Merge pull request #16371 from sethmanheim/aksclusterdel

Add AKS workload cluster known issue

Author: sethmanheim

AKS-Hybrid/TOC.yml

@@ -142,6 +142,8 @@
       href: cluster-k8s-version.md
     - name: Deleted cluster still visible in portal
       href: deleted-cluster-visible.md
+    - name: Can't fully remove workload cluster with PodDisruptionBudget (PDB) resources
+      href: delete-cluster-pdb.md
     - name: Kubernetes version x.x.x is not available
       href: webhook-denied-request.md
   - name: Reference

AKS-Hybrid/aks-create-clusters-cli.md

@@ -4,7 +4,7 @@ description: Learn how to create Kubernetes clusters in Azure Local using Azure
 ms.topic: how-to
 ms.custom: devx-track-azurecli
 author: sethmanheim
-ms.date: 09/24/2024
+ms.date: 11/18/2024
 ms.author: sethm 
 ms.lastreviewed: 01/25/2024
 ms.reviewer: guanghu
@@ -52,8 +52,13 @@ az aksarc create -n $aksclustername -g $resource_group --custom-location $custom
 
 After a few minutes, the command completes and returns JSON-formatted information about the cluster.
 
-[!NOTE]
-To use Azure RBAC or workload identity for an AKS cluster, you must pass the required parameters during cluster creation using Azure CLI. Currently, updating an existing AKS cluster to enable workload identity and/or Azure RBAC is not supported. For more information, see [Use Azure RBAC for Kubernetes authorization](/azure/aks/hybrid/azure-rbac-23h2) or [Deploy and configure Workload Identity for your cluster}(workload-identity.md).
+> [!NOTE]
+> - The SSH key value is the public key for accessing nodes in the provisioned cluster. By default, this key is located at `~/.ssh/id_rsa.pub`. You can specify a different location using the `--ssh-key-value` parameter during cluster creation.
+> - The `--generate-ssh-keys` parameter is required if there's no pre-existing SSH key on your local machine. If you don't include this parameter during cluster creation and no SSH key exists, you receive an error message.
+> - If you already have an SSH key on your local machine, the AKS cluster reuses that key. In this case, specifying `--generate-ssh-keys`, or omitting that parameter, has no effect.
+
+> [!IMPORTANT]
+> To use Azure RBAC or workload identity for an AKS cluster, you must pass the required parameters during cluster creation using Azure CLI. Currently, updating an existing AKS cluster to enable workload identity and/or Azure RBAC is not supported. For more information, see [Use Azure RBAC for Kubernetes authorization](/azure/aks/hybrid/azure-rbac-23h2) or [Deploy and configure Workload Identity for your cluster}(workload-identity.md).
 
 ## Connect to the Kubernetes cluster
 

AKS-Hybrid/delete-cluster-pdb.md

@@ -0,0 +1,48 @@
+---
+title: Troubleshoot deleted workload cluster resources can't be deleted
+description: Learn how to troubleshoot when deleted workload cluster resources can't be deleted.
+ms.topic: troubleshooting
+author: sethmanheim
+ms.author: sethm
+ms.date: 11/18/2024
+ms.reviewer: leslielin
+
+---
+
+# Can't fully remove workload cluster with PodDisruptionBudget (PDB) resources
+
+[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
+
+When you delete a workload cluster that has [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) (PDB) resources, the deletion might fail to remove the PDB resources. By default, PDB is installed in the Workload Identity-enabled AKS Arc cluster.
+
+## Workaround
+
+Before you delete the AKS Arc cluster, access the target cluster's **kubeconfig** and delete the PDB:
+
+1. Access the target cluster:
+
+   ```azurecli
+   az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name 
+   ```
+
+1. Verify PDB:
+
+   ```bash
+   kubectl get pdb -A 
+   ```
+
+1. Delete PDB:
+
+    ```bash
+    kubectl delete pdb azure-wi-webhook-controller-manager -n arc-workload-identity 
+    ```
+
+1. Delete cluster:
+
+    ```azurecli
+    az aksarc delete -n $aks_cluster_name -g $resource_group_name
+    ```
+
+## Next steps
+
+[Known issues in AKS enabled by Azure Arc](aks-known-issues.md)