testing docs

Author: naman-msft

proc.py

@@ -0,0 +1,178 @@
+#!/usr/bin/env python3
+import os
+import re
+import shutil
+from pathlib import Path
+import yaml
+from openai import AzureOpenAI
+import argparse
+
+# Azure OpenAI configuration
+AZURE_OPENAI_ENDPOINT = os.getenv("AZURE_OPENAI_ENDPOINT", "")
+AZURE_OPENAI_KEY = os.getenv("AZURE_OPENAI_API_KEY", "")
+AZURE_OPENAI_DEPLOYMENT = "gpt-4.1"
+AZURE_OPENAI_API_VERSION = "2024-12-01-preview"
+
+def setup_azure_openai():
+    """Initialize Azure OpenAI client"""
+    if not AZURE_OPENAI_ENDPOINT or not AZURE_OPENAI_KEY:
+        raise ValueError("Please set AZURE_OPENAI_ENDPOINT and AZURE_OPENAI_KEY environment variables")
+    
+    client = AzureOpenAI(
+        azure_endpoint=AZURE_OPENAI_ENDPOINT,
+        api_key=AZURE_OPENAI_KEY,
+        api_version=AZURE_OPENAI_API_VERSION
+    )
+    return client
+
+def extract_title_from_markdown(file_path):
+    """Extract title from markdown file metadata or content"""
+    with open(file_path, 'r', encoding='utf-8') as f:
+        content = f.read()
+    
+    # Try to extract YAML frontmatter
+    yaml_match = re.match(r'^---\s*\n(.*?)\n---', content, re.DOTALL)
+    if yaml_match:
+        try:
+            metadata = yaml.safe_load(yaml_match.group(1))
+            if metadata and 'title' in metadata:
+                return metadata['title']
+        except:
+            pass
+    
+    # Try to find the first H1 heading
+    h1_match = re.search(r'^#\s+(.+)$', content, re.MULTILINE)
+    if h1_match:
+        return h1_match.group(1).strip()
+    
+    # Fallback to filename
+    return Path(file_path).stem
+
+def generate_folder_name(client, title, file_content_snippet):
+    """Use Azure OpenAI to generate an intuitive folder name"""
+    prompt = f"""Given this document title: "{title}"
+And this content snippet from the document:
+{file_content_snippet[:500]}
+
+Generate a concise folder name following these rules:
+1. Use PascalCase (capitalize first letter of each word)
+2. Be descriptive but concise (2-4 words max)
+3. Should reflect the main topic/technology
+4. Examples: GPUNodePoolAKS, DeployIGOnAKS, AzureMLWorkspace
+
+Return ONLY the folder name, nothing else."""
+
+    try:
+        response = client.chat.completions.create(
+            model=AZURE_OPENAI_DEPLOYMENT,
+            messages=[
+                {"role": "system", "content": "You are a helpful assistant that generates folder names."},
+                {"role": "user", "content": prompt}
+            ],
+            temperature=0.3,
+            max_tokens=50
+        )
+        folder_name = response.choices[0].message.content.strip()
+        # Ensure it's valid folder name
+        folder_name = re.sub(r'[^\w]', '', folder_name)
+        return folder_name
+    except Exception as e:
+        print(f"Error generating folder name with Azure OpenAI: {e}")
+        # Fallback to title-based name
+        return ''.join(word.capitalize() for word in re.findall(r'\w+', title))[:30]
+
+def pascal_to_kebab(name):
+    """Convert PascalCase to kebab-case, preserving acronyms like AKS."""
+    # split on transitions from uppercase to lowercase or between acronyms
+    tokens = re.findall(r'[A-Z](?:[a-z]+|[A-Z]*(?=[A-Z]|$))', name)
+    return '-'.join(t.lower() for t in tokens)
+
+def process_success_files(source_dir, target_dir, dry_run=False):
