MicrosoftDocs
diff --git a/‎articles/api-management/redirect-content-urls-policy.md
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/redirect-content-urls-policy.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-arc/kubernetes/extensions-release.md
Lines changed: 7 additions & 1 deletion b/‎articles/azure-arc/kubernetes/extensions-release.md
Lines changed: 7 additions & 1 deletion
diff --git a/‎articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md
Lines changed: 26 additions & 17 deletions b/‎articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md
Lines changed: 26 additions & 17 deletions
diff --git a/‎articles/azure-cache-for-redis/cache-redis-modules.md
Lines changed: 9 additions & 5 deletions b/‎articles/azure-cache-for-redis/cache-redis-modules.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎articles/azure-resource-manager/management/move-limitations/networking-move-limitations.md
Lines changed: 4 additions & 1 deletion b/‎articles/azure-resource-manager/management/move-limitations/networking-move-limitations.md
Lines changed: 4 additions & 1 deletion
@@ -11,7 +11,7 @@ ms.author: danlep
 ---
 
 # Mask URLs in content
-The `redirect-content-urls` policy rewrites (masks) links in the response body so that they point to the equivalent link via the gateway. Use in the outbound section to rewrite response body links to make them point to the gateway. Use in the inbound section for an opposite effect.
+The `redirect-content-urls` policy rewrites (masks) links in the response body so that they point to the equivalent link via the gateway. Use in the outbound section to rewrite response body links to the backend service to make them point to the gateway. Use in the inbound section for an opposite effect.
 
 > [!NOTE]
 >  This policy does not change any header values such as `Location` headers. To change header values, use the [set-header](set-header-policy.md) policy.
@@ -40,4 +40,4 @@ The `redirect-content-urls` policy rewrites (masks) links in the response body s
 
 * [API Management transformation policies](api-management-transformation-policies.md)
 
-[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]
+[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]
@@ -1,6 +1,6 @@
 ---
 title: "Available extensions for Azure Arc-enabled Kubernetes clusters"
-ms.date: 02/21/2023
+ms.date: 03/02/2023
 ms.topic: how-to
 description: "See which extensions are currently available for Azure Arc-enabled Kubernetes clusters and view release notes."
 ---
@@ -118,6 +118,12 @@ For more information, see [Tutorial: Deploy applications using GitOps with Flux
 
 The currently supported versions of the `microsoft.flux` extension are described below. The most recent version of the Flux v2 extension and the two previous versions (N-2) are supported. We generally recommend that you use the most recent version of the extension.
 
+### 1.6.4 (February 2023)
+
+Changes made for this version:
+
+- Disabled extension reconciler (which attempts to restore the Flux extension if it fails). This resolves a potential bug where, if the reconciler is unable to recover a failed Flux extension and `prune` is set to `true`, the extension and deployed objects may be deleted.
+
 ### 1.6.3 (December 2022)
 
 Flux version: [Release v0.37.0](https://github.com/fluxcd/flux2/releases/tag/v0.37.0)
 
@@ -2,7 +2,7 @@
 title: Use Azure Key Vault Secrets Provider extension to fetch secrets into Azure Arc-enabled Kubernetes clusters
 description: Learn how to set up the Azure Key Vault Provider for Secrets Store CSI Driver interface as an extension on Azure Arc enabled Kubernetes cluster
 ms.custom: ignite-2022
-ms.date: 10/12/2022
+ms.date: 03/06/2023
 ms.topic: tutorial
 author: mayurigupta13
 ms.author: mayg
@@ -12,7 +12,7 @@ ms.author: mayg
 
 The Azure Key Vault Provider for Secrets Store CSI Driver allows for the integration of Azure Key Vault as a secrets store with a Kubernetes cluster via a [CSI volume](https://kubernetes-csi.github.io/docs/). For Azure Arc-enabled Kubernetes clusters, you can install the Azure Key Vault Secrets Provider extension to fetch secrets.
 
