Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-user-access-admin-description

Author: rolyon

.openpublishing.redirection.azure-monitor.json

@@ -6279,6 +6279,26 @@
             "source_path_from_root": "/articles/azure-monitor/essentials/prometheus-authorization-proxy.md",
             "redirect_url": "/azure/azure-monitor/containers/prometheus-authorization-proxy",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-hybrid-setup.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-enable-arc-enabled-clusters",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v3.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-openshift-v4.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-optout-hybrid.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-optout",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md

@@ -8,24 +8,24 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/16/2023
+ms.date: 08/09/2023
 ms.author: jfields
 ---
 
 # Onboard a Google Cloud Platform (GCP) project
 
-This article describes how to onboard a Google Cloud Platform (GCP) project on Permissions Management.
+This article describes how to onboard a Google Cloud Platform (GCP) project in Microsoft Entra Permissions Management.
 
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
 ## Explanation
 
-For GCP, permissions management is scoped to a *GCP project*. A GCP project is a logical collection of your resources in GCP, like a subscription in Azure, albeit with further configurations you can perform such as application registrations and OIDC configurations.
+For GCP, Permissions Management is scoped to a *GCP project*. A GCP project is a logical collection of your resources in GCP, like a subscription in Azure, but with further configurations you can perform such as application registrations and OIDC configurations.
 
 <!-- Diagram from Gargi-->
 
-There are several moving parts across GCP and Azure, which are required to be configured before onboarding.
+There are several moving parts across GCP and Azure, which should be configured before onboarding.
 
 * An Azure AD OIDC App
 * A Workload Identity in GCP
@@ -39,7 +39,7 @@ There are several moving parts across GCP and Azure, which are required to be co
 
     - In the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
 
-1. On the **Data Collectors** tab, select **GCP**, and then select **Create Configuration**.
+1. On the **Data Collectors** tab, select **GCP**, then select **Create Configuration**.
 
 ### 1. Create an Azure AD OIDC app.
 
@@ -50,7 +50,7 @@ There are several moving parts across GCP and Azure, which are required to be co
 1. To create the app registration, copy the script and run it in your command-line app.
 
     > [!NOTE]
-    > 1. To confirm that the app was created, open **App registrations** in Azure and, on the **All applications** tab, locate your app.
+    > 1. To confirm the app was created, open **App registrations** in Azure and, on the **All applications** tab, locate your app.
     > 1. Select the app name to open the **Expose an API** page. The **Application ID URI** displayed in the **Overview** page is the *audience value* used while making an OIDC connection with your GCP account.
     > 1. Return to the Permissions Management window, and in the **Permissions Management Onboarding - Azure AD OIDC App Creation**, select **Next**.
 
@@ -73,15 +73,15 @@ Choose from three options to manage GCP projects.
 
 #### Option 1: Automatically manage 
 
-The automatically manage option allows projects to be automatically detected and monitored without extra configuration. Steps to detect list of projects and onboard for collection:  
+The automatically manage option allows you to automatically detect and monitor projects without extra configuration. Steps to detect a list of projects and onboard for collection:  
 
-1. Firstly, grant **Viewer** and **Security Reviewer** role to service account created in previous step at organization, folder or project scope. 
+1. Grant **Viewer** and **Security Reviewer** roles to a service account created in the previous step at a project, folder or organization level. 
 
-To enable controller mode 'On' for any projects, add following roles to the specific projects:
+To enable Controller mode **On** for any projects, add these roles to the specific projects:
 - Role Administrators
 - Security Admin 
 
-2. Once done, the steps are listed in the screen, which shows how to further configure in the GPC console, or programmatically with the gCloud CLI.
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
 
 3. Select **Next**.
 
@@ -93,34 +93,36 @@ You have the ability to specify only certain GCP member projects to manage and m
 
 2. You can choose to download and run the script at this point, or you can do it via Google Cloud Shell.
 
-    To enable controller mode 'On' for any projects, add following roles to the specific projects:
+    To enable controller mode 'On' for any projects, add these roles to the specific projects:
     - Role Administrators
     - Security Admin 
 
 3. Select **Next**.
 
 #### Option 3: Select authorization systems 
 
-This option detects all projects that are accessible by the Cloud Infrastructure Entitlement Management application.  
+This option detects all projects accessible by the Cloud Infrastructure Entitlement Management application.  
 
-1. Firstly, grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope
+1. Grant **Viewer** and **Security Reviewer** roles to a service account created in the previous step at a project, folder or organization level. 
+
+To enable Controller mode **On** for any projects, add these roles to the specific projects:
+- Role Administrators
+- Security Admin 
+
+The required commands to run in Google Cloud Shell are listed in the Manage Authorization screen for each scope of a project, folder or organization. This is also configured in the GPC console.
 
