Merge pull request #286886 from JackStromberg/patch-255

Jill Grant · web-flow · commit e39a0496e6cc · 2024-09-17T15:35:29.000-06:00
mcr updates
diff --git a/articles/application-gateway/ingress-controller-add-health-probes.md b/articles/application-gateway/ingress-controller-add-health-probes.md
@@ -5,14 +5,17 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 06/10/2022
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Add Health Probes to your service
-By default, Ingress controller will provision an HTTP GET probe for the exposed pods.
+By default, Ingress controller provisions an HTTP GET probe for the exposed pods.
 The probe properties can be customized by adding a [Readiness or Liveness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) to your `deployment`/`pod` spec.
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## With `readinessProbe` or `livenessProbe`
 ```yaml
 apiVersion: networking.k8s.io/v1
diff --git a/articles/application-gateway/ingress-controller-annotations.md b/articles/application-gateway/ingress-controller-annotations.md
@@ -5,14 +5,17 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: conceptual
-ms.date: 5/13/2024
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Annotations for Application Gateway Ingress Controller
 
 You can annotate the Kubernetes ingress resource with arbitrary key/value pairs. Application Gateway Ingress Controller (AGIC) relies on annotations to program Azure Application Gateway features that aren't configurable via the ingress YAML. Ingress annotations are applied to all HTTP settings, backend pools, and listeners derived from an ingress resource.
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## List of supported annotations
 
 For AGIC to observe an ingress resource, the resource *must be annotated* with `kubernetes.io/ingress.class: azure/application-gateway`.
@@ -284,7 +287,7 @@ spec:
 
 ## Request Timeout
 
-Use the following annotation to specify the request timeout in seconds. After the timeout, Application Gateway fails a request if the response is not received.
+Use the following annotation to specify the request timeout in seconds. After the timeout, Application Gateway fails a request if the response isn't received.
 
 ### Usage
 
diff --git a/articles/application-gateway/ingress-controller-autoscale-pods.md b/articles/application-gateway/ingress-controller-autoscale-pods.md
@@ -6,7 +6,7 @@ author: greg-lindsay
 ms.service: azure-application-gateway
 ms.custom:
 ms.topic: how-to
-ms.date: 10/26/2023
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
@@ -25,6 +25,9 @@ Use following two components:
 > The Azure Kubernetes Metrics Adapter is no longer maintained. Kubernetes Event-driven Autoscaling (KEDA) is an alternative.<br>
 > Also see [Application Gateway for Containers](for-containers/overview.md).
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## Setting up Azure Kubernetes Metric Adapter
 
 1. First, create a Microsoft Entra service principal and assign it `Monitoring Reader` access over Application Gateway's resource group.
diff --git a/articles/application-gateway/ingress-controller-cookie-affinity.md b/articles/application-gateway/ingress-controller-cookie-affinity.md
@@ -5,13 +5,16 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 11/4/2019
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Enable Cookie based affinity with an Application Gateway
 As outlined in the [Azure Application Gateway Documentation](./application-gateway-components.md#http-settings), Application Gateway supports cookie based affinity, which means it can direct subsequent traffic from a user session to the same server for processing.
 
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
+
 ## Example
 ```yaml
 apiVersion: networking.k8s.io/v1
diff --git a/articles/application-gateway/ingress-controller-disable-addon.md b/articles/application-gateway/ingress-controller-disable-addon.md
@@ -5,19 +5,22 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 06/10/2020
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # Disable and re-enable AGIC add-on for your AKS cluster
-Application Gateway Ingress Controller (AGIC) deployed as an AKS add-on allows you to enable and disable the add-on with one line in Azure CLI. The life cycle of the Application Gateway will differ when you disable the AGIC add-on, depending on if the Application Gateway was created by the AGIC add-on, or if it was deployed separately from the AGIC add-on. You can run the same command to re-enable the AGIC add-on if you ever disable it, or to enable the AGIC add-on using an existing AKS cluster and Application Gateway.
+Application Gateway Ingress Controller (AGIC) deployed as an AKS add-on allows you to enable and disable the add-on with one line in Azure CLI. The life cycle of the Application Gateway differs when you disable the AGIC add-on, depending on if the Application Gateway was created by the AGIC add-on, or if it was deployed separately from the AGIC add-on. You can run the same command to re-enable the AGIC add-on if you ever disable it, or to enable the AGIC add-on using an existing AKS cluster and Application Gateway.
