Merge pull request #260615 from MicrosoftDocs/main

12/7/2023 AM Publish

Author: Taojunshen

articles/aks/configure-kubenet-dual-stack.md

@@ -1,13 +1,13 @@
 ---
 title: Configure dual-stack kubenet networking in Azure Kubernetes Service (AKS)
 titleSuffix: Azure Kubernetes Service
-description: Learn how to configure dual-stack kubenet networking in Azure Kubernetes Service (AKS)
+description: Learn how to configure dual-stack kubenet networking in Azure Kubernetes Service (AKS).
 author: asudbring
 ms.author: allensu
 ms.subservice: aks-networking
-ms.custom: devx-track-azurecli, build-2023, devx-track-linux
 ms.topic: how-to
-ms.date: 06/27/2023
+ms.date: 12/07/2023
+ms.custom: devx-track-azurecli, build-2023, devx-track-linux
 ---
 
 # Use dual-stack kubenet networking in Azure Kubernetes Service (AKS)
@@ -301,10 +301,60 @@ Once the cluster has been created, you can deploy your workloads. This article w
 > There are currently **two limitations** pertaining to IPv6 services in AKS.
 >
 > 1. Azure Load Balancer sends health probes to IPv6 destinations from a link-local address. In Azure Linux node pools, this traffic can't be routed to a pod, so traffic flowing to IPv6 services deployed with `externalTrafficPolicy: Cluster` fail. IPv6 services must be deployed with `externalTrafficPolicy: Local`, which causes `kube-proxy` to respond to the probe on the node.
-> 2. Only the first IP address for a service will be provisioned to the load balancer, so a dual-stack service only receives a public IP for its first-listed IP family. To provide a dual-stack service for a single deployment, please create two services targeting the same selector, one for IPv4 and one for IPv6.
+> 2. Starting from AKS v1.27, you can directly create a dualstack service. However, for older versions, only the first IP address for a service will be provisioned to the load balancer, so a dual-stack service only receives a public IP for its first-listed IP family. To provide a dual-stack service for a single deployment, please create two services targeting the same selector, one for IPv4 and one for IPv6.
 
 # [kubectl](#tab/kubectl)
 
+### AKS starting from v1.27
+
+1. Expose the NGINX deployment using the `kubectl expose deployment nginx` command.
+
+    ```bash-interactive
+    kubectl expose deployment nginx --name=nginx --port=80 --type=LoadBalancer --overrides='{"spec":{"ipFamilyPolicy": "PreferDualStack", "ipFamilies": ["IPv4", "IPv6"]}}'
+    ```
+
+    You receive an output that shows the services have been exposed.
+
+    ```output
+    service/nginx exposed
+    ```
+
+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.
+
+    ```bash-interactive
+    kubectl get services
+    ```
+
+    ```output
+    NAME         TYPE           CLUSTER-IP               EXTERNAL-IP         PORT(S)        AGE
+    nginx        LoadBalancer   10.0.223.73   2603:1030:20c:9::22d,4.156.88.133   80:30664/TCP   2m11s
+    ```
+
+    ```bash-interactive
+    kubectl get services nginx -ojsonpath='{.spec.clusterIPs}'
+    ```
+
+    ```output
+    ["10.0.223.73","fd17:d93e:db1f:f771::54e"]
+    ```
+
+3. Verify functionality via a command-line web request from an IPv6 capable host. Azure Cloud Shell isn't IPv6 capable.
+
+    ```bash-interactive
+    SERVICE_IP=$(kubectl get services nginx -o jsonpath='{.status.loadBalancer.ingress[1].ip}')
+    curl -s "http://[${SERVICE_IP}]" | head -n5
+    ```
+
+    ```html
+    <!DOCTYPE html>
+    <html>
+    <head>
+    <title>Welcome to nginx!</title>
+    <style>
+    ```
+
+### AKS older than v1.27
+
 1. Expose the NGINX deployment using the `kubectl expose deployment nginx` command.
 