-    To enable controller mode 'On' for any projects, add following roles to the specific projects:
-    - Role Administrators
-    - Security Admin 
-2.  Once done, the steps are listed in the screen to do configure manually in the GPC console, or programmatically with the gCloud CLI
 3. Select **Next**.
 
 
 ### 3. Review and save.
 
 - In the **Permissions Management Onboarding – Summary** page, review the information you've added, and then select **Verify Now & Save**.
 
-    The following message appears: **Successfully Created Configuration.**
+    The following message appears: **Successfully Created Configuration**.
 
     On the **Data Collectors** tab, the **Recently Uploaded On** column displays **Collecting**. The **Recently Transformed On** column displays **Processing.**
 
-    You have now completed onboarding GCP, and Permissions Management has started collecting and processing your data.
+    You've completed onboarding GCP, and Permissions Management has started collecting and processing your data.
 
 ### 4. View the data.
 

articles/aks/cluster-configuration.md

@@ -24,7 +24,7 @@ A container runtime is software that executes containers and manages container i
 
 With a `containerd`-based node and node pools, instead of talking to the `dockershim`, the kubelet talks directly to `containerd` using the CRI (container runtime interface) plugin, removing extra hops in the data flow when compared to the Docker CRI implementation. As such, you see better pod startup latency and less resource (CPU and memory) usage.
 
-By using `containerd` for AKS nodes, pod startup latency improves and node resource consumption by the container runtime decreases. These improvements through this new architecture enable kubelet communicating directly to `containerd` through the CRI plugin. While in a Moby/docker architecture, kubelet communicates to the `dockershim` and docker engine before reaching `containerd`, therefore having extra hops in the data flow.
+By using `containerd` for AKS nodes, pod startup latency improves and node resource consumption by the container runtime decreases. These improvements through this new architecture enable kubelet communicating directly to `containerd` through the CRI plugin. While in a Moby/docker architecture, kubelet communicates to the `dockershim` and docker engine before reaching `containerd`, therefore having extra hops in the data flow. For more details on the origin of the `dockershim` and its deprecation, see the [Dockershim removal FAQ][kubernetes-dockershim-faq].
 
 ![Docker CRI 2](media/cluster-configuration/containerd-cri.png)
 
@@ -515,6 +515,7 @@ az aks update -n aksTest -g aksTest –-nrg-lockdown-restriction-level Unrestric
 [azurerm-azurelinux]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool#os_sku
 [general-usage]: https://kubernetes.io/docs/tasks/debug/debug-cluster/crictl/#general-usage
 [client-config-options]: https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md#client-configuration-options
+[kubernetes-dockershim-faq]: https://kubernetes.io/blog/2022/02/17/dockershim-faq/#why-was-the-dockershim-removed-from-kubernetes
 
 <!-- LINKS - internal -->
 [azure-cli-install]: /cli/azure/install-azure-cli
@@ -526,7 +527,7 @@ az aks update -n aksTest -g aksTest –-nrg-lockdown-restriction-level Unrestric
 [az-feature-register]: /cli/azure/feature#az_feature_register
 [az-feature-list]: /cli/azure/feature#az_feature_list
 [az-provider-register]: /cli/azure/provider#az_provider_register
-[aks-add-np-containerd]: /create-node-pools.md#add-a-windows-server-node-pool-with-containerd
+[aks-add-np-containerd]: create-node-pools.md#add-a-windows-server-node-pool-with-containerd
 [az-aks-create]: /cli/azure/aks#az-aks-create
 [az-aks-update]: /cli/azure/aks#az-aks-update
 [baseline-reference-architecture-aks]: /azure/architecture/reference-architectures/containers/aks/baseline-aks

articles/aks/media/supported-kubernetes-versions/kubernetes-versions-gantt.png

@@ -7,7 +7,7 @@ author: greglin
 ms.service: application-gateway
 ms.subservice: appgw-for-containers
 ms.topic: how-to
-ms.date: 07/24/2023
+ms.date: 08/09/2023
 ms.author: greglin
 ---
 
@@ -173,7 +173,7 @@ status:
 Now we're ready to send some traffic to our sample application, via the FQDN assigned to the frontend. Use the command below to get the FQDN.
 
 ```bash
-fqdn=$(kubectl get ingress ingress-01 -n test-infra -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'')
+fqdn=$(kubectl get ingress ingress-01 -n test-infra -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
 ```
 
 Curling this FQDN should return responses from the backend as configured on the HTTPRoute.