+    """Process all markdown files with 'success' in filename"""
+    source_path = Path(source_dir)
+    target_path = Path(target_dir)
+    
+    if not source_path.exists():
+        print(f"Source directory {source_dir} does not exist")
+        return
+    
+    # Setup Azure OpenAI
+    try:
+        client = setup_azure_openai()
+        print("Azure OpenAI client initialized successfully")
+    except Exception as e:
+        print(f"Warning: Could not initialize Azure OpenAI: {e}")
+        print("Will use fallback naming method")
+        client = None
+    
+    # Find all markdown files with 'success' in filename
+    success_files = []
+    for folder in source_path.iterdir():
+        if folder.is_dir():
+            for file in folder.glob("*.md"):
+                if "success" in file.name.lower():
+                    success_files.append(file)
+    
+    print(f"Found {len(success_files)} success files to process")
+    
+    for file_path in success_files:
+        try:
+            print(f"\nProcessing: {file_path}")
+            
+            # Extract title
+            title = extract_title_from_markdown(file_path)
+            print(f"  Title: {title}")
+            
+            # Read file content for OpenAI
+            with open(file_path, 'r', encoding='utf-8') as f:
+                content_snippet = f.read()[:1000]
+            
+            # Generate folder name
+            if client:
+                folder_name = generate_folder_name(client, title, content_snippet)
+            else:
+                # Fallback method
+                folder_name = ''.join(word.capitalize() for word in re.findall(r'\w+', title))[:30]
+            
+            print(f"  Folder name: {folder_name}")
+            
+            # Convert to kebab-case for filename
+            file_name = pascal_to_kebab(folder_name) + ".md"
+            print(f"  File name: {file_name}")
+            
+            # Create target path
+            target_folder = target_path / folder_name
+            target_file = target_folder / file_name
+            
+            if dry_run:
+                print(f"  [DRY RUN] Would create: {target_folder}")
+                print(f"  [DRY RUN] Would copy to: {target_file}")
+            else:
+                # Create folder and copy file
+                target_folder.mkdir(parents=True, exist_ok=True)
+                shutil.copy2(file_path, target_file)
+                print(f"  Created: {target_folder}")
+                print(f"  Copied to: {target_file}")
+                
+        except Exception as e:
+            print(f"  ERROR processing {file_path}: {e}")
+
+def main():
+    parser = argparse.ArgumentParser(description="Process success markdown files")
+    parser.add_argument("--dry-run", action="store_true", help="Show what would be done without actually doing it")
+    args = parser.parse_args()
+    
+    source_dir = "tools/success"
+    target_dir = "scenarios"
+    
+    print(f"Source directory: {source_dir}")
+    print(f"Target directory: {target_dir}")
+    
+    if args.dry_run:
+        print("\n*** DRY RUN MODE - No files will be moved ***\n")
+    
+    process_success_files(source_dir, target_dir, dry_run=args.dry_run)
+    print("\nProcessing complete!")
+
+if __name__ == "__main__":
+    main()

