Merge pull request #277087 from MicrosoftDocs/main

6/4 11:00 AM IST Publish

Author: PhilKang0704

articles/ai-services/openai/how-to/file-search.md

@@ -80,7 +80,7 @@ client = AzureOpenAI(
 
 assistant = client.beta.assistants.create(
   name="Financial Analyst Assistant",
-  instructions="You are an expert financial analyst. Use you knowledge base to answer questions about audited financial statements.",
+  instructions="You are an expert financial analyst. Use your knowledge base to answer questions about audited financial statements.",
   model="gpt-4-turbo",
   tools=[{"type": "file_search"}],
 )

articles/aks/concepts-clusters-workloads.md

@@ -363,9 +363,7 @@ Two Kubernetes resources, however, let you manage these types of applications: *
 
 Modern application development often aims for stateless applications. For stateful applications, like those that include database components, you can use *StatefulSets*. Like deployments, a StatefulSet creates and manages at least one identical pod. Replicas in a StatefulSet follow a graceful, sequential approach to deployment, scale, upgrade, and termination operations. The naming convention, network names, and storage persist as replicas are rescheduled with a StatefulSet.
 
-You can define the application in YAML format using `kind: StatefulSet`. From there, the StatefulSet Controller handles the deployment and management of the required replicas. Data writes to persistent storage, provided by Azure Managed Disks or Azure Files. With StatefulSets, the underlying persistent storage remains, even when the StatefulSet is deleted.
-
-For more information, see [Kubernetes StatefulSets][kubernetes-statefulsets].
+You can define the application in YAML format using `kind: StatefulSet`. From there, the StatefulSet Controller handles the deployment and management of the required replicas. Data writes to persistent storage, provided by Azure Managed Disks or Azure Files. The underlying persistent storage remains even when the StatefulSet is deleted, unless the `spec.persistentVolumeClaimRetentionPolicy` is set to `Delete`. For more information, see [Kubernetes StatefulSets][kubernetes-statefulsets].
 
 > [!IMPORTANT]
 > Replicas in a StatefulSet are scheduled and run across any available node in an AKS cluster. To ensure at least one pod in your set runs on a node, you should use a DaemonSet instead.

articles/aks/node-autoprovision.md

@@ -4,7 +4,8 @@ description: Learn about Azure Kubernetes Service (AKS) node autoprovisioning (p
 ms.topic: article
 ms.custom: devx-track-azurecli
 ms.date: 01/18/2024
-ms.author: juda
+ms.author: schaffererin
+author: schaffererin
 #Customer intent: As a cluster operator or developer, how to scale my cluster based on workload requirements and right size my nodes automatically
 ---
 
@@ -68,7 +69,7 @@ NAP is based on the Open Source [Karpenter](https://karpenter.sh) project, and t
 - The only network configuration allowed is Cilium + Overlay + Azure
 - You can't enable in a cluster where node pools have cluster autoscaler enabled
 
-### Unsupported features:
+### Unsupported features
 
 - Windows node pools
 - Applying custom configuration to the node kubelet
@@ -84,69 +85,82 @@ NAP is based on the Open Source [Karpenter](https://karpenter.sh) project, and t
 
 ## Enable node autoprovisioning
 
-To enable node autoprovisioning, create a new cluster using the az aks create command and set --node-provisioning-mode to "Auto". You'll also need to use overlay networking and the cilium network policy.  
+### Enable node autoprovisioning on a new cluster
 
 ### [Azure CLI](#tab/azure-cli)
 
-```azurecli-interactive
-az aks create --name karpuktest --resource-group karpuk --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+- Enable node autoprovisioning on a new cluster using the `az aks create` command and set `--node-provisioning-mode` to `Auto`. You also need to set the `--network-plugin` to `azure`, `--network-plugin-mode` to `overlay`, and `--network-dataplane` to `cilium`.
 
-```
+    ```azurecli-interactive
+    az aks create --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+    ```
 
-### [Azure ARM](#tab/azure-arm)
+### [ARM template](#tab/arm)
 
-```azurecli-interactive
-az deployment group create --resource-group napcluster --template-file ./nap.json  
-```
+- Enable node autoprovisioning on a new cluster using the `az deployment group create` command and specify the `--template-file` parameter with the path to the ARM template file.
+
+    ```azurecli-interactive
+    az deployment group create --resource-group $RESOURCE_GROUP_NAME --template-file ./nap.json  
+    ```
 
-```arm
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {},
-  "parameters": {},
-  "resources": [
+    The `nap.json` file should contain the following ARM template:
+
+    ```JSON
     {
-      "type": "Microsoft.ContainerService/managedClusters",
-      "apiVersion": "2023-09-02-preview",
-      "sku": {
-        "name": "Base",
-        "tier": "Standard"
-      },
-      "name": "napcluster",
-      "location": "uksouth",
-      "identity": {
-        "type": "SystemAssigned"
-      },
-      "properties": {
-        "networkProfile": {
-            "networkPlugin": "azure",
-            "networkPluginMode": "overlay",
-            "networkPolicy": "cilium",
-            "networkDataplane":"cilium",
-            "loadBalancerSku": "Standard"
-        },
-        "dnsPrefix": "napcluster",
-        "agentPoolProfiles": [
-          {
-            "name": "agentpool",
-            "count": 3,
-            "vmSize": "standard_d2s_v3",
-            "osType": "Linux",
-            "mode": "System"
+      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+      "contentVersion": "1.0.0.0",
+      "metadata": {},
+      "parameters": {},
+      "resources": [
+        {
+          "type": "Microsoft.ContainerService/managedClusters",
+          "apiVersion": "2023-09-02-preview",
+          "sku": {
+            "name": "Base",
+            "tier": "Standard"
+          },
+          "name": "napcluster",
+          "location": "uksouth",
+          "identity": {
+            "type": "SystemAssigned"
+          },
+          "properties": {
+            "networkProfile": {
+                "networkPlugin": "azure",
+                "networkPluginMode": "overlay",
+                "networkPolicy": "cilium",
+                "networkDataplane":"cilium",
+                "loadBalancerSku": "Standard"
+            },
+            "dnsPrefix": "napcluster",
+            "agentPoolProfiles": [
+              {
+                "name": "agentpool",
+                "count": 3,
+                "vmSize": "standard_d2s_v3",
+                "osType": "Linux",
+                "mode": "System"
+              }
+            ],
+            "nodeProvisioningProfile": {
+              "mode": "Auto"
+            },
           }
-        ],
-        "nodeProvisioningProfile": {
-          "mode": "Auto"
-        },
-      }
+        }
+      ]
     }
-  ]
-}
-```
+    ```
 
 ---
 
+### Enable node autoprovisioning on an existing cluster
+
+- Enable node autoprovisioning on an existing cluster using the `az aks update` command and set `--node-provisioning-mode` to `Auto`. You also need to set the `--network-plugin` to `azure`, `--network-plugin-mode` to `overlay`, and `--network-dataplane` to `cilium`.
+
+    ```azurecli-interactive
+    az aks update --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+    ```
+
 ## Node pools
 
 Node autoprovision uses a list of VM SKUs as a starting point to decide which is best suited for the workloads that are in a pending state.  Having control over what SKU you want in the initial pool allows you to specify specific SKU families, or VM types and the maximum amount of resources a provisioner uses.

articles/aks/static-ip.md

@@ -7,7 +7,7 @@ ms.author: allensu
 ms.subservice: aks-networking
 ms.custom: devx-track-azurecli
 ms.topic: how-to
-ms.date: 09/22/2023
+ms.date: 06/03/2024
 #Customer intent: As a cluster operator or developer, I want to create and manage static IP address resources in Azure that I can use beyond the lifecycle of an individual Kubernetes service deployed in an AKS cluster.
 ---
 
@@ -65,11 +65,53 @@ This article shows you how to create a static public IP address and assign it to
 
