Merging changes synced from https://github.com/MicrosoftDocs/azure-stack-docs-pr (branch live)

Author: Learn Build Service GitHub App

AKS-Arc/aks-create-clusters-cli.md

@@ -4,7 +4,7 @@ description: Learn how to create Kubernetes clusters in Azure Local using Azure
 ms.topic: how-to
 ms.custom: devx-track-azurecli
 author: sethmanheim
-ms.date: 12/18/2024
+ms.date: 02/18/2025
 ms.author: sethm 
 ms.lastreviewed: 01/25/2024
 ms.reviewer: guanghu
@@ -52,10 +52,14 @@ az aksarc create -n $aksclustername -g $resource_group --custom-location $custom
 
 After a few minutes, the command completes and returns JSON-formatted information about the cluster.
 
-> [!NOTE]
-> - The SSH key value is the public key for accessing nodes in the provisioned cluster. By default, this key is located at `~/.ssh/id_rsa.pub`. You can specify a different location using the `--ssh-key-value` parameter during cluster creation.
-> - The `--generate-ssh-keys` parameter is required if there's no pre-existing SSH key on your local machine. If you don't include this parameter during cluster creation and no SSH key exists, you receive an error message.
-> - If you already have an SSH key on your local machine, the AKS cluster reuses that key. In this case, specifying `--generate-ssh-keys`, or omitting that parameter, has no effect.
+### Considerations
+
+Note the following considerations when you create a cluster:
+
+- SSH keys are essential for troubleshooting and log collection. Be sure to save your private key file for future use. To access nodes, see [Connect to Windows or Linux worker nodes with SSH](/azure/aks/aksarc/ssh-connect-to-windows-and-linux-worker-nodes).
+- You can use a pre-existing SSH key or [configure SSH keys for an AKS cluster](configure-ssh-keys.md) during cluster creation. If there's no pre-existing SSH key on your local machine, the `--generate-ssh-keys` parameter is required. You can also restrict SSH access by following [the documentation](restrict-ssh-access.md). For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli), or in the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
+- If you don't include `--generate-ssh-keys` during cluster creation and no SSH key exists, you receive an error message. If you already have an SSH key on your local machine, the AKS cluster reuses it. In this case, it makes no difference whether you specify `--generate-ssh-keys` or not.
+- By default, the SSH key is stored at **~/.ssh/id_rsa.pub**. During cluster creation, you can specify an alternate location using the `--ssh-key-value` parameter.
 
 > [!IMPORTANT]
 > To use Azure RBAC or workload identity for an AKS cluster, you must pass the required parameters during cluster creation using Azure CLI. Currently, updating an existing AKS cluster to enable workload identity and/or Azure RBAC is not supported. For more information, see [Use Azure RBAC for Kubernetes authorization](/azure/aks/hybrid/azure-rbac-23h2) or [Deploy and configure Workload Identity for your cluster](workload-identity.md).
@@ -253,3 +257,4 @@ az aksarc delete --name $aksclustername --resource-group $resource_group
 ## Next steps
 
 - [Troubleshoot and known issues with cluster provisioning from Azure](aks-known-issues.md)
+6

AKS-Arc/aks-create-clusters-portal.md

@@ -4,7 +4,7 @@ description: Create Kubernetes clusters using the Azure portal.
 author: sethmanheim
 ms.author: sethm
 ms.topic: how-to
-ms.date: 02/20/2025
+ms.date: 02/26/2025
 ms.reviewer: guanghu
 ms.lastreviewed: 01/30/2024
 ---
@@ -48,8 +48,9 @@ This article describes how to create Kubernetes clusters in Azure Local using th
    - **Primary node pool**:
      - You can leave the default values selected, or change the default value from the drop down list.
    - **SSH Keys**
-     - Configure SSH access to the underlying VMs in your Kubernetes nodes for troubleshooting operations. You must provide an existing SSH public key.
-     - Provide an RSA public key in the single line format (starting with "ssh-rsa") or the multi-line PEM format. You can generate SSH keys using PuTTYGen on Windows.
+     - SSH keys are essential for troubleshooting and log collection. Be sure to save your private key file for future use.
+     - You can use an existing SSH key or generate a new key pair during cluster creation. For information about how to create new SSH keys from the Azure portal, see [Create and store SSH keys in the portal](/azure/virtual-machines/ssh-keys-portal#generate-new-keys).
+     - To **Use an existing public key by providing the SSH public key value**, provide an RSA public key in the single line format (starting with "ssh-rsa") or the multi-line PEM format.
 
