MicrosoftDocs
diff --git a/‎articles/ai-services/speech-service/includes/how-to/professional-voice/create-training-set/rest.md
Lines changed: 8 additions & 3 deletions b/‎articles/ai-services/speech-service/includes/how-to/professional-voice/create-training-set/rest.md
Lines changed: 8 additions & 3 deletions
diff --git a/‎articles/ai-services/speech-service/personal-voice-create-voice.md
Lines changed: 7 additions & 3 deletions b/‎articles/ai-services/speech-service/personal-voice-create-voice.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎articles/aks/api-server-authorized-ip-ranges.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/api-server-authorized-ip-ranges.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/concepts-network.md
Lines changed: 2 additions & 3 deletions b/‎articles/aks/concepts-network.md
Lines changed: 2 additions & 3 deletions
diff --git a/‎articles/aks/csi-secrets-store-identity-access.md
Lines changed: 5 additions & 2 deletions b/‎articles/aks/csi-secrets-store-identity-access.md
Lines changed: 5 additions & 2 deletions
diff --git a/‎articles/aks/http-proxy.md
Lines changed: 13 additions & 1 deletion b/‎articles/aks/http-proxy.md
Lines changed: 13 additions & 1 deletion
diff --git a/‎articles/aks/integrations.md
Lines changed: 25 additions & 17 deletions b/‎articles/aks/integrations.md
Lines changed: 25 additions & 17 deletions
@@ -53,15 +53,20 @@ You should receive a response body in the following format:
 
 ## Upload training set data
 
-To upload a training set of audio and scripts, use the `TrainingSets_UploadData` operation of the custom voice API. Construct the request body according to the following instructions:
+To upload a training set of audio and scripts, use the `TrainingSets_UploadData` operation of the custom voice API.
+
+Before calling this API, please store recording and script files in Azure Blob. In the example below, recording files are https://contoso.blob.core.windows.net/voicecontainer/jessica300/*.wav, script files are
+https://contoso.blob.core.windows.net/voicecontainer/jessica300/*.txt. 
+
+Construct the request body according to the following instructions:
 
 - Set the required `kind` property to `AudioAndScript`. The kind determines the type of training set. 
 - Set the required `audios` property. Within the `audios` property, set the following properties:
-  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the audio files.
+  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the audio files. Use [shared access signatures (SAS) for a container](/azure/storage/blobs/sas-service-create-dotnet-container#create-a-service-sas-for-a-container) with both read and list permissions.
   - Set the required `extensions` property to the extensions of the audio files. 
   - Optionally, set the `prefix` property to set a prefix for the blob name. 
 - Set the required `scripts` property. Within the `scripts` property, set the following properties:
-  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the script files.
+  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the script files. Use [shared access signatures (SAS) for a container](/azure/storage/blobs/sas-service-create-dotnet-container#create-a-service-sas-for-a-container) with both read and list permissions.
   - Set the required `extensions` property to the extensions of the script files.
   - Optionally, set the `prefix` property to set a prefix for the blob name.
 
 
@@ -20,12 +20,16 @@ You create a speaker profile ID based on the speaker's verbal consent statement
 
 ## Create personal voice
 
-To create a personal voice and get the speaker profile ID, use the `PersonalVoices_Create` operation of the custom voice API. Construct the request body according to the following instructions:
+To create a personal voice and get the speaker profile ID, use the `PersonalVoices_Create` operation of the custom voice API. 
+
+Before calling this API, please store audio files in Azure Blob. In the example below, audio files are https://contoso.blob.core.windows.net/voicecontainer/jessica/*.wav. 
+
+Construct the request body according to the following instructions:
 
 - Set the required `projectId` property. See [create a project](./personal-voice-create-project.md).
 - Set the required `consentId` property. See [add user consent](./personal-voice-create-consent.md).
 - Set the required `audios` property. Within the `audios` property, set the following properties:
-  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the audio files.
+  - Set the required `containerUrl` property to the URL of the Azure Blob Storage container that contains the audio files. Use [shared access signatures (SAS) SAS for a container](/azure/storage/blobs/sas-service-create-dotnet-container#create-a-service-sas-for-a-container) with both read and list permissions. 
   - Set the required `extensions` property to the extensions of the audio files. 
   - Optionally, set the `prefix` property to set a prefix for the blob name.
 
