Merge pull request #263479 from nikhilkaul-msft/new-year-updates

prmerger-automator[bot] · web-flow · commit 9db55086fd4d · 2024-01-18T19:53:30.000Z
New year updates
diff --git a/articles/chaos-studio/chaos-studio-configure-customer-managed-keys.md b/articles/chaos-studio/chaos-studio-configure-customer-managed-keys.md
@@ -1,5 +1,5 @@
 ---
-title: Configure customer-managed keys (preview) for experiment encryption
+title: Configure customer-managed keys [preview] for experiment encryption
 titleSuffix: Azure Chaos Studio
 description: Learn how to configure customer-managed keys (preview) for your Azure Chaos Studio experiment resource using Azure Blob Storage
 services: chaos-studio
@@ -10,7 +10,7 @@ ms.date: 10/06/2023
 ms.topic: how-to
 ---
  
-# Configure customer-managed keys (preview) for Azure Chaos Studio using Azure Blob Storage
+# Configure customer-managed keys [preview] for Azure Chaos Studio using Azure Blob Storage
  
 Azure Chaos Studio automatically encrypts all data stored in your experiment resource with keys that Microsoft provides (service-managed keys). As an optional feature, you can add a second layer of security by also providing your own (customer-managed) encryption key(s). Customer-managed keys offer greater flexibility for controlling access and key-rotation policies.
  
diff --git a/articles/chaos-studio/chaos-studio-private-link-agent-service.md b/articles/chaos-studio/chaos-studio-private-link-agent-service.md
@@ -9,8 +9,8 @@ ms.author: nikhilkaul
 ms.service: chaos-studio
 ms.custom: ignite-fall-2023
 ---
-# How-to: Configure Private Link for Agent-Based experiments
-This guide explains the steps needed to configure Private Link for a Chaos Studio **Agent-based** Experiment. The current user experience is based on the private endpoints support enabled as part of public preview of the private endpoints feature. Expect this experience to evolve with time as the feature is enhanced to GA quality.
+# How-to: Configure Private Link for Agent-Based experiments [Preview]
+This guide explains the steps needed to configure Private Link for a Chaos Studio **Agent-based** Experiment [Preview]. The current user experience is based on the private endpoints support enabled as part of public preview of the private endpoints feature. Expect this experience to evolve with time as the feature is enhanced to GA quality, as it is currently in **preview**. 
 
 ---
 ## Prerequisites
@@ -234,6 +234,8 @@ Example of updated agentInstanceConfig.json:
 
 **IF** you blocked outbound access to Microsoft Certificate Revocation List (CRL) verification endpoints, then you need to update agentSettings.JSON to disable CRL verification check in the agent.
 
