Added inferencing KIs

s-polly · s-polly · commit 2705895a6ee5 · 2023-09-26T06:36:50.000-05:00
diff --git a/articles/machine-learning/known-issues/azure-machine-learning-known-issues.md b/articles/machine-learning/known-issues/azure-machine-learning-known-issues.md
@@ -26,7 +26,9 @@ Select the **Title** to view more information about that specific known issue.
 |Compute | [Provisioning error when creating a compute instance with A10 SKU](compute-a10-sku-not-supported.md) | August 14, 2023 |
 |Compute | [Idleshutdown property in Bicep template causes error](compute-idleshutdown-bicep.md) |    August 14, 2023      |   
 |Compute | [Slowness in compute instance terminal from a mounted path](compute-slowness-terminal-mounted-path.md)| August 14, 2023|   
-|Compute| [Creating compute instance after a workspace move results in an Etag conflict error.](workspace-move-compute-instance-same-name.md)| August 14, 2023 | 
+|Compute| [Creating compute instance after a workspace move results in an Etag conflict error.](workspace-move-compute-instance-same-name.md)| August 14, 2023 |     
+|Inferencing| [Invalid certificate error during deployment with an AKS cluster](inferencing-invalid-certificate.md)| September, 26, 2023 |     
+|Inferencing| [SExisting Kubernetes compute cannot be update with `az ml compute attach` command](inferencing-updating-kubernetes-compute-appears-to-succeed.md)  | September, 26, 2023 | 
  
 
 ## Next steps
diff --git a/articles/machine-learning/known-issues/inferencing-invalid-certificate.md b/articles/machine-learning/known-issues/inferencing-invalid-certificate.md
@@ -0,0 +1,47 @@
+---
+title: Known issue - Inferencing | Invalid certificate error during deployment
+titleSuffix: Azure Machine Learning
+description: During machine learning deployments with an AKS cluster, you may receive an invalid certificate error.
+author: s-polly
+ms.author: scottpolly
+ms.topic: troubleshooting  
+ms.service: machine-learning
+ms.subservice: core
+ms.date: 08/04/2023
+ms.custom: known-issue
+---
+
+# Known issue  - Invalid certificate error during deployment with an AKS cluster
+
+During machine learning deployments using an AKS cluster, you may receive an invalid certificate error, such as `{"code":"BadRequest","statusCode":400,"message":"The request is invalid.","details":[{"code":"KubernetesUnaccessible","message":"Kubernetes error: AuthenticationException. Reason: InvalidCertificate"}],`
+
+ 
+
+[!INCLUDE [dev v2](../includes/machine-learning-dev-v2.md)]
+
+**Status:** Open
+
+**Problem area:** Inferencing
+
+## Symptoms
+
+Azure Machine Learning deployments with an AKS cluster fail with the error:
+
+`{"code":"BadRequest","statusCode":400,"message":"The request is invalid.","details":[{"code":"KubernetesUnaccessible","message":"Kubernetes error: AuthenticationException. Reason: InvalidCertificate"}],`
+and the following error is shown in the MMS logs:
+
+`K8sReadNamespacedServiceAsync failed with AuthenticationException: System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](tioadapteradapterbooleanreceivefirstbytereauthenticationdatabooleanisapm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)`
+
+## Cause
+
+This error occurs because the certificate for AKS clusters created before January 2021 does not include the `Subject Key Identifier` value, which prevents the required `Authority Key Identifier` value from being generated.
+
+## Solutions and workarounds
+
+There are two options to resolve this issue:
+- Rotate the AKS certificate for the cluster. See [Certificate Rotation in Azure Kubernetes Service (AKS) - Azure Kubernetes Service](../../aks/certificate-rotation.md) for more information.
+- Wait for 5 hours for the certificate to be automatically updated, and the issue should be resolved. 
+
+## Next steps
+
+- [About known issues](azureml-known-issues.md)
diff --git a/articles/machine-learning/known-issues/inferencing-updating-kubernetes-compute-appears-to-succeed.md b/articles/machine-learning/known-issues/inferencing-updating-kubernetes-compute-appears-to-succeed.md
@@ -0,0 +1,36 @@
+---
+title: Known issue - Inferencing | Existing Kubernetes compute cannot be updated
+titleSuffix: Azure Machine Learning
+description: Updating a Kubernetes attached compute instance using the az ml attach command appears to succeed but does not.
+author: s-polly
+ms.author: scottpolly
+ms.topic: troubleshooting  
+ms.service: machine-learning
+ms.subservice: core
+ms.date: 08/04/2023
+ms.custom: known-issue
+---
+
+# Known issue  - Existing Kubernetes compute cannot be update with `az ml compute attach` command
+
+Updating a Kubernetes attached compute instance using the `az ml attach` command appears to succeed but does not.
+ 
+
+[!INCLUDE [dev v2](../includes/machine-learning-dev-v2.md)]
+
+**Status:** Open
+
+**Problem area:** Inferencing
+
+## Symptoms
+
+When running the command `az ml compute attach --resource-group <rgname> --workspace-name <ws name> --type Kubernetes --name <existing attached compute name(aaaaa)> --resource-id "<resource URI>" --namespace <deployment name>`, the Workspace UI will display a success message indicating that the compute update was successful, however the compute will not have changed.
+
+## Cause
+
+The `az ml compute attach` command is not currently supported for use with Kubernetes compute. At this time, the CLI v2 and SDK v2 do not allow updating any configuration of an existing Kubernetes compute.
+
+
+## Next steps
+
+- [About known issues](azureml-known-issues.md)
diff --git a/articles/machine-learning/toc.yml b/articles/machine-learning/toc.yml
@@ -702,7 +702,6 @@
           href: how-to-secure-rag-workflows.md
         - name: RAG cloud to local 
           href: how-to-retrieval-augmented-generation-cloud-to-local.md
-
 - name: Responsibly develop & monitor
   items:
   - name: Responsible AI overview
@@ -1384,6 +1383,12 @@
             href: ./known-issues/workspace-move-compute-instance-same-name.md
           - name: Application Sharing Policy isn't supported 
             href: ./known-issues/application-sharing-policy-not-supported.md 
+        - name: Inferencing known issues
+          items:
+          - name: Existing Kubernetes compute cannot be updated
+            href: ./known-issues/inferencing-updating-kubernetes-compute-appears-to-succeed.md
+          - name: Invalid certificate error during deployment
+            href: ./known-issues/inferencing-invalid-certificate.md
 - name: Samples
   items:
     - name: Jupyter Notebooks
