Merge pull request #220128 from schaffererin/freshness-pass-deploy-cluster

Freshness pass: Deploy an AKS cluster tutorial

Author: JamesJBarnett

articles/aks/tutorial-kubernetes-deploy-cluster.md

@@ -3,7 +3,7 @@ title: Kubernetes on Azure tutorial - Deploy a cluster
 description: In this Azure Kubernetes Service (AKS) tutorial, you create an AKS cluster and use kubectl to connect to the Kubernetes master node.
 services: container-service
 ms.topic: tutorial
-ms.date: 05/24/2021
+ms.date: 12/01/2022
 
 ms.custom: mvc, devx-track-azurecli, devx-track-azurepowershell
 
@@ -12,38 +12,38 @@ ms.custom: mvc, devx-track-azurecli, devx-track-azurepowershell
 
 # Tutorial: Deploy an Azure Kubernetes Service (AKS) cluster
 
-Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, a Kubernetes cluster is deployed in AKS. You learn how to:
+Kubernetes provides a distributed platform for containerized applications. With AKS, you can quickly create a production ready Kubernetes cluster. In this tutorial, part three of seven, you deploy a Kubernetes cluster in AKS. You learn how to:
 
 > [!div class="checklist"]
-> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
-> * Install the Kubernetes CLI (kubectl)
-> * Configure kubectl to connect to your AKS cluster
 
-In later tutorials, the Azure Vote application is deployed to the cluster, scaled, and updated.
+> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure Container Registry (ACR).
+> * Install the Kubernetes CLI, `kubectl`.
+> * Configure `kubectl` to connect to your AKS cluster.
 
-## Before you begin
-
-In previous tutorials, a container image was created and uploaded to an Azure Container Registry instance. If you haven't done these steps, and would like to follow along, start at [Tutorial 1 – Create container images][aks-tutorial-prepare-app].
+In later tutorials, you'll deploy the Azure Vote application to your AKS cluster and scale and update your application.
 
-### [Azure CLI](#tab/azure-cli)
-
-This tutorial requires that you're running the Azure CLI version 2.0.53 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+## Before you begin
 
-### [Azure PowerShell](#tab/azure-powershell)
+In previous tutorials, you created a container image and uploaded it to an ACR instance. If you haven't done these steps and would like to follow along, start with [Tutorial 1: Prepare an application for AKS][aks-tutorial-prepare-app].
 
-This tutorial requires that you're running Azure PowerShell version 5.9.0 or later. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][azure-powershell-install].
+* If you're using Azure CLI, this tutorial requires that you're running the Azure CLI version 2.0.53 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+* If you're using Azure PowerShell, this tutorial requires that you're running Azure PowerShell version 5.9.0 or later. Run `Get-InstalledModule -Name Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell][azure-powershell-install].
 
 ---
 
 ## Create a Kubernetes cluster
 
-AKS clusters can use Kubernetes role-based access control (Kubernetes RBAC). These controls let you define access to resources based on roles assigned to users. Permissions are combined if a user is assigned multiple roles, and permissions can be scoped to either a single namespace or across the whole cluster. By default, the Azure CLI automatically enables Kubernetes RBAC when you create an AKS cluster.
+AKS clusters can use [Kubernetes role-based access control (Kubernetes RBAC)][k8s-rbac], which allows you to define access to resources based on roles assigned to users. If a user is assigned multiple roles, permissions are combined. Permissions can be scoped to either a single namespace or across the whole cluster.
+
+To learn more about AKS and Kubernetes RBAC, see [Control access to cluster resources using Kubernetes RBAC and Azure Active Directory identities in AKS][aks-k8s-rbac].
 
 ### [Azure CLI](#tab/azure-cli)
 
-Create an AKS cluster using [az aks create][]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The following example does not specify a region so the AKS cluster is also created in the *eastus* region. For more information, see [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions] for more information about resource limits and region availability for AKS.
+Create an AKS cluster using [`az aks create`][az aks create]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The AKS cluster will also be created in the *eastus* region.
+
+For more information about AKS resource limits and region availability, see [Quotas, virtual machine size restrictions, and region availability in AKS][quotas-skus-regions].
 
-To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is [granted the right to pull images][container-registry-integration] from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role on the Azure subscription.
+To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created. In this example, the cluster identity is [granted the right to pull images][container-registry-integration] from the ACR instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role in your Azure subscription.
 
 ```azurecli
 az aks create \
@@ -56,9 +56,11 @@ az aks create \
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-Create an AKS cluster using [New-AzAksCluster][new-azakscluster]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The following example does not specify a region so the AKS cluster is also created in the *eastus* region. For more information, see [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions] for more information about resource limits and region availability for AKS.
+Create an AKS cluster using [`New-AzAksCluster`][new-azakscluster]. The following example creates a cluster named *myAKSCluster* in the resource group named *myResourceGroup*. This resource group was created in the [previous tutorial][aks-tutorial-prepare-acr] in the *eastus* region. The AKS cluster will also be created in the *eastus* region.
 
-To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created, since you did not specify one. Here, this cluster identity is [granted the right to pull images][container-registry-integration] from the Azure Container Registry (ACR) instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role on the Azure subscription.
+For more information about AKS resource limits and region availability, see [Quotas, virtual machine size restrictions, and region availability in AKS][quotas-skus-regions].
+
+To allow an AKS cluster to interact with other Azure resources, a cluster identity is automatically created. In this example, the cluster identity is [granted the right to pull images][container-registry-integration] from the ACR instance you created in the previous tutorial. To execute the command successfully, you're required to have an **Owner** or **Azure account administrator** role in your Azure subscription.
 
