Skip to content

Commit 59e01ce

Browse files
EthanChangAEDEthanChangAED
authored
Steps update.
1 parent 441460e commit 59e01ce

File tree

3 files changed

+78
-26
lines changed

3 files changed

+78
-26
lines changed

articles/iot-operations/manage-layered-network/howto-configure-aks-edge-essentials-layered-network.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,16 +63,17 @@ The next step is to set up an Arc-enabled cluster in level 3 that's compatible f
6363
# [K3S Cluster](#tab/k3s)
6464

6565
- Follow the [Prepare your Azure Arc-enabled Kubernetes cluster](../deploy-iot-ops/howto-prepare-cluster.md) to set up and Arc-enable your K3s cluster.
66-
1. In addition, you need to configure the custom DNS for this cluster.
67-
- If you choose to use a local DNS server, and have completed the steps in previous section. You can proceed the cluster setup.
68-
- If you choose to use CoreDNS, you need to complete the **Create a cluster** section with internet access, then configure the [CoreDNS](howto-configure-layered-network.md#configure-custom-dns) for this cluster.
66+
1. You can perpare your K3s cluster with internet access.
67+
1. After install the required software components and setup the K3s cluster, you can restrict the internt access for this cluster and rely on the **custom DNS** that is prepared from earlier steps to direct the network traffic to the Layered Network Management component at level 4.
68+
- If you choose to use CoreDNS instead of DNS server, you need to configure the [CoreDNS](howto-configure-layered-network.md#configure-custom-dns) after setup the K3S cluster.
6969
1. Proceed to Arc-enable the cluster.
7070

7171
# [AKS Edge Essentials](#tab/aksee)
7272

7373
- Follow the [Prepare your Azure Arc-enabled Kubernetes cluster](../deploy-iot-ops/howto-prepare-cluster.md) to set up and Arc-enable your AKS Edge Essentials cluster.
74-
1. You have to complete the **DNS server** configuration from previous section before start.
74+
1. You can prepare the AKS Edg Essentials with internet access.
7575
1. For the step of **Get the `objectID`** you run the command on a different machine that have internet access.
76+
1. After setting up the AKS Edge Essentials cluster, you can restrict the internt access for this cluster and rely on the **DNS server** that is prepared from earlier steps to direct the network traffic to the Layered Network Management component at level 4.
7677

7778
---
7879

articles/iot-operations/manage-layered-network/howto-configure-l4-cluster-layered-network.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -138,9 +138,6 @@ Follow the steps in [Single machine deployment](/azure/aks/hybrid/aks-edge-howto
138138
az provider register -n "Microsoft.ExtendedLocation"
139139
az provider register -n "Microsoft.Kubernetes"
140140
az provider register -n "Microsoft.KubernetesConfiguration"
141-
az provider register -n "Microsoft.IoTOperations"
142-
az provider register -n "Microsoft.DeviceRegistry"
143-
az provider register -n "Microsoft.SecretSyncController"
144141
```
145142
1. Use the [az group create](/cli/azure/group#az-group-create) command to create a resource group in your Azure subscription to store all the resources:
146143
```bash
@@ -193,7 +190,7 @@ Create the Layered Network Management custom resource.
193190
kind: Lnm
194191
metadata:
195192
name: level4
196-
namespace: azure-iot-operations
193+
namespace: default
197194
spec:
198195
image:
199196
pullPolicy: IfNotPresent

articles/iot-operations/manage-layered-network/howto-deploy-aks-layered-network.md

