Merge pull request #232180 from AbhishekMallick01/Mar-27-2023-AKS

AKS backup updates

Author: PMEds28

articles/backup/azure-kubernetes-service-cluster-backup-concept.md

@@ -3,7 +3,7 @@ title: Azure Kubernetes Service (AKS) backup using Azure Backup prerequisites
 description: This article explains the prerequisites for Azure Kubernetes Service (AKS) backup.
 ms.topic: conceptual
 ms.service: backup
-ms.date: 03/20/2023
+ms.date: 03/27/2023
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -24,11 +24,11 @@ Azure Backup now allows you to back up AKS clusters (cluster resources and persi
 
 - You need to install Backup Extension on both the source cluster to be backed up and the target cluster where the restore will happen.
 
-- Backup Extension can be installed in the cluster from the *AKS portal* blade on the **Backup** tab under **Settings**. You can also use the Azure CLI commands to [manage the installation and other operations on the Backup Extension](azure-kubernetes-service-cluster-manage-backups.md#manage-operations).
+- Backup Extension can be installed in the cluster from the *AKS portal* blade on the **Backup** tab under **Settings**. You can also use the Azure CLI commands to [manage the installation and other operations on the Backup Extension](azure-kubernetes-service-cluster-manage-backups.md#backup-extension-related-operations).
 
-- Before you install an extension in an AKS cluster, you must register the `Microsoft.KubernetesConfiguration` resource provider at the subscription level. Learn how to [register the resource provider](azure-kubernetes-service-cluster-manage-backups.md#register-the-resource-provider).
+- Before you install an extension in an AKS cluster, you must register the `Microsoft.KubernetesConfiguration` resource provider at the subscription level. Learn how to [register the resource provider](azure-kubernetes-service-cluster-manage-backups.md#resource-provider-registrations).
 
-Learn [how to manage the operation to install Backup Extension using Azure CLI](azure-kubernetes-service-cluster-manage-backups.md#manage-operations).
+Learn [how to manage the operation to install Backup Extension using Azure CLI](azure-kubernetes-service-cluster-manage-backups.md#backup-extension-related-operations).
 
 ## Trusted Access
 
@@ -38,9 +38,14 @@ Your Azure resources access AKS clusters through the AKS regional gateway using
 
 For AKS backup, the Backup vault accesses your AKS clusters via Trusted Access to configure backups and restores. The Backup vault is assigned a pre-defined role **Microsoft.DataProtection/backupVaults/backup-operator** in the AKS cluster, allowing it to only perform specific backup operations. 
 
-Before you enable Trusted Access between a Backup vault and an AKS cluster, [enable a *feature flag* on the cluster's subscription](azure-kubernetes-service-cluster-manage-backups.md#enable-the-feature-flag).
+To enable Trusted Access between a Backup vault and an AKS cluster, you must register the `TrustedAccessPreview`  feature flag on `Microsoft.ContainerService` at the subscription level. Learn more [to register the resource provider](azure-kubernetes-service-cluster-manage-backups.md#enable-the-feature-flag).
+
+Learn [how to enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#register-the-trusted-access).
+
+>[!Note]
+>- You can install the Backup Extension on your AKS cluster directly from the Azure portal under the *Backup* section in AKS portal.
+>- You can also enable Trusted Access between Backup vault and AKS cluster during the backup or restore operations in the Azure portal.
 
-Learn [how to enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#enable-trusted-access).
 
 ## AKS Cluster
 

articles/backup/azure-kubernetes-service-cluster-backup-support-matrix.md

@@ -2,7 +2,7 @@
 title: Azure Kubernetes Service (AKS) backup support matrix
 description: This article provides a summary of support settings and limitations of Azure Kubernetes Service (AKS) backup.
 ms.topic: conceptual
-ms.date: 03/20/2023
+ms.date: 03/27/2023
 ms.custom: references_regions
 ms.service: backup
 author: jyothisuri
@@ -41,6 +41,8 @@ AKS backup is available in all the Azure public cloud regions, East US, North Eu
 
 - Currently, the modification of backup policy and the modification of snapshot resource group (assigned to a backup instance during configuration of the AKS cluster backup) aren't supported.
 