     ```bash-interactive
@@ -348,6 +398,68 @@ Once the cluster has been created, you can deploy your workloads. This article w
 
 # [YAML](#tab/yaml)
 
+### AKS starting from v1.27
+
+1. Expose the NGINX deployment using the following YAML manifest.
+
+    ```yml
+    apiVersion: v1
+    kind: Service
+    metadata:
+      labels:
+        app: nginx
+      name: nginx
+    spec:
+      externalTrafficPolicy: Cluster
+      ipFamilyPolicy: PreferDualStack
+      ipFamilies:
+      - IPv4
+      - IPv6
+      ports:
+      - port: 80
+        protocol: TCP
+        targetPort: 80
+      selector:
+        app: nginx
+      type: LoadBalancer
+    ```
+
+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.
+
+    ```bash-interactive
+    kubectl get services
+    ```
+
+    ```output
+    NAME         TYPE           CLUSTER-IP               EXTERNAL-IP         PORT(S)        AGE
+    nginx        LoadBalancer   10.0.223.73   2603:1030:20c:9::22d,4.156.88.133   80:30664/TCP   2m11s
+    ```
+
+    ```bash-interactive
+    kubectl get services nginx -ojsonpath='{.spec.clusterIPs}'
+    ```
+
+    ```output
+    ["10.0.223.73","fd17:d93e:db1f:f771::54e"]
+    ```
+
+3. Verify functionality via a command-line web request from an IPv6 capable host. Azure Cloud Shell isn't IPv6 capable.
+
+    ```bash-interactive
+    SERVICE_IP=$(kubectl get services nginx -o jsonpath='{.status.loadBalancer.ingress[1].ip}')
+    curl -s "http://[${SERVICE_IP}]" | head -n5
+    ```
+
+    ```html
+    <!DOCTYPE html>
+    <html>
+    <head>
+    <title>Welcome to nginx!</title>
+    <style>
+    ```
+
+### AKS older than v1.27
+
 1. Expose the NGINX deployment using the following YAML manifest.
 
     ```yml

articles/azure-arc/resource-bridge/upgrade.md

@@ -1,7 +1,7 @@
 ---
 title: Upgrade Arc resource bridge
 description: Learn how to upgrade Arc resource bridge using either cloud-managed upgrade or manual upgrade.  
-ms.date: 11/27/2023
+ms.date: 12/07/2023
 ms.topic: how-to
 ---
 
@@ -73,7 +73,7 @@ Currently, private cloud providers differ in how they perform Arc resource bridg
 
 For Arc-enabled VMware vSphere, manual upgrade is available, but appliances on version 1.0.15 and higher automatically receive cloud-managed upgrade as the default experience. Appliances that are earlier than version 1.0.15 must be manually upgraded. A manual upgrade only upgrades the appliance to the next version, not the latest version. If you have multiple versions to upgrade, another option is to review the steps for [performing a recovery](/azure/azure-arc/vmware-vsphere/recover-from-resource-bridge-deletion), then delete the appliance VM and perform the recovery steps. This deploys a new Arc resource bridge using the latest version and reconnects pre-existing Azure resources.
 
-Azure Arc VM management (preview) on Azure Stack HCI supports upgrade of an Arc resource bridge on Azure Stack HCI, version 22H2 up until appliance version 1.0.14 and `az arcappliance` CLI extension version 0.2.33. These upgrades can be done through manual upgrade. However, Azure Stack HCI, version 22H2 won't be supported for appliance version 1.0.15 or higher, because it's being deprecated. Customers on Azure Stack HCI, version 22H2 will receive limited support. To use appliance version 1.0.15 or higher, you must transition to Azure Stack HCI, version 23H2 (preview). In version 23H2 (preview), the LCM tool manages upgrades across all components as a "validated recipe" package. For more information, visit the [Arc VM management FAQ page](/azure-stack/hci/manage/azure-arc-vms-faq).
+For Azure Arc VM management (preview) on Azure Stack HCI, to use appliance version 1.0.15 or higher, you must be on Azure Stack HCI, version 23H2 (preview). In version 23H2 (preview), the LCM tool manages upgrades across all components as a "validated recipe" package. For more information, visit the [Arc VM management FAQ page](/azure-stack/hci/manage/azure-arc-vms-faq). Customers on Azure Stack HCI, version 22H2 will receive limited support.
 
