MicrosoftDocs
diff --git a/‎.openpublishing.redirection.virtual-desktop.json
Lines changed: 40 additions & 0 deletions b/‎.openpublishing.redirection.virtual-desktop.json
Lines changed: 40 additions & 0 deletions
diff --git a/‎articles/azure-arc/kubernetes/conceptual-gitops-flux2.md
Lines changed: 5 additions & 5 deletions b/‎articles/azure-arc/kubernetes/conceptual-gitops-flux2.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/azure-arc/kubernetes/troubleshooting.md
Lines changed: 9 additions & 1 deletion b/‎articles/azure-arc/kubernetes/troubleshooting.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎articles/azure-arc/kubernetes/tutorial-use-gitops-flux2.md
Lines changed: 50 additions & 4 deletions b/‎articles/azure-arc/kubernetes/tutorial-use-gitops-flux2.md
Lines changed: 50 additions & 4 deletions
@@ -34,6 +34,46 @@
             "source_path": "articles/virtual-desktop/azure-stack-hci-faq.yml",
             "redirect_url": "/azure/virtual-desktop/azure-stack-hci",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-android.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-android-chrome-os",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-ios.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-ios-ipados",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-macos.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-macos",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-microsoft-store.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-microsoft-store",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-web.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-web",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/connect-windows-7-10.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-windows",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/index.yml",
+            "redirect_url": "/azure/virtual-desktop/users/",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/user-documentation/linux-overview.md",
+            "redirect_url": "/azure/virtual-desktop/users/connect-thin-clients",
+            "redirect_document_id": true
         }
     ]
 }
@@ -4,7 +4,7 @@ description: "This article provides a conceptual overview of GitOps in Azure for
 keywords: "GitOps, Flux, Kubernetes, K8s, Azure, Arc, AKS, Azure Kubernetes Service, containers, devops"
 services: azure-arc, aks
 ms.service: azure-arc
-ms.date: 10/12/2022
+ms.date: 10/24/2022
 ms.topic: conceptual
 ---
 
@@ -20,7 +20,7 @@ With GitOps, you declare the desired state of your Kubernetes clusters in files
 
 Because these files are stored in a Git repository, they're versioned, and changes between versions are easily tracked. Kubernetes controllers run in the clusters and continually reconcile the cluster state with the desired state declared in the Git repository. These operators pull the files from the Git repositories and apply the desired state to the clusters. The operators also continuously assure that the cluster remains in the desired state.
 
-GitOps on Azure Arc-enabled Kubernetes or Azure Kubernetes Service uses [Flux](https://fluxcd.io/docs/), a popular open-source tool set. Flux provides support for common file sources (Git and Helm repositories, Buckets) and template types (YAML, Helm, and Kustomize). Flux also supports multi-tenancy and deployment dependency management, among [other features](https://fluxcd.io/docs/).
+GitOps on Azure Arc-enabled Kubernetes or Azure Kubernetes Service uses [Flux](https://fluxcd.io/docs/), a popular open-source tool set. Flux provides support for common file sources (Git and Helm repositories, Buckets, Azure Blob Storage) and template types (YAML, Helm, and Kustomize). Flux also supports multi-tenancy and deployment dependency management, among [other features](https://fluxcd.io/docs/).
 
 ## Flux cluster extension
 
@@ -38,7 +38,7 @@ The most recent version of the Flux v2 extension and the two previous versions (
 
 The `microsoft.flux` extension installs by default the [Flux controllers](https://fluxcd.io/docs/components/) (Source, Kustomize, Helm, Notification) and the FluxConfig CRD, fluxconfig-agent, and fluxconfig-controller. You can control which of these controllers is installed and can optionally install the Flux image-automation and image-reflector controllers, which provide functionality around updating and retrieving Docker images.
 
