE'.
Error message: "Enable failed: failed to execute command: command terminated with exit status=211
Bootstrap Container Registry is not reachable. Please check the network configuration and try again.
Cause
For network isolated cluster, egress traffic is limited. The feature introduces private Azure Container Registry (ACR) cache that acts as a proxy to download necessary binaries or images from Microsoft Artifact Registry (MAR) for AKS bootstrap. VM instances connect to the private ACR via a private link. Incorrect configuration of the private link causes VM bootstrap Custom Script Extension (CSE) to fail.
Solution
To resolve this issue, follow these steps:
Retrieve the ACR resource ID that AKS uses as the bootstrap ACR by running the following command:
az aks show -g ${RESOURCE_GROUP} -n ${CLUSTER_NAME} --query 'bootstrapProfile.containerRegistryResourceId'Verify the ACR cache rule. It should include
aks-managed-rulewith source repomcr.microsoft.com/*and target repoaks-managed-repository/*. Ensure no other cache rule exists with source or target repo as*, which overrideaks-managed-rule.Review the container registry private link to ensure that the connection configuration is correct, including the private Domain Name System (DNS) zone and private link.
Access any failed VM instance using Secure Shell (SSH) and run curl on the ACR host. If successful, reconcile the cluster. If it still fails, return to step 3.
References
Contact us for help
If you have questions, you can ask Azure community support. You can also submit product feedback to Azure feedback community.