-Benefits of the Azure Key Vault Secrets Provider extension include the following:
+Capabilities of the Azure Key Vault Secrets Provider extension include:
 
 - Mounts secrets/keys/certs to pod using a CSI Inline volume
 - Supports pod portability with the SecretProviderClass CRD
@@ -33,7 +33,7 @@ Benefits of the Azure Key Vault Secrets Provider extension include the following
   - Elastic Kubernetes Service
   - Tanzu Kubernetes Grid
   - Azure Red Hat OpenShift
-- Ensure you have met the [general prerequisites for cluster extensions](extensions.md#prerequisites). You must use version 0.4.0 or newer of the `k8s-extension` Azure CLI extension.
+- Ensure you've met the [general prerequisites for cluster extensions](extensions.md#prerequisites). You must use version 0.4.0 or newer of the `k8s-extension` Azure CLI extension.
 
 > [!TIP]
 > When using this extension with [AKS hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) you must set `--cluster-type` to use `provisionedClusters` and also add `--cluster-resource-provider microsoft.hybridcontainerservice` to the command. Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
@@ -56,7 +56,7 @@ You can install the Azure Key Vault Secrets Provider extension on your connected
 
    [![Screenshot of the Azure Key Vault Secrets Provider extension in the Azure portal.](media/tutorial-akv-secrets-provider/extension-install-new-resource.jpg)](media/tutorial-akv-secrets-provider/extension-install-new-resource.jpg)
 
-1. Follow the prompts to deploy the extension. If needed, you can customize the installation by changing the default options on the **Configuration** tab.
+1. Follow the prompts to deploy the extension. If needed, customize the installation by changing the default options on the **Configuration** tab.
 
 ### Azure CLI
 
@@ -67,13 +67,13 @@ You can install the Azure Key Vault Secrets Provider extension on your connected
    export RESOURCE_GROUP=<resource-group-name>
    ```
 
-2. Install the Secrets Store CSI Driver and the Azure Key Vault Secrets Provider extension by running the following command: 
+2. Install the Secrets Store CSI Driver and the Azure Key Vault Secrets Provider extension by running the following command:
 
    ```azurecli-interactive
    az k8s-extension create --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --extension-type Microsoft.AzureKeyVaultSecretsProvider --name akvsecretsprovider
    ```
 
-You should see output similar to the example below. Note that it may take several minutes before the secrets provider Helm chart is deployed to the cluster.
+You should see output similar to this example. Note that it may take several minutes before the secrets provider Helm chart is deployed to the cluster.
 
 ```json
 {
@@ -204,7 +204,7 @@ To confirm successful installation of the Azure Key Vault Secrets Provider exten
 az k8s-extension show --cluster-type connectedClusters --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --name akvsecretsprovider
 ```
 
-You should see output similar to the example below.
+You should see output similar to this example.
 
 ```json
 {
@@ -251,14 +251,14 @@ You should see output similar to the example below.
 
 Next, specify the Azure Key Vault to use with your connected cluster. If you don't already have one, create a new Key Vault by using the following commands. Keep in mind that the name of your Key Vault must be globally unique.
 
-
 Set the following environment variables:
 
 ```azurecli-interactive
 export AKV_RESOURCE_GROUP=<resource-group-name>
 export AZUREKEYVAULT_NAME=<AKV-name>
 export AZUREKEYVAULT_LOCATION=<AKV-location>
 ```
+
 Next, run the following command
 
 ```azurecli
@@ -280,11 +280,11 @@ Before you move on to the next section, take note of the following properties:
 
 ## Provide identity to access Azure Key Vault
 
-Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed through a service principal. Follow the steps below to provide an identity that can access your Key Vault.
+Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed through a service principal. Follow these steps to provide an identity that can access your Key Vault.
 
-1. Follow the steps [here](../../active-directory/develop/howto-create-service-principal-portal.md#register-an-application-with-azure-ad-and-create-a-service-principal) to create a service principal in Azure. Take note of the Client ID and Client Secret generated in this step.
-1. Provide Azure Key Vault GET permission to the created service principal by following the steps [here](../../key-vault/general/assign-access-policy.md).
-1. Use the client ID and Client Secret from step 1 to create a Kubernetes secret on the Arc connected cluster:
+1. Follow the steps [to create a service principal in Azure](../../active-directory/develop/howto-create-service-principal-portal.md#register-an-application-with-azure-ad-and-create-a-service-principal). Take note of the Client ID and Client Secret generated in this step.
+1. Provide Azure Key Vault GET permission to the created service principal by [following these steps](../../key-vault/general/assign-access-policy.md).
+1. Use the client ID and Client Secret from the first step to create a Kubernetes secret on the connected cluster:
 
