Merge pull request #244381 from dcurwin/wi91647-update-containers-gke-july9-2023

AnnaMHuff · web-flow · commit 1b66d9ed8930 · 2023-07-31T08:33:02.000-06:00
GKE containers
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -571,15 +571,16 @@
     - name: Kubernetes data plane hardening
       displayName: k8s, containers, aks
       href: kubernetes-workload-protections.md
+    - name: Common questions about Defender for Containers
+      displayName: containers, common questions, faq, frequently asked questions
+      href: faq-defender-for-containers.yml
     - name: Defender for Kubernetes (deprecated)
       displayName: clusters, k8s, aks
       href: defender-for-kubernetes-introduction.md
     - name: Defender for container registries (deprecated)
       displayName: ACR, registry, images
       href: defender-for-container-registries-introduction.md
-    - name: Common questions about Defender for Containers
-      displayName: containers, common questions, faq, frequently asked questions
-      href: faq-defender-for-containers.yml
+
   - name: Database protection
     items:
     - name: Protect your databases with Defender for Databases
diff --git a/articles/defender-for-cloud/defender-for-containers-enable.md b/articles/defender-for-cloud/defender-for-containers-enable.md
@@ -97,7 +97,7 @@ A full list of supported alerts is available in the [reference table of all Defe
 [!INCLUDE [Remove the profile](./includes/defender-for-containers-remove-profile.md)]
 ::: zone-end
 
-## Learn More
+## Learn more
 
 You can check out the following blogs:
 
diff --git a/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-gke.md b/articles/defender-for-cloud/includes/defender-for-containers-enable-plan-gke.md
@@ -13,6 +13,9 @@ author: dcurwin
 
 To protect your GKE clusters, you'll need to enable the Containers plan on the relevant GCP project.
 
+> [!NOTE]
+> Verify that you don't have any Azure policies that prevent the Arc installation.
+
 **To protect Google Kubernetes Engine (GKE) clusters**:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -46,8 +49,12 @@ The connector will update after the script executes. This process can take up to
 If you disabled any of the default auto provisioning configurations to Off, during the [GCP connector onboarding process](../quickstart-onboard-gcp.md#configure-the-defender-for-containers-plan), or afterwards. You'll need to manually install Azure Arc-enabled Kubernetes, the Defender extension, and the Azure Policy extensions to each of your GKE clusters to get the full security value out of Defender for Containers.
 
 There are 2 dedicated Defender for Cloud recommendations you can use to install the extensions (and Arc if necessary):
--	`GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
--	`GKE clusters should have the Azure Policy extension installed`
+
+- `GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
+- `GKE clusters should have the Azure Policy extension installed`
+
+> [!NOTE]
+> When installing Arc extensions, you must verify that the GCP project provided is identical to the one in the relevant connector.
 
 **To deploy the solution to specific clusters**:
 
@@ -72,7 +79,7 @@ There are 2 dedicated Defender for Cloud recommendations you can use to install
 
     :::image type="content" source="../media/defender-for-containers-enable-plan-gke/fix-button.png" alt-text="Screenshot showing the location of the fix button.":::
 
-1. Defender for Cloud will generate a script in the language of your choice: 
+1. Defender for Cloud will generate a script in the language of your choice:
     - For Linux, select **Bash**.
     - For Windows, select **PowerShell**.
 
diff --git a/articles/defender-for-cloud/support-matrix-defender-for-containers.md b/articles/defender-for-cloud/support-matrix-defender-for-containers.md
@@ -138,7 +138,7 @@ Outbound proxy without authentication and outbound proxy with basic authenticati
 
 | Aspect | Details |
 |--|--|
-| Kubernetes distributions and configurations | **Supported**<br> • Any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters<br>• [Azure Kubernetes Service (AKS)](../aks/intro-kubernetes.md) with [Kubernetes RBAC](../aks/concepts-identity.md#kubernetes-rbac) <br> • [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/)<br> • [Google Kubernetes Engine (GKE) Standard](https://cloud.google.com/kubernetes-engine/) <br><br> **Supported via Arc enabled Kubernetes** <sup>[1](#footnote1)</sup> <sup>[2](#footnote2)</sup><br>• [Azure Kubernetes Service hybrid](/azure/aks/hybrid/aks-hybrid-options-overview)<br> • [Kubernetes](https://kubernetes.io/docs/home/)<br> • [AKS Engine](https://github.com/Azure/aks-engine)<br> • [Azure Red Hat OpenShift](https://azure.microsoft.com/services/openshift/)<br> • [Red Hat OpenShift](https://www.openshift.com/learn/topics/kubernetes/) (version 4.6 or newer)<br> • [VMware Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid)<br> • [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/)<br> |
+| Kubernetes distributions and configurations | **Supported**<br> • Any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters<br>• [Azure Kubernetes Service (AKS)](../aks/intro-kubernetes.md) with [Kubernetes RBAC](../aks/concepts-identity.md#kubernetes-rbac) <br> • [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/)<br> • [Google Kubernetes Engine (GKE) Standard](https://cloud.google.com/kubernetes-engine/) <br><br> **Supported via Arc enabled Kubernetes** <sup>[1](#footnote1)</sup> <sup>[2](#footnote2)</sup><br>• [Azure Kubernetes Service hybrid](/azure/aks/hybrid/aks-hybrid-options-overview)<br> • [Kubernetes](https://kubernetes.io/docs/home/)<br> • [AKS Engine](https://github.com/Azure/aks-engine)<br> • [Azure Red Hat OpenShift](https://azure.microsoft.com/services/openshift/)<br> • [Red Hat OpenShift](https://www.openshift.com/learn/topics/kubernetes/) (version 4.6 or newer)<br> • [VMware Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid)<br> • [Rancher Kubernetes Engine](https://rancher.com/docs/rke/latest/en/)<br><br />**Unsupported**<br /> • Private network clusters<br /> • GKE autopilot<br /> • GKE AuthorizedNetworksConfig |
 
 <sup><a name="footnote1"></a>1</sup> Any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters should be supported, but only the specified clusters have been tested.
 
diff --git a/articles/defender-for-cloud/tutorial-enable-container-gcp.md b/articles/defender-for-cloud/tutorial-enable-container-gcp.md
@@ -74,6 +74,9 @@ There are two dedicated Defender for Cloud recommendations you can use to instal
 - `GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
 - `GKE clusters should have the Azure Policy extension installed`
 
+> [!NOTE]
+> When installing Arc extensions, you must verify that the GCP project provided is identical to the one in the relevant connector.
+
 **To deploy the solution to specific clusters**:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
