Merge pull request #259642 from MicrosoftDocs/main

Publish to live, Tuesday 4 AM PST, 11/28

Author: ttorble

articles/aks/azure-blob-csi.md

@@ -3,7 +3,7 @@ title: Use Container Storage Interface (CSI) driver for Azure Blob storage on Az
 description: Learn how to use the Container Storage Interface (CSI) driver for Azure Blob storage in an Azure Kubernetes Service (AKS) cluster.
 ms.topic: article
 ms.custom: devx-track-linux
-ms.date: 11/01/2023
+ms.date: 11/24/2023
 ---
 
 # Use Azure Blob storage Container Storage Interface (CSI) driver
@@ -33,6 +33,8 @@ Azure Blob storage CSI driver supports the following features:
 - You need the Azure CLI version 2.42 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 
 - Perform the steps in this [link][csi-blob-storage-open-source-driver-uninstall-steps] if you previously installed the [CSI Blob Storage open-source driver][csi-blob-storage-open-source-driver] to access Azure Blob storage from your cluster.
+> [!NOTE]
+> If the blobfuse-proxy is not enabled during the installation of the open source driver, the uninstallation of the open source driver will disrupt existing blobfuse mounts. However, NFS mounts will remain unaffected.
 
 ## Enable CSI driver on a new or existing AKS cluster
 

articles/aks/azure-csi-blob-storage-provision.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Kubernetes Service
 description: Learn how to create a static or dynamic persistent volume with Azure Blob storage for use with multiple concurrent pods in Azure Kubernetes Service (AKS)
 ms.topic: article
 ms.custom: devx-track-linux
-ms.date: 09/06/2023
+ms.date: 11/28/2023
 ---
 
 # Create and use a volume with Azure Blob storage in Azure Kubernetes Service (AKS)
@@ -28,6 +28,7 @@ For more information on Kubernetes volumes, see [Storage options for application
 
    - To create an ADLS account using the driver in dynamic provisioning, specify `isHnsEnabled: "true"` in the storage class parameters.
    - To enable blobfuse access to an ADLS account in static provisioning, specify the mount option `--use-adls=true` in the persistent volume.
+   - If you are going to enable a storage account with Hierarchical Namespace, existing persistent volumes should be remounted with `--use-adls=true` mount option.
 
 ## Dynamically provision a volume
 
@@ -72,12 +73,10 @@ A persistent volume claim (PVC) uses the storage class object to dynamically pro
     kind: PersistentVolumeClaim
     metadata:
       name: azure-blob-storage
-      annotations:
-            volume.beta.kubernetes.io/storage-class: azureblob-nfs-premium
     spec:
       accessModes:
       - ReadWriteMany
-      storageClassName: my-blobstorage
+      storageClassName: azureblob-nfs-premium
       resources:
         requests:
           storage: 5Gi
@@ -127,6 +126,7 @@ The following YAML creates a pod that uses the persistent volume claim **azure-b
         volumeMounts:
         - mountPath: "/mnt/blob"
           name: volume
+          readOnly: false
       volumes:
         - name: volume
           persistentVolumeClaim:
@@ -177,6 +177,9 @@ In this example, the following manifest configures mounting a Blob storage conta
       protocol: nfs
       tags: environment=Development
     volumeBindingMode: Immediate
+    allowVolumeExpansion: true
+    mountOptions:
+      - nconnect=4
     ```
 
 2. Create the storage class with the [kubectl apply][kubectl-apply] command:
@@ -318,12 +321,13 @@ The following example demonstrates how to mount a Blob storage container as a pe
         - ReadWriteMany
       persistentVolumeReclaimPolicy: Retain  # If set as "Delete" container would be removed after pvc deletion
       storageClassName: azureblob-nfs-premium
+      mountOptions:
+        - nconnect=4
       csi:
         driver: blob.csi.azure.com
-        readOnly: false
         # make sure volumeid is unique for every identical storage blob container in the cluster
         # character `#` and `/` are reserved for internal use and cannot be used in volumehandle
-        volumeHandle: unique-volumeid
+        volumeHandle: account-name_container-name
         volumeAttributes:
           resourceGroup: resourceGroupName
           storageAccount: storageAccountName
@@ -413,10 +417,9 @@ Kubernetes needs credentials to access the Blob storage container created earlie
         - --file-cache-timeout-in-seconds=120
       csi:
         driver: blob.csi.azure.com
-        readOnly: false
         # volumeid has to be unique for every identical storage blob container in the cluster
         # character `#`and `/` are reserved for internal use and cannot be used in volumehandle
-        volumeHandle: unique-volumeid
+        volumeHandle: account-name_container-name
         volumeAttributes:
           containerName: containerName
         nodeStageSecretRef:
@@ -475,6 +478,7 @@ The following YAML creates a pod that uses the persistent volume or persistent v
           volumeMounts:
             - name: blob01
               mountPath: "/mnt/blob"
+              readOnly: false
       volumes:
         - name: blob01
           persistentVolumeClaim:

