Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into MaintenanceDowntime

Changing capitaliation in maintenance doc

Author: Kamil Sykora

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/vpn-gateway/vpn-gateway-about-forced-tunneling.md",
+      "redirect_url": "/previous-versions/azure/vpn-gateway/vpn-gateway-about-forced-tunneling",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-app-configuration/rest-api-postman.md",
       "redirect_url": "/previous-versions/azure/azure-app-configuration/rest-api-postman",
@@ -2535,21 +2540,6 @@
       "redirect_url": "/azure/developer/jenkins/pipeline-with-github-and-docker",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/kubernetes-fleet/access-fleet-kubernetes-api.md",
-      "redirect_url": "/azure/kubernetes-fleet/quickstart-access-fleet-kubernetes-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path_from_root": "/articles/kubernetes-fleet/configuration-propagation.md",
-      "redirect_url": "/azure/kubernetes-fleet/resource-propagation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path_from_root": "/articles/kubernetes-fleet/resource-propagation.md",
-      "redirect_url": "/azure/kubernetes-fleet/concepts-resource-propagation",
-      "redirect_document_id": false
-    },
     {
       "source_path_from_root": "/articles/labs/anomaly-finder/apiref.md",
       "redirect_url": "/azure/ai-services/anomaly-detector/",
@@ -4771,7 +4761,7 @@
       "redirect_document_id": false
     },
     {
-           "source_path_from_root": "/articles/load-balancer/load-balancer-ipv6-internet-ps.md",
+      "source_path_from_root": "/articles/load-balancer/load-balancer-ipv6-internet-ps.md",
       "redirect_url": "/azure/load-balancer/virtual-network-ipv4-ipv6-dual-stack-standard-load-balancer-powershell",
       "redirect_document_id": false
     },
@@ -4786,4 +4776,4 @@
       "redirect_document_id": false
     }
   ]
-}
+}

articles/api-management/media/migrate-stv1-to-stv2-vnet/apim-new-ip.gif

@@ -205,10 +205,6 @@ App Service Environment v3 is available in the following regions:
 
 An App Service Environment will only store customer data including app content, settings and secrets within the region where it's deployed. All data is guaranteed to remain in the region. For more information, see [Data residency in Azure](https://azure.microsoft.com/explore/global-infrastructure/data-residency/#overview).
 
-## App Service Environment v2
-
-App Service Environment has three versions: App Service Environment v1, App Service Environment v2, and App Service Environment v3. The information in this article is based on App Service Environment v3. To learn more about App Service Environment v2, see [App Service Environment v2 introduction](./intro.md).
-
 ## Next steps
 
 > [!div class="nextstepaction"]

articles/api-management/media/migrate-stv1-to-stv2-vnet/apim-preserve-ip.gif

@@ -6,7 +6,7 @@ author: greglin
 ms.service: azure-application-gateway
 ms.subservice: appgw-for-containers
 ms.topic: how-to
-ms.date: 9/16/2024
+ms.date: 9/18/2024
 ms.author: greglin
 ---
 
@@ -28,7 +28,7 @@ See the following figure:
 
 The valid client certificate flow shows a client presenting a certificate to the frontend of Application Gateway for Containers. Application Gateway for Containers determines the certificate is valid and proxies the request to the backend target. The response is ultimately returned to the client.
 
-The revoked client certificate flow shows a client presenting a revoked certificate to the frontend of Application Gateway for Containers. Application Gateway for Containers determines the certificate is not valid and prevents the request from being proxied to the client. The client will receive an HTTP 400 bad request and corresponding reason.
+The revoked client certificate flow shows a client presenting a revoked certificate to the frontend of Application Gateway for Containers. Application Gateway for Containers determines the certificate isn't valid and prevents the request from being proxied to the client. The client will receive an HTTP 400 bad request and corresponding reason.
 
 ## Prerequisites
 
@@ -51,7 +51,7 @@ The revoked client certificate flow shows a client presenting a revoked certific
 
 ### Generate certificate(s)
 
-For this example, we will create a root certificate and issue a client certificate from the root. If you already have a root certificate and client certificate, you may skip these steps.
+For this example, we'll create a root certificate and issue a client certificate from the root. If you already have a root certificate and client certificate, you may skip these steps.
 
