Merge pull request #100108 from dlepow/acifix2

[ACI] VNet update

Author: tiburd

articles/container-instances/TOC.yml

@@ -55,7 +55,7 @@
   items:
   - name: Deploy
     items:
-    - name: Deploy in a virtual network (preview)
+    - name: Deploy in a virtual network
       href: container-instances-vnet.md
     - name: Deploy from Azure Container Registry
       href: container-instances-using-azure-container-registry.md

articles/container-instances/container-instances-container-groups.md

@@ -27,7 +27,7 @@ This example container group:
 * Includes two Azure file shares as volume mounts, and each container mounts one of the shares locally.
 
 > [!NOTE]
-> Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single instance. While we are working to bring all features to Windows containers, you can find current platform differences in the service [Overview](container-instances-overview.md#linux-and-windows-containers).
+> Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single container instance. While we are working to bring all features to Windows containers, you can find current platform differences in the service [Overview](container-instances-overview.md#linux-and-windows-containers).
 
 ## Deployment
 
@@ -39,19 +39,19 @@ To preserve a container group's configuration, you can export the configuration
 
 ## Resource allocation
 
-Azure Container Instances allocates resources such as CPUs, memory, and optionally [GPUs][gpus] (preview) to a multi-container group by adding the [resource requests][resource-requests] of the instances in the group. Taking CPU resources as an example, if you create a container group with two instances, each requesting 1 CPU, then the container group is allocated 2 CPUs.
+Azure Container Instances allocates resources such as CPUs, memory, and optionally [GPUs][gpus] (preview) to a multi-container group by adding the [resource requests][resource-requests] of the instances in the group. Taking CPU resources as an example, if you create a container group with two container instances, each requesting 1 CPU, then the container group is allocated 2 CPUs.
 
-### Resource usage by instances
+### Resource usage by container instances
 
-Each container instance in a group is allocated the resources specified in its resource request. However, the maximum resources used by an instance in a group could be different if you configure its optional [resource limit][resource-limits] property. The resource limit of an instance must be greater than or equal to the mandatory [resource request][resource-requests] property.
+Each container instance in a group is allocated the resources specified in its resource request. However, the maximum resources used by a container instance in a group could be different if you configure its optional [resource limit][resource-limits] property. The resource limit of a container instance must be greater than or equal to the mandatory [resource request][resource-requests] property.
 
-* If you don't specify a resource limit, the instance's maximum resource usage is the same as its resource request.
+* If you don't specify a resource limit, the container instance's maximum resource usage is the same as its resource request.
 
-* If you specify a limit for an instance, the instance's maximum usage could be greater than the request, up to the limit you set. Correspondingly, resource usage by other instances in the group could decrease. The maximum resource limit you can set for an instance is the total resources allocated to the group.
+* If you specify a limit for a container instance, the instance's maximum usage could be greater than the request, up to the limit you set. Correspondingly, resource usage by other container instances in the group could decrease. The maximum resource limit you can set for a container instance is the total resources allocated to the group.
 
-For example, in a group with two instances each requesting 1 CPU, one of your containers might run a workload that requires more CPUs to run than the other.
+For example, in a group with two container instances each requesting 1 CPU, one of your containers might run a workload that requires more CPUs to run than the other.
 
-In this scenario, you could set a resource limit of 2 CPUs for the instance. This configuration allows the container to use up to the full 2 CPUs if available.
+In this scenario, you could set a resource limit of 2 CPUs for the container instance. This configuration allows the container instance to use up to the full 2 CPUs if available.
 
 ### Minimum and maximum allocation
 
@@ -63,9 +63,9 @@ In this scenario, you could set a resource limit of 2 CPUs for the instance. Thi
 
 Container groups can share an external-facing IP address, one or more ports on that IP address, and a DNS label with a fully qualified domain name (FQDN). To enable external clients to reach a container within the group, you must expose the port on the IP address and from the container. Because containers within the group share a port namespace, port mapping isn't supported. A container group's IP address and FQDN will be released when the container group is deleted. 
 
