Merge pull request #17200 from sethmanheim/aks-updates2-26

Add new AKS TSG articles

Author: sethmanheim

AKS-Arc/TOC.yml

@@ -146,6 +146,10 @@
     items:
     - name: Troubleshoot & known issues
       href: aks-troubleshoot.md
+    - name: Control plane configuration validation errors
+      href: control-plane-validation-errors.md
+    - name: Connectivity issues with MetalLB
+      href: load-balancer-issues.md 
     - name: K8sVersionValidation error
       href: cluster-k8s-version.md
     - name: Use diagnostic checker

AKS-Arc/configure-ssh-keys.md

@@ -1,7 +1,7 @@
 ---
 title: Configure SSH keys for a cluster in AKS enabled by Azure Arc
 description: Learn how to configure SSH keys for an AKS Arc cluster.
-ms.date: 01/10/2025
+ms.date: 02/26/2025
 ms.topic: how-to
 author: sethmanheim
 ms.author: sethm
@@ -71,16 +71,9 @@ You have three options for SSH key configuration:
 - Use an existing key stored in Azure and select from the stored keys.
 - Use an existing public key by providing the SSH public key value.
 
-## Error message
+## Error messages
 
-If you don't provide valid SSH key information during cluster creation and no SSH key exists, you receive error messages like the following:
-
-- An RSA key file or key value must be supplied to SSH Key Value.
-- Control Plane: Missing Security Keys in Cluster Configuration.
-- LinuxProfile SSH public keys should be valid and non-empty.
-- Global LinuxProfile SSH public keys should be valid and non-empty.
-
-To mitigate the issue, see [Create and manage SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli#generate-new-keys) to create the SSH keys. Then, see [Create Kubernetes clusters](aks-create-clusters-cli.md) for the interface you're using. If you're using the REST API, see [provisioned cluster instances](/rest/api/hybridcontainer/provisioned-cluster-instances) to create the provisioned cluster instance.
+For information about error messages that can occur when you create and deploy an AKS cluster on Azure Local, see the [Control plane configuration validation errors](control-plane-validation-errors.md) article.
 
 ## Next steps
 

AKS-Arc/control-plane-validation-errors.md

@@ -0,0 +1,53 @@
+---
+title: Control plane configuration validation errors
+description: Learn details about each control plane configuration validation error.
+author: sethmanheim
+ms.author: sethm
+ms.topic: concept-article
+ms.date: 02/26/2025
+
+---
+
+# Control plane configuration validation errors
+
+This article describes how to identify and resolve [ControlPlaneConfigurationValidation](configure-ssh-keys.md) error codes that can occur when you create and deploy an AKS cluster on Azure Local.
+
+## Symptoms
+
+When you try to create an AKS Arc cluster, you receive an error message that appears as follows:
+
+```json
+admission webhook "vhybridakscluster.kb.io" denied the request: { 
+   "result": "Failed", 
+   "validationChecks": [ 
+      { 
+         "name": "ControlPlaneConfigurationValidation", 
+         "message": "ControlPlane: Global LinuxProfile SSH public keys should be valid and non-empty. ssh: no key found", 
+         "recommendation": "Please check https://aka.ms/AKSArcValidationErrors/ControlPlaneConfigurationValidation for recommendations" 
+      } 
+   ] 
+}
+```
+
+The following section describes the error messages that you might see when you encounter the **ControlPlaneConfigurationValidation** error code.
+
+## Global LinuxProfile SSH public keys must be valid and non-empty
+
+If you don't provide valid SSH key information during Kubernetes cluster creation and no SSH key exists, you receive error messages similar to the following:
+
+- An RSA key file or key value must be supplied to SSH Key Value.
+- Control Plane: Missing Security Keys in Cluster Configuration.
+- LinuxProfile SSH public keys should be valid and non-empty.
+- Global LinuxProfile SSH public keys should be valid and non-empty.
+
+To mitigate the issue, see [Generate and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli#generate-new-keys) to create the SSH keys. Then, see [Create Kubernetes clusters](aks-create-clusters-cli.md) for the interface you're using. If you're using the REST API, see [provisioned cluster instances](/rest/api/hybridcontainer/provisioned-cluster-instances) to create the provisioned cluster instance.
+
+## Control plane count and VM size
+
+In Kubernetes, control plane nodes manage and orchestrate the cluster. They run key components such as API Server, etcd, scheduler, etc. Control plane nodes maintain cluster state, schedule workloads, and ensure high availability, often using multiple nodes for redundancy.
+
+To successfully create an AKS Arc cluster, you must specify at least one control plane node count. Also, to maintain etcd quorum, the control plane node count should be an odd number. For more information about supported count and VM SKU options, see [Scale requirements for AKS on Azure Local](scale-requirements.md#support-count-for-aks-on-azure-local).
+
+## Next steps
+
+[Troubleshoot issues in AKS enabled by Azure Arc](aks-troubleshoot.md)

