Merge pull request #197772 from MicrosoftDocs/main

5/10 PM Publish

Author: huypub

articles/aks/use-multiple-node-pools.md

@@ -27,7 +27,7 @@ The following limitations apply when you create and manage AKS clusters that sup
 * See [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)][quotas-skus-regions].
 * You can delete system node pools, provided you have another system node pool to take its place in the AKS cluster.
 * System pools must contain at least one node, and user node pools may contain zero or more nodes.
-* The AKS cluster must use the Standard SKU load balancer to use multiple node pools, the feature is not supported with Basic SKU load balancers.
+* The AKS cluster must use the Standard SKU load balancer to use multiple node pools, the feature isn't supported with Basic SKU load balancers.
 * The AKS cluster must use virtual machine scale sets for the nodes.
 * You can't change the VM size of a node pool after you create it.
 * The name of a node pool may only contain lowercase alphanumeric characters and must begin with a lowercase letter. For Linux node pools the length must be between 1 and 12 characters, for Windows node pools the length must be between 1 and 6 characters.
@@ -129,8 +129,9 @@ A workload may require splitting a cluster's nodes into separate pools for logic
 * All subnets assigned to nodepools must belong to the same virtual network.
 * System pods must have access to all nodes/pods in the cluster to provide critical functionality such as DNS resolution and tunneling kubectl logs/exec/port-forward proxy.
 * If you expand your VNET after creating the cluster you must update your cluster (perform any managed cluster operation but node pool operations don't count) before adding a subnet outside the original cidr. AKS will error out on the agent pool add now though we originally allowed it. If you don't know how to reconcile your cluster file a support ticket.
-* Azure Network Policy is not supported.
-* Kube-proxy is designed for a single contiguous CIDR and optimizes rules based on that value. When using multiple non-contiguous ranges, these optimizations cannot occur. See this [K.E.P.](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/2450-Remove-knowledge-of-pod-cluster-CIDR-from-iptables-rules) and the documentation for the [`--cluster-cidr` `kube-proxy` argument](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) for more details. In clusters configured with Azure CNI, `kube-proxy` will be configured with the subnet of the first node pool at cluster creation. 
+* In clusters with Kubernetes version < 1.23.3, kube-proxy will SNAT traffic from new subnets, which can cause Azure Network Policy to drop the packets.
+* Windows nodes will SNAT traffic to the new subnets until the nodepool is reimaged.
+* Internal load balancers default to one of the node pool subnets (usually the first subnet of the node pool at cluster creation). To override this behavior, you can [specify the load balancer's subnet explicitly using an annotation][internal-lb-different-subnet].
 
 To create a node pool with a dedicated subnet, pass the subnet resource ID as an additional parameter when creating a node pool.
 
@@ -234,12 +235,12 @@ The valid Kubernetes upgrades for a cluster's control plane and node pools are v
 * Rules for valid versions to upgrade node pools:
    * The node pool version must have the same *major* version as the control plane.
    * The node pool *minor* version must be within two *minor* versions of the control plane version.
-   * The node pool version cannot be greater than the control `major.minor.patch` version.
+   * The node pool version can't be greater than the control `major.minor.patch` version.
 
 * Rules for submitting an upgrade operation:
-   * You cannot downgrade the control plane or a node pool Kubernetes version.
-   * If a node pool Kubernetes version is not specified, behavior depends on the client being used. Declaration in Resource Manager templates falls back to the existing version defined for the node pool if used, if none is set the control plane version is used to fall back on.
-   * You can either upgrade or scale a control plane or a node pool at a given time, you cannot submit multiple operations on a single control plane or node pool resource simultaneously.
+   * You can't downgrade the control plane or a node pool Kubernetes version.
+   * If a node pool Kubernetes version isn't specified, behavior depends on the client being used. Declaration in Resource Manager templates falls back to the existing version defined for the node pool if used, if none is set the control plane version is used to fall back on.
+   * You can either upgrade or scale a control plane or a node pool at a given time, you can't submit multiple operations on a single control plane or node pool resource simultaneously.
 