scenarios/AKSApiServerTroubleshoot/aks-api-server-troubleshoot.md

@@ -0,0 +1,90 @@
+---
+title: Troubleshoot cluster connection issues with the API server
+description: Troubleshoot issues that occur when you attempt to connect to the API server of an Azure Kubernetes Service (AKS) cluster.
+ms.date: 08/30/2024
+ms.reviewer: rissing chiragpa, beleite, v-leedennis, v-weizhu
+ms.service: azure-kubernetes-service
+#Customer intent: As an Azure Kubernetes user, I want to take basic troubleshooting measures so that I can avoid cluster connectivity issues with the API server.
+ms.custom: sap:Connectivity,innovation-engine
+---
+
+# Basic troubleshooting of cluster connection issues with the API server
+
+This article discusses connection issues to an Azure Kubernetes Service (AKS) cluster when you can't reach the cluster's API server through the Kubernetes cluster command-line tool ([kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)) or any other tool, such as using REST API through a programming language.
+
+## Prerequisites
+
+- [Azure CLI](/cli/azure/install-azure-cli).
+
+## Root cause and solutions
+
+Connection issues to the API server can occur for many reasons, but the root cause is often related to an error with one of these items:
+
+- Network
+- Authentication
+- Authorization
+
+You can take these common troubleshooting steps to check the connectivity to the AKS cluster's API server:
+
+1. Enter the following [az aks show](/cli/azure/aks#az-aks-show) command in Azure CLI. This command gets the fully qualified domain name (FQDN) of your AKS cluster.
+
+    First, export your resource names to environment variables and add a random suffix to the resource group and cluster names for unique testing.
+
+    ```azurecli
+    export RANDOM_SUFFIX=$(head -c 3 /dev/urandom | xxd -p)
+    export RESOURCE_GROUP="my-aks-rg$RANDOM_SUFFIX"
+    export AKS_CLUSTER="myakscluster$RANDOM_SUFFIX"
+    az aks show --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER --query fqdn
+    ```
+
+    Results:
+
+    <!-- expected_similarity=0.3 -->
+
+    ```output
+    "xxxxxx-xxxxxxxx.hcp.eastus2.azmk8s.io"
+    ```
+
+2. With the FQDN, check whether the API server is reachable from the client machine by using the name server lookup ([nslookup](/windows-server/administration/windows-commands/nslookup)), client URL ([curl](https://curl.se/docs/manpage.html)), and [telnet](/windows-server/administration/windows-commands/telnet) commands:
+
+    Replace `<cluster-fqdn>` with the actual FQDN returned from the previous step. For demonstration, we use a variable.
+
+    ```bash
+    export CLUSTER_FQDN=$(az aks show --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER --query fqdn -o tsv)
+    
+    # Check if the DNS Resolution is working:
+    nslookup $CLUSTER_FQDN  
+    
+    # Then check if the API Server is reachable:
+    curl -k -Iv https://$CLUSTER_FQDN
+
+    # Test raw TCP connectivity (output will vary depending on environment)
+    timeout 5 telnet $CLUSTER_FQDN 443 || echo "Connection test completed"
+    ```
+
+3. If the AKS cluster is private, make sure you run the command from a virtual machine (VM) that can access the AKS cluster's Azure Virtual Network. See [Options for connecting to the private cluster](/azure/aks/private-clusters#options-for-connecting-to-the-private-cluster).
+
+4. If necessary, follow the steps in the troubleshooting article [Client IP address can't access the API server](client-ip-address-cannot-access-api-server.md), so the API server adds your client IP address to the IP ranges it authorizes.
+
+5. Make sure the version of kubectl on your client machine isn't two or more minor versions behind the AKS cluster's version of that tool. To install the latest version of kubectl, run the [az aks install-cli](/cli/azure/aks#az-aks-install-cli) command in Azure CLI. You can then run [kubectl version](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#version) command to check the version number of the new installation.
+
+    For example, on Linux you would run these commands:
+
+    ```shell
+    sudo az aks install-cli
+    kubectl version --client
+    ```
+
+    For other client operating systems, use these [kubectl installation instructions](https://kubernetes.io/docs/tasks/tools/).
+
+6. If necessary, follow the steps in the troubleshooting article [Config file isn't available when connecting](config-file-is-not-available-when-connecting.md), so your Kubernetes configuration file (*config*) is valid and can be found at connection time.
+
+7. If necessary, follow the steps in the troubleshooting article [User can't get cluster resources](user-cannot-get-cluster-resources.md), so you can list the details of your cluster nodes.
+
+8. If you're using a firewall to control egress traffic from AKS worker nodes, make sure the firewall allows the [minimum required egress rules for AKS](/azure/aks/limit-egress-traffic).
+
+9. Make sure the [network security group that's associated with AKS nodes](/azure/aks/concepts-security#azure-network-security-groups) allows communication on TCP port 10250 within the AKS nodes.
+
+For other common troubleshooting steps, see [TCP time-outs when kubectl or other third-party tools connect to the API server](tcp-timeouts-kubetctl-third-party-tools-connect-api-server.md).
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

