Merge pull request #265834 from JnHs/jh-arc-aksenabled

rename and update info for AKS enabled by Azure Arc

Author: JamesJBarnett

articles/azure-arc/kubernetes/azure-rbac.md

@@ -35,7 +35,7 @@ For a conceptual overview of this feature, see [Azure RBAC on Azure Arc-enabled
   - [Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
 
 > [!NOTE]
-> You can't set up this feature for Red Hat OpenShift, or for managed Kubernetes offerings of cloud providers like Elastic Kubernetes Service or Google Kubernetes Engine where the user doesn't have access to the API server of the cluster. For Azure Kubernetes Service (AKS) clusters, this [feature is available natively](../../aks/manage-azure-rbac.md) and doesn't require the AKS cluster to be connected to Azure Arc. For AKS on Azure Stack HCI, see [Use Azure RBAC for AKS hybrid clusters (preview)](/azure/aks/hybrid/azure-rbac-aks-hybrid).
+> You can't set up this feature for Red Hat OpenShift, or for managed Kubernetes offerings of cloud providers like Elastic Kubernetes Service or Google Kubernetes Engine where the user doesn't have access to the API server of the cluster. For Azure Kubernetes Service (AKS) clusters, this [feature is available natively](../../aks/manage-azure-rbac.md) and doesn't require the AKS cluster to be connected to Azure Arc.
 
 <a name='set-up-azure-ad-applications'></a>
 

articles/azure-arc/kubernetes/extensions-release.md

@@ -1,6 +1,6 @@
 ---
 title: "Available extensions for Azure Arc-enabled Kubernetes clusters"
-ms.date: 11/03/2023
+ms.date: 02/08/2024
 ms.topic: how-to
 description: "See which extensions are currently available for Azure Arc-enabled Kubernetes clusters and view release notes."
 ---
@@ -11,9 +11,6 @@ description: "See which extensions are currently available for Azure Arc-enabled
 
 The following extensions are currently available for use with Arc-enabled Kubernetes clusters. All of these extensions are [cluster-scoped](conceptual-extensions.md#extension-scope), except for Azure API Management on Azure Arc, which is namespace-scoped.
 
-> [!NOTE]
-> Installing Azure Arc extensions on [Azure Kubernetes Service (AKS) hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) is currently in preview, with support for the Azure Arc-enabled Open Service Mesh, Azure Key Vault Secrets Provider, Flux (GitOps) and Microsoft Defender for Cloud extensions.
-
 ## Azure Monitor Container Insights
 
 - **Supported distributions**: All Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters
@@ -30,15 +27,15 @@ For more information, see [Understand Azure Policy for Kubernetes clusters](../.
 
 ## Azure Key Vault Secrets Provider
 
-- **Supported distributions**: AKS on Azure Stack HCI, AKS hybrid clusters provisioned from Azure, Cluster API Azure, Google Kubernetes Engine,  Canonical Kubernetes Distribution, OpenShift Kubernetes Distribution, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid
+- **Supported distributions**: AKS on Azure Stack HCI,  AKS enabled by Azure Arc, Cluster API Azure, Google Kubernetes Engine,  Canonical Kubernetes Distribution, OpenShift Kubernetes Distribution, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid
 
 The Azure Key Vault Provider for Secrets Store CSI Driver allows for the integration of Azure Key Vault as a secrets store with a Kubernetes cluster via a CSI volume. For Azure Arc-enabled Kubernetes clusters, you can install the Azure Key Vault Secrets Provider extension to fetch secrets.
 
 For more information, see [Use the Azure Key Vault Secrets Provider extension to fetch secrets into Azure Arc-enabled Kubernetes clusters](tutorial-akv-secrets-provider.md).
 
 ## Microsoft Defender for Containers
 
-- **Supported distributions**: AKS hybrid clusters provisioned from Azure, Cluster API Azure, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 or newer), Google Kubernetes Engine Standard, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid, Rancher Kubernetes Engine, Canonical Kubernetes Distribution
+- **Supported distributions**: AKS enabled by Azure Arc, Cluster API Azure, Azure Red Hat OpenShift, Red Hat OpenShift (version 4.6 or newer), Google Kubernetes Engine Standard, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid, Rancher Kubernetes Engine, Canonical Kubernetes Distribution
 
 Microsoft Defender for Containers is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications. It gathers information related to security like audit log data from the Kubernetes cluster, and provides recommendations and threat alerts based on gathered data.
 