 ## Scale a node pool manually
 
@@ -360,7 +361,7 @@ Associating a node pool with an existing capacity reservation group can be done
 ```azurecli-interactive
 az aks nodepool add -g MyRG --cluster-name MyMC -n myAP --capacityReservationGroup myCRG
 ```
-Associating a system node pool with an existing capacity reservation group can be done using [az aks create][az-aks-create] command. If the capacity reservation group specified does not exist, then a warning is issued and the cluster gets created without any capacity reservation group association. 
+Associating a system node pool with an existing capacity reservation group can be done using [az aks create][az-aks-create] command. If the capacity reservation group specified doesn't exist, then a warning is issued and the cluster gets created without any capacity reservation group association. 
 
 ```azurecli-interactive
 az aks create -g MyRG --cluster-name MyMC --capacityReservationGroup myCRG
@@ -562,7 +563,7 @@ FIPS-enabled node pools have the following limitations:
 * Currently, you can only have FIPS-enabled Linux-based node pools running on Ubuntu 18.04.
 * FIPS-enabled node pools require Kubernetes version 1.19 and greater.
 * To update the underlying packages or modules used for FIPS, you must use [Node Image Upgrade][node-image-upgrade].
-* Container Images on the FIPS nodes have not been assessed for FIPS compliance.
+* Container Images on the FIPS nodes haven't been assessed for FIPS compliance.
 
 > [!IMPORTANT]
 > The FIPS-enabled Linux image is a different image than the default Linux image used for Linux-based node pools. To enable FIPS on a node pool, you must create a new Linux-based node pool. You can't enable FIPS on existing node pools.
@@ -588,7 +589,7 @@ To verify your node pool is FIPS-enabled, use [az aks show][az-aks-show] to chec
 az aks show --resource-group myResourceGroup --cluster-name myAKSCluster --query="agentPoolProfiles[].{Name:name enableFips:enableFips}" -o table
 ```
 
-The following example output shows the *fipsnp* node pool is FIPS-enabled and *nodepool1* is not.
+The following example output shows the *fipsnp* node pool is FIPS-enabled and *nodepool1* isn't.
 
 ```output
 Name       enableFips
@@ -702,7 +703,7 @@ Edit these values as need to update, add, or delete node pools as needed:
 }
 ```
 
