Merge pull request #108627 from MicrosoftDocs/master

3/23 AM Publish

Author: huypub

articles/aks/TOC.yml

@@ -14,7 +14,8 @@
       href: kubernetes-walkthrough.md
     - name: Use the Azure portal
       href: kubernetes-walkthrough-portal.md
-    - name: Use a Resource Manager template
+    - name: Use ARM template
+      displayName: Resource Manager
       href: kubernetes-walkthrough-rm-template.md
   - name: Develop applications
     expanded: true
@@ -24,8 +25,8 @@
     - name: Azure Dev Spaces
       expanded: true
       items:
-      - name: Use Azure Dev Spaces for team development 
-        href: ../dev-spaces/quickstart-team-development.md 
+      - name: Use Azure Dev Spaces for team development
+        href: ../dev-spaces/quickstart-team-development.md
         maintainContext: true
       - name: Use Visual Studio Code
         href: ../dev-spaces/quickstart-netcore.md
@@ -37,10 +38,10 @@
         href: ../dev-spaces/quickstart-cli.md
         maintainContext: true
       - name: Use Azure Dev Spaces with Java
-        href: ../dev-spaces/quickstart-java.md 
+        href: ../dev-spaces/quickstart-java.md
         maintainContext: true
       - name: Use Azure Dev Spaces Node.js
-        href: ../dev-spaces/quickstart-nodejs.md 
+        href: ../dev-spaces/quickstart-nodejs.md
         maintainContext: true
 - name: Tutorials
   items:
@@ -73,6 +74,8 @@
     href: concepts-storage.md
   - name: Scale
     href: concepts-scale.md
+  - name: Node auto-repair
+    href: node-auto-repair.md
   - name: Best practices
     items:
     - name: Overview
@@ -159,7 +162,7 @@
     - name: NFS Server - Static
       href: azure-nfs-volume.md
     - name: Azure NetApp Files
-      href: azure-netapp-files.md      
+      href: azure-netapp-files.md
   - name: Configure networking
     items:
     - name: Create or use existing virtual network
@@ -326,25 +329,25 @@
       href: ../api-management/api-management-kubernetes.md
       maintainContext: true
   - name: Select and deploy a service mesh
-    items: 
+    items:
     - name: About Service Meshes
       href: servicemesh-about.md
     - name: Use Istio
-      items: 
+      items:
       - name: About Istio
         href: servicemesh-istio-about.md
       - name: Install and configure
         href: servicemesh-istio-install.md
       - name: Scenario - Intelligent routing and canary releases
         href: servicemesh-istio-scenario-routing.md
     - name: Use Linkerd
-      items: 
+      items:
       - name: About Linkerd
         href: servicemesh-linkerd-about.md
       - name: Install and configure
         href: servicemesh-linkerd-install.md
     - name: Use Consul
-      items: 
+      items:
       - name: About Consul
         href: servicemesh-consul-about.md
       - name: Install and configure
@@ -360,7 +363,7 @@
       href: ../devops-project/azure-devops-project-aks.md
       maintainContext: true
     - name: Deployment Center Launcher
-      href: deployment-center-launcher.md 
+      href: deployment-center-launcher.md
     - name: GitHub Actions for Kubernetes
       href: ../aks/kubernetes-action.md
   - name: Troubleshoot

articles/aks/kubernetes-walkthrough-rm-template.md

@@ -5,7 +5,7 @@ services: container-service
 ms.topic: quickstart
 ms.date: 04/19/2019
 
-ms.custom: mvc
+ms.custom: mvc,subject-armqs
 
 #Customer intent: As a developer or cluster operator, I want to quickly create an AKS cluster and deploy an application so that I can see how to run applications using the managed Kubernetes service in Azure.
 ---
@@ -16,6 +16,8 @@ Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you qui
 
 ![Image of browsing to Azure Vote](media/container-service-kubernetes-walkthrough/azure-voting-application.png)
 
+[!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)]
+
 This quickstart assumes a basic understanding of Kubernetes concepts. For more information, see [Kubernetes core concepts for Azure Kubernetes Service (AKS)][kubernetes-concepts].
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
@@ -66,13 +68,21 @@ Make a note of the *appId* and *password*. These values are used in the followin
 
 ## Create an AKS cluster
 
-The template used in this quickstart is to [deploy an Azure Kubernetes Service cluster](https://azure.microsoft.com/resources/templates/101-aks/). For more AKS samples, see the [AKS quickstart templates][aks-quickstart-templates] site.
+### Review the template
+
+The template used in this quickstart is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/101-aks/).
+
+:::code language="json" source="~/quickstart-templates/101-aks/azuredeploy.json" range="1-126" highlight="86-118":::
+
+For more AKS samples, see the [AKS quickstart templates][aks-quickstart-templates] site.
+
+### Deploy the template
 
 1. Select the following image to sign in to Azure and open a template.
 
     [![Deploy to Azure](./media/kubernetes-walkthrough-rm-template/deploy-to-azure.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-aks%2Fazuredeploy.json)
 
-2. Select or enter the following values.  
+2. Select or enter the following values.
 
