Skip to content

az connectedk8s connect - mcr.microsoft.us issue #9170

New issue
New issue
Open
Open
az connectedk8s connect - mcr.microsoft.us issue#9170
Labels
Auto-AssignAuto assign by botConnected KubernetesService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.
@josephaw1022

Description

@josephaw1022
josephaw1022
opened on Sep 16, 2025

Describe the bug

For context, I am using the gov cloud and based off looking at the code , I feel like the issue is around the domain used.

when following the instructions seen here

I noticed that once it got to the point where I run this command but in my own terminal

az connectedk8s connect --name AzureArcTest1 --resource-group AzureArcTest

I saw this output

Downloading helm client for first time. This can take few minutes...
An exception has occured while trying to perform kubectl or helm install: Failed to download helm client: HTTPSConnectionPool(host='mcr.microsoft.us', port=443): Max retries exceeded with url: /v2/azurearck8s/helm/manifests/helm-v3.12.2-linux-amd64 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f26085c2a30>: Failed to resolve 'mcr.microsoft.us' ([Errno -2] Name or service not known)"))

and when I run this basic nslookup, I cant help but think this is a bug in the connectedk8s extension and that it just needs to use the .com tld for obtaining the oci artifacts and helm charts

 nslookup mcr.microsoft.com
Server:         10.255.255.254
Address:        10.255.255.254#53

Non-authoritative answer:
mcr.microsoft.com       canonical name = mcr.trafficmanager.net.
mcr.trafficmanager.net  canonical name = mcr-0001.mcr-msedge.net.
Name:   mcr-0001.mcr-msedge.net
Address: 150.171.69.10
Name:   mcr-0001.mcr-msedge.net
Address: 150.171.70.10
Name:   mcr-0001.mcr-msedge.net
Address: 2603:1061:f:101::10
Name:   mcr-0001.mcr-msedge.net
Address: 2603:1061:f:100::10

and also

 nslookup mcr.microsoft.us
Server:         10.255.255.254
Address:        10.255.255.254#53

** server can't find mcr.microsoft.us: SERVFAIL

Related command

az connectedk8s connect

Errors

Downloading helm client for first time. This can take few minutes...
An exception has occured while trying to perform kubectl or helm install: Failed to download helm client: HTTPSConnectionPool(host='mcr.microsoft.us', port=443): Max retries exceeded with url: /v2/azurearck8s/helm/manifests/helm-v3.12.2-linux-amd64 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f26085c2a30>: Failed to resolve 'mcr.microsoft.us' ([Errno -2] Name or service not known)"))

Issue script & Debug output

cli.azext_connectedk8s.custom: Downloading helm client for first time. This can take few minutes...
oras.logger: Retrying in 3 seconds - error: HTTPSConnectionPool(host='mcr.microsoft.us', port=443): Max retries exceeded with url: /v2/azurearck8s/helm/manifests/helm-v3.12.2-linux-amd64 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f08c45ebf40>: Failed to resolve 'mcr.microsoft.us' ([Errno -2] Name or service not known)"))
oras.logger: Retrying in 5 seconds - error: HTTPSConnectionPool(host='mcr.microsoft.us', port=443): Max retries exceeded with url: /v2/azurearck8s/helm/manifests/helm-v3.12.2-linux-amd64 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f08c45ebeb0>: Failed to resolve 'mcr.microsoft.us' ([Errno -2] Name or service not known)"))
oras.logger: Retrying in 11 seconds - error: HTTPSConnectionPool(host='mcr.microsoft.us', port=443): Max retries exceeded with url: /v2/azurearck8s/helm/manifests/helm-v3.12.2-linux-amd64 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f08c45eb970>: Failed to resolve 'mcr.microsoft.us' ([Errno -2] Name or service not known)"))

Expected behavior

for it to install the helm binary and then install the chart

Environment Summary

 az --version
azure-cli 2.71.0 *

core 2.71.0 *
telemetry 1.1.0

Extensions:
application-insights 1.2.3
azure-devops 1.0.1
connectedk8s 1.10.8
k8s-extension 1.7.0
resource-graph 2.1.1

Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1

Python (Linux) 3.9.21 (main, Jun 27 2025, 00:00:00)
[GCC 11.5.0 20240719 (Red Hat 11.5.0-5)]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

when I read the code and wrote a bash script to download the helm file and put it in the dir that the cli will check as a work around( so somewhere in the .azure folder) and got it to move past this step, I ran into errors with the helm chart that is was trying to pull as well. So it seems like solving the top level domain part of this will help the rest work just fine.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-AssignAuto assign by botConnected KubernetesService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions