MicrosoftDocs
diff --git a/‎AKS-Arc/TOC.yml
Lines changed: 4 additions & 0 deletions b/‎AKS-Arc/TOC.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎AKS-Arc/aks-create-clusters-api.md
Lines changed: 159 additions & 0 deletions b/‎AKS-Arc/aks-create-clusters-api.md
Lines changed: 159 additions & 0 deletions
diff --git a/‎AKS-Arc/aks-edge-concept-clusters-nodes.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-concept-clusters-nodes.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-edge-concept-networking.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-concept-networking.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-edge-deployment-config-json.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-deployment-config-json.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-edge-help-support.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-help-support.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-edge-system-requirements.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-system-requirements.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-edge-troubleshoot-overview.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-edge-troubleshoot-overview.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-hci-ip-address-planning.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-hci-ip-address-planning.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/aks-platforms-compare.md
Lines changed: 9 additions & 9 deletions b/‎AKS-Arc/aks-platforms-compare.md
Lines changed: 9 additions & 9 deletions
@@ -62,6 +62,8 @@
         href: create-clusters-terraform.md
       - name: Azure Resource Manager template
         href: resource-manager-quickstart.md
+      - name: REST API
+        href: aks-create-clusters-api.md
     - name: Networking
       items:
       - name: Create logical networks
@@ -187,6 +189,8 @@
       href: network-validation-errors.md
     - name: Network validation error due to .local domain
       href: network-validation-error-local.md
+    - name: BGP with FRR not working
+      href: connectivity-troubleshoot.md
   - name: Reference
     items:
     - name: Azure CLI
 