     For this quickstart, leave the default values for the *OS Disk Size GB*, *Agent Count*, *Agent VM Size*, *OS Type*, and *Kubernetes Version*. Provide your own values for the following template parameters:
 
@@ -93,7 +103,9 @@ The template used in this quickstart is to [deploy an Azure Kubernetes Service c
 
 It takes a few minutes to create the AKS cluster. Wait for the cluster to be successfully deployed before you move on to the next step.
 
-## Connect to the cluster
+## Validate the deployment
+
+### Connect to the cluster
 
 To manage a Kubernetes cluster, you use [kubectl][kubectl], the Kubernetes command-line client. If you use Azure Cloud Shell, `kubectl` is already installed. To install `kubectl` locally, use the [az aks install-cli][az-aks-install-cli] command:
 
@@ -122,7 +134,7 @@ aks-agentpool-41324942-1   Ready    agent   6m46s   v1.12.6
 aks-agentpool-41324942-2   Ready    agent   6m45s   v1.12.6
 ```
 
-## Run the application
+### Run the application
 
 A Kubernetes manifest file defines a desired state for the cluster, such as what container images to run. In this quickstart, a manifest is used to create all objects needed to run the Azure Vote application. This manifest includes two [Kubernetes deployments][kubernetes-deployment] - one for the sample Azure Vote Python applications, and the other for a Redis instance. Two [Kubernetes Services][kubernetes-service] are also created - an internal service for the Redis instance, and an external service to access the Azure Vote application from the internet.
 
@@ -231,7 +243,7 @@ deployment "azure-vote-front" created
 service "azure-vote-front" created
 ```
 
-## Test the application
+### Test the application
 
 When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete.
 
@@ -258,7 +270,7 @@ To see the Azure Vote app in action, open a web browser to the external IP addre
 
 ![Image of browsing to Azure Vote](media/container-service-kubernetes-walkthrough/azure-voting-application.png)
 
-## Delete cluster
+## Clean up resources
 
 When the cluster is no longer needed, use the [az group delete][az-group-delete] command to remove the resource group, container service, and all related resources.
 

articles/aks/node-auto-repair.md

@@ -0,0 +1,54 @@
+---
+title: Automatically repairing Azure Kubernetes Service (AKS) nodes 
+description: Learn about node auto-repair functionality, and how AKS fixes broken worker nodes.
+services: container-service
+ms.topic: conceptual
+ms.date: 03/10/2020
+---
+
+# Azure Kubernetes Service (AKS) node auto-repair
+
+AKS continuously checks the health state of worker nodes and performs automatic repair of the nodes if they become unhealthy. This documentation describes how Azure Kubernetes Service (AKS) monitors worker nodes, and repairs unhealthy worker nodes.  The documentation is to inform AKS operators on the behavior of node repair functionality. It is also important to note that Azure platform [performs maintenance on Virtual Machines][vm-updates] that experience issues. AKS and Azure work together to minimize service disruptions for your clusters.
+
+> [!Important]
+> Noe auto-repair functionality isn't currently supported for Windows Server node pools.
+
+## How AKS checks for unhealthy nodes
+
+> [!Note]
+> AKS takes repair action on nodes with the user account **aks-remediator**.
+
+AKS uses rules to determine if a node is an unhealthy state and needs repair. AKS uses the following rules to determine if automatic repair is needed.
+
+* The node reports status of **NotReady** on consecutive checks within a 10-minute timeframe
+* The node doesn't report a status within 10 minutes
+
+You can manually check the health state of your nodes with kubectl. 
+
+```
+kubectl get nodes
+```
+
+## How automatic repair works
+
+> [!Note]
+> AKS takes repair action on nodes with the user account **aks-remediator**.
+
+This behavior is for **Virtual Machine Scale Sets**.  Auto-repair takes several steps to repair a broken node.  If a node is determined to be unhealthy, AKS attempts several remediation steps.  The steps are performed in this order:
+
+1. After the container runtime becomes unresponsive for 10 minutes, the failing runtime services are restarted on the node.
+2. If the node is not ready within 10 minutes, the node is rebooted.
+3. If the node is not ready within 30 minutes, the node is re-imaged.
+
+> [!Note]
+> If multiple nodes are unhealthy, they are repaired one by one
+
+## Next steps
+
+Use [Availability Zones][availability-zones] to increase high availability with your AKS cluster workloads.
+
+<!-- LINKS - External -->
+
+<!-- LINKS - Internal -->
+[availability-zones]: ./availability-zones.md
+[vm-updates]: ../virtual-machines/maintenance-and-updates.md