 For Arc-enabled System Center Virtual Machine Manager (SCVMM), the manual upgrade feature is available for appliance version 1.0.14 and higher. Appliances below version 1.0.14 need to perform the recovery option to get to version 1.0.15 or higher. Review the steps for [performing the recovery operation](/azure/azure-arc/system-center-virtual-machine-manager/disaster-recovery), then delete the appliance VM from SCVMM and perform the recovery steps. This deploys a new resource bridge and reconnects pre-existing Azure resources.
 

articles/azure-functions/functions-bindings-event-hubs-output.md

@@ -195,6 +195,27 @@ def eventhub_output(req: func.HttpRequest, event: func.Out[str]):
     return 'ok'
 ```
 
+Here's Python code that sends multiple messages:
+```python
+import logging
+import azure.functions as func
+from typing import List
+
+app = func.FunctionApp()
+
+@app.function_name(name="eventhub_output")
+@app.route(route="eventhub_output")
+@app.event_hub_output(arg_name="event",
+                      event_hub_name="<EVENT_HUB_NAME>",
+                      connection="<CONNECTION_SETTING>")
+
+def eventhub_output(req: func.HttpRequest, event: func.Out[List[str]]) -> func.HttpResponse:
+    my_messages=["message1", "message2","message3"]
+    event.set(my_messages)
+    return func.HttpResponse(f"Messages sent")
+```
+
+
 # [v1](#tab/python-v1)
 
 The following examples show Event Hubs binding data in the *function.json* file.
@@ -223,6 +244,19 @@ def main(timer: func.TimerRequest) -> str:
     return 'Message created at: {}'.format(timestamp)
 ```
 
+Here's Python code that sends multiple messages:
+```python
+import logging
+from typing import List
+import azure.functions as func
+
+
+def main(req: func.HttpRequest, messages:func.Out[List[str]]) -> func.HttpResponse:
+    logging.info('Python HTTP trigger function processed a request.')
+    messages.set([{"message1"}, {"message2"}])
+    return func.HttpResponse(f"Messages sent")
+```
+
 ---
 
 ::: zone-end

articles/azure-netapp-files/configure-virtual-wan.md

@@ -24,7 +24,7 @@ This article will explain how to deploy and access an Azure NetApp Files volume
 
 ## Considerations
 
-* You should be familiar with network policies for Azure NetApp Files [private endpoints](../private-link/disable-private-endpoint-network-policy.md). Refer to [Route Azure NetApp Files traffic from on-premises via Azure Firewall](#route-azure-netapp-files-traffic-from-on-premises-via-azure-firewall) for further information.
+* Azure NetApp Files connectivity over Virtual WAN is supported only when using Standard networking features. For more information see [Supported network topologies](azure-netapp-files-network-topologies.md#supported-network-topologies).
 
 ## Before you begin
 
@@ -57,7 +57,7 @@ The following image of the Azure portal shows an example virtual hub of effectiv
 :::image type="content" source="../media/azure-netapp-files/effective-routes.png" alt-text="Screenshot of effective routes in Azure portal.":::
 
 > [!IMPORTANT] 
-> Azure NetApp Files mount leverages Azure Private Endpoint. The specific IP address entry is required, even if a CIDR to which the Azure NetApp Files volume IP address belongs is pointing to the Azure Firewall as its next hop. For example, 10.2.0.5/32 should be listed even though 10.0.0.0/8 is listed with the Azure Firewall as the next hop.
+> Azure NetApp Files mount leverages private IP addresses within a delegated [subnet](azure-netapp-files-network-topologies.md#subnets). The specific IP address entry is required, even if a CIDR to which the Azure NetApp Files volume IP address belongs is pointing to the Azure Firewall as its next hop. For example, 10.2.0.5/32 should be listed even though 10.0.0.0/8 is listed with the Azure Firewall as the next hop.
 
 ## List Azure NetApp Files volume IP under virtual hub effective routes
 

articles/azure-resource-manager/bicep/key-vault-parameter.md

@@ -141,7 +141,7 @@ The following procedure shows how to create a role with the minimum permission,
     New-AzRoleDefinition -InputFile "<path-to-role-file>"
     New-AzRoleAssignment `
       -ResourceGroupName ExampleGroup `
-      -RoleDefinitionName "Key Vault resource manager template deployment operator" `
+      -RoleDefinitionName "Key Vault Bicep deployment operator" `
       -SignInName <user-principal-name>
     ```