+- AKS cluster and Backup Extension pods should be in running state for any backup and restore operations to be performed. This includes deletion of expired recovery points.
+
 - For successful backup and restore operations, role assignments are required by the Backup vault's managed identity. If you don't have the required permissions, you may see permission issues during backup configuration or restore operations soon after assigning roles because the role assignments take a few minutes to take effect. Learn about the [role definitions](azure-kubernetes-service-cluster-backup-concept.md#required-roles-and-permissions).
 
 - AKS backup limits are:

articles/backup/azure-kubernetes-service-cluster-backup.md

@@ -3,7 +3,7 @@ title: Back up Azure Kubernetes Service (AKS) using Azure Backup
 description: This article explains how to back up Azure Kubernetes Service (AKS) using Azure Backup.
 ms.topic: how-to
 ms.service: backup
-ms.date: 03/20/2023
+ms.date: 03/27/2023
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -24,7 +24,7 @@ Azure Backup now allows you to back up AKS clusters (cluster resources and persi
 
 - You must [install the Backup Extension](azure-kubernetes-service-cluster-manage-backups.md#install-backup-extension) to configure backup and restore operations on an AKS cluster. Learn more [about Backup Extension](azure-kubernetes-service-cluster-backup-concept.md#backup-extension).
 
-- Ensure that the `Microsoft.KubernetesConfiguration` and `Microsoft.DataProtection` providers are registered for your subscription before initiating backup configuration and restore operations.
+- Ensure that `Microsoft.KubernetesConfiguration`, `Microsoft.DataProtection`, and the `TrustedAccessPreview` feature flag on `Microsoft.ContainerService` are registered for your subscription before initiating the backup configuration and restore operations.
 
 - Ensure to perform [all the prerequisites](azure-kubernetes-service-cluster-backup-concept.md) before initiating backup or restore operation for AKS backup.
 

articles/backup/azure-kubernetes-service-cluster-manage-backups.md

@@ -3,129 +3,125 @@ title: Manage Azure Kubernetes Service (AKS) backups using Azure Backup
 description: This article explains how to manage Azure Kubernetes Service (AKS) backups using Azure Backup.
 ms.topic: how-to
 ms.service: backup
-ms.date: 03/20/2023
+ms.date: 03/27/2023
 author: jyothisuri
 ms.author: jsuri
 ---
 
 # Manage Azure Kubernetes Service backups using Azure Backup (preview) 
 
-This article describes how to manage Azure Kubernetes Service (AKS) backups using Azure CLI commands.
+This article describes how to register resource providers on your subscriptions for using Backup Extension and Trusted Access. Also, it provides you with the Azure CLI commands to manage them.
 
-Azure Backup now allows you to back up AKS clusters (cluster resources and persistent volumes attached to the cluster) using a backup extension, which must be installed in the cluster. Backup vault communicates with the cluster via this Backup Extension to perform backup and restore operations. 
+Azure Backup now allows you to back up AKS clusters (cluster resources and persistent volumes attached to the cluster) using a backup extension, which must be installed in the cluster. AKS cluster requires Trusted Access enabled with Backup vault, so that the vault can communicate with the Backup Extension to perform backup and restore operations.
 
-## Manage operations
+## Resource provider registrations
 
-This section provides the set of Azure CLI commands to create, update, delete operations on the backup extension. You can use the *update* command to change the blob container where backups are stored along with compute limits for the underlying Backup Extension Pods.
+- You must register these resource providers on the subscription before initiating any backup and restore operation.
+- Once the registration is complete, you can perform backup and restore operations on all the cluster under the subscription.
 