articles/application-gateway/application-gateway-covid-guidelines.md

@@ -0,0 +1,51 @@
+---
+title: Application Gateway COVID-19 update
+description: This article provides an update given the current COVID-19 situation and guidelines on how to set up your Application Gateway. 
+services: application-gateway
+author: caya
+ms.service: application-gateway
+ms.topic: article
+ms.date: 03/21/2020
+ms.author: caya
+---
+
+# Application Gateway COVID-19 update 
+
+This article describes a few suggested guidelines to help you set up your Application Gateway to handle extra traffic due to the COVID-19 pandemic. You can use Application Gateway with Web Application Firewall (WAF) for a scalable and secure way to manage traffic to your web applications. 
+
+The following suggestions help you set up Application Gateway with WAF to handle extra traffic . 
+
+## Use the v2 SKU over v1 for its autoscaling capabilities and performance benefits
+The v2 SKU offers autoscaling to ensure that your Application Gateway can scale up as traffic increases. It also offers other significant performance benefits, such as 5x better SSL offload performance, quicker deployment and update times, zone redundancy, and more when compared to v1. For more information, see our [v2 documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant). 
+
+## Set maximum instance count to the maximum possible (125) 
+Assuming you have an Application Gateway v2 SKU, setting the maximum instance count to the maximum possible value of 125 allows the Application Gateway to scale out as needed. This allows it to handle the possible increase in traffic to your applications. You will only be charged for the Capacity Units (CUs) you use.  
+
+## Set your minimum instance count based on your average CU usage 
+Assuming you have an Application Gateway v2 SKU, autoscaling takes six to seven minutes to scale out. With a higher minimum instance count, the Application Gateway can better handle your traffic when the load is increased, because a spike in traffic doesn't require an autoscaling operation.  
+
+## Alert if a certain metric surpasses 75% of average CU utilization 
+See the [Application Gateway Metrics documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-metrics#metrics-visualization) for a detailed explanation of our metrics and other walkthroughs. 
+
+### Example: Setting up an alert on 75% of average CU usage
+This example shows you how to use the Azure portal to set up an alert when 75% of average CU usage is reached. 
+1. Navigate to your **Application Gateway**.
+2. On the left panel, select **Metrics** under the **Monitoring** tab. 
+3. Add a metric for **Average Current Compute Units**. 
+![Setting up WAF metric](./media/application-gateway-covid-guidelines/waf-setup-metrics.png)
+4. If you've set your minimum instance count to be your average CU usage, go ahead and set an alert when 75% of your minimum instances are in use. For example, if your average usage is 10 CUs, set an alert on 7.5 CUs. This alerts you if usage is increasing and gives you time to respond. You can raise the minimum if you think this traffic will be sustained to alert you that traffic may be increasing. 
+![Setting up WAF alert](./media/application-gateway-covid-guidelines/waf-setup-monitoring-alert.png)
+
+> [!NOTE]
+> You can set the alert to occur at a lower or higher CU utilization percentage depending on how sensitive you want to be to potential traffic spikes.
+
+## Set up WAF with geofiltering and bot protection to stop attacks
+If you want an extra layer of security in front of your application, use the Application Gateway WAF_v2 SKU for WAF capabilities. You can configure the v2 SKU to only allow access to your applications from a given country or countries. You set up a WAF custom rule to explicitly allow or block traffic based on the geolocation. For more information, see [geofiltering custom rules](https://docs.microsoft.com/azure/web-application-firewall/ag/geomatch-custom-rules) and [how to configure custom rules on Application Gateway WAF_v2 SKU through PowerShell](https://docs.microsoft.com/azure/web-application-firewall/ag/configure-waf-custom-rules).
+
+Enable bot protection to block known bad bots. This should reduce the amount of traffic getting to your application. For more information, see [bot protection with set up instructions](https://docs.microsoft.com/azure/web-application-firewall/ag/configure-waf-custom-rules).
+
+## Turn on diagnostics on Application Gateway and WAF
+Diagnostic logs allow you to view firewall logs, performance logs, and access logs. You can use these logs in Azure to manage and troubleshoot Application Gateways. For more information, see our [diagnostics documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging). 
+
+## Set up an SSL policy for extra security
+Ensure you're using the latest SSL policy version ([AppGwSslPolicy20170401S](https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#appgwsslpolicy20170401s)). This enforces TLS 1.2 and stronger ciphers. For more information, see [configuring SSL policy versions and cipher suites via PowerShell](https://docs.microsoft.com/azure/application-gateway/application-gateway-configure-ssl-policy-powershell).

articles/application-gateway/index.yml

@@ -29,7 +29,15 @@ landingContent:
         links:
           - text: Frequently asked questions
             url: application-gateway-faq.md
-       
+
+  # Card
+  - title: COVID-19 Guidelines
+    linkLists:
+      - linkListType: concept
+        links:
+          - text: Application Gateway COVID-19 update
+            url: application-gateway-covid-guidelines.md
+
   # Card
   - title: Deploy an Application Gateway
     linkLists: