update workaround for Arc registration error

Author: v-sissondan

.acrolinx-config.edn

@@ -1,2 +1,2 @@
 {:allowed-branchname-matches ["main" "release-.*"]
-:allowed-filename-matches ["azure-stack" "AKS-Hybrid" "azure-managed-lustre" "azure-local"]}
+:allowed-filename-matches ["azure-stack" "azure-managed-lustre" "azure-local" "(?i)(AKS-Arc)(?!/reference)"]}

.openpublishing.redirection.json

@@ -5,6 +5,8 @@
   items:
   - name: What is AKS enabled by Azure Arc?
     href: aks-overview.md
+  - name: Compare AKS across platforms
+    href: aks-platforms-compare.md 
   - name: Supported Kubernetes versions
     href: supported-kubernetes-versions.md  
   - name: Data collection
@@ -45,7 +47,7 @@
   - name: Quickstarts
     items:
     - name: Jumpstart HCIBox (external link)
-      href: https://arcjumpstart.com/azure_jumpstart_hcibox/getting_started
+      href: https://jumpstart.azure.com/azure_arc_jumpstart
   - name: How-to
     items:
     - name: Create Kubernetes clusters
@@ -60,6 +62,8 @@
         href: create-clusters-terraform.md
       - name: Azure Resource Manager template
         href: resource-manager-quickstart.md
+      - name: REST API
+        href: aks-create-clusters-api.md
     - name: Networking
       items:
       - name: Create logical networks
@@ -125,7 +129,7 @@
         href: cluster-labels.md
       - name: Taints
         href: aks-arc-use-node-taints.md
-    - name: Use auto-scaler
+    - name: Use autoscaler
       href: auto-scale-aks-arc.md
     - name: Upgrade Kubernetes clusters
       href: cluster-upgrade.md
@@ -155,12 +159,14 @@
     items:
     - name: Troubleshoot and known issues
       href: aks-troubleshoot.md
+    - name: Get support
+      href: help-support.md
+    - name: Use diagnostic checker
+      href: aks-arc-diagnostic-checker.md
     - name: Control plane configuration validation errors
       href: control-plane-validation-errors.md
     - name: K8sVersionValidation error
       href: cluster-k8s-version.md
-    - name: Use diagnostic checker
-      href: aks-arc-diagnostic-checker.md
     - name: KubeAPIServer unreachable error
       href: kube-api-server-unreachable.md
     - name: Can't create/scale AKS cluster due to image issues
@@ -185,6 +191,12 @@
       href: network-validation-errors.md
     - name: Network validation error due to .local domain
       href: network-validation-error-local.md
+    - name: Entra authentication prompts when running kubectl
+      href: entra-prompts.md
+    - name: BGP with FRR not working
+      href: connectivity-troubleshoot.md
+    - name: Cluster status stuck during upgrade
+      href: cluster-upgrade-status.md
   - name: Reference
     items:
     - name: Azure CLI
@@ -597,8 +609,6 @@
       href: known-issues.yml
     - name: Support policies
       href: support-policies.md
-    - name: Get support
-      href: help-support.md
     - name: File bugs
       href: https://aka.ms/AKS-hybrid-issues
     - name: Release notes

AKS-Arc/TOC.yml

@@ -4,7 +4,7 @@ description: Learn how to diagnose common causes for failures in AKS Arc.
 ms.topic: troubleshooting
 author: sethmanheim
 ms.author: sethm
-ms.date: 01/30/2025
+ms.date: 06/27/2025
 ms.reviewer: abha
 
 #Customer intent: As an AKS user, I want to use the diagnostic checker to run diagnostic checks on my AKS cluster to find out common causes for AKS cluster create failure. 
@@ -13,14 +13,14 @@ ms.reviewer: abha
 
 # Use the diagnostic checker to diagnose and fix environment issues for AKS cluster creation failure (preview)
 
-It can be difficult to identify environment-related issues, such as networking configurations, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell-based tool that can help you identify AKS cluster creation failures due to potential issues in the environment.
+It can be difficult to identify environment-related issues, such as networking configuration, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell tool that can help you identify AKS cluster creation failures due to potential issues in the environment.
 