scenarios/AKSClientSecretError/aks-client-secret-error.md

@@ -0,0 +1,73 @@
+---
+title: AADSTS7000222 - BadRequest or InvalidClientSecret error
+description: Learn how to troubleshoot the BadRequest or InvalidClientSecret error when you try to create or upgrade an Azure Kubernetes Service (AKS) cluster.
+ms.topic: article
+ms.date: 06/13/2024
+author: axelgMS
+ms.author: axelg
+ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool), innovation-engine
+---
+
+# AADSTS7000222 - BadRequest or InvalidClientSecret error
+
+This article discusses how to identify and resolve the `AADSTS7000222` error (`BadRequest` or `InvalidClientSecret`) that occurs when you try to create or upgrade a Microsoft Azure Kubernetes Service (AKS) cluster.
+
+## Prerequisites
+
+- [Azure CLI](/cli/azure/install-azure-cli)
+
+## Symptoms
+
+When you try to create or upgrade an AKS cluster, you receive one of the following error messages.
+
+| Error code | Message |
+|--|--|
+| `BadRequest` | **The credentials in ServicePrincipalProfile were invalid.** Please see <https://aka.ms/aks-sp-help> for more details. (Details: adal: Refresh request failed. Status Code = '401'. Response body: {"error": "invalid_client", "error_description": "**AADSTS7000222: The provided client secret keys for app '\<application-id>' are expired.** Visit the Azure portal to create new keys for your app: <https://aka.ms/NewClientSecret>, or consider using certificate credentials for added security: <https://aka.ms/certCreds>." |
+| `InvalidClientSecret` | **Customer auth is not valid for tenant: \<tenant-id>**: adal: Refresh request failed. Status Code = '401'. Response body: {"error": "invalid_client", "error_description": "**AADSTS7000222: The provided client secret keys for app '\<application-id>' are expired.** Visit the Azure portal to create new keys for your app: <https://aka.ms/NewClientSecret>, or consider using certificate credentials for added security: <https://aka.ms/certCreds>." |
+
+## Cause
+
+The issue that generates this service principal alert usually occurs for one of the following reasons:
+
+- The client secret expired.
+
+- Incorrect credentials were provided.
+
+- The service principal doesn't exist within the Microsoft Entra ID tenant of the subscription.
+
+#### Verify the cause
+
+Use the following commands to retrieve the service principal profile for your AKS cluster and check the expiration date of the service principal. Make sure to set the appropriate variables for your AKS resource group and cluster name.
+
+```azurecli
+SP_ID=$(az aks show --resource-group RESOURCE_GROUP_NAME \
+    --name AKS_CLUSTER_NAME \
+    --query servicePrincipalProfile.clientId \
+    --output tsv)
+az ad app credential list --id "$SP_ID"
+```
+
+Alternatively, you can verify that the service principal name and secret are correct and aren't expired. To do this, follow these steps:
+
+1. In the [Azure portal](https://portal.azure.com), search for and select **Microsoft Entra ID**.
+
+1. In the navigation pane of Microsoft Entra ID, select **App registrations**.
+
+1. On the **Owned applications** tab, select the affected application.
+
+1. Find the service principal name and secret information, and verify that the information is correct and current.
+
+## Solution
+
+1. In the [Update or rotate the credentials for an AKS cluster](/azure/aks/update-credentials) article, follow the instructions in one of the following article sections, as appropriate:
+
+   - [Reset the existing service principal credentials](/azure/aks/update-credentials#reset-the-existing-service-principal-credentials)
+   - [Create a new service principal](/azure/aks/update-credentials#create-a-new-service-principal)
+
+1. Using your new service principal credentials, follow the instructions in the [Update AKS cluster with service principal credentials](/azure/aks/update-credentials#update-aks-cluster-with-service-principal-credentials) section of that article.
+
+## More information
+
+- [Use a service principal with Azure Kubernetes Service (AKS)](/azure/aks/kubernetes-service-principal) (especially the [Troubleshoot](/azure/aks/kubernetes-service-principal#troubleshoot) section)
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]