articles/aks/azure-csi-disk-storage-provision.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Kubernetes Service
 description: Learn how to create a static or dynamic persistent volume with Azure Disks for use with multiple concurrent pods in Azure Kubernetes Service (AKS)
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-linux
-ms.date: 04/11/2023
+ms.date: 11/28/2023
 ---
 
 # Create and use a volume with Azure Disks in Azure Kubernetes Service (AKS)
@@ -165,6 +165,7 @@ After you create the persistent volume claim, you must verify it has a status of
           volumeMounts:
             - mountPath: "/mnt/azure"
               name: volume
+              readOnly: false
       volumes:
         - name: volume
           persistentVolumeClaim:
@@ -285,7 +286,6 @@ When you create an Azure disk for use with AKS, you can create the disk resource
       storageClassName: managed-csi
       csi:
         driver: disk.csi.azure.com
-        readOnly: false
         volumeHandle: /subscriptions/<subscriptionID>/resourceGroups/MC_myAKSCluster_myAKSCluster_eastus/providers/Microsoft.Compute/disks/myAKSDisk
         volumeAttributes:
           fsType: ext4
@@ -351,6 +351,7 @@ When you create an Azure disk for use with AKS, you can create the disk resource
         volumeMounts:
           - name: azure
             mountPath: /mnt/azure
+            volumeMounts
       volumes:
         - name: azure
           persistentVolumeClaim:

articles/aks/azure-csi-files-storage-provision.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Kubernetes Service
 description: Learn how to create a static or dynamic persistent volume with Azure Files for use with multiple concurrent pods in Azure Kubernetes Service (AKS)
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-linux
-ms.date: 10/05/2023
+ms.date: 11/28/2023
 ---
 
 # Create and use a volume with Azure Files in Azure Kubernetes Service (AKS)
@@ -178,6 +178,7 @@ The following YAML creates a pod that uses the persistent volume claim *my-azure
           volumeMounts:
             - mountPath: /mnt/azure
               name: volume
+              readOnly: false
       volumes:
        - name: volume
          persistentVolumeClaim:
@@ -343,7 +344,6 @@ Kubernetes needs credentials to access the file share created in the previous st
       storageClassName: azurefile-csi
       csi:
         driver: file.csi.azure.com
-        readOnly: false
         volumeHandle: unique-volumeid  # make sure this volumeid is unique for every identical share in the cluster
         volumeAttributes:
           resourceGroup: resourceGroupName  # optional, only set this when storage account is not in the same resource group as node
@@ -453,11 +453,11 @@ spec:
       volumeMounts:
         - name: azure
           mountPath: /mnt/azure
+          readOnly: false
   volumes:
     - name: azure
       csi: 
         driver: file.csi.azure.com
-        readOnly: false
         volumeAttributes:
           secretName: azure-secret  # required
           shareName: aksshare  # required

articles/aks/azure-disk-customer-managed-keys.md

@@ -3,7 +3,7 @@ title: Use a customer-managed key to encrypt Azure disks in Azure Kubernetes Ser
 description: Bring your own keys (BYOK) to encrypt AKS OS and Data disks.
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-linux
-ms.date: 09/12/2023
+ms.date: 11/24/2023
 ---
 
 # Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
@@ -64,7 +64,7 @@ az disk-encryption-set create -n myDiskEncryptionSetName  -l myAzureRegionName
 ```
 
 > [!IMPORTANT]
-> Ensure your AKS cluster identity has **read** permission of DiskEncryptionSet
+> Make sure that the DiskEncryptionSet is located in the same region as your AKS cluster and that the AKS cluster identity has **read** access to the DiskEncryptionSet.
 
 ## Grant the DiskEncryptionSet access to key vault
 
@@ -119,6 +119,13 @@ If you have already provided a disk encryption set during cluster creation, encr
 > [!IMPORTANT]
 > Ensure you have the proper AKS credentials. The managed identity needs to have contributor access to the resource group where the diskencryptionset is deployed. Otherwise, you'll get an error suggesting that the managed identity does not have permissions.
 
+To assign the AKS cluster identity the Contributor role for the diskencryptionset, execute the following commands:
+
+```azurecli-interactive
+aksIdentity=$(az aks show -g $RG_NAME -n $CLUSTER_NAME --query "identity.principalId")
+az role assignment create --role "Contributor" --assignee $aksIdentity --scope $diskEncryptionSetId
+```
+
 Create a file called **byok-azure-disk.yaml** that contains the following information.  Replace *myAzureSubscriptionId*, *myResourceGroup*, and *myDiskEncrptionSetName* with your values, and apply the yaml.  Make sure to use the resource group where your DiskEncryptionSet is deployed.  
 