@@ -0,0 +1,159 @@
+---
+title: Create Kubernetes clusters using REST APIs
+description: Learn how to create Kubernetes clusters in Azure Local using REST API for the Hybrid Container Service.
+ms.topic: how-to
+author: rcheeran
+ms.date: 06/19/2025
+ms.author: rcheeran 
+ms.lastreviewed: 06/19/2025
+ms.reviewer: rjaini
+---
+
+# Create Kubernetes clusters using the REST API
+
+[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
+
+This article describes how to create Kubernetes clusters on Azure Local using the REST API. The Azure resource type for [AKS Arc provisioned clusters](/azure/templates/microsoft.hybridcontainerservice/provisionedclusterinstances?pivots=deployment-language-arm-template) is **"Microsoft.HybridContainerService/provisionedClusterInstances"**. This resource is an extension of the [connected clusters](/azure/templates/microsoft.kubernetes/connectedclusters?pivots=deployment-language-arm-template) resource type, **"Microsoft.Kubernetes/connectedClusters"**. Due to this dependency, you must first create a connected cluster resource before creating an AKS Arc resource.
+
+## Before you begin
+
+Before you begin, make sure you have the following details from your on-premises infrastructure administrator:
+
+- **Azure subscription ID**: The Azure subscription ID that Azure Local uses for deployment and registration.
+- **Custom Location ID**: The Azure Resource Manager ID of the custom location. The custom location is configured during the Azure Local cluster deployment. Your infrastructure admin should give you the Resource Manager ID of the custom location. This parameter is required in order to create Kubernetes clusters. If the infrastructure admin provides a custom location name and resource group name, you can also get the Resource Manager ID using the following command:
+
+  ```azurecli
+  az customlocation show --name "<custom location name>" --resource-group <azure resource group> --query "id" -o tsv
+  ```
+  
+- **Network ID**: The Azure Resource Manager ID of the Azure Local logical network you created [following these steps](aks-networks.md). Your admin should give you the ID of the logical network. This parameter is required in order to create Kubernetes clusters. If you know the resource group in which the logical network was created, you can also get the Azure Resource Manager ID using the following command:
+
+  ```azurecli
+  az stack-hci-vm network lnet show --name "<lnet name>" --resource-group <azure resource group> --query "id" -o tsv
+  ```
+  
+- **Create an SSH key pair**: Create an SSH key pair in Azure and store the private key file for troubleshooting and log collection purposes. For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli), or with the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
+- To connect to the Kubernetes cluster from anywhere, create a Microsoft Entra group and add members to it. All the members in the Microsoft Entra group have cluster administrator access to the cluster. Make sure to add yourself as a member to the Microsoft Entra group. If you don't add yourself, you can't access the Kubernetes cluster using **kubectl**. For more information about creating Microsoft Entra groups and adding users, see [Manage Microsoft Entra groups and group membership](/entra/fundamentals/how-to-manage-groups).
+
+## Step 1: Create a connected cluster resource
+
+See the API definition for [connected clusters](/rest/api/hybridkubernetes/connected-cluster/create) and create a **PUT** request with the `kind` property set to `ProvisionedCluster`. The following example is a sample **PUT** request to create a connected cluster resource using the REST API:
+
+```http
+PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Kubernetes/connectedClusters/{connectedClusterName}?api-version=2024-01-01
+Content-Type: application/json
+Authorization: Bearer <access_token>
+
+{
+    "location": "<region>",
+    "identity": {
+        "type": "SystemAssigned"
+    },
+    "kind": "ProvisionedCluster",
+    "properties": {
+        "agentPublicKeyCertificate": "",
+        "azureHybridBenefit": "NotApplicable",
+        "distribution": "AKS",
+        "distributionVersion": "1.0",
+        "aadProfile": {
+          "enableAzureRBAC": true,
+          "adminGroupObjectIDs": [
+            "<entra-group-id>"
+          ],
+          "tenantID": "<tenant-id>"
+    },
+  }
+}
+```
+
+Replace all placeholder values with your actual details. For more information, see the [connected clusters API documentation](/rest/api/hybridkubernetes/connected-cluster/create).
+
+## Step 2: Create a provisioned cluster resource
+
+See the API definition for [provisioned clusters](/rest/api/hybridcontainer/provisioned-cluster-instances/create-or-update). In this **PUT** call, pass the Azure Resource Manager identifier created in the previous step as the URI parameter. The following code is an example HTTP **PUT** request to create a provisioned cluster resource with only the required parameters:
+
+```http
+PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HybridContainerService/provisionedClusterInstances/{clusterName}?api-version=2024-01-01-preview
+Content-Type: application/json
+Authorization: Bearer <access_token>
+
+{
+  "extendedLocation": {
+    "type": "CustomLocation",
+    "name": "<ARM ID of Custom Location>"
+  },
+  "properties": {
+    "controlPlane": {
+      "count": 1,
+      "vmSize": "Standard_A4_v2"
+    },
+    "agentPoolProfiles": [
+      {
+        "name": "default-nodepool-1",
+        "count": 1,
+        "vmSize": "Standard_A4_v2",
+        "osType": "Linux",
+      }
+    ],
+    "linuxProfile": {
+      "ssh": {
+        "publicKeys": [
+          {
+            "keyData": "<SSH public key>"
+          }
+        ]
+      }
+    },
+    "cloudProviderProfile": {
+      "infraNetworkProfile": {
+        "vnetSubnetIds": [
+          "<ARM ID of logical network>"
+        ]
+      }
+    },
+  }
+}
+
+```
+
+Replace the placeholder values with your actual details. For more information, see the [provisioned clusters API documentation](/rest/api/hybridcontainer/provisioned-cluster-instances/create-or-update).
+
+## Connect to the Kubernetes cluster
+
+Now you can connect to your Kubernetes cluster by running the `az connectedk8s proxy` command from your development machine. Make sure you sign in to Azure before running this command. If you have multiple Azure subscriptions, select the appropriate subscription ID using the [az account set](/cli/azure/account#az-account-set) command.
+
+This command downloads the **kubeconfig** of your Kubernetes cluster to your development machine and opens a proxy connection channel to your on-premises Kubernetes cluster. The channel is open for as long as the command runs. Let this command run for as long as you want to access your cluster. If it times out, close the CLI window, open a fresh one, and then run the command again.
+
+You must have Contributor permissions on the resource group that hosts the Kubernetes cluster in order to successfully run the following command:
+
+```azurecli
+az connectedk8s proxy --name $aksclustername --resource-group $resource_group --file .\aks-arc-kube-config
+```
+
+Expected output:
+
+```output
+Proxy is listening on port 47011
+Merged "aks-workload" as current context in .\\aks-arc-kube-config
+Start sending kubectl requests on 'aks-workload' context using
+kubeconfig at .\\aks-arc-kube-config
+Press Ctrl+C to close proxy.
+```
+
+Keep this session running and connect to your Kubernetes cluster from a different terminal or command prompt. Verify that you can connect to your Kubernetes cluster by running the `kubectl get` command. This command returns a list of the cluster nodes:
+
+```azurecli
+kubectl get node -A --kubeconfig .\aks-arc-kube-config
+```
+
+The following example output shows the node you created in the previous steps. Make sure the node status is **Ready**:
+
+```output
+NAME             STATUS ROLES                AGE VERSION
+moc-l0ttdmaioew  Ready  control-plane,master 34m v1.24.11
+moc-ls38tngowsl  Ready  <none>               32m v1.24.11
+```
+
+## Next steps
+
+[AKS Arc overview](overview.md)
@@ -3,7 +3,7 @@ title: AKS Edge Essentials clusters and nodes
 description: Learn about clusters and nodes running on AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 07/11/2024
 ms.custom: template-concept
 ---
 
