fixes

bwren · bwren · commit 9821d490b462 · 2024-08-08T14:02:57.000-07:00
diff --git a/.openpublishing.redirection.azure-monitor.json b/.openpublishing.redirection.azure-monitor.json
@@ -6864,6 +6864,16 @@
       "source_path_from_root": "/articles/azure-monitor/containers/prometheus-authorization-proxy.md",
       "redirect_url": "/previous-versions/azure/azure-monitor/containers/prometheus-authorization-proxy",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/containers/container-insights-private-link.md",
+      "redirect_url": "/previous-versions/azure/azure-monitor/containers/kubernetes-monitoring-private-link",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-monitor/essentials/private-link-data-ingestion.md",
+      "redirect_url": "/previous-versions/azure/azure-monitor/containers/kubernetes-monitoring-private-link",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/articles/azure-monitor/containers/kubernetes-monitoring-enable.md b/articles/azure-monitor/containers/kubernetes-monitoring-enable.md
@@ -80,7 +80,7 @@ Use one of the following methods to enable scraping of Prometheus metrics from y
 > If you have a single Azure Monitor Resource that is private-linked, then Prometheus enablement won't work if the AKS cluster and Azure Monitor Workspace are in different regions.
 > The configuration needed for the Prometheus add-on isn't available cross region because of the private link constraint.
 > To resolve this, create a new DCE in the AKS cluster location and a new DCRA (association) in the same AKS cluster region. Associate the new DCE with the AKS cluster and name the new association (DCRA) as configurationAccessEndpoint.
-> For full instructions on how to configure the DCEs associated with your Azure Monitor workspace to use a Private Link for data ingestion, see [Use a private link for Managed Prometheus data ingestion](../essentials/private-link-data-ingestion.md).
+> For full instructions on how to configure the DCEs associated with your Azure Monitor workspace to use a Private Link for data ingestion, see [Enable private link for Kubernetes monitoring in Azure Monitor](./kubernetes-monitoring-private-link.md).
 
 ### [CLI](#tab/cli)
 
diff --git a/articles/azure-monitor/containers/kubernetes-monitoring-private-link.md b/articles/azure-monitor/containers/kubernetes-monitoring-private-link.md
@@ -127,7 +127,7 @@ Use the following procedures to enable network isolation by connecting your clus
 4. Enable monitoring for the AKS cluster.
 
     ```cli
-    az aks enable-addons -a monitoring --resource-group <AKSClusterResourceGorup> --name <AKSClusterName> --workspace-resource-id <workspace-resource-id>
+    az aks enable-addons -a monitoring --resource-group <AKSClusterResourceGorup> --name <AKSClusterName> --workspace-resource-id <workspace-resource-id> --enable-msi-auth-for-monitoring false
     ```
 
 
diff --git a/articles/azure-monitor/includes/waf-containers-security.md b/articles/azure-monitor/includes/waf-containers-security.md
@@ -21,7 +21,7 @@ ms.date: 03/30/2023
 | Recommendation | Benefit |
 |:---|:---|
 | Use managed identity authentication for your cluster to connect to Container insights. | [Managed identity authentication](../containers/container-insights-authentication.md) is the default for new clusters. If you're using legacy authentication, you should [migrate to managed identity](../containers/container-insights-authentication.md) to remove the certificate-based local authentication. |
-| Consider using Azure private link for your cluster to connect to your Azure Monitor workspace using a private endpoint.| Azure managed service for Prometheus stores its data in an Azure Monitor workspace which uses a public endpoint by default. Connections to public endpoints are secured with end-to-end encryption. If you require a private endpoint, you can use [Azure private link](../logs/private-link-security.md) to allow your cluster to connect to the workspace through authorized private networks. Private link can also be used to force workspace data ingestion through ExpressRoute or a VPN.<br><br>See [Private Link for data ingestion for Managed Prometheus and Azure Monitor workspace](../essentials/private-link-data-ingestion.md) for details on configuring your cluster for private link. See [Use private endpoints for Managed Prometheus and Azure Monitor workspace](../essentials/azure-monitor-workspace-private-endpoint.md) for details on querying your data using private link. |
+| Consider using Azure private link for your cluster to connect to your Azure Monitor workspace using a private endpoint.| Azure managed service for Prometheus stores its data in an Azure Monitor workspace which uses a public endpoint by default. Connections to public endpoints are secured with end-to-end encryption. If you require a private endpoint, you can use [Azure private link](../logs/private-link-security.md) to allow your cluster to connect to the workspace through authorized private networks. Private link can also be used to force workspace data ingestion through ExpressRoute or a VPN.<br><br>See [Enable private link for Kubernetes monitoring in Azure Monitor](../containers/kubernetes-monitoring-private-link.md) for details on configuring your cluster for private link. See [Use private endpoints for Managed Prometheus and Azure Monitor workspace](../essentials/azure-monitor-workspace-private-endpoint.md) for details on querying your data using private link. |
 | Use traffic analytics to monitor network traffic to and from your cluster. | [Traffic analytics](../../network-watcher/traffic-analytics.md) analyzes Azure Network Watcher NSG flow logs to provide insights into traffic flow in your Azure cloud. Use this tool to ensure there's no data exfiltration for your cluster and to detect if any unnecessary public IPs are exposed. |
 | Enable network observability. | [Network observability add-on for AKS](https://techcommunity.microsoft.com/t5/azure-observability-blog/comprehensive-network-observability-for-aks-through-azure/ba-p/3825852) provides observability across the multiple layers in the Kubernetes networking stack. monitor and observe access between services in the cluster (east-west traffic). |
 | Ensure the security of the Log Analytics workspace supporting Container insights. | Container insights relies on a Log Analytics workspace. See [Best practices for Azure Monitor Logs](../best-practices-logs.md#security) for recommendations to ensure the security of the workspace. |

Original file line number	Diff line number	Diff line change
`@@ -6864,6 +6864,16 @@`
`6864`	`6864`	`"source_path_from_root": "/articles/azure-monitor/containers/prometheus-authorization-proxy.md",`
`6865`	`6865`	`"redirect_url": "/previous-versions/azure/azure-monitor/containers/prometheus-authorization-proxy",`
`6866`	`6866`	`"redirect_document_id": false`
	`6867`	`+ },`
	`6868`	`+ {`
	`6869`	`+ "source_path_from_root": "/articles/azure-monitor/containers/container-insights-private-link.md",`
	`6870`	`+ "redirect_url": "/previous-versions/azure/azure-monitor/containers/kubernetes-monitoring-private-link",`
	`6871`	`+ "redirect_document_id": false`
	`6872`	`+ },`
	`6873`	`+ {`
	`6874`	`+ "source_path_from_root": "/articles/azure-monitor/essentials/private-link-data-ingestion.md",`
	`6875`	`+ "redirect_url": "/previous-versions/azure/azure-monitor/containers/kubernetes-monitoring-private-link",`
	`6876`	`+ "redirect_document_id": false`
`6867`	`6877`	`}`
`6868`	`6878`	`]`
`6869`	`6879`	`}`