 ```yaml

articles/aks/azure-files-csi.md

@@ -3,7 +3,7 @@ title: Use Container Storage Interface (CSI) driver for Azure Files on Azure Kub
 description: Learn how to use the Container Storage Interface (CSI) driver for Azure Files in an Azure Kubernetes Service (AKS) cluster.
 ms.topic: article
 ms.custom: devx-track-linux
-ms.date: 10/07/2023
+ms.date: 11/20/2023
 ---
 
 # Use Azure Files Container Storage Interface (CSI) driver in Azure Kubernetes Service (AKS)
@@ -336,6 +336,8 @@ parameters:
   protocol: nfs
 mountOptions:
   - nconnect=4
+  - noresvport
+  - actimeo=30
   - rsize=262144
   - wsize=262144
 ```
@@ -355,6 +357,8 @@ parameters:
   protocol: nfs
 mountOptions:
   - nconnect=4
+  - noresvport
+  - actimeo=30
 ```
 
 After editing and saving the file, create the storage class with the [kubectl apply][kubectl-apply] command:

articles/automation/automation-runbook-types.md

@@ -57,6 +57,29 @@ For example: if you're executing a runbook for a SharePoint automation scenario
 
 The following are the current limitations and known issues with PowerShell runbooks:
 
+# [PowerShell 7.2](#tab/lps72)
+
+**Limitations**
+
+> [!NOTE]
+> Currently, PowerShell 7.2 runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Central India, UAE Central, Israel  Central, Italy North, Germany North and Gov clouds.
+
+- For the PowerShell 7.2 runtime version, the module activities aren't extracted for the imported modules.
+- PowerShell 7.x doesn't support workflows. For more information, see [PowerShell workflow](/powershell/scripting/whats-new/differences-from-windows-powershell#powershell-workflow) for more details.
+- PowerShell 7.x currently doesn't support signed runbooks.
+- Source control integration doesn't support PowerShell 7.2. Also, PowerShell 7.2 runbooks in source control get created in Automation account as Runtime 5.1.
+- Az module 8.3.0 is installed by default. The complete list of component modules of selected Az module version is shown once Az version is configured again using Azure portal or API.
+- The imported PowerShell 7.2 module would be validated during job execution. Ensure that all dependencies for the selected module are also imported for successful job execution.
+- Azure runbook doesn't support `Start-Job` with `-credential`. 
+- Azure doesn't support all PowerShell input parameters. [Learn more](runbook-input-parameters.md).
+
+**Known issues**
+- Runbooks taking dependency on internal file paths such as `C:\modules` might fail due to changes in service backend infrastructure. Change runbook code to ensure there are no dependencies on internal file paths and use [Get-ChildItem](/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.3) to get the required module information.
+- `Get-AzStorageAccount` cmdlet might fail with an error: *The `Get-AzStorageAccount` command was found in the module `Az.Storage`, but the module could not be loaded*.
+- Executing child scripts using `.\child-runbook.ps1` is not supported in this preview.
+  **Workaround**: Use `Start-AutomationRunbook` (internal cmdlet) or `Start-AzAutomationRunbook` (from *Az.Automation* module) to start another runbook from parent runbook.
+- When you use [ExchangeOnlineManagement](/powershell/exchange/exchange-online-powershell?view=exchange-ps&preserve-view=true) module version: 3.0.0 or higher, you can experience errors. To resolve the issue, ensure that you explicitly upload [PowerShellGet](/powershell/module/powershellget/) and [PackageManagement](/powershell/module/packagemanagement/) modules.
+
 # [PowerShell 5.1](#tab/lps51)
 