@@ -3,7 +3,7 @@ title: AKS Edge Essentials networking
 description: Basic networking concepts for AKS Edge Essentials 
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---
 
@@ -3,7 +3,7 @@ title: AKS Edge Essentials deployment configuration JSON parameters
 description: Description of deployment configuration JSON parameters in AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---
 
@@ -2,7 +2,7 @@
 title: Get support for AKS Edge Essentials
 description: Learn about how to get support and open a support request for AKS Edge Essentials.
 author: sethmanheim
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 04/07/2025
 ms.author: sethm 
 
 
@@ -3,7 +3,7 @@ title: AKS Edge Essentials system requirements
 description: Requirements and supported versions for AKS Edge Essentials. 
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---
 
@@ -3,7 +3,7 @@ title: Troubleshoot common issues in AKS Edge Essentials
 description: Learn about common issues and workarounds in AKS Edge Essentials. 
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.date: 12/12/2024
 ms.custom: template-concept
 ---
 
@@ -1,7 +1,7 @@
 ---
 title: IP address planning for AKS enabled by Azure Arc
 description: Learn about how to plan for IP addresses and reservation, to deploy AKS Arc in production. 
-ms.topic: conceptual
+ms.topic: article
 ms.date: 11/19/2024
 author: sethmanheim
 ms.author: sethm
 
@@ -3,7 +3,7 @@ title: Azure Kubernetes Service (AKS) Cloud, Edge, and On-Premises Comparison
 description: Learn about Azure Kubernetes Service (AKS) features, capabilities, and pricing across cloud, edge, and on-premises environments to choose the best deployment for your needs.
 author: sethmanheim
 ms.topic: concept-article
-ms.date: 06/12/2025
+ms.date: 06/16/2025
 ms.author: sethm
 ms.reviewer: rmody
 ---
@@ -23,7 +23,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## General comparison of AKS across platforms
 
-| Platform | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
+| Feature | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Supported infrastructure for Kubernetes cluster | Azure cloud | Azure Local, version 23H2 or later | - Windows 10/11 IoT Enterprise<br>- Windows 10/11 Enterprise<br>- Windows 10/11 Pro<br>- Windows Server 2019/2022 | - Windows Server 2019<br>- Windows Server 2022 |
 | CNCF conformant | Yes | Yes | Yes | Yes |
@@ -38,7 +38,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Monitoring and diagnostic capabilities
 
