Merge pull request #296357 from MicrosoftDocs/main

3/14/2025 AM Publish

Author: Albertyang0

articles/databox-online/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster.md

@@ -6,7 +6,7 @@ author: alkohli
 
 ms.service: azure-stack-edge
 ms.topic: how-to
-ms.date: 02/17/2022
+ms.date: 03/14/2025
 ms.author: alkohli
 ---
 
@@ -16,9 +16,9 @@ ms.author: alkohli
 
 This article shows you how to enable Azure Arc on an existing Kubernetes cluster on your Azure Stack Edge Pro device.
 
-This procedure assumes that you have read and understood the following articles:
+This procedure assumes that you've read and understood the following articles:
 
-- [Kubernetes workloads on Azure Stack Edge Pro device](azure-stack-edge-gpu-kubernetes-workload-management.md)
+- [Kubernetes workloads on Azure Stack Edge Pro device](azure-stack-edge-gpu-kubernetes-workload-management.md).
 - [What is Azure Arc-enabled Kubernetes (Preview)?](/azure/azure-arc/kubernetes/overview)
 
 ## Prerequisites
@@ -31,7 +31,7 @@ Make sure that you've completed the following prerequisites on your Azure Stack
     1. The device is activated. See [Activate the device](azure-stack-edge-gpu-deploy-activate.md).
     1. The device has the compute role configured via Azure portal and has a Kubernetes cluster. See [Configure compute](azure-stack-edge-gpu-deploy-configure-compute.md).
 
-1. You've owner access to the subscription. You would need this access during the role assignment step for your service principal.
+1. You have owner access to the subscription. You would need this access during the role assignment step for your service principal.
 
 
 ### For client accessing the device
@@ -50,7 +50,7 @@ Make sure that you've completed the following prerequisites on your Azure Stack
       - Use `kubectl version` to check the version of kubectl running on the client. Make a note of the full version.
       - In the local UI of your Azure Stack Edge Pro device, go to **Software update** and note the Kubernetes server version number.
 
-        ![Verify Kubernetes server version number](media/azure-stack-edge-gpu-connect-powershell-interface/verify-kubernetes-version-1.png)
+        ![Screenshot of verify Kubernetes server version number.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/verify-kubernetes-version-1.png)
 
       - Verify these two versions are compatible.
 
@@ -62,27 +62,27 @@ Before you enable Azure Arc on the Kubernetes cluster, you need to enable and re
 1. To enable a resource provider, in the Azure portal, go to the subscription that you're planning to use for the deployment. Go to **Resource Providers**.
 1. In the right-pane, search for the providers you want to add. In this example, `Microsoft.Kubernetes` and `Microsoft.KubernetesConfiguration`.
 
-    ![Register Kubernetes resource providers](media/azure-stack-edge-gpu-connect-powershell-interface/register-k8-resource-providers-1.png)
+    ![Screenshot of register Kubernetes resource providers.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/register-k8-resource-providers-1.png)
 
 1. Select a resource provider and from the top of the command bar, select **Register**. Registration  takes several minutes.
 
-    ![Register Kubernetes resource providers 2](media/azure-stack-edge-gpu-connect-powershell-interface/register-k8-resource-providers-2.png)
+    ![Screenshot of register Kubernetes resource providers 2.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/register-k8-resource-providers-2.png)
 
 1. Refresh the UI until you see that the resource provider is registered. Repeat the process for both resource providers.
 
-    ![Register Kubernetes resource providers 3](media/azure-stack-edge-gpu-connect-powershell-interface/register-k8-resource-providers-4.png)
+    ![Screenshot of register Kubernetes resource providers 3.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/register-k8-resource-providers-4.png)
 
 You can also register resource providers via the `az cli`. For more information, see [Register the two providers for Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/quickstart-connect-cluster#register-providers-for-azure-arc-enabled-kubernetes).
 
 ## Create service principal, assign role
 
 1. Make sure that you have `Subscription ID` and the name of the resource group you used for the resource deployment for your Azure Stack Edge service. To get the subscription ID, go to your Azure Stack Edge resource in the Azure portal. Navigate to **Overview > Essentials**.
 
-    ![Get subscription ID](media/azure-stack-edge-gpu-connect-powershell-interface/get-subscription-id-1.png)
+    ![Screenshot of get subscription ID.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/get-subscription-id-1.png)
 
     To get the resource group name, go to **Properties**.
 
