-
Notifications
You must be signed in to change notification settings - Fork 387
/
known-issues-arc.yml
174 lines (121 loc) · 12.8 KB
/
known-issues-arc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
### YamlMime:FAQ
metadata:
title: Resolve errors when enabling and disabling Azure Arc on AKS workload clusters
description: Find solutions to known issues and errors when enabling and disabling Azure Arc on AKS workload clusters in AKS enabled by Arc.
author: sethmanheim
ms.author: sethm
ms.service: azure-stack
ms.subservice: aks-hci
ms.topic: faq
ms.date: 6/13/2024
title: Resolve errors when enabling or disabling Azure Arc on your AKS workload clusters in AKS enabled by Arc
summary: |
Applies to: AKS on Azure Stack HCI, AKS on Windows Server
This article describes errors you might encounter (and their workarounds) while connecting or disconnecting your AKS workload clusters to Azure Arc using the PowerShell cmdlets [`Enable-AksHciArcConnection`](./reference/ps/enable-akshciarcconnection.md) and [`Disable-AksHciArcConnection`](./reference/ps/disable-akshciarcconnection.md) in AKS Arc. For issues that are not covered in this article, see [Troubleshooting Arc enabled Kubernetes](/azure/azure-arc/kubernetes/troubleshooting).
You can also [open a support issue](./help-support.md) if none of the listed workarounds apply to you.
sections:
- name: Single section - ignored
questions:
- question: |
Error: "A workload cluster with the name 'my-aks-cluster' was not found"
answer: |
This error means that you have not created the workload cluster, or you incorrectly spelled the name of the workload cluster.
Run [Get-AksHciCluster](./reference/ps/get-akshcicluster.md) to ensure you have the correct name or that the cluster you want to connect to Arc exists.
- question: |
Error: "System.Management.Automation.RemoteException Starting onboarding process Cluster "azure-arc-onboarding" set..."
answer: |
The following error may occur when you use Windows Admin Center to create a workload cluster and connect it to Arc-enabled Kubernetes:
`System.Management.Automation.RemoteException Starting onboarding process Cluster "azure-arc-onboarding" set. User "azure-arc-onboarding" set. Context "azure-arc-onboarding" created. Switched to context "azure-arc-onboarding". Azure login az login: error: argument --password/-p: expected one argument usage: az login [-h] [--verbose] [--debug] [--only-show-errors] [--output {json,jsonc,yaml,yamlc,table,tsv,none}] [--query JMESPATH] [--username USERNAME] [--password PASSWORD] [--service-principal] [--tenant TENANT] [--allow-no-subscriptions] [-i] [--use-device-code] [--use-cert-sn-issuer] : Job Failed Condition]`
To resolve this issue, review the options below:
- Option 1: Delete the workload cluster and try again using Windows Admin Center.
- Option 2: In PowerShell, check if the cluster has been successfully created by running the [Get-AksHciCluster](./reference/ps/get-akshcicluster.md) command, and then use [Enable-AksHciArcConnection](./reference/ps/enable-akshciarcconnection.md) to connect your cluster to Arc.
- question: |
`Enable-AksHciArcConnection` fails if `Connect-AzAccount` is used to sign in to Azure
answer: |
When you use [`Connect-AzAccount`](/powershell/module/az.accounts/connect-azaccount?view=azps-6.4.0&preserve-view=true) to sign in to Azure, you might set a different subscription as your default context than the one that you gave as an input to [`Set-AksHciRegistration`](./reference/ps/set-akshciregistration.md). When you then run [`Enable-AksHciArcConnection`](./reference/ps/enable-akshciarcconnection.md), the command expects the subscription used in `Set-AksHciRegistration`. However, `Enable-AksHciArcConnection` gets the default subscription set using the `Connect-AzAccount`, and therefore, might cause an error.
To prevent this error, follow one of the options below:
- Option 1: Run `Set-AksHciRegistration` to log in to Azure with the same parameters (subscription and resource group) you used when you first ran the command to connect your AKS host to Azure for billing. You can then use `Enable-AksHciArcConnection -Name <ClusterName>` with default values, and your cluster will be connected to Arc under the AKS host billing subscription and resource group.
- Option 2: Run `Enable-AksHciArcRegistration` with all parameters, `subscription`, `resource group`, `location`, `tenant`, and `secret`, to connect your cluster to Azure Arc under a different subscription and resource group than the AKS host. You should also run `Enable-AksHciArcRegistration` if you do not have enough permissions to connect your cluster to Azure Arc using your Azure Account (for example, if you are not the subscription owner).
- question: |
Error: 'Timed out waiting for the condition'
answer: |
This error usually points to one of the following issues:
- The clusters were created in an Azure VM in a virtualized environment, or you deployed AKS on Azure Stack HCI on multiple levels of virtualization.
- A slow internet caused the timeout.
If one of the above scenarios applies to you, run [Disable-AksHciArcConnection](./reference/ps/disable-akshciarcconnection.md), and try connecting again. If the above scenario doesn't apply to you, [open a support issue](./help-support.md) for AKS on Azure Stack HCI.
- question: |
Error: "Secrets "sh.helm.release.v1.azure-arc.v1" not found"
answer: |
This error indicates that your Kubernetes API server could not be reached.
Try running the [`Disable-AksHciArcConnection`](./reference/ps/disable-akshciarcconnection.md) command again, and then go to the [Azure portal](https://portal.azure.com) to confirm that your `connectedCluster` resource was actually deleted. You can also run `kubectl get ns -A` to confirm that the namespace, `azure-arc`, does not exist on your cluster.
