Merge pull request #288159 from MicrosoftDocs/main

10/10 11:00 AM IST Publish

Author: PhilKang0704

articles/azure-cache-for-redis/cache-tutorial-aks-get-started.md

@@ -9,7 +9,7 @@ ms.date: 10/01/2024
 
 # Tutorial: Connect to Azure Cache for Redis from your application hosted on Azure Kubernetes Service
 
-In this tutorial, you adapt the [AKS sample voting application](https://github.com/Azure-Samples/azure-voting-app-redis/tree/master) to use with an Azure Cache for Redis instance instead. The original sample uses a Redis cache deployed as a container to your AKS cluster. Following some simple steps, you can configure the AKS sample voting application to connect to your Azure Cache for Redis instance.
+In this tutorial, you use this [sample](https://github.com/Azure-Samples/azure-cache-redis-samples/tree/main/tutorial/connect-from-aks) to connect with an Azure Cache for Redis instance.
 
 ## Prerequisites
 
@@ -37,16 +37,18 @@ In this tutorial, you adapt the [AKS sample voting application](https://github.c
 
 ## Run sample locally
 
-To run this sample locally, configure your user principal as a Redis User on your Redis instance. The code sample will use your user principal through (DefaultAzureCredential)[https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication/?tabs=command-line#use-defaultazurecredential-in-an-application] to connect to Redis instance. 
+To run this sample locally, configure your user principal as a Redis User on your Redis instance. The code sample uses your user principal through [DefaultAzureCredential](/dotnet/azure/sdk/authentication/?tabs=command-line#use-defaultazurecredential-in-an-application) to connect to Redis instance.
 
 ## Configure your AKS cluster
 
-Follow these [steps](/azure/aks/workload-identity-deploy-cluster) to configure a workload identity for your AKS cluster. Complete the following steps:
+Follow these [steps](/azure/aks/workload-identity-deploy-cluster) to configure a workload identity for your AKS cluster.
 
-  - Enable OIDC issuer and workload identity
-  - Skip the step to create user assigned managed identity if you already created your managed identity. If you create a new managed identity, ensure that you create a new Redis User for your managed identity and assign appropriate data access permissions.
-  - Create a Kubernetes Service account annotated with the client ID of your user assigned managed identity
-  - Create a federated identity credential for your AKS cluster.
+Then, complete the following steps:
+
+- Enable OIDC issuer and workload identity
+- Skip the step to create user assigned managed identity if you already created your managed identity. If you create a new managed identity, ensure that you create a new Redis User for your managed identity and assign appropriate data access permissions.
+- Create a Kubernetes Service account annotated with the client ID of your user assigned managed identity
+- Create a federated identity credential for your AKS cluster.
 
 ## Configure your workload that connects to Azure Cache for Redis
 
@@ -194,4 +196,4 @@ kubectl delete pod entrademo-pod
 
 - [Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal](/azure/aks/learn/quick-kubernetes-deploy-portal)
 - [Quickstart: Deploy and configure workload identity on an Azure Kubernetes Service (AKS) cluster](/azure/aks/workload-identity-deploy-cluster)
-- [Azure Cache for Redis Entra ID Authentication](/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication)
+- [Azure Cache for Redis Microsoft Entra ID Authentication](/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication)

articles/connectors/connectors-native-reqres.md

@@ -357,6 +357,20 @@ The **Request** trigger creates a manually callable endpoint that handles *only*
    > change your storage account and copy your workflow to the new storage account, the URL for 
    > the **Request** trigger also changes to reflect the new storage account. The same workflow has a different URL.
 
+
+### Schema validation for stateless workflows
+
+To enable schema validation for stateless workflows, make sure that the **host.json** file in the logic app resource or project has the following [host setting](../logic-apps/edit-app-settings-host-settings.md#manage-host-settings---hostjson):
+
+```json
+"extensions": {
+   "workflow": {
+      "Settings": {
+         "Runtime.StatelessFlowEvaluateTriggerCondition": "true"
+      }
+   }
+}
+```
 ---
 
 Now, continue building your workflow by adding another action as the next step. For example, you can respond to the request by [adding a Response action](#add-response), which you can use to return a customized response and is described later in this article.

articles/event-grid/end-point-validation-event-grid-events-schema.md

@@ -4,11 +4,11 @@ description: This article describes WebHook event delivery and endpoint validati
 ms.topic: concept-article
 ms.date: 09/25/2024
 ms.custom: FY25Q1-Linter
-#customer intent: As a developer, I want to know hw to validate a Webhook endpoint using the Event Grid event schema.
+#customer intent: As a developer, I want to know how to validate a Webhook endpoint using the Event Grid event schema.
 ---
 
 
-# # Endpoint validation with Event Grid event schema
+# Endpoint validation with Event Grid event schema
 Webhooks are one of the many ways to receive events from Azure Event Grid. When a new event is ready, Event Grid service POSTs an HTTP request to the configured endpoint with the event information in the request body.
 