-|   Feature       |     Azure Cloud    |     AKS on Azure Local    |      Edge Essentials (Windows IoT client/server)    |     Windows Server    |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 |     Azure Monitor Container Insights     |     Yes    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |
 |     Azure Monitor Managed Prometheus and control plane metrics scraping     |     Yes    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |
@@ -48,7 +48,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Node pool capabilities
 
-|  Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT client/server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Windows node pool support      | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter | - Yes<br>- Windows Server 2022 Datacenter (Core) | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter |
 | Linux OS offerings            | - Ubuntu 18.04<br>- Azure Linux | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) |
@@ -67,7 +67,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Networking capabilities
 
-|  Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Network creation and management | By default, Azure creates a virtual network and subnet for you. You can also choose an existing virtual network in which to create your AKS clusters. | Setting up networking parameters is a required prerequisite to deploy AKS on Azure Local. Network must have connectivity and IP address availability for successful operation of the cluster. | You must provide the IP address range for node IPs and service IPs that are available and have the right connection. The network configuration needed for the cluster is handled by AKS. See [AKS Edge Essentials networking](aks-edge-concept-networking.md). | You must create the network in Windows Server before creating an AKS cluster. Network must have connectivity and IP address availability for successful operation of the cluster. |
 | Supported networking option    | Bring your own Azure virtual network for AKS clusters. | Static IP networks with/without VLAN ID. | Static IP address or use reserved IPs when using DHCP. | - DHCP networks with/without VLAN ID.<br>- Static IP networks with/without VLAN ID. |
@@ -79,7 +79,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Storage features
 
-| Feature                       | Azure Cloud                                                          | AKS on Azure Local                                                                                 | Edge Essentials (Windows IoT /Client/Server) | Windows Server                        |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Types of supported persistent volumes | - Read Write Once<br>- Read Write Many                                         | - VHDX – Read Write Once<br>- SMB or NFS – Read Write Many<br>- ACSA - Read Write Many                             | - PVC using local storage<br>- ACSA                 | - VHDX – Read Write Once<br>- SMB or NFS - Read Write Many |
 | Container storage interface (CSI) support | Yes                                                                      | Yes                                                                                                    | Yes                                             | Yes                                         |
@@ -90,7 +90,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Security and authentication options
 
-| Feature                       | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Access to Kubernetes cluster             | Kubectl         | Kubectl                   | Kubectl                                         | Kubectl              |
 | Kubernetes cluster authorization (RBAC)  | - Kubernetes RBAC<br>- Azure RBAC | - Kubernetes RBAC<br>- Azure RBAC | Kubernetes RBAC                                 | Kubernetes RBAC      |
@@ -107,15 +107,15 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Pricing and SLA details
 
-| Feature                       | Azure Cloud                                                                           | AKS on Azure Local                        | Edge Essentials (Windows IoT client/server) | Windows Server                                               |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Pricing                           | - Unlimited free clusters, pay for on-demand compute of worker node VMs.<br>- Paid tier available with uptime SLA, support for 5k nodes. | Included in Azure Local at no extra cost.  | Cost is per device per month.                        | Pricing is based on the number of workload cluster vCPUs. Control plane nodes and load balancer VMs are free. |
 | Azure Hybrid Benefit support       | Not applicable                                                                            | Not applicable - AKS already included at no extra cost. | No                                              | Yes                                                               |
 | SLA                               | Paid uptime SLA clusters for production with fixed cost on the API + worker node compute, storage and networking costs. | No SLA offered as the Kubernetes cluster is running on premises. | No SLA offered as the Kubernetes cluster is running on premises. | No SLA offered as the Kubernetes cluster is running on premises.           |
 
 ### AI/ML capabilities offered in each platform
 
-| Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | GPU support                       | Yes             | Yes                       | Yes                                             | Yes                  |
 | KAITO (Kubernetes AI toolchain operator) | Yes             | Yes, via Arc extensions   | No                                              | No                   |