AKS-Arc/docfx.json

@@ -55,7 +55,7 @@
       "feedback_product_url": "https://feedback.azure.com/d365community/forum/a2f8da29-b853-ec11-8f8e-0022481f2fe7",
       "breadcrumb_path": "/azure/aks/aksarc/breadcrumb/toc.json",
       "extendBreadcrumb": false,
-      "manager":"femila",
+      "manager":"lizross",
       "ms.service": "azure-stack",
       "recommendations": true,
       "zone_pivot_group_filename": "../azure-stack/zone-pivot-groups.json"

AKS-Arc/load-balancer-issues.md

@@ -0,0 +1,61 @@
+---
+title: Intermittent connectivity issues with MetalLB or Kubernetes services of type Load Balancer
+description: Learn how to mitigate connection issues with MetalLB or Kubernetes services of type Load Balancer.
+author: sethmanheim
+ms.author: sethm
+ms.topic: concept-article
+ms.date: 02/26/2025
+
+---
+
+# Intermittent connectivity issues with MetalLB or Kubernetes services of type Load Balancer
+
+You might sometimes experience intermittent connectivity issues when accessing a Kubernetes service of type **LoadBalancer** using the assigned external IP address. This article describes how to identify and resolve connection issues with MetalLB or Kubernetes services of type **LoadBalancer**.
+
+## Symptoms
+
+- The service is accessible sometimes, but not consistently.
+- The client experiences unexpected disconnects.
+- The external IP intermittently appears and disappears from the control plane when running `Get-VMNetworkAdapter`:
+
+  ```powershell
+  Get-VMNetworkAdapter -VMName * | select name, ipaddresses 
+
+  ...
+
+  # The external IP appears in the get-vmnetworkadapter output 
+
+  nocpip26-55bc418a-control-plane-kjqcm-nic-b607b1e0                         
+  {172.16.0.11, 172.16.0.10, ***172.16.100.0***, fe80::ec:d3ff:fe8b:1} 
+
+  # Now it's gone 
+
+  Get-VMNetworkAdapter -VMName * | select name, ipaddresses 
+
+  ...
+
+  nocpip26-55bc418a-control-plane-kjqcm-nic-b607b1e0                         
+  {172.16.0.11, 172.16.0.10, ***Now it is gone*** fe80::ec:d3ff:fe8b:1} 
+
+  # Now it's back 
+
+  Get-VMNetworkAdapter -VMName * | select name, ipaddresses
+
+  ... 
+
+  nocpip26-55bc418a-control-plane-kjqcm-nic-b607b1e0                         
+  {172.16.0.11, 172.16.0.10, ***172.16.100.0***, fe80::ec:d3ff:fe8b:1}
+  ```
+
+## Mitigation
+
+This issue was fixed in [AKS on Azure Local, version 2411](aks-whats-new-23h2.md#release-2411).
+
+If you're on an older build, please update to Azure Local, version 2411. Once you update to 2411, you can:
+
+- Create a new AKS cluster. The new AKS cluster should not have any intermittent load balancer connectivity issues.
+- [Upgrade the Kubernetes version](cluster-upgrade.md) of your existing AKS cluster to get the fix.
+
+## Next steps
+
+[Troubleshoot issues in AKS enabled by Azure Arc](aks-troubleshoot.md)