 #### Generate a private key for the root certificate
 
@@ -103,7 +103,7 @@ spec:
       certificateRefs:
       - kind : Secret
         group: ""
-        name: contoso.com
+        name: listener-tls-secret
 EOF
 ```
 
@@ -147,7 +147,7 @@ EOF
           certificateRefs:
           - kind : Secret
             group: ""
-            name: contoso.com
+            name: listener-tls-secret
       addresses:
       - type: alb.networking.azure.io/alb-frontend
         value: $FRONTEND_NAME
@@ -223,8 +223,8 @@ spec:
   - name: gateway-01
   rules:
   - backendRefs:
-    - name: mtls-app
-      port: 443
+    - name: echo
+      port: 80
 EOF
 ```
 
@@ -266,6 +266,12 @@ status:
       namespace: test-infra
   ```
 
+Create a Kubernetes secret using kubectl that contains the certificate chain to the client certificate.
+
+```bash
+kubectl create secret generic ca.bundle -n test-infra --from-file=ca.crt=root.crt
+```
+
 Create a FrontendTLSPolicy
 
 ```bash
@@ -290,7 +296,6 @@ spec:
         group: ""
         kind: Secret
         namespace: test-infra
-      subjectAltName: "contoso-client"
 EOF
 ```
 
@@ -321,10 +326,24 @@ Now we're ready to send some traffic to our sample application, via the FQDN ass
 fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}')
 ```
 
-Curling this FQDN should return responses from the backend as configured on the HTTPRoute.
+Curling the FQDN of your frontend without the client certificate.
+
+```bash
+curl --insecure https://$fqdn/
+```
+
+Note the response alerts a certificate is required.
+
+```
+curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1k: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
+```
+
+Curl the FQDN presenting the client certificate generated.
 
 ```bash
 curl --cert client.crt --key client.key --insecure https://$fqdn/
 ```
 
-Congratulations, you have installed ALB Controller, deployed a backend application, authenticated via client certificate, and routed traffic to the application via the gateway on Application Gateway for Containers.
+Note the response is from the backend service behind Application Gateway for Containers.
+
+Congratulations, you installed ALB Controller, deployed a backend application, authenticated via client certificate, and returned traffic from your backend service via Application Gateway for Containers.

articles/api-management/media/migrate-stv1-to-stv2-vnet/enable-retain-gateway.png

@@ -5,14 +5,17 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 06/10/2022
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Add Health Probes to your service
-By default, Ingress controller will provision an HTTP GET probe for the exposed pods.
+By default, Ingress controller provisions an HTTP GET probe for the exposed pods.
 The probe properties can be customized by adding a [Readiness or Liveness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) to your `deployment`/`pod` spec.
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## With `readinessProbe` or `livenessProbe`
 ```yaml
 apiVersion: networking.k8s.io/v1

articles/api-management/media/migrate-stv1-to-stv2-vnet/select-location.png

@@ -5,14 +5,17 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: conceptual
-ms.date: 5/13/2024
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Annotations for Application Gateway Ingress Controller
 
 You can annotate the Kubernetes ingress resource with arbitrary key/value pairs. Application Gateway Ingress Controller (AGIC) relies on annotations to program Azure Application Gateway features that aren't configurable via the ingress YAML. Ingress annotations are applied to all HTTP settings, backend pools, and listeners derived from an ingress resource.
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## List of supported annotations
 
 For AGIC to observe an ingress resource, the resource *must be annotated* with `kubernetes.io/ingress.class: azure/application-gateway`.
@@ -284,7 +287,7 @@ spec:
 
 ## Request Timeout
 
-Use the following annotation to specify the request timeout in seconds. After the timeout, Application Gateway fails a request if the response is not received.
+Use the following annotation to specify the request timeout in seconds. After the timeout, Application Gateway fails a request if the response isn't received.
 
 ### Usage