Merge pull request #244961 from MGoedtel/update-UseNetworkPolicies

Recent change in AKS InvalidNodeCountForNPM

Author: prmerger-automator[bot]

articles/aks/operator-best-practices-run-at-scale.md

@@ -3,7 +3,7 @@ title: Best practices for running Azure Kubernetes Service (AKS) at scale
 titleSuffix: Azure Kubernetes Service
 description: Learn the AKS cluster operator best practices and special considerations for running large clusters at 500 node scale and beyond 
 ms.topic: conceptual
-ms.date: 10/04/2022
+ms.date: 07/14/2023
 
 ---
 
@@ -33,7 +33,7 @@ To increase the node limit beyond 1000, you must have the following pre-requisit
 * When using internal Kubernetes services behind an internal load balancer, we recommend creating an internal load balancer or internal service below 750 node scale for optimal scaling performance and load balancer elasticity.
 
 > [!NOTE]
-> You can't use [Azure Network Policy Manager (Azure NPM)][azure-npm] with clusters that have more than 500 nodes.
+> [Azure Policy Network Manager (Azure NPM)][azure-npm] doesn't support clusters that have more than 250 nodes, and you can't update a cluster with more than 250 nodes managed by Cluster Autoscaler across all agent pools.
 
 ## Node pool scaling considerations and best practices
 

articles/aks/use-network-policies.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Kubernetes Service
 description: Learn how to secure traffic that flows in and out of pods by using Kubernetes network policies in Azure Kubernetes Service (AKS)
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 01/05/2023
+ms.date: 07/14/2023
 ---
 
 # Secure traffic between pods using network policies in Azure Kubernetes Service (AKS)
@@ -45,21 +45,22 @@ Azure Network Policy Manager for Linux uses Linux *IPTables* and Azure Network P
 | Support                                  | Supported by Azure support and Engineering team | Calico community support. For more information on additional paid support, see [Project Calico support options][calico-support]. |
 | Logging                                  | Logs available with **kubectl log -n kube-system \<network-policy-pod\>** command | For more information, see [Calico component logs][calico-logs] |
 
-## Limitations:
+## Limitations
 
 Azure Network Policy Manager doesn't support IPv6. Otherwise, Azure Network Policy Manager fully supports the network policy spec in Linux.
+
 * In Windows, Azure Network Policy Manager doesn't support the following:
     * named ports
     * SCTP protocol
     * negative match label or namespace selectors (e.g. all labels except "debug=true")
     * "except" CIDR blocks (a CIDR with exceptions)
 
 >[!NOTE]
-> * Azure Network Policy Manager pod logs will record an error if an unsupported policy is created.
+> * Azure Network Policy Manager pod logs record an error if an unsupported policy is created.
 
-## Scale:
+## Scale
 
-With the current limits set on Azure Network Policy Manager for Linux, it can scale up to 500 Nodes and 40k Pods. You may see OOM kills beyond this scale. Please reach out to us on [aks-acn-github] if you'd like to increase your memory limit.
+With Azure Network Policy Manager for Linux, we don't recommend scaling beyond 250 nodes and 20k pods. If you attempt to scale beyond these limits, you may encounter Out of Memory (OOM) kills. To increase your memory limit, contact us on [aks-acn-github].
 
 ## Create an AKS cluster and enable Network Policy