+
+> [!TIP]
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
 
 ## Disabling AGIC add-on with associated Application Gateway 
-If the AGIC add-on automatically deployed the Application Gateway for you when you first set everything up, then disabling the AGIC add-on will by default delete the Application Gateway based on a couple criteria. There are two criteria that the AGIC add-on looks for to determine if it should delete the associated Application Gateway when you disable it:
+If the AGIC add-on automatically deployed the Application Gateway for you when you first set up everything, then disabling the AGIC add-on will by default delete the Application Gateway based on a couple criteria. There are two criteria that the AGIC add-on looks for to determine if it should delete the associated Application Gateway when you disable it:
 - Is the Application Gateway that the AGIC add-on is associated with deployed in the MC_* node resource group? 
 - Does the Application Gateway that the AGIC add-on is associated with have the tag "created-by: ingress-appgw"? The tag is used by AGIC to determine if the Application Gateway was deployed by the add-on or not. 
 
-If both criteria are met, then the AGIC add-on will delete the Application Gateway it created when the add-on is disabled; however, it won't delete the public IP or the subnet in which the Application Gateway was deployed with/in. If the first criteria is not met, then it won't matter if the Application Gateway has the "created-by: ingress-appgw" tag - disabling the add-on won't delete the Application Gateway. Likewise, if the second criteria is not met, i.e. the Application Gateway lacks that tag, then disabling the add-on won't delete the Application Gateway in the MC_* node resource group. 
+If both criteria are met, then the AGIC add-on will delete the Application Gateway it created when the add-on is disabled; however, it won't delete the public IP or the subnet in which the Application Gateway was deployed with/in. If the first criteria isn't met, then it won't matter if the Application Gateway has the "created-by: ingress-appgw" tag - disabling the add-on won't delete the Application Gateway. Likewise, if the second criteria isn't met, that is. The Application Gateway lacks that tag, then disabling the add-on won't delete the Application Gateway in the MC_* node resource group. 
 
 > [!TIP] 
 > If you don't want the Application Gateway to be deleted when disabling the add-on, but it meets both criteria then remove the "created-by: ingress-appgw" tag to prevent the add-on from deleting your Application Gateway. 
@@ -36,4 +39,4 @@ az aks enable-addons -n <AKS-cluster-name> -g <AKS-cluster-resource-group> -a in
 ```
 
 ## Next steps
-For more details on how to enable the AGIC add-on using an existing Application Gateway and AKS cluster, see [AGIC add-on brownfield deployment](tutorial-ingress-controller-add-on-existing.md).
+For more information on how to enable the AGIC add-on using an existing Application Gateway and AKS cluster, see [AGIC add-on brownfield deployment](tutorial-ingress-controller-add-on-existing.md).
diff --git a/articles/application-gateway/ingress-controller-install-existing.md b/articles/application-gateway/ingress-controller-install-existing.md
@@ -6,7 +6,7 @@ author: greg-lindsay
 ms.service: azure-application-gateway
 ms.custom: devx-track-arm-template, devx-track-azurecli
 ms.topic: how-to
-ms.date: 02/07/2024
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
@@ -51,23 +51,17 @@ Gateway should that become necessary
 [Helm](/azure/aks/kubernetes-helm) is a package manager for Kubernetes, used to install the `application-gateway-kubernetes-ingress` package.
 
 > [!NOTE]
-> If you use [Cloud Shell](https://shell.azure.com/), you don't need to install Helm.  Azure Cloud Shell comes with Helm version 3. Skip the first step and just add the AGIC Helm repository.
+> If you use [Cloud Shell](https://shell.azure.com/), you don't need to install Helm.  Azure Cloud Shell comes with Helm version 3.
