Merge pull request #120613 from konichi3/patch-7

Jak-MS · web-flow · commit 951d4a2d4c9e · 2024-03-12T09:22:44.000-06:00
Updates for Feb release for AIO CLI
diff --git a/articles/iot-operations/connect-to-cloud/tutorial-connect-event-grid.md b/articles/iot-operations/connect-to-cloud/tutorial-connect-event-grid.md
@@ -347,6 +347,9 @@ You can also check the Event Grid metrics to verify the messages are delivered t
 
 :::image type="content" source="media/tutorial-connect-event-grid/event-grid-metrics.png" alt-text="Screenshot of the metrics view in Azure portal to show successful MQTT messages.":::
 
+> [!TIP]
+> You can check the configurations of topic maps, QoS, and message routes with the [CLI extension](/cli/azure/iot/ops#az-iot-ops-check-examples) `az iot ops check --detail-level 2`.
+
 ## Next steps
 
 In this tutorial, you learned how to configure IoT MQ for bi-directional MQTT bridge with Azure Event Grid MQTT broker. As next steps, explore the following scenarios:
diff --git a/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md b/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md
@@ -55,63 +55,7 @@ A cluster host:
 
 ## Deploy extensions
 
-#### [Azure portal](#tab/portal)
-
-Use the Azure portal to deploy Azure IoT Operations components to your Arc-enabled Kubernetes cluster.
-
-1. In the Azure portal search bar, search for and select **Azure Arc**.
-
-1. Select **Azure IoT Operations (preview)** from the **Application Services** section of the Azure Arc menu.
-
-1. Select **Create**.
-
-1. On the **Basic** tab of the **Install Azure IoT Operations Arc Extension** page, provide the following information:
-
-   | Field | Value |
-   | ----- | ----- |
-   | **Subscription** | Select the subscription that contains your Arc-enabled Kubernetes cluster. |
-   | **Resource group** | Select the resource group that contains your Arc-enabled Kubernetes cluster. |
-   | **Cluster name** | Select your cluster. When you do, the **Custom location** and **Deployment details** sections autofill. |
-
-1. Select **Next: Configuration**.
-
-1. On the **Configuration** tab, provide the following information:
-
-   | Field | Value |
-   | ----- | ----- |
-   | **Deploy a simulated PLC** | Switch this toggle to **Yes**. The simulated PLC creates demo telemetry data that you use in the following quickstarts. |
-   | **Mode** | Set the MQ configuration mode to **Auto**. |
-
-1. Select **Next: Automation**.
-
-1. On the **Automation** tab, provide the following information:
-
-   | Field | Value |
-   | ----- | ----- |
-   | **Subscription** | Select the subscription that contains your Arc-enabled Kubernetes cluster. |
-   | **Azure Key vault** | Choose an existing key vault from the drop-down list or create a new one by selecting **Create new**. |
-
-1. Once you select a key vault, the **Automation** tab uses all the information you've selected so far to populate an Azure CLI command that configures your cluster and deploys Azure IoT Operations. Copy the CLI command.
-
-   :::image type="content" source="../get-started/media/quickstart-deploy/install-extension-automation.png" alt-text="Screenshot of copying the CLI command from the automation tab for installing the Azure IoT Operations Arc extension in the Azure portal.":::
-
-1. Sign in to Azure CLI on your development machine. To prevent potential permission issues later, sign in interactively with a browser here even if you've already logged in before.
-
-   ```azurecli
-   az login
-   ```
-
-   > [!NOTE]
-   > If you're using GitHub Codespaces in a browser, `az login` returns a localhost error in the browser window after logging in. To fix, either:
-   >
-   > * Open the codespace in VS Code desktop, and then run `az login` again in the browser terminal.
-   > * After you get the localhost error on the browser, copy the URL from the browser and run `curl "<URL>"` in a new terminal tab. You should see a JSON response with the message "You have logged into Microsoft Azure!."
-
-1. Run the copied [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init) command on your development machine.
-
-   Wait for the command to complete.
-
-#### [Azure CLI](#tab/cli)
+### Azure CLI
 
 Use the Azure CLI to deploy Azure IoT Operations components to your Arc-enabled Kubernetes cluster.
 
@@ -144,101 +88,12 @@ az iot ops init --cluster <CLUSTER_NAME> -g <RESOURCE_GROUP> --kv-id $(az keyvau
 
 If you don't have **Microsoft.Authorization/roleAssignment/write** permissions in your Azure subscription, include the `--disable-rsync-rules` feature flag.
 
-Use optional flags to customize the `az iot ops init` command. To learn more, see [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init).
-
-#### [GitHub Actions](#tab/github)
-
-Use GitHub Actions to deploy Azure IoT Operations components to your Arc-enabled Kubernetes cluster.
-
-Before you begin deploying, use the [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init) command to configure your cluster with a secrets store and a service principal so that it can connect securely to cloud resources.
-
-1. Sign in to Azure CLI on your development machine. To prevent potential permission issues later, sign in interactively with a browser here even if you already logged in before.
-
-   ```azurecli
-   az login
-   ```
+If you encounter an issue with the KeyVault access policy and the Service Principal (SP) permissions, [pass service principal and KeyVault arguments](howto-manage-secrets.md#pass-service-principal-and-key-vault-arguments-to-azure-iot-operations-deployment).
 
