Merge pull request #299361 from MicrosoftDocs/main

05/05/2025 PM Publishing

Author: v-alje

articles/application-gateway/for-containers/alb-controller-helm-chart.md

@@ -0,0 +1,78 @@
+---
+title: ALB Controller Helm Chart
+description: This article documents the latest helm chart for Application Gateway for Containers' ALB Controller.
+services: application-gateway
+author: greg-lindsay
+ms.service: azure-appgw-for-containers
+ms.topic: release-notes
+ms.date: 5/2/2025
+ms.author: greglin
+---
+<!-- Custom Resource Definitions (CRDs) -->
+
+# ALB Controller Helm Chart
+
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+A Helm chart to install the ALB Controller on Kubernetes.
+
+The following parameters are supported for configuration during installation:
+
+- tolerations
+- name
+- installGatewayApiCRDs
+- logLevel
+- namespace
+- seucrityPolicyFeatureFlag
+
+## Values
+
+| Key | Type | Default | Description |
+| ----- | ------ | --------- | ------------- |
+| albController.controller | object | `{"replicaCount":2,"resource":{"limits":{"cpu":"400m","memory":"400Mi"},"requests":{"cpu":"100m","memory":"200Mi"}},"tolerations":[]}` | ALB Controller parameters |
+| albController.controller.replicaCount | int | `2` | ALB Controller's replica count. |
+| albController.controller.resource | object | `{"limits":{"cpu":"400m","memory":"400Mi"},"requests":{"cpu":"100m","memory":"200Mi"}}` | ALB Controller's container resource parameters. |
+| albController.controller.tolerations | list | `[]` | Tolerations for ALB Controller |
+| albController.env | list | `[{"name":"","value":""}]` | Environment variables for ALB Controller. |
+| albController.image | object | `{"name":{"CRDs":"application-lb/images/alb-controller-crds","bootstrap":"application-lb/images/alb-controller-bootstrap","controller":"application-lb/images/alb-controller"},"pullPolicy":"IfNotPresent","registry":"mcr.microsoft.com"}` | ALB Controller image parameters. |
+| albController.image.name | object | `{"CRDs":"application-lb/images/alb-controller-crds","bootstrap":"application-lb/images/alb-controller-bootstrap","controller":"application-lb/images/alb-controller"}` | Image name defaults. |
+| albController.image.name.CRDs | string | `"application-lb/images/alb-controller-crds"` | ALB Controller CRDs' image name |
+| albController.image.name.bootstrap | string | `"application-lb/images/alb-controller-bootstrap"` | alb-controller bootstrap's init container image name. |
+| albController.image.name.controller | string | `"application-lb/images/alb-controller"` | ALB Controller's image name. |
+| albController.image.pullPolicy | string | `"IfNotPresent"` | Container image pull policy for ALB Controller containers. |
+| albController.image.registry | string | `"mcr.microsoft.com"` | Container image registry for ALB Controller. |
+| albController.imagePullSecrets | list | `[]` |  |
+| albController.installGatewayApiCRDs | bool | `true` | A flag to enable/disable installation of Gateway API CRDs. |
+| albController.logLevel | string | `"info"` | Log level of ALB Controller. |
+| albController.namespace | string | `"azure-alb-system"` | Namespace to deploy ALB Controller components in. |
+| albController.securityPolicyFeatureFlag | bool | `false` | Enable Application Load Balancer Security Policy Resource (WAF Preview). |
+
+## Tolerations
+
+Tolerations follow Kubernetes' implementation as defined [here](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).
+
+Tolerations are added to each of the ALB Controller pods, supporting the following format:
+
+```yaml
+tolerations:
+- key: "key1"
+  operator: "Equal"
+  value: "value1"
+  effect: "NoSchedule"
+```
+
+If desired, you can specify the toleration inline via the helm install command using the following example:
+
+```bash
+HELM_NAMESPACE='<namespace for deployment>'
+CONTROLLER_NAMESPACE='azure-alb-system'
+VERSION='<latest_version>'
+az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
+helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
+     --namespace $HELM_NAMESPACE \
+     --version $VERSION \
+     --set albController.namespace=$CONTROLLER_NAMESPACE \
+     --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
+     --set tolerations.key=key1 --set tolerations.operator=Equal --set tolerations.value=value1 --set tolerations.effect=NoExecute --set tolerations.tolerationSeconds=3600
+     --set tolerations.key=key2 --set tolerations.operator=Exists --set tolerations.effect=NoSchedule
+```

articles/application-gateway/for-containers/alb-controller-release-notes.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-appgw-for-containers
 ms.topic: release-notes
-ms.date: 3/31/2025
+ms.date: 5/2/2025
 ms.author: greglin
 ---
 