 > [!NOTE]
-> You can only use the diagnostic checker tool if an AKS cluster was created, but is in a failed state. You can't use the tool if you don't see an AKS cluster on the Azure portal. If the AKS cluster creation fails before an Azure Resource Manager resource is created, [file a support request](aks-troubleshoot.md#open-a-support-request).
+> You can only use the diagnostic checker tool if an AKS cluster was created, but is in a failed state. You can't use the tool if you don't see an AKS cluster on the Azure portal. If the AKS cluster creation fails before an Azure Resource Manager resource is created, [file a support request](help-support.md).
 
 ## Before you begin
 
-Before you begin, make sure you have the following prerequisites. If you don't meet the requirements for running the diagnostic checker tool, [file a support request](aks-troubleshoot.md#open-a-support-request):
+Before you begin, make sure you have the following prerequisites. If you don't meet the requirements for running the diagnostic checker tool, [file a support request](help-support.md):
 
 - Direct access to the Azure Local cluster where you created the AKS cluster. This access can be through remote desktop (RDP), or you can also sign in to one of the Azure Local physical nodes.
 - Review the [networking concepts for creating an AKS cluster](aks-hci-network-system-requirements.md) and the [AKS cluster architecture](cluster-architecture.md).
@@ -43,17 +43,17 @@ VMName                                                 IPAddresses
 <cluster-name>-XXXXXX-control-plane-XXXXXX {172.16.0.10, 172.16.0.4, fe80::ec:d3ff:fea0:1}
 ```
 
-If you don't see a control plane VM as shown in the previous output, [file a support request](aks-troubleshoot.md#open-a-support-request).
+If you don't see a control plane VM as shown in the previous output, [file a support request](help-support.md).
 
 If you see a control plane VM, and it has:
 
-- 0 IPv4 addresses: file a [support request](aks-troubleshoot.md#open-a-support-request).
+- 0 IPv4 addresses: file a [support request](help-support.md).
 - 1 IP address: use the IPv4 address as the input for `vmIP` parameter.
 - 2 IP addresses: use any one of the IPv4 address as an input for `vmIP` parameter in the diagnostic checker.
 
 ## Run the diagnostic checker script
 
-Copy the following PowerShell script `run_diagnostic.ps1` into any one node of your Azure Local cluster:
+Copy the following PowerShell script named `run_diagnostic.ps1` into any one node of your Azure Local cluster:
 
 ```powershell
 <#
@@ -288,4 +288,4 @@ The following table provides a summary of each test performed by the script, inc
 
 ## Next steps
 
-If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).
+If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](help-support.md).