 
-1. Install [Helm](/azure/aks/kubernetes-helm) and run the following to add `application-gateway-kubernetes-ingress` helm package:
+Install [Helm](/azure/aks/kubernetes-helm) and run the following:
 
-    - *Kubernetes RBAC enabled* AKS cluster
+  - *Kubernetes RBAC enabled* AKS cluster
 
-    ```bash
-    kubectl create serviceaccount --namespace kube-system tiller-sa
-    kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller-sa
-    helm init --tiller-namespace kube-system --service-account tiller-sa
-    ```
-
-2. Add the AGIC Helm repository:
-    ```bash
-    helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
-    helm repo update
-    ```
+  ```bash
+  kubectl create serviceaccount --namespace kube-system tiller-sa
+  kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller-sa
+  helm init --tiller-namespace kube-system --service-account tiller-sa
+  ```
 
 ## Azure Resource Manager Authentication
 
@@ -206,12 +200,11 @@ kubectl apply -f $file -n $namespace
 
 ## Install Ingress Controller as a Helm Chart
 
-In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use [Cloud Shell](https://shell.azure.com/) to install the AGIC Helm package:
+In the first few steps, we installed Helm's Tiller on your Kubernetes cluster. Use [Cloud Shell](https://shell.azure.com/) to install the AGIC Helm package:
 
-1. Add the `application-gateway-kubernetes-ingress` helm repo and perform a helm update
+1. Perform a helm update
 
     ```bash
-    helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
     helm repo update
     ```
 
@@ -280,17 +273,18 @@ In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use
     > [!NOTE]
     > The `<identity-client-id>` is a property of the Microsoft Entra Workload ID you setup in the previous section. You can retrieve this information by running the following command: `az identity show -g <resourcegroup> -n <identity-name>`, where `<resourcegroup>` is the resource group hosting the infrastructure resources related to the AKS cluster, Application Gateway and managed identity.
 
-1. Install Helm chart `application-gateway-kubernetes-ingress` with the `helm-config.yaml` configuration from the previous step
+1. Install Helm chart with the `helm-config.yaml` configuration from the previous step
 
     ```bash
-    helm install -f <helm-config.yaml> application-gateway-kubernetes-ingress/ingress-azure
+    helm install agic-controller oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --version 1.7.5 -f helm-config.yaml
     ```
 
     Alternatively you can combine the `helm-config.yaml` and the Helm command in one step:
 
     ```bash
-    helm install ./helm/ingress-azure \
-         --name ingress-azure \
+    helm install oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
+         --name agic-controller \
+         --version 1.7.5 \
          --namespace default \
          --debug \
          --set appgw.name=applicationgatewayABCD \
@@ -379,7 +373,8 @@ Apply the Helm changes:
       helm upgrade \
           --recreate-pods \
           -f helm-config.yaml \
-          ingress-azure application-gateway-kubernetes-ingress/ingress-azure
+          agic-controller
+          oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure
       ```
 
 As a result, your AKS cluster has a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
@@ -418,8 +413,7 @@ Since Helm with `appgw.shared=true` and the default `prohibit-all-targets` block
 
 Let's assume that we already have a working AKS cluster, Application Gateway, and configured AGIC in our cluster. We have an Ingress for
 `prod.contoso.com` and are successfully serving traffic for it from the cluster. We want to add `staging.contoso.com` to our
-existing Application Gateway, but need to host it on a [VM](https://azure.microsoft.com/services/virtual-machines/). We
-are going to reuse the existing Application Gateway and manually configure a listener and backend pools for
+existing Application Gateway, but need to host it on a [VM](https://azure.microsoft.com/services/virtual-machines/). We're going to reuse the existing Application Gateway and manually configure a listener and backend pools for
 `staging.contoso.com`. But manually tweaking Application Gateway config (using
 [portal](https://portal.azure.com), [ARM APIs](/rest/api/resources/) or
 [Terraform](https://www.terraform.io/)) would conflict with AGIC's assumptions of full ownership. Shortly after we apply
diff --git a/articles/application-gateway/ingress-controller-install-new.md b/articles/application-gateway/ingress-controller-install-new.md
@@ -6,14 +6,14 @@ author: greg-lindsay
 ms.service: azure-application-gateway
 ms.custom:
 ms.topic: how-to
-ms.date: 07/28/2023
+ms.date: 9/17/2024
 ms.author: greglin
 ---
 
 # How to Install an Application Gateway Ingress Controller (AGIC) Using a New Application Gateway
 
 The instructions below assume Application Gateway Ingress Controller (AGIC) will be
-installed in an environment with no pre-existing components.