@@ -24,19 +24,20 @@ Instructions for new or existing deployments of ALB Controller are found in the
 
 ## Latest Release (Recommended)
 
-| ALB Controller Version | Gateway API Version | Kubernetes Version | Release Notes |
+| ALB Controller Version | Gateway API Version | Minimum Kubernetes Version | Release Notes |
 | ---------------------- | ------------------- | ------------------ | ------------- |
-| 1.5.2 | v1.1.1 | v1.26, v1.27, v1.28, v1.29, v1.30 | Support for Azure CNI Overlay |
+| 1.6.7 | v1.1.1 | v1.27 | [Fix for SSE timeout value of 0](https://aka.ms/qa2153620), [Overlay CNI fix](https://github.com/Azure/AKS/issues/4950), [support readinessProbe port by name](https://github.com/Azure/AKS/issues/4861), leverage init container during bootstrap, misc. bug fixes and improvements |
 
 ## Release history
 
-| ALB Controller Version | Gateway API Version | Kubernetes Version | Release Notes |
+| ALB Controller Version | Gateway API Version | Minimum Kubernetes Version | Release Notes |
 | ---------------------- | ------------------- | ------------------ | ------------- |
-| 1.4.12 | v1.1.1 | v1.26, v1.27, v1.28, v1.29, v1.30 | Updated to Gateway API version 1.1.1, Regex match support for path and header match in HTTP and GRPC routes, [Wildcard hostname fix](https://github.com/Azure/AKS/issues/4713), Misc. bug fixes and improvements |
-| 1.3.7| v1.1 | v1.26, v1.27, v1.28, v1.29, v1.30 | Minor fixes and improvements |
-| 1.2.3| v1.1 | v1.26, v1.27, v1.28, v1.29, v1.30 | Gateway API v1.1, gRPC support, frontend mutual authentication, readiness probe fixes, custom health probe port and TLS mode  |
-| 1.0.2| v1 | v1.26, v1.27, v1.28, v1.29 | ECDSA + RSA certificate support for both Ingress and Gateway API, Ingress fixes, Server-sent events support |
-| 1.0.0| v1 | v1.26, v1.27, v1.28 | General Availability! URL redirect for both Gateway and Ingress API, v1beta1 -> v1 of Gateway API, quality improvements<br/>Breaking Changes: TLS Policy for Gateway API [PolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2.PolicyTargetReferenceWithSectionName)<br/>Listener is now referred to as [SectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SectionName)<br/>Fixes: Request timeout of 3 seconds, [HealthCheckPolicy interval](https://github.com/Azure/AKS/issues/4086), [pod crash for missing API fields](https://github.com/Azure/AKS/issues/4087) |
+| 1.5.2 | v1.1.1 | v1.26 | Support for Azure CNI Overlay |
+| 1.4.12 | v1.1.1 | v1.26 | Updated to Gateway API version 1.1.1, Regex match support for path and header match in HTTP and GRPC routes, [Wildcard hostname fix](https://github.com/Azure/AKS/issues/4713), Misc. bug fixes and improvements |
+| 1.3.7| v1.1 | v1.26 | Minor fixes and improvements |
+| 1.2.3| v1.1 | v1.26 | Gateway API v1.1, gRPC support, frontend mutual authentication, readiness probe fixes, custom health probe port and TLS mode  |
+| 1.0.2| v1 | v1.26 | ECDSA + RSA certificate support for both Ingress and Gateway API, Ingress fixes, Server-sent events support |
+| 1.0.0| v1 | v1.26 | General Availability! URL redirect for both Gateway and Ingress API, v1beta1 -> v1 of Gateway API, quality improvements<br/>Breaking Changes: TLS Policy for Gateway API [PolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2.PolicyTargetReferenceWithSectionName)<br/>Listener is now referred to as [SectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SectionName)<br/>Fixes: Request timeout of 3 seconds, [HealthCheckPolicy interval](https://github.com/Azure/AKS/issues/4086), [pod crash for missing API fields](https://github.com/Azure/AKS/issues/4087) |
 | 0.6.3 | v1beta1 | v1.25 | Hotfix to address handling of Application Gateway for Containers frontends during controller restart in managed scenario |
 | 0.6.2 | - | - | Skipped release |
 | November 6, 2023 - 0.6.1 | v1beta1 | v1.25 | Gateway / Ingress API - Header rewrite support, Ingress API - URL rewrite support, Ingress multiple-TLS listener bug fix, two certificates maximum per host, adopting [semantic versioning (semver)](https://semver.org/), quality improvements |

articles/application-gateway/for-containers/quickstart-deploy-application-gateway-for-containers-alb-controller.md