-## Register the resource provider
+### Register the Backup Extension
 
-To register the resource provider, run the following command:
+To install Backup Extension, you need to register `Microsoft.KubernetesConfiguration` resource provider on the subscription. To perform the registration, run the following command:
 
    ```azurecli-interactive
    az provider register --namespace Microsoft.KubernetesConfiguration
    ```
 
->[!Note]
->Don't initiate extension installation before registering resource provider.
-
-### Monitor the registration process
-
 The registration may take up to *10 minutes*. To monitor the registration process, run the following command:
 
    ```azurecli-interactive
    az provider show -n Microsoft.KubernetesConfiguration -o table
    ```
 
-### Install Backup Extension
+### Register the Trusted Access
 
-To install the Backup Extension, use the following command:
+To enable Trusted Access between the Backup vault and AKS cluster, you must register *TrustedAccessPreview* feature flag on *Microsoft.ContainerService* over the subscription. To perform the registration, run the following commands:
 
-   ```azurecli-interactive
-   az k8s-extension create --name azure-aks-backup --extension-type Microsoft.DataProtection.Kubernetes --scope cluster --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg --release-train stable --configuration-settings blobContainer=containername storageAccount=storageaccountname storageAccountResourceGroup=storageaccountrg storageAccountSubscriptionId=subscriptionid
-   ```
+## Enable the feature flag
 
-### Update resources in Backup Extension
+To enable the feature flag follow these steps:
 
-To update blob container, CPU, and memory in the Backup Extension, use the following command:
+1. Install the *aks-preview* extension:
 
    ```azurecli-interactive
-   az k8s-extension update --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg --release-train stable --configuration-settings [blobContainer=containername storageAccount=storageaccountname storageAccountResourceGroup=storageaccountrg storageAccountSubscriptionId=subscriptionid] [cpuLimit=1] [memoryLimit=1Gi]
-   
-   []: denotes the 3 different sub-groups of updates possible (discard the brackets while using the command)
-
+   az extension add --name aks-preview
    ```
 
-### Delete Backup Extension installation operation
-
-To stop the Backup Extension install operation, use the following command:
+1. Update to the latest version of the extension released:
 
    ```azurecli-interactive
-   az k8s-extension delete --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg
+   az extension update --name aks-preview
    ```
 
-### Grant permission on storage account
-
-To provide *Storage Account Contributor Permission* to the Extension Identity on storage account, run the following command:
+1. Register the *TrustedAccessPreview* feature flag:
 
    ```azurecli-interactive
-   az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name aksclustername --resource-group aksclusterresourcegroup --cluster-type managedClusters --query aksAssignedIdentity.principalId --output tsv) --role 'Storage Account Contributor' --scope /subscriptions/subscriptionid/resourceGroups/storageaccountresourcegroup/providers/Microsoft.Storage/storageAccounts/storageaccountname 
+   az feature register --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
    ```
+   
+   It takes a few minutes for the status to show *Registered*.
 
-### View Backup Extension installation status
+1. Verify the registration status:
 
-To view the progress of Backup Extension installation, use the following command:
+   ```azurecli-interactive
+   az feature show --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
+   ```
+
+1. When the status shows *Registered*, refresh the `Microsoft.ContainerService` resource provider registration:
 
    ```azurecli-interactive
-   az k8s-extension show --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg
+   az provider register --namespace Microsoft.ContainerService
    ```
 
-## Enable the feature flag
+## Backup Extension related operations
 
-To enable the feature flag follow these steps:
+This section provides the set of Azure CLI commands to perform create, update, or delete operations on the Backup Extension. You can use the update command to change compute limits for the underlying Backup Extension Pods.
+
+### Install Backup Extension
 
-1. To install the *aks-preview* extension, run the following command:
+To install the Backup Extension, run the following command:
 
    ```azurecli-interactive
-   az extension add --name aks-preview
+   az k8s-extension create --name azure-aks-backup --extension-type Microsoft.DataProtection.Kubernetes --scope cluster --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg --release-train stable --configuration-settings blobContainer=containername storageAccount=storageaccountname storageAccountResourceGroup=storageaccountrg storageAccountSubscriptionId=subscriptionid
    ```
 