-Deploy this template using the [az deployment group create][az-deployment-group-create] command, as shown in the following example. You are prompted for the existing AKS cluster name and location:
+Deploy this template using the [az deployment group create][az-deployment-group-create] command, as shown in the following example. You're prompted for the existing AKS cluster name and location:
 
 ```azurecli-interactive
 az deployment group create \
@@ -733,7 +734,7 @@ It may take a few minutes to update your AKS cluster depending on the node pool
 
 ## Assign a public IP per node for your node pools
 
-AKS nodes do not require their own public IP addresses for communication. However, scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. This scenario can be achieved on AKS by using Node Public IP.
+AKS nodes don't require their own public IP addresses for communication. However, scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. This scenario can be achieved on AKS by using Node Public IP.
 
 First, create a new resource group.
 
@@ -877,3 +878,4 @@ Use [proximity placement groups][reduce-latency-ppg] to reduce latency for your
 [use-tags]: use-tags.md
 [use-labels]: use-labels.md
 [cordon-and-drain]: resize-node-pool.md#cordon-the-existing-nodes
+[internal-lb-different-subnet]: internal-lb.md#specify-a-different-subnet

articles/app-service/includes/quickstart-python/create-app-cli.md

@@ -4,6 +4,66 @@ ms.author: charris
 ms.topic: include
 ms.date: 04/01/2022
 ---
-Azure CLI has a command `az webapp up` that will create the necessary resources and deploy your application in a single step. You don't need to create the resources separately so you can move on to [**Step 3 - Deploy your application code to Azure**](#3---deploy-your-application-code-to-azure) and select the _Deploy using Azure CLI_ tab.
+Azure CLI commands can be run in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with the [Azure CLI installed](/cli/azure/install-azure-cli).
+
+Azure CLI has a command `az webapp up` that will create the necessary resources and deploy your application in a single step.
+
+#### [bash](#tab/terminal-bash)
+
+Create the webapp and other resources, then deploy your code to Azure using [az webapp up](/cli/azure/webapp#az-webapp-up).
+
+```azurecli
+az webapp up \
+    --runtime 'PYTHON:3.9' \
+    --sku B1 \
+    --logs
+```
+
+#### [PowerShell terminal](#tab/terminal-powershell)
+
+Create the webapp and other resources, then deploy your code to Azure using [az webapp up](/cli/azure/webapp#az-webapp-up).
+
+```azurecli
+az webapp up `
+    --runtime 'PYTHON:3.9' `
+    --sku B1 `
+    --logs
+```
 
 ---
+
+* The `--runtime` parameter specifies what version of Python your app is running. This example uses Python 3.9. To list all available runtimes, use the command `az webapp list-runtimes --os linux --output table`.
+* The `--sku` parameter defines the size (CPU, memory) and cost of the app service plan. This example uses the B1 (Basic) service plan, which will incur a small cost in your Azure subscription. For a full list of App Service plans, view the [App Service pricing](https://azure.microsoft.com/pricing/details/app-service/linux/) page.
+* The `--logs` flag configures default logging required to enable viewing the log stream immediately after launching the webapp.
+* You can optionally specify a name with the argument `--name <app-name>`. If you don't provide one, then a name will be automatically generated.
+* You can optionally include the argument `--location <location-name>` where `<location_name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [`az account list-locations`](/cli/azure/appservice#az-appservice-list-locations) command.
+
+The command may take a few minutes to complete. While the command is running, it provides messages about creating the resource group, the App Service plan, and the app resource, configuring logging, and doing ZIP deployment. It then gives the message, "You can launch the app at http://&lt;app-name&gt;.azurewebsites.net", which is the app's URL on Azure.
+
+<pre>
+The webapp '&lt;app-name>' doesn't exist
+Creating Resource group '&lt;group-name>' ...
+Resource group creation complete
+Creating AppServicePlan '&lt;app-service-plan-name>' ...
+Creating webapp '&lt;app-name>' ...
+Configuring default logging for the app, if not already enabled
+Creating zip with contents of dir /home/cephas/myExpressApp ...
+Getting scm site credentials for zip deployment
+Starting zip deployment. This operation can take a while to complete ...
+Deployment endpoint responded with status code 202
+You can launch the app at http://&lt;app-name>.azurewebsites.net
+{
+  "URL": "http://&lt;app-name>.azurewebsites.net",
+  "appserviceplan": "&lt;app-service-plan-name>",
+  "location": "centralus",
+  "name": "&lt;app-name>",
+  "os": "&lt;os-type>",
+  "resourcegroup": "&lt;group-name>",
+  "runtime_version": "python|3.9",
+  "runtime_version_detected": "0.0",
+  "sku": "FREE",
+  "src_path": "&lt;your-folder-location>"
+}
+</pre>
+
+[!INCLUDE [az webapp up command note](../../../../includes/app-service-web-az-webapp-up-note.md)]

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-2.md

@@ -2,10 +2,9 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
 In the Azure Tools extension for VS Code:
 
 1. Locate the **App Service** section in the Azure Tools extension.
-1. Right-click the Azure subscription you want to create your web app in.
-1. Select **Create New Web App...** from the context menu.
+1. Click the **Deploy to web app...** button.

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-3.md

@@ -2,8 +2,6 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
-In the dialog box at the top of the screen, enter the name *msdocs-python-webapp-quickstart-XYZ* for this web app, where *XYZ* is any three unique characters.<br>
-<br>
-When deployed, this name is used in the DNS name of the app in the form `https://<app-name>.azurewebsites.net`.
+Select **msdocs-python-flask-webapp-quickstart** as the folder to deploy.

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-4.md

@@ -2,6 +2,6 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
-Select the runtime stack for the application. In this example, select **Python 3.9**.
+Choose the **Create new Web App...** option.

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-5.md

@@ -2,8 +2,8 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
-Select the App Service plan (pricing tier) for this web app. The App Service plan controls how many resources (CPU/memory) are available to your app and how much you pay.<br>
+Enter the name *msdocs-python-webapp-quickstart-XYZ* for this web app, where *XYZ* is any three unique characters.<br>
 <br>
-For this example, select the **Basic (B1)** pricing tier. This plan will incur a small charge against your Azure subscription but is recommended for better performance over the Free (F1) tier.
+When deployed, this name is used as your app name in the form `https://<app-name>.azurewebsites.net`.

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-6.md

@@ -0,0 +1,7 @@
+---
+author: DavidCBerry13
+ms.author: daberry
+ms.topic: include
+ms.date: 04/30/2022
+---
+Select the runtime stack for the application. In this example, select **Python 3.9**.

articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-7.md

@@ -0,0 +1,9 @@
+---
+author: DavidCBerry13
+ms.author: daberry
+ms.topic: include
+ms.date: 04/30/2022
+---
+Select the App Service plan (pricing tier) for this web app. The App Service plan controls how many resources (CPU/memory) are available to your app and how much you pay.<br>
+<br>
+For this example, select the **Basic (B1)** pricing tier. This plan will incur a small charge against your Azure subscription but is recommended for better performance over the Free (F1) tier.

articles/app-service/includes/quickstart-python/deploy-visual-studio-code-4.md renamed to articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-8.md

@@ -2,6 +2,6 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
 Answer **Yes** to update your build configuration and improve deployment performance.

articles/app-service/includes/quickstart-python/deploy-visual-studio-code-5.md renamed to articles/app-service/includes/quickstart-python/create-app-service-visual-studio-code-9.md

@@ -2,6 +2,6 @@
 author: DavidCBerry13
 ms.author: daberry
 ms.topic: include
-ms.date: 01/29/2022
+ms.date: 04/30/2022
 ---
-When the deployment is complete, a dialog box will appear in the lower right corner of the screen.  You can use this dialog to browse to your web app.
+When the deployment is complete, a dialog box will appear in the lower right corner of the screen. You can use this dialog to browse to your web app.