-Within a container group, containers instances can reach each other via localhost on any port, even if those ports aren't exposed externally on the group's IP address or from the container.
+Within a container group, container instances can reach each other via localhost on any port, even if those ports aren't exposed externally on the group's IP address or from the container.
 
-Optionally deploy container groups into an [Azure virtual network][virtual-network] (preview) to allow containers to communicate securely with other resources in the virtual network.
+Optionally deploy container groups into an [Azure virtual network][virtual-network] to allow containers to communicate securely with other resources in the virtual network.
 
 ## Storage
 

articles/container-instances/container-instances-faq.md

@@ -3,7 +3,7 @@ title: Frequently asked questions
 description: Answers for frequently asked questions related to the Azure Container Instances service 
 author: dkkapur
 ms.topic: article
-ms.date: 4/25/2019
+ms.date: 01/07/2020
 ---
 
 # Frequently asked questions about Azure Container Instances
@@ -78,7 +78,7 @@ Currently, scaling is not available for containers or container groups. If you n
 
 ### What features are available to instances running in a custom VNet?
 
-You can deploy container groups in an Azure virtual network of your choice, and delegate private IPs to the container groups to route traffic within the VNet across your Azure resources. Deployment of a container group into a virtual network is currently in preview, and some aspects of this feature may change prior to general availability (GA). See [Preview limitations](container-instances-vnet.md#preview-limitations) for updated information.
+You can [deploy container groups in an Azure virtual network](container-instances-vnet.md) of your choice, and delegate private IPs to the container groups to route traffic within the VNet across your Azure resources. Deployment of a container group into a virtual network is currently available for production workloads in a subset of Azure regions.
 
 ## Pricing
 

articles/container-instances/container-instances-overview.md

@@ -49,7 +49,7 @@ Some features are currently restricted to Linux containers:
 * Multiple containers per container group
 * Volume mounting ([Azure Files](container-instances-volume-azure-files.md), [emptyDir](container-instances-volume-emptydir.md), [GitRepo](container-instances-volume-gitrepo.md), [secret](container-instances-volume-secret.md))
 * [Resource usage metrics](container-instances-monitor.md) with Azure Monitor
-* [Virtual network deployment](container-instances-vnet.md) (preview)
+* [Virtual network deployment](container-instances-vnet.md)
 * [GPU resources](container-instances-gpu.md) (preview)
 
 For Windows container deployments, use images based on common [Windows base images](container-instances-faq.md#what-windows-base-os-images-are-supported).
@@ -61,12 +61,9 @@ For Windows container deployments, use images based on common [Windows base imag
 
 Azure Container Instances supports scheduling of [multi-container groups](container-instances-container-groups.md) that share a host machine, local network, storage, and lifecycle. This enables you to combine your main application container with other supporting role containers, such as logging sidecars.
 
-## Virtual network deployment (preview)
+## Virtual network deployment
 
-Currently in preview, this feature of Azure Container Instances enables [deployment of container instances into an Azure virtual network](container-instances-vnet.md). By deploying container instances into a subnet within your virtual network, they can communicate securely with other resources in the virtual network, including those that are on premises (through [VPN gateway](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [ExpressRoute](../expressroute/expressroute-introduction.md)).
-
-> [!IMPORTANT]
-> Certain features of Azure Container Instances are in preview, and some [limitations apply](container-instances-vnet.md#preview-limitations). Previews are made available to you on the condition that you agree to the [supplemental terms of use][terms-of-use]. Some aspects of these features may change prior to general availability (GA).
+Currently available for production workloads in a subset of Azure regions, this feature of Azure Container Instances enables [deployment of container instances into an Azure virtual network](container-instances-vnet.md). By deploying container instances into a subnet within your virtual network, they can communicate securely with other resources in the virtual network, including those that are on premises (through [VPN gateway](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [ExpressRoute](../expressroute/expressroute-introduction.md)).
 