 Like many other services that support webhooks, Event Grid requires you to prove ownership of your Webhook endpoint before it starts delivering events to that endpoint. This requirement prevents a malicious user from flooding your endpoint with events. 

articles/event-grid/handler-functions.md

@@ -76,7 +76,7 @@ You can use the [`az eventgrid event-subscription create`](/cli/azure/eventgrid/
 You can use the [New-AzEventGridSubscription](/powershell/module/az.eventgrid/new-azeventgridsubscription) or [Update-AzEventGridSubscription](/powershell/module/az.eventgrid/update-azeventgridsubscription) cmdlet to configure batch-related settings using the following parameters: `-MaxEventsPerBatch` or `-PreferredBatchSizeInKiloBytes`.
 
 > [!NOTE]
-> When you use Event Grid Trigger, the Event Grid service fetches the client secret for the target Azure function, and uses it to deliver events to the Azure function. If you protect your azure function with a Microsoft Entra application, you have to take the generic web hook approach and use the HTTP Trigger.
+> When you use Event Grid Trigger, the Event Grid service fetches the client secret for the target Azure function, and uses it to deliver events to the Azure function. If you protect your Azure function with a Microsoft Entra application, you have to take the generic web hook approach and use the HTTP Trigger.
 
 ## Next steps
 See the [Event handlers](event-handlers.md) article for a list of supported event handlers.

articles/expressroute/monitor-expressroute-reference.md

@@ -397,6 +397,9 @@ Dimension for Express Direct:
 
 [!INCLUDE [horz-monitor-ref-logs-tables](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-logs-tables.md)]
 
+> [!NOTE]
+> Logs in Azure Log Analytics may take up to 24 hours to appear.
+
 ### ExpressRoute Microsoft.Network/expressRouteCircuits
 
 - [AzureActivity](/azure/azure-monitor/reference/tables/AzureActivity#columns)

articles/iot-operations/connect-to-cloud/howto-configure-kafka-endpoint.md

@@ -46,7 +46,7 @@ To configure a dataflow endpoint for a Kafka endpoint, we suggest using the mana
     | Setting              | Description                                                                                       |
     | -------------------- | ------------------------------------------------------------------------------------------------- |
     | Name                 | The name of the dataflow endpoint.                                     |
-    | Host                 | The hostname of the Kafka broker in the format `<HOST>.servicebus.windows.net`. |
+    | Host                 | The hostname of the Kafka broker in the format `<HOST>.servicebus.windows.net:9093`. Include port number `9093` in the host setting for Event Hubs. |
     | Authentication method| The method used for authentication. Choose *System assigned managed identity*, *User assigned managed identity*, or *SASL*. |
     | SASL type            | The type of SASL authentication. Choose *Plain*, *ScramSha256*, or *ScramSha512*. Required if using *SASL*. |
     | Synced secret name   | The name of the secret. Required if using *SASL* or *X509*. |
@@ -126,7 +126,7 @@ To configure a dataflow endpoint for non-Event-Hub Kafka brokers, set the host,
     | Setting              | Description                                                                                       |
     | -------------------- | ------------------------------------------------------------------------------------------------- |
     | Name                 | The name of the dataflow endpoint.                                     |
-    | Host                 | The hostname of the Kafka broker in the format `<HOST>.servicebus.windows.net`. |
+    | Host                 | The hostname of the Kafka broker in the format `<Kafa-broker-host>:xxxx`. Include port number in the host setting. |
     | Authentication method| The method used for authentication. Choose *System assigned managed identity*, *User assigned managed identity*, *SASL*, or *X509 certificate*. |
     | SASL type            | The type of SASL authentication. Choose *Plain*, *ScramSha256*, or *ScramSha512*. Required if using *SASL*. |
     | Synced secret name   | The name of the secret. Required if using *SASL* or *X509*. |

articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md

@@ -84,7 +84,7 @@ The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/to
 
 1. Open an elevated PowerShell window and change the directory to a working folder.
 
-1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses in your tenant.
+1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses in your tenant. Run the following command exactly as written, without changing the GUID value.
 