 ```azurepowershell
 New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCount 2 -GenerateSshKey -AcrNameToAttach <acrName>
@@ -68,25 +70,26 @@ New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCoun
 
 To avoid needing an **Owner** or **Azure account administrator** role, you can also manually configure a service principal to pull images from ACR. For more information, see [ACR authentication with service principals](../container-registry/container-registry-auth-service-principal.md) or [Authenticate from Kubernetes with a pull secret](../container-registry/container-registry-auth-kubernetes.md). Alternatively, you can use a [managed identity](use-managed-identity.md) instead of a service principal for easier management.
 
-After a few minutes, the deployment completes, and returns JSON-formatted information about the AKS deployment.
+After a few minutes, the deployment completes and returns JSON-formatted information about the AKS deployment.
 
 > [!NOTE]
-> To ensure your cluster to operate reliably, you should run at least 2 (two) nodes.
+> To ensure your cluster operates reliably, you should run at least two nodes.
 
 ## Install the Kubernetes CLI
 
-To connect to the Kubernetes cluster from your local computer, you use [kubectl][kubectl], the Kubernetes command-line client.
+Use the Kubernetes CLI, [`kubectl`][kubectl], to connect to the Kubernetes cluster from your local computer.
 
 ### [Azure CLI](#tab/azure-cli)
 
-If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [az aks install-cli][] command:
+If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [`az aks install-cli`][az aks install-cli] command.
 
 ```azurecli
 az aks install-cli
 ```
+
 ### [Azure PowerShell](#tab/azure-powershell)
 
-If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [Install-AzAksKubectl][install-azakskubectl] cmdlet:
+If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [`Install-AzAksKubectl`][install-azakskubectl] cmdlet.
 
 ```azurepowershell
 Install-AzAksKubectl
@@ -98,23 +101,23 @@ Install-AzAksKubectl
 
 ### [Azure CLI](#tab/azure-cli)
 
-To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials][] command. The following example gets credentials for the AKS cluster named *myAKSCluster* in the *myResourceGroup*:
+To configure `kubectl` to connect to your Kubernetes cluster, use the [`az aks get-credentials`][az aks get-credentials] command. The following example gets credentials for the AKS cluster named *myAKSCluster* in *myResourceGroup*.
 
 ```azurecli
 az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
 ```
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-To configure `kubectl` to connect to your Kubernetes cluster, use the [Import-AzAksCredential][import-azakscredential] cmdlet. The following example gets credentials for the AKS cluster named *myAKSCluster* in the *myResourceGroup*:
+To configure `kubectl` to connect to your Kubernetes cluster, use the [`Import-AzAksCredential`][import-azakscredential] cmdlet. The following example gets credentials for the AKS cluster named *myAKSCluster* in *myResourceGroup*.
 
 ```azurepowershell
 Import-AzAksCredential -ResourceGroupName myResourceGroup -Name myAKSCluster
 ```
 
 ---
 
-To verify the connection to your cluster, run the [kubectl get nodes][kubectl-get] command to return a list of the cluster nodes:
+To verify connection to your cluster, run [`kubectl get nodes`][kubectl-get] to return a list of cluster nodes.
 
 ```azurecli-interactive
 kubectl get nodes
@@ -132,21 +135,23 @@ aks-nodepool1-37463671-vmss000001   Ready    agent   2m28s   v1.18.10
 
 ## Next steps
 
-In this tutorial, a Kubernetes cluster was deployed in AKS, and you configured `kubectl` to connect to it. You learned how to:
+In this tutorial, you deployed a Kubernetes cluster in AKS and configured `kubectl` to connect to the cluster. You learned how to:
 
 > [!div class="checklist"]
-> * Deploy a Kubernetes AKS cluster that can authenticate to an Azure container registry
-> * Install the Kubernetes CLI (kubectl)
-> * Configure kubectl to connect to your AKS cluster
+>
+> * Deploy an AKS cluster that can authenticate to an ACR.
+> * Install the Kubernetes CLI, `kubectl`.
+> * Configure `kubectl` to connect to your AKS cluster.
 
-Advance to the next tutorial to learn how to deploy an application to the cluster.
+In the next tutorial, you'll learn how to deploy an application to your cluster.
 
 > [!div class="nextstepaction"]
-> [Deploy application in Kubernetes][aks-tutorial-deploy-app]
+> [Deploy an application in AKS][aks-tutorial-deploy-app]
 
 <!-- LINKS - external -->
 [kubectl]: https://kubernetes.io/docs/user-guide/kubectl/
 [kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
+[k8s-rbac]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
 
 <!-- LINKS - internal -->
 [aks-tutorial-deploy-app]: ./tutorial-kubernetes-deploy-application.md
@@ -165,3 +170,7 @@ Advance to the next tutorial to learn how to deploy an application to the cluste
 [new-azakscluster]: /powershell/module/az.aks/new-azakscluster
 [install-azakskubectl]: /powershell/module/az.aks/install-azaksclitool
 [import-azakscredential]: /powershell/module/az.aks/import-azakscredential
+[aks-k8s-rbac]: azure-ad-rbac.md
+[preset-config]: /quotas-skus-regions.md#cluster-configuration-presets-in-the-azure-portal
+[azure-managed-identities]: ../active-directory/managed-identities-azure-resources/overview.md
+[az-container-insights]: ../azure-monitor/containers/container-insights-overview.md