- question: |
Error: "Connection to Azure failed. Please run 'Set-AksHciRegistration' and try again"
answer: |
This error means that your login credentials to Azure have expired.
Use [`Set-AksHciRegistration`](./reference/ps/set-akshciregistration.md) to log in to Azure before running the [`Enable-AksHciArcConnection`](./reference/ps/enable-akshciarcconnection.md) command again. When rerunning `Set-AksHciRegistration`, make sure you use the same subscription and resource group details you used when you first registered the AKS host to Azure for billing. If you rerun the command with a different subscription or resource group, they will not be registered. Once the subscription and resource group are set in `Set-AksHciRegistration`, they cannot be changed without uninstalling AKS Arc.
- question: |
Error: "'My-Cluster' is not a valid cluster name. Names must be lowercase and match the regular expression pattern: '^[a-z0-9][a-z0-9-]*[a-z0-9]$'"
answer: |
This error indicates that the workload cluster does not follow the Kubernetes naming convention.
As the error suggests, make sure the cluster name is lowercase and matches the regular expression pattern: '^[a-z0-9][a-z0-9-]*[a-z0-9]$'.
- question: |
Error: "addons.msft.microsoft "demo-arc-onboarding" already exists"
answer: |
This error usually means that you already connected your AKS cluster to Arc-enabled Kubernetes.
To confirm it's connected, go to the [Azure portal](https://portal.azure.com) and check under the subscription and resource group you provided when you ran [`Set-AksHciRegistration`](./reference/ps/set-akshciregistration.md) (if you used default values) or [`Enable-AksHciArcConnection`](./reference/ps/enable-akshciarcconnection.md) (if you didn't use default values). You can also confirm if your AKS on Azure Stack HCI cluster is connected to Azure by running the [`az connectedk8s show` ](/cli/azure/connectedk8s#az-connectedk8s-show) Azure CLI command. If you don't see your workload cluster, run `Disable-AksHciArcConnection` and try again.
- question: |
Error: "autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound"..."
answer: |
This error means that Azure can't find the `connectedCluster` Azure Resource Manager resource associated with your cluster:
"autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The Resource 'Microsoft.Kubernetes/connectedClusters/my-workload-cluster' under resource group 'AKS-HCI2' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"]"
You may encounter this error if:
- You supplied an incorrect resource group or subscription while running the `Disable-AksHciArcConnection` cmdlet.
- You manually deleted the resource on the Azure portal.
- Azure Resource Manager cannot find your Azure resource.
To resolve this error, as indicated in the error message, see [resolve resource not found errors](/azure/azure-resource-manager/templates/error-not-found).
- question: |
Error: "Cluster addons arc uninstall Error: namespaces "azure-arc" not found"
answer: |
This error usually means that you already uninstalled Arc agents from your workload cluster, or you manually deleted the `azure-arc` namespace using the `kubectl` command.
Go to the [Azure portal](https://portal.azure.com) to confirm that you don't have any leaked resources. For example, verify that you don't see a `connectedCluster` resource in the subscription and resource group.
- question: |
Error: "Azure subscription is not properly configured"
answer: |
You may encounter this issue if you haven't configured your Azure subscription with the Arc-enabled Kubernetes resource providers. We currently check that `Microsoft.Kubernetes` and `Microsoft.KubernetesConfiguration` are configured.
For more information about enabling these resource providers, see [Register providers for Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/quickstart-connect-cluster?tabs=azure-cli#register-providers-for-azure-arc-enabled-kubernetes).
- question: |
Error: "Unable to read ConfigMap 'azure-clusterconfig' in 'azure-arc' namespace"
answer: |
You may encounter this issue when trying to re-enable the Arc connection on an AKS cluster after disabling an existing connection. The error is due to a change to the namespace in which Azure Arc secrets are stored.
The steps that lead to the error are:
1. Connect a workload cluster to Azure Arc with `Enable-AksHciArcConnection -name $clusterName`.
1. Disconnect the cluster from Azure Arc: `Disable-AksHciArcConnection -name $clusterName`.
1. Connect the workload cluster to Azure Arc with this command again: `Enable-AksHciArcConnection -name $clusterName`.
The error is:
```output
returned a non zero exit code 1 [Error: Job azure-arc-onboarding terminated with Failed to run CLI command: Error from server (NotFound): namespaces "azure-arc"
not found
System.Management.Automation.RemoteException
ERROR: Unable to read ConfigMap 'azure-clusterconfig' in 'azure-arc' namespace:
Error Response: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"azure-clusterconfig\" not
found","reason":"NotFound","details":{"name":"azure-clusterconfig","kind":"configmaps"},"code":404}
System.Management.Automation.RemoteException
System.Management.Automation.RemoteException
: Job Failed Condition
```
`Enable-AksHciArcConnection` always fails, and after you run `Disable-AksHciArcConnection`, there is a remaining secret in the azure-arc-release namespace. To check if the secret exists, you can run the following command and ensure that no secret is listed:
```powershell
kubectl get secret -nazure-arc-release sh.helm.release.v1.azure-arc.v1
```
To work around this issue, delete the azure-arc-release namespace after running `Disable-AksHciArcConnection`:
```powershell
$clusterName = "<name of cluster>"
Get-AksHciCredential -name $clusterName
kubectl delete namespace azure-arc-release
Disable-AksHciArcConnection -name $clusterName
Enable-AksHciArcConnection -name $clusterName
```
additionalContent: |
## Next steps
- [Troubleshooting Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/troubleshooting)
- [Known issues](/azure-stack/aks-hci/known-issues)