    ```bash
    kubectl create secret generic secrets-store-creds --from-literal clientid="<client-id>" --from-literal clientsecret="<client-secret>"
@@ -374,12 +374,14 @@ kubectl exec busybox-secrets-store-inline -- cat /mnt/secrets-store/DemoSecret
 
 ## Additional configuration options
 
-The following configuration settings are available for the Azure Key Vault Secrets Provider extension:
+The Azure Key Vault Secrets Provider extension supports [Helm chart configurations](https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/charts/csi-secrets-store-provider-azure/README.md#configuration).
+
+The following configuration settings are frequently used with the Azure Key Vault Secrets Provider extension:
 
 | Configuration Setting | Default | Description |
 | --------- | ----------- | ----------- |
 | enableSecretRotation | false | Boolean type. If `true`, periodically updates the pod mount and Kubernetes Secret with the latest content from external secrets store |
-| rotationPollInterval | 2m | Specifies the secret rotation poll interval duration if `enableSecretRotation` is `true`. This duration can be adjusted based on how frequently the mounted contents for all pods and Kubernetes secrets need to be resynced to the latest. |
+| rotationPollInterval | 2m | If `enableSecretRotation` is `true`, specifies the secret rotation poll interval duration. This duration can be adjusted based on how frequently the mounted contents for all pods and Kubernetes secrets need to be resynced to the latest. |
 | syncSecret.enabled | false | Boolean input. In some cases, you may want to create a Kubernetes Secret to mirror the mounted content. If `true`, `SecretProviderClass` allows the `secretObjects` field to define the desired state of the synced Kubernetes Secret objects. |
 
 These settings can be specified when the extension is installed by using the `az k8s-extension create` command:
@@ -388,12 +390,19 @@ These settings can be specified when the extension is installed by using the `az
 az k8s-extension create --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --extension-type Microsoft.AzureKeyVaultSecretsProvider --name akvsecretsprovider --configuration-settings secrets-store-csi-driver.enableSecretRotation=true secrets-store-csi-driver.rotationPollInterval=3m secrets-store-csi-driver.syncSecret.enabled=true
 ```
 
-You can also change the settings after installation by using the `az k8s-extension update` command:
+You can also change these settings after installation by using the `az k8s-extension update` command:
 
 ```azurecli-interactive
 az k8s-extension update --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --name akvsecretsprovider --configuration-settings secrets-store-csi-driver.enableSecretRotation=true secrets-store-csi-driver.rotationPollInterval=3m secrets-store-csi-driver.syncSecret.enabled=true
 ```
 
+You can use other configuration settings as needed for your deployment. For example, to change the kubelet root directory while creating a cluster, modify the az k8s-extension create command:
+
+```azurecli-interactive
+az k8s-extension create --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --extension-type Microsoft.AzureKeyVaultSecretsProvider --name akvsecretsprovider --configuration-settings linux.kubeletRootDir=/path/to/kubelet secrets-store-csi-driver.enable secrets-store-csi-driver.linux.kubeletRootDir=/path/to/kubelet
+```
+
+
 ## Uninstall the Azure Key Vault Secrets Provider extension
 
 To uninstall the extension, run the following command:
@@ -411,11 +420,11 @@ To confirm that the extension instance has been deleted, run the following comma
 az k8s-extension list --cluster-type connectedClusters --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP
 ```
 
-If the extension was successfully removed, you won't see the the Azure Key Vault Secrets Provider extension listed in the output. If you don't have any other extensions installed on your cluster, you'll see an empty array.
+If the extension was successfully removed, you won't see the Azure Key Vault Secrets Provider extension listed in the output. If you don't have any other extensions installed on your cluster, you'll see an empty array.
 
 ## Reconciliation and troubleshooting
 
-The Azure Key Vault Secrets Provider extension is self-healing. If somebody tries to change or delete an extension component that was deployed when the extension was installed, that component will be reconciled to its original state. The only exceptions are for Custom Resource Definitions (CRDs). If CRDs are deleted, they won't be reconciled. To restore deleted CRDs, use the `az k8s-exstension create` command again with the existing extension instance name.
+The Azure Key Vault Secrets Provider extension is self-healing. If somebody tries to change or delete an extension component that was deployed when the extension was installed, that component will be reconciled to its original state. The only exceptions are for Custom Resource Definitions (CRDs). If CRDs are deleted, they won't be reconciled. To restore deleted CRDs, use the `az k8s-extension create` command again with the existing extension instance name.
 
 For more information about resolving common issues, see the open source troubleshooting guides for [Azure Key Vault provider for Secrets Store CSI driver](https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/troubleshooting/) and [Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/troubleshooting.html).
 
 
@@ -6,7 +6,7 @@ author: flang-msft
 ms.author: franlanglois
 ms.service: cache
 ms.topic: conceptual
-ms.date: 07/26/2022
+ms.date: 03/02/2023
 ms.custom: template-concept
 
 ---
@@ -29,11 +29,15 @@ Some popular modules are available for use in the Enterprise tier of Azure Cache
 |RedisTimeSeries |   No    |    Yes   |   No    |
 |RedisJSON  |     No    |  Yes    |   Yes      |
 
-Currently, `RediSearch` is the only module that can be used concurrently with active geo-replication.
 
 > [!NOTE]
 > Currently, you can't manually load any modules into Azure Cache for Redis. Manually updating modules version is also not possible.
->
+
+
+## Using modules with active geo-replication
+Only the `RediSearch` and `RedisJSON` modules can be used concurrently with [active geo-replication](cache-how-to-active-geo-replication.md). 
+
+Using these modules, you can implement searches across groups of caches that are synchronized in an active-active configuration. Also, you can search JSON structures in your active-active configuration.
 
 ## Client library support
 
@@ -90,9 +94,9 @@ RedisBloom adds four probabilistic data structures to a Redis server: **bloom fi
 
 | **Data structure**   |  **Description**      |  **Example application**|
 | ---------------------|------------------------|-------------------------|
-| **Bloom and Cuckoo filters** | Tells you if an item is either (a) certainly not in a set or (b) potentially in a set.    |   Checking if an email has already been sent to a user|
+| **Bloom and Cuckoo filters** | Tells you if an item is either (a) definitely not in a set or (b) potentially in a set.    |   Checking if an email has already been sent to a user|
 |**Count-min sketch** | Determines the frequency of events in a stream | Counting how many times an IoT device reported a temperature under 0 degrees Celsius.  |
-|**Top-k**   | Finds the `k` most frequently seen items |  Determine the most frequent words used in War and Peace. (for example, setting k = 50 will return the 50 most common words in the book) |
+|**Top-k**   | Finds the `k` most frequently seen items |  Determine the most frequent words used in War and Peace. (for example, setting k = 50 returns the 50 most common words in the book) |
 
 **Bloom and Cuckoo** filters are similar to each other, but each has a unique set of advantages and disadvantages that are beyond the scope of
 this documentation.
 
@@ -18,7 +18,10 @@ If you want to move networking resources to a new region, see [Tutorial: Move Az
 > [!NOTE]
 > Any resource, including a VPN Gateway, that is associated with a public IP Standard SKU address can't be moved across subscriptions. For virtual machines, you can [disassociate the public IP address](../../../virtual-network/ip-services/remove-public-ip-address-vm.md) before moving across subscriptions.
 
-When moving a resource, you must also move its dependent resources (for example - public IP addresses, virtual network gateways, all associated connection resources). Local network gateways can be in a different resource group.
+When moving a resource, you must also move its dependent resources (for example - public IP addresses, virtual network gateways, all associated connection resources). The virtual network assigned to the AKS instance can also be moved, and local network gateways can be in a different resource group.
+
+> [!WARNING]
+> Please refrain from moving the virtual network for an AKS cluster. The AKS cluster will stop working if its virtual network is moved.
 
 To move a virtual machine with a network interface card to a new subscription, you must move all dependent resources. Move the virtual network for the network interface card, all other network interface cards for the virtual network, and the VPN gateways.