When external-dns is enabled for HyperShift hosted clusters, the custom kubeconfig secret (generated by --kas-dns-name) defaults to using port 6443, but external-dns requires port 443 for proper connectivity. 
Attempting to connect using the default port results in connection reset errors.
    

4.19, 4.20, 4.21, 4.22
    

always
    

    1. Create a HyperShift hosted cluster with external-dns enabled with --kas-dns-name
 /usr/bin/hypershift create cluster azure --name $cluster-name --node-pool-replicas 3 --base-domain qe.azure.devcluster.openshift.com --external-dns-domain=qe1.azure.devcluster.openshift.com --pull-secret /tmp/secret/hypershift-pull-secret --azure-creds /var/run/secrets/ci.openshift.io/cluster-profile/osServicePrincipal.json --location northcentralus --release-image $image --encryption-key-id= --disk-encryption-set-id= --resource-group-name= --vnet-id= --subnet-id= --network-security-group-id= --generate-ssh --image-content-sources /tmp/secret/mgmt_icsp.yaml --oidc-issuer-url XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --sa-token-issuer-private-key-path /etc/hypershift-aro-azurecreds/oidc-signer-private --managed-identities-file /etc/hypershift-aro-azurecreds/managed-identities.json --data-plane-identities-file /etc/hypershift-aro-azurecreds/dataplane-identities.json --annotations=hypershift.openshift.io/pod-security-admission-label-override=baseline --kas-dns-name=hypershift-kas-dns.qe1.azure.devcluster.openshift.com --diagnostics-storage-account-type=Managed --assign-service-principal-roles=true --dns-zone-rg-name=os4-common

    2. Wait for the custom kubeconfig secret to be generated
    3. Extract the custom kubeconfig
oc get secret/2a9d006dfdcbd319d169-custom-admin-kubeconfig -n clusters -o jsonpath='{.data.kubeconfig}' | base64 -d > /tmp/guest_kubeconfig
    4. $ oc version --kubeconfig=/tmp/guest_kubeconfig
Client Version: 4.20.0-0.nightly-2025-08-20-004153
Kustomize Version: v5.6.0
error: Get "https://hypershift-kas-dns.qe1.azure.devcluster.openshift.com:6443/apis/config.openshift.io/v1/clusterversions/version": read tcp 192.168.2.147:64723->20.252.65.174:6443: read: connection reset by peer - error from a previous attempt: read tcp 192.168.2.147:64715->20.252.65.174:6443: read: connection reset by peer
    5. Need manually update the 6443 port to 443, then could connect to hostedcluster
oc project --kubeconfig=/tmp/aks-guest
Using project "default" from context named "admin" on server "https://hypershift-kas-dns.qe1.azure.devcluster.openshift.com:443".

    

    4. oc version --kubeconfig=/tmp/guest_kubeconfig
Client Version: 4.20.0-0.nightly-2025-08-20-004153
Kustomize Version: v5.6.0
error: Get "https://hypershift-kas-dns.qe1.azure.devcluster.openshift.com:6443/apis/config.openshift.io/v1/clusterversions/version": read tcp 192.168.2.147:64723->20.252.65.174:6443: read: connection reset by peer - error from a previous attempt: read tcp 192.168.2.147:64715->20.252.65.174:6443: read: connection reset by peer
    

When external-dns is enabled, the custom kubeconfig should use port 443 instead of port 6443. The connection should succeed without errors.