 ## Next steps
 

articles/container-instances/container-instances-region-availability.md

@@ -40,9 +40,9 @@ The following regions and resources are available to container groups with Windo
 | East US 2, West US 2 | Windows | 2 | 3.5 |
 
 
-## Availability - Virtual network deployment (preview)
+## Availability - Virtual network deployment
 
-The following regions and resources are available to a container group deployed in an [Azure virtual network](container-instances-vnet.md) (preview).
+The following regions and resources are available to a container group deployed in an [Azure virtual network](container-instances-vnet.md).
 
 [!INCLUDE [container-instances-vnet-limits](../../includes/container-instances-vnet-limits.md)]
 

articles/container-instances/container-instances-vnet.md

@@ -2,7 +2,7 @@
 title: Deploy container group to Azure virtual network
 description: Learn how to deploy container groups to a new or existing Azure virtual network.
 ms.topic: article
-ms.date: 12/17/2019
+ms.date: 01/06/2020
 ms.author: danlep
 
 ---
@@ -20,7 +20,7 @@ Container groups deployed into an Azure virtual network enable scenarios like:
 * Container communication with on-premises resources through a [VPN gateway](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [ExpressRoute](../expressroute/expressroute-introduction.md)
 
 > [!IMPORTANT]
-> This feature is currently in preview, and some [limitations apply](#preview-limitations). Previews are made available to you on the condition that you agree to the [supplemental terms of use][terms-of-use]. Some aspects of this feature may change prior to general availability (GA).
+> Container group deployments to a virtual network are generally available for production workloads only in the following regions: **East US, South Central US, and West US 2**. In other regions where the feature is available, virtual network deployments are currently in preview, with general availability planned in the near future. Previews are made available to you on the condition that you agree to the [supplemental terms of use][terms-of-use]. 
 
 
 ## Virtual network deployment limitations
@@ -29,11 +29,7 @@ Certain limitations apply when you deploy container groups to a virtual network.
 
 * To deploy container groups to a subnet, the subnet cannot contain any other resource types. Remove all existing resources from an existing subnet prior to deploying container groups to it, or create a new subnet.
 * You cannot use a [managed identity](container-instances-managed-identity.md) in a container group deployed to a virtual network.
-* Due to the additional networking resources involved, deploying a container group to a virtual network is typically somewhat slower than deploying a standard container instance.
-
-## Preview limitations
-
-While this feature is in preview, the following limitations apply when deploying container groups to a virtual network. 
+* Due to the additional networking resources involved, deploying a container group to a virtual network is typically slower than deploying a standard container instance.
 
 [!INCLUDE [container-instances-vnet-limits](../../includes/container-instances-vnet-limits.md)]
 
@@ -42,8 +38,10 @@ Container resource limits may differ from limits for non-networked container ins
 ### Unsupported networking scenarios 
 
 * **Azure Load Balancer** - Placing an Azure Load Balancer in front of container instances in a networked container group is not supported
-* **Virtual network peering** - VNet peering will not work for ACI if the network to which the ACI VNet is being peered to uses a public IP space. The peered network needs an RFC1918 private IP space in order for peering to work. Additionally, you currently can only peer your VNet to one other VNet
-* **Virtual network traffic routing** - Customer routes cannot be set up around public IPs. Routes can be set up within the private IP space of the delegated subnet in which the ACI resources are deployed 
+* **Virtual network peering**
+  * VNet peering will not work for ACI if the network that the ACI VNet is peering to uses a public IP space. The peered network needs an RFC 1918 private IP space in order for VNet peering to work. 
+  * You can only peer your VNet to one other VNet
+* **Virtual network traffic routing** - Custom routes cannot be set up around public IPs. Routes can be set up within the private IP space of the delegated subnet in which the ACI resources are deployed 
 * **Network security groups** - Outbound security rules in NSGs applied to a subnet delegated to Azure Container Instances aren't currently enforced 
 * **Public IP or DNS label** - Container groups deployed to a virtual network don't currently support exposing containers directly to the internet with a public IP address or a fully qualified domain name
 * **Internal name resolution** - Name resolution for Azure resources in the virtual network via the internal Azure DNS is not supported
@@ -95,7 +93,7 @@ Once you've deployed your first container group with this method, you can deploy
 
 To deploy a container group to an existing virtual network:
 