@@ -7,7 +7,7 @@ author: greg-lindsay
 ms.service: azure-appgw-for-containers
 ms.custom: devx-track-azurecli
 ms.topic: quickstart
-ms.date: 3/31/2025
+ms.date: 5/2/2025
 ms.author: greglin
 ---
 
@@ -125,7 +125,7 @@ You need to complete the following tasks before deploying Application Gateway fo
         --issuer "$AKS_OIDC_ISSUER" \
         --subject "system:serviceaccount:azure-alb-system:alb-controller-sa"
     ```
-    ALB Controller requires a federated credential with the name of _azure-alb-identity_. Any other federated credential name is unsupported.
+    ALB Controller requires a federated credential with the name of `azure-alb-identity`. Any other federated credential name is unsupported.
 
    > [!Note]
    > Assignment of the managed identity immediately after creation may result in an error that the principalId does not exist. Allow about a minute of time to elapse for the identity to replicate in Microsoft Entra ID before delegating the identity.
@@ -136,7 +136,7 @@ You need to complete the following tasks before deploying Application Gateway fo
     
     To install ALB Controller, use the `helm install` command.
 
-    When the `helm install` command is run, it deploys the helm chart to the  _default_ namespace. When alb-controller is deployed, it deploys to the _azure-alb-system_ namespace. Both of these namespaces may be overridden independently as desired. To override the namespace the helm chart is deployed to, you may specify the --namespace (or -n) parameter. To override the _azure-alb-system_ namespace used by alb-controller, you may set the albController.namespace property during installation (`--set albController.namespace`). If neither the `--namespace` or the `--set albController.namespace` parameters are defined, the _default_ namespace is used for the helm chart and the _azure-alb-system_ namespace is used for the ALB controller components. Lastly, if the namespace for the helm chart resource isn't yet defined, ensure the `--create-namespace` parameter is also specified along with the `--namespace` or `-n` parameters.
+    When the `helm install` command is run, it deploys the helm chart to the  _default_ namespace. When alb-controller is deployed, it deploys to the `azure-alb-system` namespace. Both of these namespaces may be overridden independently as desired. To override the namespace the helm chart is deployed to, you may specify the --namespace (or -n) parameter. To override the `azure-alb-system` namespace used by alb-controller, you may set the albController.namespace property during installation (`--set albController.namespace`). If neither the `--namespace` or the `--set albController.namespace` parameters are defined, the _default_ namespace is used for the helm chart and the `azure-alb-system` namespace is used for the ALB controller components. Lastly, if the namespace for the helm chart resource isn't yet defined, ensure the `--create-namespace` parameter is also specified along with the `--namespace` or `-n` parameters.
     
     ALB Controller can be installed by running the following commands:
 
@@ -146,7 +146,7 @@ You need to complete the following tasks before deploying Application Gateway fo
     az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
     helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
          --namespace $HELM_NAMESPACE \
-         --version 1.5.2 \
+         --version 1.6.7 \
          --set albController.namespace=$CONTROLLER_NAMESPACE \
          --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
     ```
@@ -164,7 +164,7 @@ You need to complete the following tasks before deploying Application Gateway fo
     az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME
     helm upgrade alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \
         --namespace $HELM_NAMESPACE \
-        --version 1.5.2 \
+        --version 1.6.7 \
         --set albController.namespace=$CONTROLLER_NAMESPACE \
         --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv)
     ```
@@ -220,27 +220,27 @@ The next step is to link your ALB controller to Application Gateway for Containe
 
 There are two deployment strategies for management of Application Gateway for Containers:
 - **Bring your own (BYO) deployment:** In this deployment strategy, deployment and lifecycle of the Application Gateway for Containers resource, Association resource, and Frontend resource is assumed via Azure portal, CLI, PowerShell, Terraform, etc. and referenced in configuration within Kubernetes.
-   - To use a BYO deployment, see [Create Application Gateway for Containers - bring your own deployment](quickstart-create-application-gateway-for-containers-byo-deployment.md)
+   - To use a BYO deployment, see [Create Application Gateway for Containers - bring your own deployment](quickstart-create-application-gateway-for-containers-byo-deployment.md).
 - **Managed by ALB controller:** In this deployment strategy, ALB Controller deployed in Kubernetes is responsible for the lifecycle of the Application Gateway for Containers resource and its sub resources. ALB Controller creates an Application Gateway for Containers resource when an **ApplicationLoadBalancer** custom resource is defined on the cluster. The service lifecycle is based on the lifecycle of the custom resource.
-  - To use an ALB managed deployment, see [Create Application Gateway for Containers managed by ALB Controller](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md)
+  - To use an ALB managed deployment, see [Create Application Gateway for Containers managed by ALB Controller](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
 