AKS-Arc/aks-arc-diagnostic-checker.md

@@ -0,0 +1,159 @@
+---
+title: Create Kubernetes clusters using REST APIs
+description: Learn how to create Kubernetes clusters in Azure Local using REST API for the Hybrid Container Service.
+ms.topic: how-to
+author: rcheeran
+ms.date: 06/19/2025
+ms.author: rcheeran 
+ms.lastreviewed: 06/19/2025
+ms.reviewer: rjaini
+---
+
+# Create Kubernetes clusters using the REST API
+
+[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
+
+This article describes how to create Kubernetes clusters on Azure Local using the REST API. The Azure resource type for [AKS Arc provisioned clusters](/azure/templates/microsoft.hybridcontainerservice/provisionedclusterinstances?pivots=deployment-language-arm-template) is **"Microsoft.HybridContainerService/provisionedClusterInstances"**. This resource is an extension of the [connected clusters](/azure/templates/microsoft.kubernetes/connectedclusters?pivots=deployment-language-arm-template) resource type, **"Microsoft.Kubernetes/connectedClusters"**. Due to this dependency, you must first create a connected cluster resource before creating an AKS Arc resource.
+
+## Before you begin
+
+Before you begin, make sure you have the following details from your on-premises infrastructure administrator:
+
+- **Azure subscription ID**: The Azure subscription ID that Azure Local uses for deployment and registration.
+- **Custom Location ID**: The Azure Resource Manager ID of the custom location. The custom location is configured during the Azure Local cluster deployment. Your infrastructure admin should give you the Resource Manager ID of the custom location. This parameter is required in order to create Kubernetes clusters. If the infrastructure admin provides a custom location name and resource group name, you can also get the Resource Manager ID using the following command:
+
+  ```azurecli
+  az customlocation show --name "<custom location name>" --resource-group <azure resource group> --query "id" -o tsv
+  ```
+  
+- **Network ID**: The Azure Resource Manager ID of the Azure Local logical network you created [following these steps](aks-networks.md). Your admin should give you the ID of the logical network. This parameter is required in order to create Kubernetes clusters. If you know the resource group in which the logical network was created, you can also get the Azure Resource Manager ID using the following command:
+
+  ```azurecli
+  az stack-hci-vm network lnet show --name "<lnet name>" --resource-group <azure resource group> --query "id" -o tsv
+  ```
+  
+- **Create an SSH key pair**: Create an SSH key pair in Azure and store the private key file for troubleshooting and log collection purposes. For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli), or with the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
+- To connect to the Kubernetes cluster from anywhere, create a Microsoft Entra group and add members to it. All the members in the Microsoft Entra group have cluster administrator access to the cluster. Make sure to add yourself as a member to the Microsoft Entra group. If you don't add yourself, you can't access the Kubernetes cluster using **kubectl**. For more information about creating Microsoft Entra groups and adding users, see [Manage Microsoft Entra groups and group membership](/entra/fundamentals/how-to-manage-groups).
+
+## Step 1: Create a connected cluster resource
+
+See the API definition for [connected clusters](/rest/api/hybridkubernetes/connected-cluster/create) and create a **PUT** request with the `kind` property set to `ProvisionedCluster`. The following example is a sample **PUT** request to create a connected cluster resource using the REST API:
+
+```http
+PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Kubernetes/connectedClusters/{connectedClusterName}?api-version=2024-01-01
+Content-Type: application/json
+Authorization: Bearer <access_token>
+
+{
+    "location": "<region>",
+    "identity": {
+        "type": "SystemAssigned"
+    },
+    "kind": "ProvisionedCluster",
+    "properties": {
+        "agentPublicKeyCertificate": "",
+        "azureHybridBenefit": "NotApplicable",
+        "distribution": "AKS",
+        "distributionVersion": "1.0",
+        "aadProfile": {
+          "enableAzureRBAC": true,
+          "adminGroupObjectIDs": [
+            "<entra-group-id>"
+          ],
+          "tenantID": "<tenant-id>"
+    },
+  }
+}
+```
+
+Replace all placeholder values with your actual details. For more information, see the [connected clusters API documentation](/rest/api/hybridkubernetes/connected-cluster/create).
+
+## Step 2: Create a provisioned cluster resource
+
+See the API definition for [provisioned clusters](/rest/api/hybridcontainer/provisioned-cluster-instances/create-or-update). In this **PUT** call, pass the Azure Resource Manager identifier created in the previous step as the URI parameter. The following code is an example HTTP **PUT** request to create a provisioned cluster resource with only the required parameters:
+
+```http
+PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HybridContainerService/provisionedClusterInstances/{clusterName}?api-version=2024-01-01-preview
+Content-Type: application/json
+Authorization: Bearer <access_token>
+
+{
+  "extendedLocation": {
+    "type": "CustomLocation",
+    "name": "<ARM ID of Custom Location>"
+  },
+  "properties": {
+    "controlPlane": {
+      "count": 1,
+      "vmSize": "Standard_A4_v2"
+    },
+    "agentPoolProfiles": [
+      {
+        "name": "default-nodepool-1",
+        "count": 1,
+        "vmSize": "Standard_A4_v2",
+        "osType": "Linux",
+      }
+    ],
+    "linuxProfile": {
+      "ssh": {
+        "publicKeys": [
+          {
+            "keyData": "<SSH public key>"
+          }
+        ]
+      }
+    },
+    "cloudProviderProfile": {
+      "infraNetworkProfile": {
+        "vnetSubnetIds": [
+          "<ARM ID of logical network>"
+        ]
+      }
+    },
+  }
+}
+
+```
+
+Replace the placeholder values with your actual details. For more information, see the [provisioned clusters API documentation](/rest/api/hybridcontainer/provisioned-cluster-instances/create-or-update).
+
+## Connect to the Kubernetes cluster
+
+Now you can connect to your Kubernetes cluster by running the `az connectedk8s proxy` command from your development machine. Make sure you sign in to Azure before running this command. If you have multiple Azure subscriptions, select the appropriate subscription ID using the [az account set](/cli/azure/account#az-account-set) command.
+
+This command downloads the **kubeconfig** of your Kubernetes cluster to your development machine and opens a proxy connection channel to your on-premises Kubernetes cluster. The channel is open for as long as the command runs. Let this command run for as long as you want to access your cluster. If it times out, close the CLI window, open a fresh one, and then run the command again.
+
+You must have Contributor permissions on the resource group that hosts the Kubernetes cluster in order to successfully run the following command:
+
+```azurecli
+az connectedk8s proxy --name $aksclustername --resource-group $resource_group --file .\aks-arc-kube-config
+```
+
+Expected output:
+
+```output
+Proxy is listening on port 47011
+Merged "aks-workload" as current context in .\\aks-arc-kube-config
+Start sending kubectl requests on 'aks-workload' context using
+kubeconfig at .\\aks-arc-kube-config
+Press Ctrl+C to close proxy.
+```
+
+Keep this session running and connect to your Kubernetes cluster from a different terminal or command prompt. Verify that you can connect to your Kubernetes cluster by running the `kubectl get` command. This command returns a list of the cluster nodes:
+
+```azurecli
+kubectl get node -A --kubeconfig .\aks-arc-kube-config
+```
+
+The following example output shows the node you created in the previous steps. Make sure the node status is **Ready**:
+
+```output
+NAME             STATUS ROLES                AGE VERSION
+moc-l0ttdmaioew  Ready  control-plane,master 34m v1.24.11
+moc-ls38tngowsl  Ready  <none>               32m v1.24.11
+```
+
+## Next steps
+
+[AKS Arc overview](overview.md)