 ## Create a service using the static IP address
 
-1. Ensure the cluster identity used by the AKS cluster has delegated permissions to the public IP's resource group using the [`az role assignment create`][az-role-assignment-create] command.
+1. First, determine which type of managed identity your AKS cluster is using, system-assigned or user-assigned. If you're not certain, call the [az aks show][az-aks-show] command and query for the identity's *type* property.
+
+    ```azurecli
+    az aks show \
+        --name myAKSCluster \
+        --resource-group myResourceGroup \
+        --query identity.type \
+        --output tsv       
+    ```
+
+    If the cluster is using a managed identity, the value of the *type* property will be either **SystemAssigned** or **UserAssigned**.
+
+    If the cluster is using a service principal, the value of the *type* property will be null. Consider upgrading your cluster to use a managed identity.
+
+1. If your AKS cluster uses a system-assigned managed identity, then query for the managed identity's principal ID as follows:
+
+    ```azurecli-interactive
+    # Get the principal ID for a system-assigned managed identity.
+    CLIENT_ID=$(az aks show \
+        --name myAKSCluster \
+        --resource-group myNetworkResourceGroup \
+        --query identity.principalId \
+        --output tsv)
+    ```
+
+    If your AKS cluster uses a user-assigned managed identity, then the principal ID will be null. Query for the user-assigned managed identity's client ID instead:
+
+    ```azurecli-interactive
+    # Get the client ID for a user-assigned managed identity.
+    CLIENT_ID=$(az aks show \
+        --name myAKSCluster \
+        --resource-group myNetworkResourceGroup \
+        --query identity.userAssignedIdentities.*.clientId \
+        --output tsv    
+    ```
+
+1. Assign delegated permissions for the managed identity used by the AKS cluster for the public IP's resource group by calling the [`az role assignment create`][az-role-assignment-create] command.
 
     ```azurecli-interactive
-    CLIENT_ID=$(az aks show --name myAKSCluster --resource-group myNetworkResourceGroup --query identity.principalId -o tsv)
-    RG_SCOPE=$(az group show --name <node resource group> --query id -o tsv)
+    # Get the resource ID for the node resource group.
+    RG_SCOPE=$(az group show \
+        --name <node resource group> \
+        --query id \
+        --output tsv)
+
+    # Assign the Network Contributor role to the managed identity,
+    # scoped to the node resource group.
     az role assignment create \
         --assignee ${CLIENT_ID} \
         --role "Network Contributor" \
@@ -79,7 +121,7 @@ This article shows you how to create a static public IP address and assign it to
     > [!IMPORTANT]
     > If you customized your outbound IP, make sure your cluster identity has permissions to both the outbound public IP and the inbound public IP.
 
-2. Create a file named `load-balancer-service.yaml` and copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
+1. Create a file named `load-balancer-service.yaml` and copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
 
     > [!IMPORTANT]
     > Adding the `loadBalancerIP` property to the load balancer YAML manifest is deprecating following [upstream Kubernetes](https://github.com/kubernetes/kubernetes/pull/107235). While current usage remains the same and existing services are expected to work without modification, we **highly recommend setting service annotations** instead. To set service annotations, you can either use `service.beta.kubernetes.io/azure-pip-name` for public IP name, or use `service.beta.kubernetes.io/azure-load-balancer-ipv4` for an IPv4 address and `service.beta.kubernetes.io/azure-load-balancer-ipv6` for an IPv6 address, as shown in the example YAML.
@@ -103,7 +145,7 @@ This article shows you how to create a static public IP address and assign it to
     > [!NOTE]
     > Adding the `service.beta.kubernetes.io/azure-pip-name` annotation ensures the most efficient LoadBalancer creation and is highly recommended to avoid potential throttling. 
 
-3. Set a public-facing DNS label to the service using the `service.beta.kubernetes.io/azure-dns-label-name` service annotation. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so we recommend you use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
+1. Set a public-facing DNS label to the service using the `service.beta.kubernetes.io/azure-dns-label-name` service annotation. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so we recommend you use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
 
     > [!NOTE]
     > If you want to publish the service on your own domain, see [Azure DNS][azure-dns-zone] and the [external-dns][external-dns] project.
@@ -125,13 +167,13 @@ This article shows you how to create a static public IP address and assign it to
         app: azure-load-balancer
     ```
 
-4. Create the service and deployment using the `kubectl apply` command.
+1. Create the service and deployment using the `kubectl apply` command.
 
     ```console
     kubectl apply -f load-balancer-service.yaml
     ```
 
-5. To see the DNS label for your load balancer, use the `kubectl describe service` command.
+1. To see the DNS label for your load balancer, use the `kubectl describe service` command.
 