-* [Flux Source controller](https://toolkit.fluxcd.io/components/source/controller/): Watches the source.toolkit.fluxcd.io custom resources. Handles the synchronization between the Git repositories, Helm repositories, and Buckets. Handles authorization with the source for private Git and Helm repos. Surfaces the latest changes to the source through a tar archive file.
+* [Flux Source controller](https://toolkit.fluxcd.io/components/source/controller/): Watches the source.toolkit.fluxcd.io custom resources. Handles the synchronization between the Git repositories, Helm repositories, Buckets and Azure Blob storage. Handles authorization with the source for private Git, Helm repos and Azure blob storage accounts. Surfaces the latest changes to the source through a tar archive file.
 * [Flux Kustomize controller](https://toolkit.fluxcd.io/components/kustomize/controller/): Watches the `kustomization.toolkit.fluxcd.io` custom resources. Applies Kustomize or raw YAML files from the source onto the cluster.
 * [Flux Helm controller](https://toolkit.fluxcd.io/components/helm/controller/): Watches the `helm.toolkit.fluxcd.io` custom resources. Retrieves the associated chart from the Helm Repository source surfaced by the Source controller. Creates the `HelmChart` custom resource and applies the `HelmRelease` with given version, name, and customer-defined values to the cluster.
 * [Flux Notification controller](https://toolkit.fluxcd.io/components/notification/controller/): Watches the `notification.toolkit.fluxcd.io` custom resources. Receives notifications from all Flux controllers. Pushes notifications to user-defined webhook endpoints.
@@ -69,7 +69,7 @@ The `microsoft.flux` extension installs by default the [Flux controllers](https:
 
 :::image type="content" source="media/gitops/flux2-config-install.png" alt-text="Diagram showing the installation of a Flux configuration in an Azure Arc-enabled Kubernetes or Azure Kubernetes Service cluster." lightbox="media/gitops/flux2-config-install.png":::
 
-You create Flux configuration resources (`Microsoft.KubernetesConfiguration/fluxConfigurations`) to enable GitOps management of the cluster from your Git repos or Bucket sources. When you create a `fluxConfigurations` resource, the values you supply for the parameters, such as the target Git repo, are used to create and configure the Kubernetes objects that enable the GitOps process in that cluster. To ensure data security, the `fluxConfigurations` resource data is stored encrypted at rest in an Azure Cosmos DB database by the Cluster Configuration service.
+You create Flux configuration resources (`Microsoft.KubernetesConfiguration/fluxConfigurations`) to enable GitOps management of the cluster from your Git repos, Bucket sources or Azure Blob Storage. When you create a `fluxConfigurations` resource, the values you supply for the parameters, such as the target Git repo, are used to create and configure the Kubernetes objects that enable the GitOps process in that cluster. To ensure data security, the `fluxConfigurations` resource data is stored encrypted at rest in an Azure Cosmos DB database by the Cluster Configuration service.
 
 The `fluxconfig-agent` and `fluxconfig-controller` agents, installed with the `microsoft.flux` extension, manage the GitOps configuration process.  
 
@@ -87,7 +87,7 @@ The `fluxconfig-agent` and `fluxconfig-controller` agents, installed with the `m
 * Sets up RBAC (service account provisioned, role binding created/assigned, role created/assigned).
 * Creates `GitRepository` or `Bucket` custom resource and `Kustomization` custom resources from the information in the `FluxConfig` custom resource.
 
-Each `fluxConfigurations` resource in Azure will be associated in a Kubernetes cluster with one Flux `GitRepository` or `Bucket` custom resource and one or more `Kustomization` custom resources. When you create a `fluxConfigurations` resource, you'll specify, among other information, the URL to the source (Git repository or Bucket) and the sync target in the source for each `Kustomization`. You can configure dependencies between `Kustomization` custom resources to control deployment sequencing. Also, you can create multiple namespace-scoped `fluxConfigurations` resources on the same cluster for different applications and app teams.
+Each `fluxConfigurations` resource in Azure will be associated in a Kubernetes cluster with one Flux `GitRepository` or `Bucket` custom resource and one or more `Kustomization` custom resources. When you create a `fluxConfigurations` resource, you'll specify, among other information, the URL to the source (Git repository, Bucket or Azure Blob storage) and the sync target in the source for each `Kustomization`. You can configure dependencies between `Kustomization` custom resources to control deployment sequencing. Also, you can create multiple namespace-scoped `fluxConfigurations` resources on the same cluster for different applications and app teams.
 