-    ![Get resource group name](media/azure-stack-edge-gpu-connect-powershell-interface/get-resource-group-name-1.png)
+    ![Screenshot of get resource group name.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/get-resource-group-name-1.png)
 
 1. To create a service principal, use the following command via the `az cli`.
 
@@ -104,9 +104,39 @@ You can also register resource providers via the `az cli`. For more information,
     PS /home/user>
     ```
 
-1. Make a note of the `appID`, `name`, `password`, and `tenantID` as you'll use these values as input to the next command.
+1. Make a note of the `appId`, `name`, `password`, and `tenantID` as you'll use these values as input to the next command.
 
-1. After creating the new service principal, assign the `Kubernetes Cluster - Azure Arc Onboarding` role to the newly created principal. This is a built-in Azure role (use the role ID in the command) with limited permissions. Use the following command:
+   There are several ways to obtain `appId`. The following three options are the preferred methods. If you use one of the following options, you can skip steps 1, 2, and 3 from the previous section and move directly to the following step 4.
+
+   - Option 1 - Use Minishell to run the following PowerShell cmdlet: 
+
+      ```powershell
+      [Device-IP]: PS> Get-AzureDataBoxEdgeApplicationId
+      xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+      [Device-IP]: PS>
+      ```
+
+   - Option 2 - Use the following steps to view JSON details for your device In Azure portal:
+      
+      1. Navigate to your Azure Stack Edge device **Overview** and then select **JSON view** at top right.
+  
+          ![Screenshot of view Overview page for your Azure Stack Edge device.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/view-device-overview.png)    
+
+      1.  In the **Resource JSON** details for your device, make note of the `principalId`. 
+
+          ![Screenshot of view JSON details for your Azure Stack Edge device.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/view-json-details.png)
+
+   - Option 3 - Use non-Azure Stack Edge PowerShell on a client machine to run the following command:
+
+      ```powershell
+      // ASE resource group and resource name can be obtained from Azure portal
+      PS C:\> $ASEResource= GetAzResource –ResourceGroupName <resource-group-name> -ResourceName <resource-name>
+      PS C:\> $ASEResource.Identity.PrincipalId
+      xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+      PS C:\>
+      ```
+
+1. After you create the new service principal, or after you retrieve it using one of these options, assign the `Kubernetes Cluster - Azure Arc Onboarding` role to the newly created principal. This is a built-in Azure role (use the role ID in the command) with limited permissions. Use the following command:
 
     `az role assignment create --role 34e09817-6cbe-4d01-b1a2-e0eac5743d41 --assignee <appId-from-service-principal> --scope /subscriptions/<SubscriptionID>/resourceGroups/<Resource-group-name>`
 
@@ -128,45 +158,47 @@ You can also register resource providers via the `az cli`. For more information,
     PS /home/user>
     ```
 
-
 ## Enable Arc on Kubernetes cluster
 
 Follow these steps to configure the Kubernetes cluster for Azure Arc management:
 
 1. [Connect to the PowerShell interface](azure-stack-edge-gpu-connect-powershell-interface.md#connect-to-the-powershell-interface) of your device.
 
-1. Type:
+1. Run the following command:
 
     `Set-HcsKubernetesAzureArcAgent -SubscriptionId "<Your Azure Subscription Id>" -ResourceGroupName "<Resource Group Name>" -ResourceName "<Azure Arc resource name (shouldn't exist already)>" -Location "<Region associated with resource group>" -TenantId "<Tenant Id of service principal>" -ClientId "<App id of service principal>"`
 
-    When this command is run, there's a follow-up prompt to enter the `ClientSecret`. Provide the service principal password.
+    After you run this command, you see a follow-up prompt to specify `ClientSecret`. Provide the service principal password at the prompt.
 
     Add the `CloudEnvironment` parameter if you're using a cloud other than Azure public. You can set this parameter to `AZUREPUBLICCLOUD`, `AZURECHINACLOUD`, `AZUREGERMANCLOUD`, and `AZUREUSGOVERNMENTCLOUD`.
 