@@ -77,4 +81,4 @@ Operation-Id: 1321a2c0-9be4-471d-83bb-bc3be4f96a6f
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Use personal voice in your application.](./personal-voice-how-to-use.md).
+> [Use personal voice in your application.](./personal-voice-how-to-use.md).
@@ -3,7 +3,7 @@ title: API server authorized IP ranges in Azure Kubernetes Service (AKS)
 description: Learn how to secure your cluster using an IP address range for access to the API server in Azure Kubernetes Service (AKS)
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 11/04/2022
+ms.date: 12/26/2023
 #Customer intent: As a cluster operator, I want to increase the security of my cluster by limiting access to the API server to only the IP addresses that I specify.
 ---
 
@@ -171,7 +171,7 @@ az aks update -g $RG -n $AKSNAME --api-server-authorized-ip-ranges $CURRENT_IP/2
 > [!NOTE]
 > The above example adds another IP address to the approved ranges. Note that it still includes the IP address from [Update a cluster's API server authorized IP ranges](#update-a-clusters-api-server-authorized-ip-ranges). If you don't include your existing IP address, this command will replace it with the new one instead of adding it to the authorized ranges. To disable authorized IP ranges, use `az aks update` and specify an empty range "".
 
-Another option is to use the following command on Windows systems to get the public IPv4 address, or you can follow the steps in [Find your IP address](https://support.microsoft.com/en-gb/help/4026518/windows-10-find-your-ip-address).
+Another option is to use the following command on Windows systems to get the public IPv4 address, or you can follow the steps in [Find your IP address](https://support.microsoft.com/help/4026518/windows-10-find-your-ip-address).
 
 ```azurepowershell-interactive
 Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
 
@@ -2,12 +2,12 @@
 title: Concepts - Networking in Azure Kubernetes Services (AKS)
 description: Learn about networking in Azure Kubernetes Service (AKS), including kubenet and Azure CNI networking, ingress controllers, load balancers, and static IP addresses.
 ms.topic: conceptual
-ms.date: 12/01/2022
+ms.date: 12/26/2023
 ms.custom: fasttrack-edit
 
 ---
 
-# Network concepts for applications in Azure Kubernetes Service (AKS)
+# Networking concepts for applications in Azure Kubernetes Service (AKS)
 
 In a container-based, microservices approach to application development, application components work together to process their tasks. Kubernetes provides various resources enabling this cooperation:
 
@@ -111,7 +111,6 @@ With Azure CNI, every pod gets an IP address from the subnet and can be accessed
 > [!NOTE]
 > Due to Kubernetes limitations, the Resource Group name, the Virtual Network name and the subnet name must be 63 characters or less.
 
-
 Unlike kubenet, traffic to endpoints in the same virtual network isn't NAT'd to the node's primary IP. The source address for traffic inside the virtual network is the pod IP. Traffic that's external to the virtual network still NATs to the node's primary IP.
 
 Nodes use the [Azure CNI][cni-networking] Kubernetes plugin.
 
@@ -67,6 +67,9 @@ In this security model, the AKS cluster acts as token issuer. Microsoft Entra ID
 
 4. Get the AKS cluster OIDC Issuer URL using the [`az aks show`][az-aks-show] command.
 
+    > [!NOTE]
+    > This step assumes you have an existing AKS cluster with the OIDC Issuer URL enabled. If you don't have it enabled, see [Update an AKS cluster with OIDC Issuer](./use-oidc-issuer.md#update-an-aks-cluster-with-oidc-issuer) to enable it.
+
     ```bash
     export AKS_OIDC_ISSUER="$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "oidcIssuerProfile.issuerUrl" -o tsv)"
     echo $AKS_OIDC_ISSUER
@@ -116,11 +119,11 @@ In this security model, the AKS cluster acts as token issuer. Microsoft Entra ID
         objects:  |
           array:
             - |
-              objectName: secret1
+              objectName: secret1             # Set to the name of your secret
               objectType: secret              # object types: secret, key, or cert
               objectVersion: ""               # [OPTIONAL] object versions, default to latest if empty
             - |
-              objectName: key1
+              objectName: key1                # Set to the name of your key
               objectType: key
               objectVersion: ""
         tenantId: "${IDENTITY_TENANT}"        # The tenant ID of the key vault
 