 1. Select **Next: Node pools** when complete.
 1. On the **Node pools** page, configure the following options:

AKS-Arc/create-clusters-bicep.md

@@ -3,7 +3,7 @@ title: Create Kubernetes clusters using Bicep
 description: Learn how to create Kubernetes clusters in Azure Local using Bicep.
 ms.topic: how-to
 ms.custom: devx-track-azurecli
-ms.date: 07/26/2024
+ms.date: 02/26/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: haojiehang
@@ -34,22 +34,25 @@ Before you begin, make sure you have the following prerequisites:
 
 ## Create an SSH key pair
 
-To create an SSH key pair (same as Azure AKS), use the following procedure:
+Create an SSH key pair in Azure and store the private key file for troubleshooting and log collection purposes. For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli) or in the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
 
-1. [Open a Cloud Shell session](https://shell.azure.com) in your browser or open a terminal on your local machine.
-1. Create an SSH key pair using `az sshkey create`:
+1. [Open a Cloud Shell session](https://shell.azure.com/) in your web browser or launch a terminal on your local machine.
+1. Create an SSH key pair using the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command:  
 
    ```azurecli
-   az sshkey create --name <Public_SSH_Key> --resource-group <Resource_Group_Name>
+   az sshkey create --name "mySSHKey" --resource-group $<resource_group_name>
    ```
 
-   Or, create a local SSH key pair using `ssh-keygen`:
+   or, use the `ssh-keygen` command:
 
-   ```bash  
-   ssh-keygen -t rsa -b 4096
+   ```azurecli
+   ssh-keygen -t rsa -b 4096 
    ```
 
-It's recommended that you create an SSH key pair in Azure, as you can use it later for node access or troubleshooting. For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed) and [Restrict SSH Access](restrict-ssh-access.md).
+1. Retrieve the value of your public key from Azure or from your local machine under **/.ssh/id_rsa.pub**.
+
+For more options, you can either follow [Configure SSH keys for an AKS cluster](/azure/aks/aksarc/configure-ssh-keys) to create SSH keys, or use [Restrict SSH access](/azure/aks/aksarc/restrict-ssh-access) during cluster creation. To access nodes afterward, see [Connect to Windows or Linux worker nodes with SSH](/azure/aks/aksarc/ssh-connect-to-windows-and-linux-worker-nodes).
+
 
 ## Download and update the Bicep scripts
 

AKS-Arc/create-clusters-terraform.md

@@ -4,7 +4,7 @@ description: Learn how to create Kubernetes clusters using Terraform.
 author: sethmanheim
 ms.author: sethm
 ms.topic: how-to
-ms.date: 02/10/2025
+ms.date: 02/26/2025
 
 ---
 
@@ -32,23 +32,25 @@ Before you begin, make sure you have the following prerequisites:
 
 ## Create an SSH key pair
 
-To create an SSH key pair (same as Azure AKS), use the following procedure:
+Create an SSH key pair in Azure and store the private key file for troubleshooting and log collection purposes. For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli) or in the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
 
-1. [Open a Cloud Shell session](https://shell.azure.com/) in your browser.
-1. Create an SSH key pair using the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command, [from the portal](/azure/virtual-machines/ssh-keys-portal), or the `ssh-keygen` command:  
+1. [Open a Cloud Shell session](https://shell.azure.com/) in your web browser or launch a terminal on your local machine.
+1. Create an SSH key pair using the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command:  
 