 **Limitations**
@@ -156,30 +179,6 @@ The following are the current limitations and known issues with PowerShell runbo
 - When you start PowerShell 7 runbook using the webhook, it auto-converts the webhook input parameter to an invalid JSON.
 - We recommend that you use [ExchangeOnlineManagement](/powershell/exchange/exchange-online-powershell?view=exchange-ps&preserve-view=true) module version: 3.0.0 or lower because version: 3.0.0 or higher may lead to job failures.
 - If you import module Az.Accounts with version 2.12.3 or newer, ensure that you import the **Newtonsoft.Json** v10 module explicitly if PowerShell 7.1 runbooks have a dependency on this version of the module. The workaround for this issue is to use PowerShell 7.2 runbooks.
-
-
-# [PowerShell 7.2](#tab/lps72)
-
-**Limitations**
-
-> [!NOTE]
-> Currently, PowerShell 7.2 runtime version is supported for both Cloud and Hybrid jobs in all Public regions except Central India, UAE Central, Israel  Central, Italy North, Germany North and Gov clouds.
-
-- For the PowerShell 7.2 runtime version, the module activities aren't extracted for the imported modules.
-- PowerShell 7.x doesn't support workflows. For more information, see [PowerShell workflow](/powershell/scripting/whats-new/differences-from-windows-powershell#powershell-workflow) for more details.
-- PowerShell 7.x currently doesn't support signed runbooks.
-- Source control integration doesn't support PowerShell 7.2. Also, PowerShell 7.2 runbooks in source control get created in Automation account as Runtime 5.1.
-- Az module 8.3.0 is installed by default. The complete list of component modules of selected Az module version is shown once Az version is configured again using Azure portal or API.
-- The imported PowerShell 7.2 module would be validated during job execution. Ensure that all dependencies for the selected module are also imported for successful job execution.
-- Azure runbook doesn't support `Start-Job` with `-credential`. 
-- Azure doesn't support all PowerShell input parameters. [Learn more](runbook-input-parameters.md).
-
-**Known issues**
-- Runbooks taking dependency on internal file paths such as `C:\modules` might fail due to changes in service backend infrastructure. Change runbook code to ensure there are no dependencies on internal file paths and use [Get-ChildItem](/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.3) to get the required module information.
-- `Get-AzStorageAccount` cmdlet might fail with an error: *The `Get-AzStorageAccount` command was found in the module `Az.Storage`, but the module could not be loaded*.
-- Executing child scripts using `.\child-runbook.ps1` is not supported in this preview.
-  **Workaround**: Use `Start-AutomationRunbook` (internal cmdlet) or `Start-AzAutomationRunbook` (from *Az.Automation* module) to start another runbook from parent runbook.
-- When you use [ExchangeOnlineManagement](/powershell/exchange/exchange-online-powershell?view=exchange-ps&preserve-view=true) module version: 3.0.0 or higher, you can experience errors. To resolve the issue, ensure that you explicitly upload [PowerShellGet](/powershell/module/powershellget/) and [PackageManagement](/powershell/module/packagemanagement/) modules.
 ---
 
 ## PowerShell Workflow runbooks

articles/automation/whats-new.md

@@ -4,7 +4,7 @@ description: Significant updates to Azure Automation updated each month.
 services: automation
 ms.subservice:
 ms.topic: overview
-ms.date: 10/27/2023
+ms.date: 11/28/2023
 ms.custom: references_regions
 ---
 
@@ -21,10 +21,15 @@ Azure Automation receives improvements on an ongoing basis. To stay up to date w
 
 This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Automation](whats-new-archive.md).
 
-## October 2023
+## November 2023
+
+### General Availability: Azure Automation supports PowerShell 7.2 runbooks
 
+Azure Automation announces General Availability of PowerShell 7.2 runbooks. This enables you to author runbooks in the long-term supported version of PowerShell using [Azure Automation extension for VS code](how-to/runbook-authoring-extension-for-vscode.md) and execute them on a secure and reliable platform. [Learn more](automation-runbook-types.md).
+
+## October 2023
 
-## General Availability: Automation extension for Visual Studio Code
+### General Availability: Automation extension for Visual Studio Code
 
  Azure Automation now provides an advanced editing experience for PowerShell and Python scripts along with [runbook management operations](how-to/runbook-authoring-extension-for-vscode.md). For more information, see the [Key features and limitations](automation-runbook-authoring.md).
 

articles/azure-app-configuration/TOC.yml

@@ -26,7 +26,7 @@
         - name: Python
           href: quickstart-python-provider.md
         - name: JavaScript/Node.js
-          href: quickstart-javascript.md
+          href: quickstart-javascript-provider.md
         - name: Azure Functions
           href: quickstart-azure-functions-csharp.md
     - name: Feature management
@@ -134,6 +134,8 @@
       href: cli-samples.md
     - name: Azure PowerShell
       href: powershell-samples.md
+    - name: JavaScript SDK
+      href: quickstart-javascript.md
     - name: Python SDK
       href: quickstart-python.md
     - name: Samples on GitHub