Add AKS control plane errors article

sethmanheim · sethmanheim · commit e9ce0bdcf86f · 2025-02-26T13:58:58.000-08:00
diff --git a/AKS-Arc/TOC.yml b/AKS-Arc/TOC.yml
@@ -146,6 +146,8 @@
     items:
     - name: Troubleshoot & known issues
       href: aks-troubleshoot.md
+    - name: Control plane configuration validation errors
+      href: control-plane-validation-errors.md
     - name: K8sVersionValidation error
       href: cluster-k8s-version.md
     - name: Use diagnostic checker
diff --git a/AKS-Arc/configure-ssh-keys.md b/AKS-Arc/configure-ssh-keys.md
@@ -1,7 +1,7 @@
 ﻿---
 title: Configure SSH keys for a cluster in AKS enabled by Azure Arc
 description: Learn how to configure SSH keys for an AKS Arc cluster.
-ms.date: 01/10/2025
+ms.date: 02/26/2025
 ms.topic: how-to
 author: sethmanheim
 ms.author: sethm
@@ -71,16 +71,9 @@ You have three options for SSH key configuration:
 - Use an existing key stored in Azure and select from the stored keys.
 - Use an existing public key by providing the SSH public key value.
 
-## Error message
+## Error messages
 
-If you don't provide valid SSH key information during cluster creation and no SSH key exists, you receive error messages like the following:
-
-- An RSA key file or key value must be supplied to SSH Key Value.
-- Control Plane: Missing Security Keys in Cluster Configuration.
-- LinuxProfile SSH public keys should be valid and non-empty.
-- Global LinuxProfile SSH public keys should be valid and non-empty.
-
-To mitigate the issue, see [Create and manage SSH keys with the Azure CLI](/azure/virtual-machines/ssh-keys-azure-cli#generate-new-keys) to create the SSH keys. Then, see [Create Kubernetes clusters](aks-create-clusters-cli.md) for the interface you're using. If you're using the REST API, see [provisioned cluster instances](/rest/api/hybridcontainer/provisioned-cluster-instances) to create the provisioned cluster instance.
+For information about error messages that can occur when you create and deploy an AKS cluster on Azure Local, see the [Control plane configuration validation errors](control-plane-validation-errors.md) article.
 
 ## Next steps
 
diff --git a/AKS-Arc/control-plane-validation-errors.md b/AKS-Arc/control-plane-validation-errors.md
@@ -0,0 +1,53 @@
+---
+title: Control plane configuration validation errors
+description: Learn details about each control plane configuration validation error.
+author: sethmanheim
+ms.author: sethm
+ms.topic: concept-article
+ms.date: 02/26/2025
+
+---
+
+# Control plane configuration validation errors
+
+This article describes how to identify and resolve [ControlPlaneConfigurationValidation](configure-ssh-keys.md) error codes that can occur when you create and deploy an AKS cluster on Azure Local.
+
+## Symptoms
+
+When you try to create an AKS Arc cluster, you receive an error message that appears as follows:
+
+```json
+admission webhook "vhybridakscluster.kb.io" denied the request: { 
+   "result": "Failed", 
+   "validationChecks": [ 
+      { 
+         "name": "ControlPlaneConfigurationValidation", 
+         "message": "ControlPlane: Global LinuxProfile SSH public keys should be valid and non-empty. ssh: no key found", 
+         "recommendation": "Please check https://aka.ms/AKSArcValidationErrors/ControlPlaneConfigurationValidation for recommendations" 
+      } 
+   ] 
+}
+```
+
+The following section describes the error messages that you might see when you encounter the **ControlPlaneConfigurationValidation** error code.
+
+## Global LinuxProfile SSH public keys must be valid and non-empty
+
+If you don't provide valid SSH key information during Kubernetes cluster creation and no SSH key exists, you receive error messages similar to the following:
+
+- An RSA key file or key value must be supplied to SSH Key Value.
+- Control Plane: Missing Security Keys in Cluster Configuration.
+- LinuxProfile SSH public keys should be valid and non-empty.
+- Global LinuxProfile SSH public keys should be valid and non-empty.
+
+To mitigate the issue, see [Generate and store SSH keys with the Azure CLI](ssh-keys-azure-cli.md#generate-new-keys) to create the SSH keys. Then, [see Create Kubernetes clusters](aks-create-clusters-cli.md) for the interface you're using. If you're using the REST API, see [provisioned cluster instances](/rest/api/hybridcontainer/provisioned-cluster-instances) to create the provisioned cluster instance.
+
+## Control plane count and VM size
+
+In Kubernetes, control plane nodes manage and orchestrate the cluster. They run key components such as API Server, etcd, scheduler, etc. Control plane nodes maintain cluster state, schedule workloads, and ensure high availability, often using multiple nodes for redundancy.
+
+To successfully create an AKS Arc cluster, you must specify at least one control plane node count. Also, to maintain etcd quorum, the control plane node count should be an odd number. For more information about supported count and VM SKU options, see [Scale requirements for AKS on Azure Local](scale-requirements.md#support-count-for-aks-on-hci).
+
+## Next steps
+
+[Troubleshoot issues in AKS enabled by Azure Arc](aks-troubleshoot.md)
diff --git a/AKS-Arc/docfx.json b/AKS-Arc/docfx.json
@@ -55,7 +55,7 @@
       "feedback_product_url": "https://feedback.azure.com/d365community/forum/a2f8da29-b853-ec11-8f8e-0022481f2fe7",
       "breadcrumb_path": "/azure/aks/aksarc/breadcrumb/toc.json",
       "extendBreadcrumb": false,
-      "manager":"femila",
+      "manager":"lizross",
       "ms.service": "azure-stack",
       "recommendations": true,
       "zone_pivot_group_filename": "../azure-stack/zone-pivot-groups.json"