 > [!NOTE]
 > The `fluxconfig-agent` monitors for new or updated `fluxConfiguration` resources in Azure. The agent requires connectivity to Azure for the desired state of the `fluxConfiguration` to be applied to the cluster. If the agent is unable to connect to Azure, there will be a delay in making the changes in the cluster until the agent can connect. If the cluster is disconnected from Azure for more than 48 hours, then the request to the cluster will time-out, and the changes will need to be re-applied in Azure.
 
@@ -3,7 +3,7 @@ title: "Troubleshoot common Azure Arc-enabled Kubernetes issues"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
-ms.date: 09/15/2022
+ms.date: 10/24/2022
 ms.topic: how-to
 description: "Learn how to resolve common issues with Azure Arc-enabled Kubernetes clusters and GitOps."
 keywords: "Kubernetes, Arc, Azure, containers, GitOps, Flux"
@@ -422,6 +422,14 @@ spec:
     app.kubernetes.io/name: flux-extension
 ```
 
+### Flux v2 - Installing the `microsoft.flux` extension in a cluster with Kubelet Identity enabled
+
+When working with Azure Kubernetes clusters, one of the authentication options to use is kubelet identity. In order to let Flux use this, add a parameter --config useKubeletIdentity=true at the time of Flux extension installation.
+
+```console
+az k8s-extension create --resource-group <resource-group> --cluster-name <cluster-name> --cluster-type managedClusters --name flux --extension-type microsoft.flux --config useKubeletIdentity=true
+```
+
 ### Flux v2 - `microsoft.flux` extension installation CPU and memory limits
 
 The controllers installed in your Kubernetes cluster with the Microsoft.Flux extension require the following CPU and memory resource limits to properly schedule on Kubernetes cluster nodes.
 
@@ -4,7 +4,7 @@ description: "This tutorial shows how to use GitOps with Flux v2 to manage confi
 keywords: "GitOps, Flux, Flux v2, Kubernetes, K8s, Azure, Arc, AKS, Azure Kubernetes Service, containers, devops"
 services: azure-arc, aks
 ms.service: azure-arc
-ms.date: 10/12/2022
+ms.date: 10/24/2022
 ms.topic: tutorial
 ms.custom: template-tutorial, devx-track-azurecli, references_regions, ignite-2022
 ---
@@ -634,6 +634,14 @@ Here's an example for including the [Flux image-reflector and image-automation c
 az k8s-extension create -g <cluster_resource_group> -c <cluster_name> -t <connectedClusters or managedClusters> --name flux --extension-type microsoft.flux --config image-automation-controller.enabled=true image-reflector-controller.enabled=true
 ```
 
+### Using Kubelet identity as authentication method for Azure Kubernetes Clusters
+
+When working with Azure Kubernetes clusters, one of the authentication options to use is kubelet identity. In order to let Flux use this, add a parameter --config useKubeletIdentity=true at the time of Flux extension installation.
+
+```console
+az k8s-extension create --resource-group <resource-group> --cluster-name <cluster-name> --cluster-type managedClusters --name flux --extension-type microsoft.flux --config useKubeletIdentity=true
+```
+
 ### Red Hat OpenShift onboarding guidance
 
 Flux controllers require a **nonroot** [Security Context Constraint](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.2/html/authentication/managing-pod-security-policies) to properly provision pods on the cluster. These constraints must be added to the cluster prior to onboarding of the `microsoft.flux` extension.
@@ -697,8 +705,9 @@ Arguments
     --bucket-insecure              : Communicate with a bucket without TLS.  Allowed values: false,
                                      true.
     --bucket-name                  : Name of the S3 bucket to sync.
+    --container-name               : Name of the Azure Blob Storage container to sync
     --interval --sync-interval     : Time between reconciliations of the source on the cluster.
-    --kind                         : Source kind to reconcile.  Allowed values: bucket, git.
+    --kind                         : Source kind to reconcile.  Allowed values: bucket, git, azblob.
                                      Default: git.
     --kustomization -k             : Define kustomizations to sync sources with parameters ['name',
                                      'path', 'depends_on', 'timeout', 'sync_interval',
@@ -752,6 +761,17 @@ Global Arguments
     --subscription                 : Name or ID of subscription. You can configure the default
                                      subscription using `az account set -s NAME_OR_ID`.
     --verbose                      : Increase logging verbosity. Use --debug for full debug logs.
+    
+Azure Blob Storage Account Auth Arguments
+    --sp_client_id                 : The client ID for authenticating a service principal with Azure Blob, required for this authentication method
+    --sp_tenant_id                 : The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method
+    --sp_client_secret             : The client secret for authenticating a service principal with Azure Blob
+    --sp_client_cert               : The Base64 encoded client certificate for authenticating a service principal with Azure Blob
+    --sp_client_cert_password      : The password for the client certificate used to authenticate a service principal with Azure Blob
+    --sp_client_cert_send_chain    : Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate
+    --account_key                  : The Azure Blob Shared Key for authentication
+    --sas_token                    : The Azure Blob SAS Token for authentication
+    --mi_client_id                 : The client ID of the managed identity for authentication with Azure Blob
 