AKS-Arc/aks-create-clusters-api.md

@@ -3,7 +3,7 @@ title: AKS Edge Essentials clusters and nodes
 description: Learn about clusters and nodes running on AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 07/11/2024
 ms.custom: template-concept
 ---

AKS-Arc/aks-edge-concept-clusters-nodes.md

@@ -3,7 +3,7 @@ title: AKS Edge Essentials networking
 description: Basic networking concepts for AKS Edge Essentials 
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---

AKS-Arc/aks-edge-concept-networking.md

@@ -3,7 +3,7 @@ title: AKS Edge Essentials deployment configuration JSON parameters
 description: Description of deployment configuration JSON parameters in AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---

AKS-Arc/aks-edge-deployment-config-json.md

@@ -2,7 +2,7 @@
 title: Get support for AKS Edge Essentials
 description: Learn about how to get support and open a support request for AKS Edge Essentials.
 author: sethmanheim
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 04/07/2025
 ms.author: sethm 
 

AKS-Arc/aks-edge-help-support.md

@@ -3,7 +3,7 @@ title: AKS Edge Essentials system requirements
 description: Requirements and supported versions for AKS Edge Essentials. 
 author: sethmanheim
 ms.author: sethm
-ms.topic: conceptual
+ms.topic: article
 ms.date: 03/10/2025
 ms.custom: template-concept
 ---