@@ -15,6 +15,8 @@ Azure Kubernetes Service (AKS) clusters, whether deployed into a managed or cust
 
 This feature adds HTTP proxy support to AKS clusters, exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.
 
+Both AKS nodes and Pods will be configured to use the HTTP proxy.
+
 Some more complex solutions may require creating a chain of trust to establish secure communications across the network. The feature also enables installation of a trusted certificate authority onto the nodes as part of bootstrapping a cluster.
 
 ## Limitations and other details
@@ -30,6 +32,16 @@ The following scenarios are **not** supported:
 
 By default, *httpProxy*, *httpsProxy*, and *trustedCa* have no value.
 
+The Pods will be injected with the following environment variables:
+- `HTTP_PROXY`
+- `http_proxy`
+- `HTTPS_PROXY`
+- `https_proxy`
+- `NO_PROXY`
+- `no_proxy`
+
+To disable the injection of the proxy environment variables the Pod should be annotated with: `"kubernetes.azure.com/no-http-proxy-vars":"true"`
+
 ## Prerequisites
 
 The latest version of the Azure CLI. Run `az --version` to find the version, and run `az upgrade` to upgrade the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
@@ -111,7 +123,7 @@ In your template, provide values for *httpProxy*, *httpsProxy*, and *noProxy*. I
 > [!NOTE]
 > If switching to a new proxy, the new proxy must already exist for the update to be successful.  Then, after the upgrade is completed the old proxy can be deleted.
 
-Values for *httpProxy*, *httpsProxy*, *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *httpProxy*, *httpsProxy*, and/or *NoProxy* will automatically inject new environment variables into pods with the new *httpProxy*, *httpsProxy*, or *NoProxy* values.  Pods must be rotated for the apps to pick it up.  For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
+Values for *httpProxy*, *httpsProxy*, *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *httpProxy*, *httpsProxy*, and/or *NoProxy* will automatically inject new environment variables into pods with the new *httpProxy*, *httpsProxy*, or *NoProxy* values.  Pods must be rotated for the apps to pick it up, because the environment variable values are injected at the Pod creating by a mutating admission webhook.  For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
 
 For example, assuming a new file has been created with the base64 encoded string of the new CA cert called *aks-proxy-config-2.json*, the following action updates the cluster.  Or, you need to add new endpoint urls for your applications to No Proxy:
 
 
@@ -12,7 +12,7 @@ Azure Kubernetes Service (AKS) provides extra functionality for your clusters us
 
 ## Add-ons
 
-Add-ons are a fully supported way to provide extra capabilities for your AKS cluster. The installation, configuration, and lifecycle of add-ons is managed by AKS. You can use the [`az aks enable-addons`][az-aks-enable-addons] command to install an add-on or manage the add-ons for your cluster.
+Add-ons are a fully supported way to provide extra capabilities for your AKS cluster. The installation, configuration, and lifecycle of add-ons are managed on AKS. You can use the [`az aks enable-addons`][az-aks-enable-addons] command to install an add-on or manage the add-ons for your cluster.
 