 Examples
     Create a Flux v2 Kubernetes configuration
@@ -768,6 +788,14 @@ Examples
         --kind bucket --url https://bucket-provider.minio.io \
         --bucket-name my-bucket --kustomization name=my-kustomization \
         --bucket-access-key my-access-key --bucket-secret-key my-secret-key
+        
+    Create a Kubernetes v2 Flux Configuration with Azure Blob Storage Source Kind
+        az k8s-configuration flux create --resource-group my-resource-group \
+        --cluster-name mycluster --cluster-type connectedClusters \
+        --name myconfig --scope cluster --namespace my-namespace \
+        --kind azblob --url https://mystorageaccount.blob.core.windows.net \
+        --container-name my-container --kustomization name=my-kustomization \
+        --account-key my-account-key
 ```
 
 ### Configuration general arguments
@@ -786,7 +814,7 @@ Examples
 
 | Parameter | Format | Notes |
 | ------------- | ------------- | ------------- |
-| `--kind` | String | Source kind to reconcile. Allowed values: `bucket`, `git`.  Default: `git`. |
+| `--kind` | String | Source kind to reconcile. Allowed values: `bucket`, `git`, `azblob`.  Default: `git`. |
 | `--timeout` | [golang duration format](https://pkg.go.dev/time#Duration.String) | Maximum time to attempt to reconcile the source before timing out. Default: `10m`. |
 | `--sync-interval` `--interval` | [golang duration format](https://pkg.go.dev/time#Duration.String) | Time between reconciliations of the source on the cluster. Default: `10m`. |
 
@@ -867,9 +895,27 @@ If you use a `bucket` source instead of a `git` source, here are the bucket-spec
 | `--bucket-secret-key` | String | Secret Key used to authenticate with the `bucket`. |
 | `--bucket-insecure` | Boolean | Communicate with a `bucket` without TLS.  If not provided, assumed false; if provided, assumed true. |
 
+### Azure Blob Storage Account source arguments
+
+If you use a `azblob` source, here are the blob-specific command arguments.
+
+| Parameter | Format | Notes |
+| ------------- | ------------- | ------------- |
+| `--url` `-u` | URL String | The URL for the `azblob`. |
+| `--container-name` | String | Name of the Azure Blob Storage container to sync |
+| `--sp_client_id` | String | The client ID for authenticating a service principal with Azure Blob, required for this authentication method |
+| `--sp_tenant_id` | String | The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method |
+| `--sp_client_secret` | String | The client secret for authenticating a service principal with Azure Blob |
+| `--sp_client_cert` | String | The Base64 encoded client certificate for authenticating a service principal with Azure Blob |
+| `--sp_client_cert_password` | String | The password for the client certificate used to authenticate a service principal with Azure Blob |
+| `--sp_client_cert_send_chain` | String | Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate |
+| `--account_key` | String | The Azure Blob Shared Key for authentication |
+| `--sas_token` | String | The Azure Blob SAS Token for authentication |
+| `--mi_client_id` | String | The client ID of the managed identity for authentication with Azure Blob |
+
 ### Local secret for authentication with source
 
-You can use a local Kubernetes secret for authentication with a `git` or `bucket` source.  The local secret must contain all of the authentication parameters needed for the source and must be created in the same namespace as the Flux configuration.
+You can use a local Kubernetes secret for authentication with a `git`, `bucket` or `azBlob` source.  The local secret must contain all of the authentication parameters needed for the source and must be created in the same namespace as the Flux configuration.
 
 | Parameter | Format | Notes |
 | ------------- | ------------- | ------------- |