@@ -50,7 +47,7 @@ For more information, see [Enable Microsoft Defender for Containers](../../defen
 
 ## Azure Arc-enabled Open Service Mesh
 
-- **Supported distributions**: AKS, AKS on Azure Stack HCI, AKS hybrid clusters provisioned from Azure, Cluster API Azure, Google Kubernetes Engine, Canonical Kubernetes Distribution, Rancher Kubernetes Engine, OpenShift Kubernetes Distribution, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid
+- **Supported distributions**: AKS, AKS on Azure Stack HCI,  AKS enabled by Azure Arc, Cluster API Azure, Google Kubernetes Engine, Canonical Kubernetes Distribution, Rancher Kubernetes Engine, OpenShift Kubernetes Distribution, Amazon Elastic Kubernetes Service, VMware Tanzu Kubernetes Grid
 
 [Open Service Mesh (OSM)](https://docs.openservicemesh.io/) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.
 

articles/azure-arc/kubernetes/extensions.md

@@ -1,7 +1,7 @@
 ---
 title: "Deploy and manage Azure Arc-enabled Kubernetes cluster extensions"
 ms.custom: devx-track-azurecli
-ms.date: 04/27/2023
+ms.date: 02/08/2024
 ms.topic: how-to
 description: "Create and manage extension instances on Azure Arc-enabled Kubernetes clusters."
 ---
@@ -33,9 +33,6 @@ Before you begin, read the [conceptual overview of Arc-enabled Kubernetes cluste
   * If you haven't connected a cluster yet, use our [quickstart](quickstart-connect-cluster.md).
   * [Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
 
-> [!NOTE]
-> Installing Azure Arc extensions on [AKS hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) is currently in preview, with support for the Azure Arc-enabled Open Service Mesh, Azure Key Vault Secrets Provider, Flux (GitOps) and Microsoft Defender for Cloud extensions.
-
 ## Create extension instance
 
 To create a new extension instance, use `k8s-extension create`, passing in values for the required parameters.
@@ -85,7 +82,7 @@ az k8s-extension create --name azuremonitor-containers  --extension-type Microso
 > [!NOTE]
 > The service is unable to retain sensitive information for more than 48 hours. If Azure Arc-enabled Kubernetes agents don't have network connectivity for more than 48 hours and can't determine whether to create an extension on the cluster, the extension transitions to `Failed` state. Once that happens, you'll need to run `k8s-extension create` again to create a fresh extension Azure resource.
 >
-> Azure Monitor Container Insights is a singleton extension (only one required per cluster). You'll need to clean up any previous Helm chart installations of Azure Monitor Container Insights (without extensions) before installing the same via extensions. Follow the instructions for [deleting the Helm chart](../../azure-monitor/containers/container-insights-optout-hybrid.md)  before running `az k8s-extension create`.
+> Azure Monitor Container Insights is a singleton extension (only one required per cluster). You'll need to clean up any previous Helm chart installations of Azure Monitor Container Insights (without extensions) before installing the same via extensions. Follow the instructions for [deleting the Helm chart](/azure/azure-monitor/containers/kubernetes-monitoring-disable#remove-container-insights-with-helm) before running `az k8s-extension create`.
 
 ### Required parameters
 
@@ -100,9 +97,6 @@ The following parameters are required when using `az k8s-extension create` to cr
 | `--resource-group` | The resource group containing the Azure Arc-enabled Kubernetes resource |
 | `--cluster-type` | The cluster type on which the extension instance has to be created. For most scenarios, use `connectedClusters`, which corresponds to Azure Arc-enabled Kubernetes clusters. |
 
-> [!NOTE]
-> When working with [AKS hybrid clusters provisioned from Azure](#aks-hybrid-clusters-provisioned-from-azure-preview), you must set `--cluster-type` to use `provisionedClusters` and also add `--cluster-resource-provider microsoft.hybridcontainerservice` to the command. Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
-
 ### Optional parameters
 
 Use one or more of these optional parameters as needed for your scenarios, along with the required parameters.
@@ -293,33 +287,6 @@ az k8s-extension delete --name azuremonitor-containers --cluster-name <clusterNa
 > [!NOTE]
 > The Azure resource representing this extension gets deleted immediately. The Helm release on the cluster associated with this extension is only deleted when the agents running on the Kubernetes cluster have network connectivity and can reach out to Azure services again to fetch the desired state.
 
-> [!IMPORTANT]
-> When working with [AKS hybrid clusters provisioned from Azure](#aks-hybrid-clusters-provisioned-from-azure-preview), you must add `--yes` to the delete command. Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
-
-## AKS hybrid clusters provisioned from Azure (preview)
-
-You can deploy extensions to AKS hybrid clusters provisioned from Azure. However, there are a few key differences to keep in mind in order to deploy successfully:
-
-* The value for the `--cluster-type` parameter must be `provisionedClusters`.
-* You must add `--cluster-resource-provider microsoft.hybridcontainerservice` to your commands.
-* When deleting an extension instance, you must add `--yes` to the command:
-
-   ```azurecli
-   az k8s-extension delete --name azuremonitor-containers --cluster-name <clusterName> --resource-group <resourceGroupName> --cluster-type provisionedClusters --cluster-resource-provider microsoft.hybridcontainerservice --yes
-   ```
-
-In addition, you must be using the latest version of the Azure CLI `k8s-extension` module (version >= 1.3.3). Use the following commands to add or update to the latest version:
-
-```azurecli
-# add if you do not have this installed
-az extension add --name k8s-extension
-
-# update if you do have the module installed
-az extension update --name k8s-extension
-```
-
-> [!IMPORTANT]
-> Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
 
