Merge pull request #230068 from phealy/patch-3

prmerger-automator[bot] · web-flow · commit 00ad0d7e7c3b · 2023-03-09T19:17:06.000Z
AKS: Azure CNI Overlay documentation updates
diff --git a/articles/aks/azure-cni-overlay.md b/articles/aks/azure-cni-overlay.md
@@ -92,9 +92,8 @@ Use the traditional VNet option when:
 
 ## Limitations with Azure CNI Overlay
 
-The overlay solution has the following limitations:
+Azure CNI Overlay has the following limitations:
 
-* Overlay can be enabled only for new clusters. Existing (already deployed) clusters can't be configured to use overlay.
 * You can't use Application Gateway as an Ingress Controller (AGIC) for an overlay cluster.
 * Windows Server 2019 node pools are not supported for overlay.
 
@@ -150,9 +149,10 @@ az aks create -n $clusterName -g $resourceGroup --location $location --network-p
 
 To update an existing cluster to use Azure CNI overlay, there are a couple prerequisites:
 
-1. The cluster must use Azure CNI without the pod subnet feature.
-1. The cluster is _not_ using network policies.
-1. The Overlay Pod CIDR needs to be an address range that _does not_ overlap with the existing cluster's VNet.
+* The cluster must use Azure CNI without the pod subnet feature.
+* The cluster is _not_ using network policies.
+* The Overlay Pod CIDR needs to be an address range that _does not_ overlap with the existing cluster's VNet.
+* If you have subnet Network Security Group rules, they must allow traffic to and from the Pod CIDR (refer to the [network security groups](#network-security-groups) section in this document for more information).
 
 To update a cluster, run the following Azure CLI command. 
 