+installed in an environment with no preexisting components.
 
 > [!TIP]
 > Also see [What is Application Gateway for Containers](for-containers/overview.md).
@@ -39,7 +39,7 @@ choose to use another environment, ensure the following command-line tools are i
 
 ## Create an Identity
 
-Follow the steps below to create a Microsoft Entra [service principal object](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object). Record the `appId`, `password`, and `objectId` values - these values will be used in the following steps.
+Follow the steps below to create a Microsoft Entra [service principal object](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object). Record the `appId`, `password`, and `objectId` values - these values are used in the following steps.
 
 1. Create AD service principal ([Read more about Azure RBAC](../role-based-access-control/overview.md)):
     ```azurecli
@@ -56,7 +56,7 @@ Follow the steps below to create a Microsoft Entra [service principal object](..
     ```
     The output of this command is `objectId`, which will be used in the Azure Resource Manager template below
 
-1. Create the parameter file that will be used in the Azure Resource Manager template deployment later.
+1. Create the parameter file that is used in the Azure Resource Manager template deployment later.
     ```bash
     cat <<EOF > parameters.json
     {
@@ -70,7 +70,7 @@ Follow the steps below to create a Microsoft Entra [service principal object](..
     To deploy an **Kubernetes RBAC** enabled cluster, set the `aksEnableRBAC` field to `true`
 
 ## Deploy Components
-This step will add the following components to your subscription:
+This step adds the following components to your subscription:
 
 - [Azure Kubernetes Service](/azure/aks/intro-kubernetes)
 - [Application Gateway](./overview.md) v2
@@ -112,7 +112,7 @@ With the instructions in the previous section, we created and configured a new A
 
 ### Set up Kubernetes Credentials
 For the following steps, we need setup [kubectl](https://kubectl.docs.kubernetes.io/) command,
-which we'll use to connect to our new Kubernetes cluster. [Cloud Shell](https://shell.azure.com/) has `kubectl` already installed. We'll use `az` CLI to obtain credentials for Kubernetes.
+which we use to connect to our new Kubernetes cluster. [Cloud Shell](https://shell.azure.com/) has `kubectl` already installed. We'll use `az` CLI to obtain credentials for Kubernetes.
 
 Get credentials for your newly deployed AKS ([read more](/azure/aks/manage-azure-rbac#use-azure-rbac-for-kubernetes-authorization-with-kubectl)):
 
@@ -150,12 +150,12 @@ To install Microsoft Entra Pod Identity to your cluster:
      ```
 
 ### Install Helm
-[Helm](/azure/aks/kubernetes-helm) is a package manager for Kubernetes. We'll use it to install the `application-gateway-kubernetes-ingress` package.
+[Helm](/azure/aks/kubernetes-helm) is a package manager for Kubernetes. We use it to install the `application-gateway-kubernetes-ingress` package.
 
 > [!NOTE]
 > If you use [Cloud Shell](https://shell.azure.com/), you don't need to install Helm.  Azure Cloud Shell comes with Helm version 3. Skip the first step and just add the AGIC Helm repository.
 
-1. Install [Helm](/azure/aks/kubernetes-helm) and run the following to add `application-gateway-kubernetes-ingress` helm package:
+1. Install [Helm](/azure/aks/kubernetes-helm) and run the following:
 
     - *Kubernetes RBAC enabled* AKS cluster
 
@@ -171,12 +171,6 @@ To install Microsoft Entra Pod Identity to your cluster:
         helm init
         ```
 
-2. Add the AGIC Helm repository:
-    ```bash
-    helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
-    helm repo update
-    ```
-
 ### Install Ingress Controller Helm Chart
 
 1. Use the `deployment-outputs.json` file created above and create the following variables.
@@ -285,7 +279,7 @@ To install Microsoft Entra Pod Identity to your cluster:
 1. Install the Application Gateway ingress controller package:
 
     ```bash
-    helm install -f helm-config.yaml --generate-name application-gateway-kubernetes-ingress/ingress-azure
+    helm install agic-controller oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --version 1.7.5 -f helm-config.yaml
     ```
 
 ## Install a Sample App