     ```console
     kubectl describe service azure-load-balancer

articles/application-gateway/for-containers/alb-controller-backend-health-metrics.md

@@ -6,21 +6,21 @@ author: greglin
 ms.service: application-gateway
 ms.subservice: appgw-for-containers
 ms.topic: article
-ms.date: 02/27/2024
+ms.date: 06/03/2024
 ms.author: greglin
 ---
 
 # ALB Controller - Backend Health and Metrics
 
-Understanding backend health of your Kubernetes services and pods is crucial in identifying issues and assistance in troubleshooting.  To help facilitate visibility into backend health, ALB Controller exposes backend health and metrics endpoints in all ALB Controller deployments.
+Understanding backend health of your Kubernetes services and pods is crucial in identifying issues and assistance in troubleshooting. To help facilitate visibility into backend health, ALB Controller exposes backend health and metrics endpoints in all ALB Controller deployments.
 
 ALB Controller's backend health exposes three different experiences:
 
 1. Summarized backend health by Application Gateway for Containers resource
 2. Summarized backend health by Kubernetes service
 3. Detailed backend health for a specified Kubernetes service
 
-ALB Controller's metric endpoint exposes both metrics and summary of backend health.  This endpoint enables exposure to Prometheus.
+ALB Controller's metric endpoint exposes both metrics and summary of backend health. This endpoint enables exposure to Prometheus.
 
 Access to these endpoints can be reached via the following URLs:
 
@@ -35,27 +35,45 @@ Any clients or pods that have connectivity to this pod and port may access these
 
 ### Discovering backend health
 
-Run the following kubectl command to identify your ALB Controller pod and its corresponding IP address.
+The ALB Controller exposes backend health on the ALB controller pod that is acting as primary.
+
+To find the primary pod, run the following command:
 
 ```bash
-kubectl get pods -n azure-alb-system -o wide
+CONTROLLER_NAMESPACE='azure-alb-system'
+kubectl get lease -n $CONTROLLER_NAMESPACE alb-controller-leader-election -o jsonpath='{.spec.holderIdentity}' | awk -F'_' '{print $1}'
 ```
 
-Example output:
+# [Access backend health via Kubectl command](#tab/backend-health-kubectl-access)
 
-| NAME                                       | READY | STATUS  | RESTARTS |  AGE | IP         | NODE                             | NOMINATED NODE | READINESS GATES |
-| ------------------------------------------ | ----- | ------- | -------- | ---- | ---------- | -------------------------------- | -------------- | --------------- |
-| alb-controller-74df7896b-gfzfc             | 1/1   | Running | 0        |  60m | 10.1.0.247 | aks-userpool-21921599-vmss000000 | \<none\>         | \<none\>          |
-| alb-controller-bootstrap-5f7f8f5d4f-gbstq  | 1/1   | Running | 0        |  60m | 10.1.1.183 | aks-userpool-21921599-vmss000001 | \<none\>         | \<none\>          |
+For indirect access via kubectl utility, you can create a listener that proxies traffic to the pod.
 
-Once you have the IP address of your alb-controller pod, you may validate the backend health service is running by browsing to http://\<pod-ip\>:8000.
+```bash
+kubectl port-forward <pod-name> -n $CONTROLLER_NAMESPACE 8000 8001
+```
 
-For example, the following command may be run:
+Once the kubectl command is listening, open another terminal (or cloud shell session) and execute curl to 127.0.0.1 to be redirected to the pod.
 
 ```bash
-curl http://10.1.0.247:8000
+curl http://127.0.0.1:8000
 ```
 
+# [Access backend health via controller pod directly](#tab/backend-health-direct-access)
+
+Run the following kubectl command to identify the IP address of the primary ALB Controller pod.
+
+```bash
+kubectl get pod <alb controller pod name from previous step> -n $CONTROLLER_NAMESPACE -o jsonpath="{.status.podIP}"
+```
+
+Once you have the IP address of your alb-controller pod, you may validate the backend health service is running by browsing to http://\<pod-ip\>:8000.
+
+```bash
+curl http://<your-pod-ip>:8000
+```
+
+---
+
 Example response:
 
 ```text
@@ -188,9 +206,9 @@ Example output:
 
 ## Metrics
 
-ALB Controller currently surfaces metrics following [text based format](https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format) to be exposed to Prometheus.
+ALB Controller currently surfaces metrics following [text based format](https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format) to be exposed to Prometheus. Access to these logs are available on port 8001 of the primary alb controller pod `http://\<alb-controller-pod-ip\>:8001/metrics`.
 
-The following Application Gateway for Containers specific metrics are currently available today:
+The following metrics are exposed today:
 
 | Metric Name | Description                                                                           |
 | ----------- | ------------------------------------------------------------------------------------- |