-1. Create a subnet within your existing virtual network, or empty an existing subnet of *all* other resources
+1. Create a subnet within your existing virtual network, use an existing subnet in which a container group is already deployed, or use an existing subnet emptied of *all* other resources
 1. Deploy a container group with [az container create][az-container-create] and specify one of the following:
    * Virtual network name and subnet name
    * Virtual network resource ID and subnet resource ID, which allows using a virtual network from a different resource group
@@ -111,7 +109,7 @@ The following sections describe how to deploy container groups to a virtual netw
 
 First, deploy a container group and specify the parameters for a new virtual network and subnet. When you specify these parameters, Azure creates the virtual network and subnet, delegates the subnet to Azure Container instances, and also creates a network profile. Once these resources are created, your container group is deployed to the subnet.
 
-Run the following [az container create][az-container-create] command that specifies settings for a new virtual network and subnet. You need to supply the name of a resource group that was created in a region that [supports](#preview-limitations) container groups in a virtual network. This command deploys the public Microsoft [aci-helloworld][aci-helloworld] container that runs a small Node.js webserver serving a static web page. In the next section, you'll deploy a second container group to the same subnet, and test communication between the two container instances.
+Run the following [az container create][az-container-create] command that specifies settings for a new virtual network and subnet. You need to supply the name of a resource group that was created in a region where container group deployments in a virtual network are [available](#virtual-network-deployment-limitations). This command deploys the public Microsoft [aci-helloworld][aci-helloworld] container that runs a small Node.js webserver serving a static web page. In the next section, you'll deploy a second container group to the same subnet, and test communication between the two container instances.
 
 ```azurecli
 az container create \
@@ -176,7 +174,7 @@ The log output should show that `wget` was able to connect and download the inde
 
 ### Deploy to existing virtual network - YAML
 
-You can also deploy a container group to an existing virtual network by using a YAML file. To deploy to a subnet in a virtual network, you specify several additional properties in the YAML:
+You can also deploy a container group to an existing virtual network by using a YAML file, a Resource Manager template, or another programmatic method such as with the Python SDK. To deploy to a subnet in a virtual network, you specify several additional properties in the YAML:
 
 * `ipAddress`: The IP address settings for the container group.
   * `ports`: The ports to open, if any.
@@ -221,7 +219,7 @@ properties:
     - protocol: tcp
       port: '80'
   networkProfile:
-    id: /subscriptions/<Subscription ID>/resourceGroups/container/providers/Microsoft.Network/networkProfiles/aci-network-profile-aci-vnet-subnet
+    id: /subscriptions/<Subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkProfiles/aci-network-profile-aci-vnet-subnet
   osType: Linux
   restartPolicy: Always
 tags: null
@@ -259,9 +257,9 @@ az container delete --resource-group myResourceGroup --name appcontaineryaml -y
 
 
 > [!NOTE]
-> If you recieve an error while attempting to remove the Network Profile allow 2-3 days for the platform to automatically mitigate the issue and attempt the deletion again. If you still have issues removing the Network Profile [open a support reqest.](https://azure.microsoft.com/support/create-ticket/)
+> If you receive an error while attempting to remove the network profile, allow 2-3 days for the platform to automatically mitigate the issue and attempt the deletion again. If you still have issues removing the network profile, [open a support request](https://azure.microsoft.com/support/create-ticket/).
 
-The initial preview of this feature requires several additional commands to delete the network resources you created earlier. If you used the example commands in previous sections of this article to create your virtual network and subnet, then you can use the following script to delete those network resources.
+This feature currently requires several additional commands to delete the network resources you created earlier. If you used the example commands in previous sections of this article to create your virtual network and subnet, then you can use the following script to delete those network resources.
 
 Before executing the script, set the `RES_GROUP` variable to the name of the resource group containing the virtual network and subnet that should be deleted. Update the name of the virtual network if you did not use the `aci-vnet` name suggested earlier. The script is formatted for the Bash shell. If you prefer another shell such as PowerShell or Command Prompt, you'll need to adjust variable assignment and accessors accordingly.