add common errors to aks trouble shooting doc

houk-ms · houk-ms · commit 4d122688e5be · 2024-06-04T13:18:49.000+08:00
diff --git a/articles/service-connector/how-to-use-service-connector-in-aks.md b/articles/service-connector/how-to-use-service-connector-in-aks.md
@@ -125,19 +125,19 @@ Service Connector kubernetes extension is built on top of [Azure Arc-enabled Kub
 
 1. Install the `k8s-extension` Azure CLI extension.
 
-  ```azurecli
+```azurecli
   az extension add --name k8s-extension
-  ```
+```
 
 1. Get the Service Connector extension status. Check the `statuses` property in the command output to see if there are any errors.
 
-  ```azurecli
+```azurecli
   az k8s-extension show \
       --resource-group MyClusterResourceGroup \
       --cluster-name MyCluster \
       --cluster-type managedClusters \
       --name sc-extension
-  ```
+```
 
 ### Check kubernetes cluster logs
 
@@ -150,7 +150,7 @@ If there's an error during the extension installation, and the error message in
        --resource-group MyClusterResourceGroup \
        --name MyCluster
    ```
-1. Service Connector extension is installed in the namespace `sc-system` through helm chart, check the namespace and the helm release by following commands.
+2. Service Connector extension is installed in the namespace `sc-system` through helm chart, check the namespace and the helm release by following commands.
 
    - Check the namespace exists.
 
@@ -163,7 +163,7 @@ If there's an error during the extension installation, and the error message in
    ```Bash
    helm list -n sc-system
    ```
-1. During the extension installation or updating, a kubernetes job called `sc-job` creates the kubernetes resources for the service connection. The job execution failure usually causes the extension failure. Check the job status by running the following commands. If `sc-job` doesn't exist in `sc-system` namespace, it should have been executed successfully. This job is designed to be automatically deleted after successful execution.
+3. During the extension installation or updating, a kubernetes job called `sc-job` creates the kubernetes resources for the service connection. The job execution failure usually causes the extension failure. Check the job status by running the following commands. If `sc-job` doesn't exist in `sc-system` namespace, it should have been executed successfully. This job is designed to be automatically deleted after successful execution.
 
    - Check the job exists.
 
@@ -183,6 +183,58 @@ If there's an error during the extension installation, and the error message in
    kubectl logs job/sc-job -n sc-system
    ```
 
+### Common Errors and Mitigations
+
+#### 1. Conflict
+
+**Error Message:**
+`Operation returned an invalid status code: Conflict`.
+
+**Reason:**
+This error usually occurs when attempting to create a service connector while the AKS (Azure Kubernetes Service) cluster is in an updating state. The service connector's update conflicts with the ongoing update.
+
+**Mitigation:**
+Ensure your cluster is in a "Succeeded" state before retrying the creation. It resolves most errors related to conflicts.
+
+#### 2. Timeout
+
+**Error Message:**
+- `Long running operation failed with status 'Failed'. Unable to get a response from the Agent in time`.
+- `Timed out waiting for the resource to come to a ready/completed state`
+
+**Reason:**
+This error often happens when the Kubernetes job used to create or update the Service Connector's cluster extension fails to be scheduled due to resource limitations or other issues.
+
+**Mitigation:**
+Refer to the [Check Kubernetes Cluster Logs](#check-kubernetes-cluster-logs) to identify and resolve the detailed reasons. A common issue is that no nodes are available due to preemption. In this case, consider adding more nodes or enabling auto-scaling for your nodes.
+
+#### 3. Unauthorized Resource Access
+
+**Error Message:**
+`You do not have permission to perform ... If access was recently granted, please refresh your credentials`.
+
+**Reason:**
+Service Connector requires permissions to operate the Azure resources you want to connect to, in order to perform connection operations on your behalf. This error indicates a lack of necessary permissions on some Azure resources.
+
+**Mitigation:**
+Check the permissions on the Azure resources specified in the error message. Obtain the required permissions and retry the creation.
+
+#### Other Issues
+
+If the above mitigations don't resolve your issue, try resetting the service connector cluster extension by removing it and then retrying the creation. This method is expected to resolve most issues related to the Service Connector cluster extension.
+
+Use the following CLI commands to reset the extension:
+
+```azurecli
+az extension add --name k8s-extension
+
+az k8s-extension delete \
+    --resource-group <MyClusterResourceGroup> \
+    --cluster-name <MyCluster> \
+    --cluster-type managedClusters \
+    --name sc-extension
+```
+
 ## Next steps
 
 Learn how to integrate different target services and read about their configuration settings and authentication methods.