-1. To update to the latest version of the extension released, run the following command:
+### View Backup Extension installation status
+
+To view the progress of Backup Extension installation, use the following command:
 
    ```azurecli-interactive
-   az extension update --name aks-preview
+   az k8s-extension show --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg
    ```
 
-1. To register the *TrustedAccessPreview* feature flag, run the `az feature register` command.
+### Update resources in Backup Extension
 
-   **Example**
+To update blob container, CPU, and memory in the Backup Extension, use the following command:
 
    ```azurecli-interactive
-   az feature register --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
-   ```
+   az k8s-extension update --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg --release-train stable --configuration-settings [blobContainer=containername storageAccount=storageaccountname storageAccountResourceGroup=storageaccountrg storageAccountSubscriptionId=subscriptionid] [cpuLimit=1] [memoryLimit=1Gi]
    
-   It takes a few minutes for the status to show Registered.
+   []: denotes the 3 different sub-groups of updates possible (discard the brackets while using the command)
 
-1. To verify the registration status, run the `az feature show` command.
+   ```
 
-   **Example**
+### Delete Backup Extension installation operation
+
+To stop the Backup Extension install operation, use the following command:
 
    ```azurecli-interactive
-   az feature show --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
+   az k8s-extension delete --name azure-aks-backup --cluster-type managedClusters --cluster-name aksclustername --resource-group aksclusterrg
    ```
 
-1. When the status shows as **Registered**, run the `az provider register` command to refresh the `Microsoft.ContainerService` resource provider registration.
+### Grant permission on storage account
 
-   **Example**
+To provide *Storage Account Contributor Permission* to the Extension Identity on storage account, run the following command:
 
    ```azurecli-interactive
-   az provider register --namespace Microsoft.ContainerService
+   az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name aksclustername --resource-group aksclusterresourcegroup --cluster-type managedClusters --query aksAssignedIdentity.principalId --output tsv) --role 'Storage Account Contributor' --scope /subscriptions/subscriptionid/resourceGroups/storageaccountresourcegroup/providers/Microsoft.Storage/storageAccounts/storageaccountname 
    ```
 
->[!Note]
->Don't initiate backup configuration before enabling the feature flag.
 
-## Enable Trusted Access
+## Trusted Access related operations
 
 To enable Trusted Access between Backup vault and AKS cluster, use the following Azure CLI command:
 

articles/backup/azure-kubernetes-service-cluster-restore.md

@@ -3,7 +3,7 @@ title: Restore Azure Kubernetes Service (AKS) using Azure Backup
 description: This article explains how to restore backed-up Azure Kubernetes Service (AKS) using Azure Backup.
 ms.topic: how-to
 ms.service: backup
-ms.date: 03/03/2023
+ms.date: 03/27/2023
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -18,7 +18,7 @@ Azure Backup now allows you to back up AKS clusters (cluster resources and persi
 
 - AKS backup allows you to restore to original AKS cluster (that was backed up) and to an alternate AKS cluster. AKS backup allows you to perform a full restore and item-level restore. You can utilize [restore configurations](#restore-configurations) to define parameters based on the cluster resources that will be picked up during the restore.
 
-- You must [install the Backup Extension](azure-kubernetes-service-cluster-manage-backups.md#install-backup-extension) in the target AKS cluster. Also, you must [enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#enable-trusted-access) between the Backup vault and the AKS cluster.
+- You must [install the Backup Extension](azure-kubernetes-service-cluster-manage-backups.md#install-backup-extension) in the target AKS cluster. Also, you must [enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#register-the-trusted-access) between the Backup vault and the AKS cluster.
 
 For more information on the limitations and supported scenarios, see the [support matrix](azure-kubernetes-service-cluster-backup-support-matrix.md).