Lines changed: 72 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -78,43 +78,97 @@ These steps deploy Layered Network Management to the AKS cluster. The cluster is
7878
allowList:
7979
enableArcDomains: true
8080
domains:
81-
- destinationUrl: "*.ods.opinsights.azure.com"
81+
- destinationUrl: "*.arc.azure.net"
8282
destinationType: external
83-
- destinationUrl: "*.oms.opinsights.azure.com"
83+
- destinationUrl: "*.data.mcr.microsoft.com"
8484
destinationType: external
85-
- destinationUrl: "*.monitoring.azure.com"
85+
- destinationUrl: "*.dp.kubernetesconfiguration.azure.com"
8686
destinationType: external
87-
- destinationUrl: "*.handler.control.monitor.azure.com"
87+
- destinationUrl: "*.guestnotificationservice.azure.com"
8888
destinationType: external
89-
- destinationUrl: "quay.io"
89+
- destinationUrl: "*.his.arc.azure.com"
9090
destinationType: external
91-
- destinationUrl: "*.quay.io"
91+
- destinationUrl: "*.login.microsoft.com"
9292
destinationType: external
93-
- destinationUrl: "docker.io"
93+
- destinationUrl: "*.login.microsoftonline.com"
9494
destinationType: external
95-
- destinationUrl: "*.docker.io"
95+
- destinationUrl: "*.obo.arc.azure.com"
9696
destinationType: external
97-
- destinationUrl: "*.docker.com"
97+
- destinationUrl: "*.servicebus.windows.net"
9898
destinationType: external
99-
- destinationUrl: "gcr.io"
100-
destinationType: external
101-
- destinationUrl: "*.googleapis.com"
99+
- destinationUrl: "graph.microsoft.com"
102100
destinationType: external
103101
- destinationUrl: "login.windows.net"
104102
destinationType: external
103+
- destinationUrl: "management.azure.com"
104+
destinationType: external
105+
- destinationUrl: "mcr.microsoft.com"
106+
destinationType: external
107+
- destinationUrl: "sts.windows.net"
108+
destinationType: external
109+
- destinationUrl: "*.ods.opinsights.azure.com"
110+
destinationType: external
105111
- destinationUrl: "graph.windows.net"
106112
destinationType: external
107113
- destinationUrl: "msit-onelake.pbidedicated.windows.net"
108114
destinationType: external
109-
- destinationUrl: "*.vault.azure.net"
115+
- destinationUrl: "*.azurecr.io"
116+
destinationType: external
117+
- destinationUrl: "*.azureedge.net"
118+
destinationType: external
119+
- destinationUrl: "*.blob.core.windows.net"
120+
destinationType: external
121+
- destinationUrl: "*.prod.hot.ingestion.msftcloudes.com"
122+
destinationType: external
123+
- destinationUrl: "*.prod.microsoftmetrics.com"
124+
destinationType: external
125+
- destinationUrl: "adhs.events.data.microsoft.com"
126+
destinationType: external
127+
- destinationUrl: "dc.services.visualstudio.com"
128+
destinationType: external
129+
- destinationUrl: "go.microsoft.com"
130+
destinationType: external
131+
- destinationUrl: "packages.microsoft.com"
132+
destinationType: external
133+
- destinationUrl: "www.powershellgallery.com"
110134
destinationType: external
111-
- destinationUrl: "*.k8s.io"
135+
- destinationUrl: "*.gw.arc.azure.com"
112136
destinationType: external
113-
- destinationUrl: "*.pkg.dev"
137+
- destinationUrl: "*.gcs.prod.monitoring.core.windows.net"
138+
destinationType: external
139+
- destinationUrl: "*.prod.warm.ingest.monitor.core.windows.net"
140+
destinationType: external
141+
- destinationUrl: "*.prod.hot.ingest.monitor.core.windows.net"
142+
destinationType: external
143+
- destinationUrl: "azure.archive.ubuntu.com"
144+
destinationType: external
145+
- destinationUrl: "crl.microsoft.com"
146+
destinationType: external
147+
- destinationUrl: "*.table.core.windows.net"
148+
destinationType: external
149+
- destinationUrl: "*.blob.storage.azure.net"
150+
destinationType: external
151+
- destinationUrl: "*.docker.com"
152+
destinationType: external
153+
- destinationUrl: "*.docker.io"
154+
destinationType: external
155+
- destinationUrl: "*.googleapis.com"
114156
destinationType: external
115157
- destinationUrl: "github.com"
116158
destinationType: external
117-
- destinationUrl: "raw.githubusercontent.com"
159+
- destinationUrl: "collect.traefik.io"
160+
destinationType: external
161+
- destinationUrl: "contracts.canonical.com"
162+
destinationType: external
163+
- destinationUrl: "database.clamav.net"
164+
destinationType: external
165+
- destinationUrl: "esm.ubuntu.com"
166+
destinationType: external
167+
- destinationUrl: "livepatch.canonical.com"
168+
destinationType: external
169+
- destinationUrl: "motd.ubuntu.com"
170+
destinationType: external
171+
- destinationUrl: "update.traefik.io"
118172
destinationType: external
119173
sourceIpRange:
120174
- addressPrefix: "0.0.0.0"
@@ -131,7 +185,7 @@ These steps deploy Layered Network Management to the AKS cluster. The cluster is
131185
1. To validate the instance, run:
132186

133187
```bash
134-
kubectl get pods -n azure-iot-operations
188+
kubectl get pods
135189
```
136190

137191
The output should look like:
@@ -145,7 +199,7 @@ These steps deploy Layered Network Management to the AKS cluster. The cluster is
145199
1. To view the service, run:
146200

147201
```bash
148-
kubectl get services -n azure-iot-operations
202+
kubectl get services
149203
```
150204

151205
The output should look like the following example:

0 commit comments

Comments
 (0)