    ```azurecli
-   az sshkey create --name "mySSHKey" --resource-group "myResourceGroup"
+   az sshkey create --name "mySSHKey" --resource-group $<resource_group_name>
    ```
 
-   or
+   or, use the `ssh-keygen` command:
 
    ```azurecli
    ssh-keygen -t rsa -b 4096 
    ```
 
 1. Retrieve the value of your public key from Azure or from your local machine under **/.ssh/id_rsa.pub**.
 
+For more options, you can either follow [Configure SSH keys for an AKS cluster](/azure/aks/aksarc/configure-ssh-keys) to create SSH keys, or use [Restrict SSH access](/azure/aks/aksarc/restrict-ssh-access) during cluster creation. To access nodes afterward, see [Connect to Windows or Linux worker nodes with SSH](/azure/aks/aksarc/ssh-connect-to-windows-and-linux-worker-nodes).
+
 ## Sign in to Azure
 
 Terraform only supports authenticating to Azure with the Azure CLI using [`az login`](/cli/azure/reference-index#az-login). Authenticating using Azure PowerShell isn't supported. Therefore, while you can use the Azure PowerShell module when doing your Terraform work, you must first [authenticate to Azure](/azure/developer/terraform/authenticate-to-azure):

AKS-Arc/resource-manager-quickstart.md

@@ -3,7 +3,7 @@ title: Deploy a Kubernetes (AKS) cluster using an Azure Resource Manager templat
 description: Learn how to deploy a Kubernetes cluster in AKS enabled by Azure Arc using an Azure Resource Manager template.
 ms.topic: quickstart-arm
 ms.custom: devx-track-arm-template, devx-track-azurecli
-ms.date: 12/18/2024
+ms.date: 02/26/2025
 author: sethmanheim
 ms.author: sethm 
 ms.lastreviewed: 01/31/2024
@@ -42,27 +42,27 @@ To deploy an ARM template, you need write access on the resources you're deployi
    az account set --subscription "<your-subscription-id>"
    ```
 
-## Step 2: Create an SSH key pair using Azure CLI
+## Step 2: Create an SSH key pair
 
-```azurecli
-az sshkey create --name "mySSHKey" --resource-group "myResourceGroup"
-```
+Create an SSH key pair in Azure and store the private key file for troubleshooting and log collection purposes. For detailed instructions, see [Create and store SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli), or in the [Azure portal](/azure/virtual-machines/ssh-keys-portal).
 
-or, create an SSH key pair using **ssh-keygen**:
+1. [Open a Cloud Shell session](https://shell.azure.com/) in your web browser or launch a terminal on your local machine.
+1. Create an SSH key pair using the [az sshkey create](/cli/azure/sshkey#az-sshkey-create) command:
 
-```cmd
-ssh-keygen -t rsa -b 4096
-```
+   ```azurecli
+   az sshkey create --name "mySSHKey" --resource-group $<resource_group_name>
+   ```
 
-To deploy the template, you must provide the public key from the SSH pair. To retrieve the public key, use the `az sshkey show` command:
+   or, use the `ssh-keygen` command:
 
-```azurecli
-az sshkey show --name "mySSHKey" --resource-group "myResourceGroup" --query "publicKey"
-```
+   ```azurecli
+   ssh-keygen -t rsa -b 4096 
+   ```
+
+1. Retrieve the value of your public key from Azure or from your local machine under **/.ssh/id_rsa.pub**.
 
-By default, the SSH key files are created in the **~/.ssh** directory. Run the `az sshkey create` or `ssh-keygen` command to overwrite any existing SSH key pair with the same name.
+For more options, you can either follow [Configure SSH keys for an AKS cluster](/azure/aks/aksarc/configure-ssh-keys) to create SSH keys, or use [Restrict SSH access](/azure/aks/aksarc/restrict-ssh-access) during cluster creation. To access nodes afterward, see [Connect to Windows or Linux worker nodes with SSH](/azure/aks/aksarc/ssh-connect-to-windows-and-linux-worker-nodes).
 
-For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed).
 
 ## Step 3: Review the template