 ## Uninstall Application Gateway for Containers and ALB Controller
 
 If you wish to uninstall the ALB Controller, complete the following steps.
 
 1. Delete the Application Gateway for Containers, you can delete the Resource Group containing the Application Gateway for Containers resources:
 
-```azurecli-interactive
-az group delete --resource-group $RESOURCE_GROUP
-```
+   ```azurecli-interactive
+   az group delete --resource-group $RESOURCE_GROUP
+   ```
 
 2. Uninstall ALB Controller and its resources from your cluster run the following commands:
 
-```azurecli-interactive
-helm uninstall alb-controller
-kubectl delete ns azure-alb-system
-kubectl delete gatewayclass azure-alb-external
-```
+   ```azurecli-interactive
+   helm uninstall alb-controller
+   kubectl delete ns azure-alb-system
+   kubectl delete gatewayclass azure-alb-external
+   ```
 
 > [!Note]
 > If a different namespace was used for alb-controller installation, ensure you specify the -n parameter on the helm uninstall command to define the proper namespace to be used. For example: `helm uninstall alb-controller -n unique-namespace`

articles/application-gateway/for-containers/toc.yml

@@ -101,6 +101,8 @@
     href: troubleshooting-guide.md
 - name: Kubernetes Reference
   items:
+  - name: ALB Controller Helm Chart
+    href: alb-controller-helm-chart.md
   - name: API Specification
     href: api-specification-kubernetes.md
 - name: Reference

articles/azure-app-configuration/howto-variant-feature-flags.md

@@ -74,3 +74,4 @@ In this tutorial, you create a web app named _Quote of the Day_. When the app is
 
 2. Continue to the following instructions to use the variant feature flag in your application for the language or platform you're using.
     * [ASP.NET Core](./howto-variant-feature-flags-aspnet-core.md)
+    * [Python](./howto-variant-feature-flags-python.md)

articles/azure-functions/functions-deploy-container-apps.md

@@ -84,7 +84,7 @@ Use these commands to create your required Azure resources:
     principalId=$(az identity create --name <USER_IDENTITY_NAME> --resource-group AzureFunctionsContainers-rg --location eastus --query principalId -o tsv) 
     acrId=$(az acr show --name <REGISTRY_NAME> --query id --output tsv)
     az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --role acrpull --scope $acrId
-    storageId=$(az storage account show --resource-group AzureFunctionsContainers-rg --name glengatestaca2 --query 'id' -o tsv)
+    storageId=$(az storage account show --resource-group AzureFunctionsContainers-rg --name <STORAGE_NAME> --query 'id' -o tsv)
     az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal --role "Storage Blob Data Owner" --scope $storageId
     ```
 

articles/azure-functions/functions-monitoring.md

@@ -88,7 +88,7 @@ In [C#](functions-dotnet-class-library.md#log-custom-telemetry-in-c-functions),
 
 ### Dependencies
 
-Starting with version 2.x of Functions, Application Insights automatically collects data on dependencies for bindings that use certain client SDKs. Application Insights distributed tracing and dependency tracking aren't currently supported for C# apps running in an [isolated worker process](dotnet-isolated-process-guide.md). Application Insights collects data on the following dependencies:
+Starting with version 2.x of Functions, Application Insights automatically collects data on dependencies for bindings that use certain client SDKs. Application Insights collects data on the following dependencies:
 
 + Azure Cosmos DB 
 + Azure Event Hubs

articles/azure-functions/opentelemetry-howto.md

@@ -42,15 +42,6 @@ To enable OpenTelemetry output from the Functions host, update the [host.json fi
 ```json
 {
     "version": "2.0",
-    "logging": {
-        "applicationInsights": {
-            "samplingSettings": {
-                "isEnabled": true,
-                "excludedTypes": "Request"
-            },
-            "enableLiveMetricsFilters": true
-        }
-    },
     "telemetryMode": "openTelemetry"
 }
 ```