-    > [!NOTE]
-    > - To deploy Azure Arc on your device, make sure that you are using a [Supported region for Azure Arc](https://azure.microsoft.com/global-infrastructure/services/?products=azure-arc).
-    > - Use the `az account list-locations` command to figure out the exact location name to pass in the `Set-HcsKubernetesAzureArcAgent` cmdlet. Location names are typically formatted without any spaces.
-    > - `ClientId` and `ClientSecret` are required.
+   **Usage considerations:**
 
-    Here's an example:
+   - To deploy Azure Arc on your device, make sure that you're using a [Supported region for Azure Arc](https://azure.microsoft.com/global-infrastructure/services/?products=azure-arc).
+   - Use the `az account list-locations` command to determine the exact location name to pass in the `Set-HcsKubernetesAzureArcAgent` cmdlet. Location names are typically formatted without any spaces.
+   
+   > [!IMPORTANT]
+   > If you obtain the `Id` instead of creating a new service principle using the older method, then do not specify `ClientId`, `TenantId`, or `ClientSecret`.
 
-    ```powershell
-    [10.100.10.10]: PS>Set-HcsKubernetesAzureArcAgent -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ResourceGroupName "myaserg1" -ResourceName "myasetestresarc" -Location "westeurope" -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ClientId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+   Here's an example:
 
-    WARNING: A script or application on the remote computer 10.126.76.0 is sending a prompt request. When you are prompted,
-    enter sensitive information, such as credentials or passwords, only if you trust the remote computer and the
-    application or script that is requesting the data.
+   ```powershell
+   [10.100.10.10]: PS>Set-HcsKubernetesAzureArcAgent -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ResourceGroupName "myaserg1" -ResourceName "myasetestresarc" -Location "westeurope" -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ClientId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 
-    cmdlet Set-HcsKubernetesAzureArcAgent at command pipeline position 1
+   WARNING: A script or application on the remote computer 10.126.76.0 is sending a prompt request. When you are prompted,
+   enter sensitive information, such as credentials or passwords, only if you trust the remote computer and the
+   application or script that is requesting the data.
 
-    Supply values for the following parameters:
-    ClientSecret: **********************************
-    [10.100.10.10]: PS>
-    ```
+   cmdlet Set-HcsKubernetesAzureArcAgent at command pipeline position 1
+
+   Supply values for the following parameters:
+   ClientSecret: **********************************
+   [10.100.10.10]: PS>
+   ```
 
-    In the Azure portal, a resource should be created with the name you provided in the preceding command.
+   In the Azure portal, a resource should be created with the name you provided in the preceding command.
 
-    ![Go to Azure Arc resource](media/azure-stack-edge-gpu-connect-powershell-interface/verify-azure-arc-enabled-1.png)
+   ![Screenshot of go to Azure Arc resource.](media/azure-stack-edge-gpu-deploy-arc-kubernetes-cluster/verify-azure-arc-enabled-1.png)
 
 1. To verify that Azure Arc is enabled successfully, run the following command from PowerShell interface:
 
@@ -208,16 +240,16 @@ A conceptual overview of these agents is available [here](/azure/azure-arc/kuber
 
 To remove the Azure Arc management, follow these steps:
 
-1. 1. [Connect to the PowerShell interface](azure-stack-edge-gpu-connect-powershell-interface.md#connect-to-the-powershell-interface) of your device.
-2. Type:
+1. [Connect to the PowerShell interface](azure-stack-edge-gpu-connect-powershell-interface.md#connect-to-the-powershell-interface) of your device.
+2. Run the following command:
 
     `Remove-HcsKubernetesAzureArcAgent`
 
 
 > [!NOTE]
-> By default, when resource `yamls` are deleted from the Git repository, the corresponding resources are not deleted from the Kubernetes cluster. You need to set `--sync-garbage-collection`  in Arc OperatorParams to allow the deletion of resources when deleted from git repository. For more information, see [Delete a configuration](/azure/azure-arc/kubernetes/tutorial-use-gitops-connected-cluster#additional-parameters)
+> By default, when resource `yamls` are deleted from the Git repository, the corresponding resources aren't deleted from the Kubernetes cluster. You need to set `--sync-garbage-collection`  in Arc OperatorParams to allow the deletion of resources when deleted from git repository. For more information, see [Delete a configuration](/azure/azure-arc/kubernetes/tutorial-use-gitops-connected-cluster#additional-parameters)
 
 ## Next steps
 
 To understand how to run an Azure Arc deployment, see
-[Deploy a stateless PHP `Guestbook` application with Redis via GitOps on an Azure Stack Edge Pro device](azure-stack-edge-gpu-deploy-stateless-application-git-ops-guestbook.md)
+[Deploy a stateless PHP `Guestbook` application with Redis via GitOps on an Azure Stack Edge Pro device](azure-stack-edge-gpu-deploy-stateless-application-git-ops-guestbook.md).