 AKS uses the following rules for applying updates to installed add-ons:
 
@@ -24,21 +24,21 @@ AKS uses the following rules for applying updates to installed add-ons:
 ### Exceptions
 
 - Add-ons are upgraded to a new major/minor version (or breaking change) within a Kubernetes minor version if either the cluster's Kubernetes version or the add-on version are in preview.
-- There may be unavoidable circumstances, such as CVE security patches or critical bug fixes, when you need to update an add-on within a GA minor version.
+- There can be unavoidable circumstances, such as CVE security patches or critical bug fixes, when you need to update an add-on within a GA minor version.
 
 ### Available add-ons
 
-| Name | Description | More details |
-|---|---|---|
-| web_application_routing | Use a managed NGINX ingress controller with your AKS cluster.| [Application Routing Overview][app-routing] |
-| ingress-appgw | Use Application Gateway Ingress Controller with your AKS cluster. | [What is Application Gateway Ingress Controller?][agic] |
-| keda | Use event-driven autoscaling for the applications on your AKS cluster. | [Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on][keda]|
-| monitoring | Use Container Insights monitoring with your AKS cluster. | [Container insights overview][container-insights] |
-| azure-policy | Use Azure Policy for AKS, which enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. | [Understand Azure Policy for Kubernetes clusters][azure-policy-aks] |
-| azure-keyvault-secrets-provider | Use Azure Keyvault Secrets Provider addon.| [Use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster][keyvault-secret-provider] |
-| virtual-node | Use virtual nodes with your AKS cluster. | [Use virtual nodes][virtual-nodes] |
-| http_application_routing | Configure ingress with automatic public DNS name creation for your AKS cluster (retired). | [HTTP application routing add-on on Azure Kubernetes Service (AKS) (retired)][http-app-routing] |
-| open-service-mesh | Use Open Service Mesh with your AKS cluster (retired). | [Open Service Mesh AKS add-on (retired)][osm] |
+| Name | Description | Articles | GitHub |
+|---|---|---| --- |
+| web_application_routing | Use a managed NGINX ingress controller with your AKS cluster.| [Application Routing Overview][app-routing] | [GitHub][app-routing-repo] |
+| ingress-appgw | Use Application Gateway Ingress Controller with your AKS cluster. | [What is Application Gateway Ingress Controller?][agic] | [GitHub][agic-repo] |
+| keda | Use event-driven autoscaling for the applications on your AKS cluster. | [Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on][keda] | [GitHub][keda-repo] |
+| monitoring | Use Container Insights monitoring with your AKS cluster. | [Container insights overview][container-insights] | [GitHub][aks-repo] |
+| azure-policy | Use Azure Policy for AKS, which enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. | [Understand Azure Policy for Kubernetes clusters][azure-policy-aks] | [GitHub][azure-policy-repo] |
+| azure-keyvault-secrets-provider | Use Azure Keyvault Secrets Provider addon.| [Use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster][keyvault-secret-provider] | [GitHub][keyvault-secret-provider-repo] |
+| virtual-node | Use virtual nodes with your AKS cluster. | [Use virtual nodes][virtual-nodes] | [GitHub][virtual-nodes-oss-repo] |
+| http_application_routing | Configure ingress with automatic public DNS name creation for your AKS cluster (retired). | [HTTP application routing add-on on Azure Kubernetes Service (AKS) (retired)][http-app-routing] | [GitHub][app-routing-repo] |
+| open-service-mesh | Use Open Service Mesh with your AKS cluster (retired). | [Open Service Mesh AKS add-on (retired)][osm] | [GitHub][osm-repo] |
 
 ## Extensions
 
@@ -53,7 +53,7 @@ Extensions and add-ons are both supported ways to add functionality to your AKS
 
 ## GitHub Actions
 
-GitHub Actions helps you automate your software development workflows from within GitHub.
+GitHub Actions help you automate your software development workflows from within GitHub.
 
