AKS enabled by Arc pre-installation validation tests
Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server
The following table lists the tests that are executed when you run the Set-AksHciConfig and Set-AksHciRegistration PowerShell cmdlets. The tests help to ensure that when you run the actual installation with Install-AksHci, the installation process avoids many common environment and configuration issues. For a better understanding of the terms used in the tests, see the AKS Arc concepts article.
| Test name | Description | Troubleshooting resources |
|---|---|---|
| MOC host internet connectivity | The test validates that the machine hosting MOC has internet connectivity to key Microsoft endpoints. | - Ensure that there is connectivity from the physical hosts to the internet. - Blog post on troubleshooting network issues in Windows Server - Use HUD for troubleshooting network issues in Azure Stack HCI - Firewall requirements for Azure Stack HCI - Troubleshooting Windows Server components |
| MOC host limits | Validates that the machine hosting MOC has the minimum resources needed. See the published hardware requirements. | Ensure that the minimum requirements are met: AKS Arc system requirements. |
| MOC host remoting | Validates that PowerShell remoting is enabled and working from the MOC hosting machine to other physical hosts in the cluster. | - Troubleshoot CredSSP issues - Troubleshoot PowerShell remoting issues |
| MOC network configuration | Validates that the MOC network configuration is correct. It verifies that: - The virtual switch exists. - The CloudServiceIP can be used to provide a static IP address to be assigned to the MOC CloudAgent service. This value should be provided using the standard IPv4 format; for example, 192.168.1.2. The cloudServiceIP address should also be created from one of the ClusterAndClient networks in the underlying failover cluster. You can run the Get-ClusterNetwork command in an elevated PowerShell window to find the network role. You may want to specify this address to ensure that anything important on the network is always accessible, because the IP address doesn't change. - Should be able to create and start the failover cluster resource. - The cloud service IP should not overlap with the VIP pool, or k8snodepool IP addresses provided during VNET configuration. |
- Ensure that the IP address of the CloudServiceIP meets the requirements in the description. - AKS Arc network concepts - AKS Arc network troubleshooting - Troubleshoot network issues in Azure Stack HCI - Can't bring a network name online in a failover cluster |
| MOC SDN configuration | Validates that the SDN configuration is correct, and the Network Controller is available. The test checks that: - Network Controller FQDN or IP address information is reachable. - Network Controller load balancer subnet resource reference is provided. - Network Controller L netRef is provided. |
- If you're providing SDN parameters, ensure that SDN is available in the system. - AKS Arc network concepts - Troubleshooting SDN - Checklist for troubleshooting SDN |
| MOC directories | Validates MOC directories. The test checks for: - Valid directory names. - Config directory cannot contain the working directory. - Check if the working directory is in the cluster shared volume. - Check that the directories aren't local. - Check to ensure the working directory is not the system drive or root. |
- Ensure the user account has access to the directories provided. - Verify that no previous install of MOC exists. - Verify that the config directory cannot contain the working directory. |
| Failover cluster health | Validates failover cluster health. It checks that the cluster nodes and cluster network are available. | - Ensure that there is a failover setup, see Failover clustering. - Run an HCI cluster validation test. - Troubleshooting the failover cluster |
| Failover cluster HCI registration | Validates failover cluster HCI registration. The test checks for the presence of a failover cluster. | - Run an HCI cluster validation test. - Troubleshooting the failover cluster |
| AKS management cluster configuration | Validates the AKS management cluster configuration and corresponding host machine configuration to make sure the host is ready to install it successfully. Verifies: - AKS management image is present. - AKS Arc-related binaries are present in all nodes. - Necessary Azure Stack HCI cloud roles are added. - Verifies Azure Stack HCI cloud location. - Verifies Azure Stack HCI cloud storage container. - Verifies permissions to create an Azure resource. - Verifies Azure Stack HCI network and load balancer type. - Verifies Kube-Vip configuration. - Verifies Vip-pool IPs. - Verifies K8s node pool IPs. |
- Review the Active Directory requirements. - AKS Arc network troubleshooting - Ensure the user has the necessary permissions. - Ensure that IP formatting is correct. |
| AKS management cluster configuration proxy connectivity | Validates that the configuration allows internet connectivity to Microsoft endpoints with or without a proxy server. | - Ensure the host has internet connectivity. - Follow the proxy settings guide. |
| AKS Arc internet connectivity | Validates that the virtual machine hosting AKS Arc has internet connectivity to key Microsoft endpoints. | - Ensure that there's connectivity from the physical hosts to the internet. - If you're using a proxy, ensure that the proxy settings passed in Set-AksHciConfig are correct. - Ensure there is connectivity from any VMs in the nodepool IP range provided in the New-AksHciNetworkSetting cmdlet parameters -k8sNodeIpPoolStart and -k8sNodeIpPoolStart.- Blog post on troubleshooting network issues in Windows Server - Use HUD for troubleshooting network issues in Azure Stack HCI - Firewall requirements for Azure Stack HCI - Troubleshooting Windows Server components |
| DNS availability | Validates that the provided DNS servers are available. | Ensure that the DNS servers provided in the New-AksHciNetworkSetting cmdlet parameter -dnsServers are available to VMs in the IP range provided in the parameters -k8sNodeIpPoolStart and -k8sNodeIpPoolStart. |
| Connectivity between the VM that hosts the AKS Arc (management cluster) and the cloud agent. | Validates that VMs in the K8sNoodPool range can reach the cloud agent endpoint. | - Ensure that the DNS servers provided in New-AksHciNetworkSetting can resolve the cloud agent FQDN. - Ensure that the cloud agent endpoint is online. |
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for