+By default this field is set to **true**, so you can either remove this field or set the value to false. See [here](chaos-studio-tutorial-agent-based-cli.md) for more details. 
+
 ```
 "communicationApi": {
      "checkCertRevocation": false
diff --git a/articles/chaos-studio/chaos-studio-private-networking.md b/articles/chaos-studio/chaos-studio-private-networking.md
@@ -27,7 +27,7 @@ Currently, you can only enable certain resource types for Chaos Studio virtual n
 To use Chaos Studio with virtual network injection, you must meet the following requirements.
 1. The `Microsoft.ContainerInstance` and `Microsoft.Relay` resource providers must be registered with your subscription.
 1. The virtual network where Chaos Studio resources will be injected must have two subnets: a container subnet and a relay subnet. A container subnet is used for the Chaos Studio containers that will be injected into your private network. A relay subnet is used to forward communication from Chaos Studio to the containers inside the private network.
-    1. Both subnets need at least `/28` in the address space. An example is an address prefix of `10.0.0.0/28` or `10.0.0.0/24`.
+    1. Both subnets need at least `/27` in the address space. An example is an address prefix of `10.0.0.0/28` or `10.0.0.0/24`.
     1. The container subnet must be delegated to `Microsoft.ContainerInstance/containerGroups`.
     1. The subnets can be arbitrarily named, but we recommend `ChaosStudioContainerSubnet` and `ChaosStudioRelaySubnet`.
 1. When you enable the desired resource as a target so that you can use it in Chaos Studio experiments, the following properties must be set:
diff --git a/articles/chaos-studio/chaos-studio-tutorial-agent-based-cli.md b/articles/chaos-studio/chaos-studio-tutorial-agent-based-cli.md
@@ -113,32 +113,61 @@ The chaos agent is an application that runs in your VM or virtual machine scale
 
 1. Install the Chaos Studio VM extension. Replace `$VM_RESOURCE_ID` with the resource ID of your VM or replace `$SUBSCRIPTION_ID`, `$RESOURCE_GROUP`, and `$VMSS_NAME` with those properties for your virtual machine scale set. Replace `$AGENT_PROFILE_ID` with the agent Profile ID. Replace `$USER_IDENTITY_CLIENT_ID` with the client ID of your managed identity. Replace `$APP_INSIGHTS_KEY` with your Application Insights instrumentation key. If you aren't using Application Insights, remove that key/value pair.
 
+   #### Full list of default Agent virtual machine extension configuration
+
+   Here is the **minimum agent vm extension configuration** required by the user:
+
+    ```azcli-interactive
+    {
+        "profile": "$AGENT_PROFILE_ID",
+        "auth.msi.clientid": "$USER_IDENTITY_CLIENT_ID"
+    }
+    ```
+
+    Here is **all values for agent vm extension configuration**
+    
+   ```azcli-interactive
+    {
+       "profile": "$AGENT_PROFILE_ID",
+       "auth.msi.clientid": "$USER_IDENTITY_CLIENT_ID",
+       "appinsightskey": "$APP_INSIGHTS_KEY",
+       "overrides": {
+           "region": string, default to be null
+           "logLevel": {
+               "default" : string , default to be Information
+               },
+           "checkCertRevocation": boolean, default to be false.
+       }
+   }
+    ```
+
+
     #### Install the agent on a virtual machine
 
     Windows
 
     ```azurecli-interactive
-    az vm extension set --ids $VM_RESOURCE_ID --name ChaosWindowsAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"}'
+    az vm extension set --ids $VM_RESOURCE_ID --name ChaosWindowsAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"{"Overrides": "CheckCertRevocation" = true}}'
     ```
 
     Linux
 
     ```azurecli-interactive
-    az vm extension set --ids $VM_RESOURCE_ID --name ChaosLinuxAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"}'
+    az vm extension set --ids $VM_RESOURCE_ID --name ChaosLinuxAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"{"Overrides": "CheckCertRevocation" = true}}'
     ```
 
     #### Install the agent on a virtual machine scale set
 
     Windows
 
     ```azurecli-interactive
-    az vmss extension set --subscription $SUBSCRIPTION_ID --resource-group $RESOURCE_GROUP --vmss-name $VMSS_NAME --name ChaosWindowsAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"}'
+    az vmss extension set --subscription $SUBSCRIPTION_ID --resource-group $RESOURCE_GROUP --vmss-name $VMSS_NAME --name ChaosWindowsAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"{"Overrides": "CheckCertRevocation" = true}}'
     ```
 
     Linux
 
     ```azurecli-interactive
-    az vmss extension set --subscription $SUBSCRIPTION_ID --resource-group $RESOURCE_GROUP --vmss-name $VMSS_NAME --name ChaosLinuxAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"}'
+    az vmss extension set --subscription $SUBSCRIPTION_ID --resource-group $RESOURCE_GROUP --vmss-name $VMSS_NAME --name ChaosLinuxAgent --publisher Microsoft.Azure.Chaos --version 1.0 --settings '{"profile": "$AGENT_PROFILE_ID", "auth.msi.clientid":"$USER_IDENTITY_CLIENT_ID", "appinsightskey":"$APP_INSIGHTS_KEY"{"Overrides": "CheckCertRevocation" = true}}'
     ```
 1. If you're setting up a virtual machine scale set, verify that the instances were upgraded to the latest model. If needed, upgrade all instances in the model.
 