    ```azurecli
    az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query id -o tsv
@@ -225,7 +225,86 @@ To connect your cluster to Azure Arc:
    export CLUSTER_NAME=<NEW_CLUSTER_NAME>
    ```
 
-[!INCLUDE [connect-cluster-k3s](../includes/connect-cluster-k3s.md)]
+1. After signing in, Azure CLI displays all of your subscriptions and indicates your default subscription with an asterisk `*`. To continue with your default subscription, select `Enter`. Otherwise, type the number of the Azure subscription that you want to use.
+
+1. Register the required resource providers in your subscription:
+
+   >[!NOTE]
+   >This step only needs to be run once per subscription. To register resource providers, you need permission to do the `/register/action` operation, which is included in subscription Contributor and Owner roles. For more information, see [Azure resource providers and types](../../azure-resource-manager/management/resource-providers-and-types.md).
+
+   ```azurecli
+   az provider register -n "Microsoft.ExtendedLocation"
+   az provider register -n "Microsoft.Kubernetes"
+   az provider register -n "Microsoft.KubernetesConfiguration"
+   az provider register -n "Microsoft.IoTOperations"
+   az provider register -n "Microsoft.DeviceRegistry"
+   az provider register -n "Microsoft.SecretSyncController"
+   ```
+
+1. Use the [az group create](/cli/azure/group#az-group-create) command to create a resource group in your Azure subscription to store all the resources:
+
+   ```azurecli
+   az group create --location $LOCATION --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID
+   ```
+1. Remove the existing connected k8s cli if any
+   ```azurecli
+   az extension remove --name connectedk8s 
+   ```
+
+1. Download and install a preview version of the `connectedk8s` extension for Azure CLI.
+
+   ```azurecli
+   curl -L -o connectedk8s-1.10.0-py2.py3-none-any.whl https://github.com/AzureArcForKubernetes/azure-cli-extensions/raw/refs/heads/connectedk8s/public/cli-extensions/connectedk8s-1.10.0-py2.py3-none-any.whl   
+   az extension add --upgrade --source connectedk8s-1.10.0-py2.py3-none-any.whl
+   ```
+
+1. Use the [az connectedk8s connect](/cli/azure/connectedk8s#az-connectedk8s-connect) command to Arc-enable your Kubernetes cluster and manage it as part of your Azure resource group:
+
+   ```azurecli
+   az connectedk8s connect --name $CLUSTER_NAME -l $LOCATION --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID --enable-oidc-issuer --enable-workload-identity
+   ```
+
+1. Get the cluster's issuer URL.
+
+   ```azurecli
+   az connectedk8s show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query oidcIssuerProfile.issuerUrl --output tsv
+   ```
+
+   Save the output of this command to use in the next steps.
+
+1. Create a k3s config file.
+
+   ```bash
+   sudo nano /etc/rancher/k3s/config.yaml
+   ```
+
+1. Add the following content to the `config.yaml` file, replacing the `<SERVICE_ACCOUNT_ISSUER>` placeholder with your cluster's issuer URL.
+
+   ```yml
+   kube-apiserver-arg:
+    - service-account-issuer=<SERVICE_ACCOUNT_ISSUER>
+    - service-account-max-token-expiration=24h
+   ```
+
+1. Save the file and exit the nano editor.
+
+1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses in your tenant and save it as an environment variable. Run the following command exactly as written, without changing the GUID value.
+
+   ```azurecli
+   export OBJECT_ID=$(az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query id -o tsv)
+   ```
+
+1. Use the [az connectedk8s enable-features](/cli/azure/connectedk8s#az-connectedk8s-enable-features) command to enable custom location support on your cluster. This command uses the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses. Run this command on the machine where you deployed the Kubernetes cluster:
+
+    ```azurecli
+    az connectedk8s enable-features -n $CLUSTER_NAME -g $RESOURCE_GROUP --custom-locations-oid $OBJECT_ID --features cluster-connect custom-locations
+    ```
+
+1. Restart K3s.
+
+   ```bash
+   systemctl restart k3s
+   ```
 
 ---
 

articles/iot-operations/get-started-end-to-end-sample/quickstart-deploy.md

@@ -88,6 +88,7 @@ To connect your cluster to Azure Arc:
    az provider register -n "Microsoft.KubernetesConfiguration"
    az provider register -n "Microsoft.IoTOperations"
    az provider register -n "Microsoft.DeviceRegistry"
+   az provider register -n "Microsoft.SecretSyncController"
    ```
 
 1. Use the [az group create](/cli/azure/group#az-group-create) command to create a resource group in your Azure subscription to store all the resources:
@@ -105,7 +106,7 @@ To connect your cluster to Azure Arc:
    >[!TIP]
    >The value of `$CLUSTER_NAME` is automatically set to the name of your codespace. Replace the environment variable if you want to use a different name.
 
-1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service in your tenant uses and save it as an environment variable.
+1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service in your tenant uses and save it as an environment variable. Run the following command exactly as written, without changing the GUID value.
 
    ```azurecli
    export OBJECT_ID=$(az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query id -o tsv)