 ## Next steps
 

articles/azure-arc/kubernetes/gitops-flux2-parameters.md

@@ -1,7 +1,7 @@
 ---
 title: "GitOps (Flux v2) supported parameters"
 description: "Understand the supported parameters for GitOps (Flux v2) in Azure for use in Azure Arc-enabled Kubernetes and Azure Kubernetes Service (AKS) clusters."
-ms.date: 12/11/2023
+ms.date: 02/08/2024
 ms.topic: conceptual
 ---
 
@@ -23,11 +23,11 @@ This article describes some of the parameters and arguments available for the `a
 | Parameter | Format | Notes |
 | ------------- | ------------- | ------------- |
 | `--cluster-name` `-c` | String | Name of the cluster resource in Azure. |
-| `--cluster-type` `-t` | Allowed values: `connectedClusters`, `managedClusters`, `provisionedClusters` | Use `connectedClusters` for Azure Arc-enabled Kubernetes clusters, `managedClusters` for AKS clusters, or `provisionedClusters` for [AKS hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) (installing extensions on these clusters is currently in preview). |
+| `--cluster-type` `-t` | Allowed values: `connectedClusters`, `managedClusters`| Use `connectedClusters` for Azure Arc-enabled Kubernetes clusters or `managedClusters` for AKS clusters. |
 | `--resource-group` `-g` | String | Name of the Azure resource group that holds the cluster resource. |
 | `--name` `-n`| String | Name of the Flux configuration in Azure. |
 | `--namespace` `--ns` | String | Name of the namespace to deploy the configuration.  Default: `default`. |
-| `--scope` `-s` | String | Permission scope for the operators. Possible values are `cluster` (full access) or `namespace` (restricted access). Default: `cluster`.
+| `--scope` `-s` | String | Permission scope for the operators. Possible values are `cluster` (full access) or `namespace` (restricted access). Default: `cluster`. |
 | `--suspend` | flag | Suspends all source and kustomize reconciliations defined in this Flux configuration. Reconciliations active at the time of suspension will continue.  |
 
 ## Source general arguments

articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md

@@ -2,7 +2,7 @@
 title: Use Azure Key Vault Secrets Provider extension to fetch secrets into Azure Arc-enabled Kubernetes clusters
 description: Learn how to set up the Azure Key Vault Provider for Secrets Store CSI Driver interface as an extension on Azure Arc enabled Kubernetes cluster
 ms.custom: devx-track-azurecli
-ms.date: 07/27/2023
+ms.date: 02/09/2024
 ms.topic: how-to
 ---
 
@@ -24,7 +24,7 @@ Capabilities of the Azure Key Vault Secrets Provider extension include:
 - A cluster with a supported Kubernetes distribution that has already been [connected to Azure Arc](quickstart-connect-cluster.md). The following Kubernetes distributions are currently supported for this scenario:
   - Cluster API Azure
   - Azure Kubernetes Service (AKS) clusters on Azure Stack HCI
-  - AKS hybrid clusters provisioned from Azure
+  - AKS enabled by Azure Arc
   - Google Kubernetes Engine
   - OpenShift Kubernetes Distribution
   - Canonical Kubernetes Distribution
@@ -33,18 +33,14 @@ Capabilities of the Azure Key Vault Secrets Provider extension include:
   - Azure Red Hat OpenShift
 - Ensure you've met the [general prerequisites for cluster extensions](extensions.md#prerequisites). You must use version 0.4.0 or newer of the `k8s-extension` Azure CLI extension.
 
-> [!TIP]
-> When using this extension with [AKS hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) you must set `--cluster-type` to use `provisionedClusters` and also add `--cluster-resource-provider microsoft.hybridcontainerservice` to the command. Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
-
 ## Install the Azure Key Vault Secrets Provider extension on an Arc-enabled Kubernetes cluster
 
 You can install the Azure Key Vault Secrets Provider extension on your connected cluster in the Azure portal, by using Azure CLI, or by deploying an ARM template.
 
-> [!TIP]
-> If the cluster is behind an outbound proxy server, ensure that you connect it to Azure Arc using the [proxy configuration](quickstart-connect-cluster.md#connect-using-an-outbound-proxy-server) option before installing the extension.
+Only one instance of the extension can be deployed on each Azure Arc-enabled Kubernetes cluster.
 