 - For more information on using GitHub Actions with Azure, see [GitHub Actions for Azure][github-actions].
 - For an example of using GitHub Actions with an AKS cluster, see [Build, test, and deploy containers to Azure Kubernetes Service using GitHub Actions][github-actions-aks].
@@ -69,25 +69,32 @@ There are many open-source and third-party integrations you can install on your
 | [Grafana][grafana] | An open-source dashboard for observability.  | [Deploy Grafana on Kubernetes][grafana-install] or use [Managed Grafana][managed-grafana]|
 | [Couchbase][couchdb] | A distributed NoSQL cloud database. | [Install Couchbase and the Operator on AKS][couchdb-install] |
 | [OpenFaaS][open-faas]| An open-source framework for building serverless functions by using containers. | [Use OpenFaaS with AKS][open-faas-aks] |
-| [Apache Spark][apache-spark] | An open-source, fast engine for large-scale data processing. | Running Apache Spark jobs requires a minimum node size of *Standard_D3_v2*. See [running Spark on Kubernetes][spark-kubernetes] for more details on running Spark jobs on Kubernetes. |
+| [Apache Spark][apache-spark] | An open-source, fast engine for large-scale data processing. | Running Apache Spark jobs requires a minimum node size of *Standard_D3_v2*. For more information on running Spark jobs on Kubernetes, see the [running Spark on Kubernetes][spark-kubernetes] guide. |
 | [Istio][istio] | An open-source service mesh. | [Istio Installation Guides][istio-install] |
 | [Linkerd][linkerd] | An open-source service mesh. | [Linkerd Getting Started][linkerd-install] |
 | [Consul][consul] | An open-source, identity-based networking solution. | [Getting Started with Consul Service Mesh for Kubernetes][consul-install] |
 
 ### Third-party integrations for Windows containers
 
-Microsoft has collaborated with partners to ensure your build, test, deployment, configuration, and monitoring of your applications perform optimally with Windows containers on AKS.
+Microsoft collaborates with partners to ensure the build, test, deployment, configuration, and monitoring of your applications perform optimally with Windows containers on AKS.
 
-For more details, see [Windows AKS partner solutions][windows-aks-partner-solutions].
+For more information, see [Windows AKS partner solutions][windows-aks-partner-solutions].
 
 <!-- LINKS -->
+[aks-repo]: https://github.com/Azure/AKS
 [http-app-routing]: http-application-routing.md
+[app-routing-repo]: https://github.com/Azure/aks-app-routing-operator
 [container-insights]: ../azure-monitor/containers/container-insights-overview.md
 [virtual-nodes]: virtual-nodes.md
+[virtual-nodes-oss-repo]: https://github.com/virtual-kubelet/virtual-kubelet
 [azure-policy-aks]: ../governance/policy/concepts/policy-for-kubernetes.md#install-azure-policy-add-on-for-aks
+[azure-policy-repo]: https://github.com/Azure/azure-policy
 [agic]: ../application-gateway/ingress-controller-overview.md
+[agic-repo]: https://github.com/Azure/application-gateway-kubernetes-ingress
 [osm]: open-service-mesh-about.md
+[osm-repo]: https://github.com/Azure/osm-azure
 [keyvault-secret-provider]: csi-secrets-store-driver.md
+[keyvault-secret-provider-repo]: https://github.com/Azure/secrets-store-csi-driver-provider-azure
 [cluster-extensions]: cluster-extensions.md?tabs=azure-cli
 [cluster-extensions-current]: cluster-extensions.md?tabs=azure-cli#currently-available-extensions
 [aks-support-policy]: support-policies.md
@@ -112,6 +119,7 @@ For more details, see [Windows AKS partner solutions][windows-aks-partner-soluti
 [spark-kubernetes]: https://spark.apache.org/docs/latest/running-on-kubernetes.html
 [managed-grafana]: ../managed-grafana/overview.md
 [keda]: keda-about.md
+[keda-repo]: https://github.com/Azure-Samples/aks-keda-addon-workload-identity
 [app-routing]: app-routing.md
 [maintenance-windows]: planned-maintenance.md
 [release-tracker]: release-tracker.md