-1. Run the `az iot ops init` command to do the following:
-
-   * Create a key vault in your resource group.
-   * Set up a service principal to give your cluster access to the key vault.
-   * Configure TLS certificates.
-   * Configure a secrets store on your cluster that connects to the key vault.
-
-   ```azurecli-interactive
-   az iot ops init --cluster <CLUSTER_NAME> -g <RESOURCE_GROUP> --kv-id $(az keyvault create -n <NEW_KEYVAULT_NAME> -g <RESOURCE_GROUP> -o tsv --query id) --no-deploy
-   ```
-
-   >[!TIP]
-   >If you get an error that says *Your device is required to be managed to access your resource*, go back to the previous step and make sure that you signed in interactively.
-
-Now, you can deploy Azure IoT Operations to your cluster.
-
-1. On GitHub, fork the [azure-iot-operations repo](https://github.com/azure/azure-iot-operations).
-
-   >[!IMPORTANT]
-   >You're going to be adding secrets to the repo to run the deployment steps. It's important that you fork the repo and do all of the following steps in your own fork.
-
-1. Review the [azure-iot-operations.json](https://github.com/Azure/azure-iot-operations/blob/main/release/azure-iot-operations.json) file in the repo. This template defines the Azure IoT Operations deployment.
-
-1. Create a service principal for the repository to use when deploying to your cluster. Use the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command.
-
-   ```azurecli
-   az ad sp create-for-rbac --name <NEW_SERVICE_PRINCIPAL_NAME> \
-                            --role owner \
-                            --scopes /subscriptions/<YOUR_SUBSCRIPTION_ID>
-                            --json-auth
-   ```
-
-1. Copy the JSON output from the service principal creation command.
-
-1. On GitHub, navigate to your fork of the azure-iot-operations repo.
-
-1. Select **Settings** > **Secrets and variables** > **Actions**.
-
-1. Create a repository secret named `AZURE_CREDENTIALS` and paste the service principal JSON as the secret value.
-
-1. Create a parameter file in your forked repo to specify the environment configuration for your Azure IoT Operations deployment. For example, `envrionments/parameters.json`.
-
-1. Paste the following snippet into the parameters file, replacing the `clusterName` placeholder value with your own information:
-
-   ```json
-   {
-     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-     "contentVersion": "1.0.0.0",
-     "parameters": {
-       "clusterName": {
-         "value": "<CLUSTER_NAME>"
-       }
-     }
-   }
-   ```
-
-1. Add any of the following optional parameters as needed for your deployment:
-
-   | Parameter | Type | Description |
-   | --------- | ---- | ----------- |
-   | `clusterLocation` | string | Specify the cluster's location if it's different than the resource group's location. Otherwise, this parameter defaults to the resource group's location. |
-   | `location` | string | If the resource group's location isn't supported for Azure IoT Operations deployments, use this parameter to override the default and set the location for the Azure IoT Operations resources. |
-   | `simulatePLC` | Boolean | Set to `true` if you want to include a simulated component to generate test data. |
-   | `dataProcessorSecrets` | object | Pass a secret to an Azure IoT Data Processor resource. |
-   | `mqSecrets` | object | Pass a secret to an Azure IoT MQ resource. |
-   | `opcUaBrokerSecrets` | object | Pass a secret to an Azure OPC UA Broker resource. |
-   | `deployResourceSyncRules` | Set to `false` if you don't have **Microsoft.Authorization/roleAssignment/write** permissions in your Azure subscription. |
-
-1. Save your changes to the parameters file.
-
-1. On the GitHub repo, select **Actions** and confirm **I understand my workflows, go ahead and enable them.**
-
-1. Run the **GitOps Deployment of Azure IoT Operations** action and provide the following information:
-
-   | Parameter | Value |
-   | --------- | ----- |
-   | **Subscription** | Your Azure subscription ID. |
-   | **Resource group** | The name of the resource group that contains your Arc-enabled cluster. |
-   | **Environment parameters file** | The path to the parameters file that you created. |
+Use optional flags to customize the `az iot ops init` command. To learn more, see [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init).
 
----
+> [!TIP]
+> You can check the configurations of topic maps, QoS, message routes with the [CLI extension](/cli/azure/iot/ops#az-iot-ops-check-examples) `az iot ops check --detail-level 2`.
 
 ### Configure cluster network (AKS EE)
 
@@ -286,6 +141,9 @@ To view your cluster on the Azure portal, use the following steps:
 
    There's also an extension called **akvsecretsprovider**. This extension is the secrets provider that you configured and installed on your cluster with the `az iot ops init` command. You might delete and reinstall the Azure IoT Operations components during testing, but keep the secrets provider extension on your cluster.
 
+> [!TIP]
+> You can run `az iot ops check` to assess health and configurations of deployed AIO workloads. By default, MQ including cloud connectors are assessed and you can [specifiy the service](/cli/azure/iot/ops#az-iot-ops-check-examples) with `--ops-service --svc`.
+
 ## Update a deployment
 
 Currently, there is no support for updating an existing Azure IoT Operations deployment. Instead, start with a clean cluster for a new deployment.