 > [!TIP]
-> Only one instance of the extension can be deployed on each Azure Arc-enabled Kubernetes cluster.
+> If the cluster is behind an outbound proxy server, ensure that you connect it to Azure Arc using the [proxy configuration](quickstart-connect-cluster.md#connect-using-an-outbound-proxy-server) option before installing the extension.
 
 ### Azure portal
 
@@ -284,7 +280,7 @@ Before you move on to the next section, take note of the following properties:
 Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed through a service principal. Follow these steps to provide an identity that can access your Key Vault.
 
 1. Follow the steps [to create a service principal in Azure](../../active-directory/develop/howto-create-service-principal-portal.md#register-an-application-with-azure-ad-and-create-a-service-principal). Take note of the Client ID and Client Secret generated in this step.
-1. Provide Azure Key Vault GET permission to the created service principal by [following these steps](../../key-vault/general/assign-access-policy.md).
+1. Next, [ensure Azure Key Vault has GET permission to the created service principal](../../key-vault/general/assign-access-policy.md#assign-an-access-policy).
 1. Use the client ID and Client Secret from the first step to create a Kubernetes secret on the connected cluster:
 
    ```bash
@@ -297,7 +293,7 @@ Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed
    kubectl label secret secrets-store-creds secrets-store.csi.k8s.io/used=true
    ```
 
-1. Create a SecretProviderClass with the following YAML, filling in your values for key vault name, tenant ID, and objects to retrieve from your AKV instance:
+1. Create a `SecretProviderClass` with the following YAML, filling in your values for key vault name, tenant ID, and objects to retrieve from your AKV instance:
 
    ```yml
    # This is a SecretProviderClass example using service principal to access Keyvault
@@ -320,7 +316,7 @@ Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed
        tenantId: <tenant-Id>                # The tenant ID of the Azure Key Vault instance
    ```
 
-   For use with national clouds, change `cloudName` to `AzureUSGovernmentCloud` for U.S. Government Cloud, or to `AzureChinaCloud` for Azure China Cloud.
+   For use with national clouds, change `cloudName` to `AzureUSGovernmentCloud` for Azure Government, or to `AzureChinaCloud` for Microsoft Azure operated by 21Vianet.
 
 1. Apply the SecretProviderClass to your cluster:
 
@@ -400,7 +396,7 @@ You can also change these settings after installation by using the `az k8s-exten
 az k8s-extension update --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --name akvsecretsprovider --configuration-settings secrets-store-csi-driver.enableSecretRotation=true secrets-store-csi-driver.rotationPollInterval=3m secrets-store-csi-driver.syncSecret.enabled=true
 ```
 
-You can use other configuration settings as needed for your deployment. For example, to change the kubelet root directory while creating a cluster, modify the az k8s-extension create command:
+You can use other configuration settings as needed for your deployment. For example, to change the kubelet root directory while creating a cluster, modify the `az k8s-extension create` command:
 
 ```azurecli-interactive
 az k8s-extension create --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --cluster-type connectedClusters --extension-type Microsoft.AzureKeyVaultSecretsProvider --name akvsecretsprovider --configuration-settings linux.kubeletRootDir=/path/to/kubelet secrets-store-csi-driver.linux.kubeletRootDir=/path/to/kubelet

articles/azure-arc/kubernetes/tutorial-arc-enabled-open-service-mesh.md

@@ -30,7 +30,7 @@ Azure Arc-enabled Open Service Mesh can be deployed through Azure portal, Azure
 - The following Kubernetes distributions are currently supported:
   - AKS (Azure Kubernetes Service) Engine
   - AKS clusters on Azure Stack HCI
-  - AKS hybrid clusters provisioned from Azure
+  - AKS enabled by Azure Arc
   - Cluster API Azure
   - Google Kubernetes Engine
   - Canonical Kubernetes Distribution
@@ -40,9 +40,6 @@ Azure Arc-enabled Open Service Mesh can be deployed through Azure portal, Azure
   - VMware Tanzu Kubernetes Grid
 - Azure Monitor integration with Azure Arc-enabled Open Service Mesh is available [in preview with limited support](#monitoring-application-using-azure-monitor-and-applications-insights-preview).
 
-> [!TIP]
-> When using this extension with [AKS hybrid clusters provisioned from Azure](extensions.md#aks-hybrid-clusters-provisioned-from-azure-preview) you must set `--cluster-type` to use `provisionedClusters` and also add `--cluster-resource-provider microsoft.hybridcontainerservice` to the command. Installing Azure Arc extensions on AKS hybrid clusters provisioned from Azure is currently in preview.
-
 ## Basic installation using Azure portal
 
 To deploy using Azure portal, once you have an Arc connected cluster, go to the cluster's **Open Service Mesh** section.