Merge pull request #275252 from shashankbarsin/build-2024-fleet-workload

Build 2024 fleet workload

Author: ShannonLeavitt

articles/kubernetes-fleet/concepts-choosing-fleet.md

@@ -2,8 +2,8 @@
 title: "Choose an Azure Kubernetes Fleet Manager option"
 description: This article provides a conceptual overview of the various Azure Kubernetes Fleet Manager options and why you may choose a specific configuration.
 ms.date: 05/01/2024
-author: nickomang
-ms.author: nickoman
+author: shashankbarsin
+ms.author: shasb
 ms.service: kubernetes-fleet
 ms.topic: conceptual
 ---
@@ -14,52 +14,51 @@ This article provides an overview of the various Azure Kubernetes Fleet Manager
 
 ## Fleet types
 
-There are two main types of Fleet resources—hubless fleets and hubful fleets. As the names suggest, a hubful fleet has an associate Azure Kubernetes Service (AKS) cluster that acts as a hub to store and propagate configuration, while a hubless fleet doesn't. Both options are valid and in active development. There's no expectation that you need to migrate to hubful fleets unless you want to take advantage of the full set of features.
+A Kubernetes Fleet resource can be created with or without a hub cluster. A hub cluster is a managed Azure Kubernetes Service (AKS) cluster that acts as a hub to store and propagate Kubernetes resources. 
 
-The following table compares the two options.
+The following table compares the scenarios enabled by the hub cluster:
 
-||Hubless fleet|Hubful fleet|
+| Capability | Kubernetes Fleet resource without hub cluster | Kubernetes Fleet resource with hub cluster |
 |----|----|----|
-|**Hub cluster hosting**|<span class='red-x'>&#10060;</span>|<span class='green-check'>&#9989;</span>||
+|**Hub cluster hosting**|<span class='red-x'>&#10060;</span>|<span class='green-check'>&#9989;</span>|
 |**Member cluster limit**|Up to 100 clusters|Up to 20 clusters|
 |**Update orchestration**|<span class='green-check'>&#9989;</span>|<span class='green-check'>&#9989;</span>|
 |**Workload orchestration**|<span class='red-x'>&#10060;</span>|<span class='green-check'>&#9989;</span>|
 |**Layer 4 load balancing**|<span class='red-x'>&#10060;</span>|<span class='green-check'>&#9989;</span>|
 |**Billing considerations**|No cost|You pay cost associated with the hub, which is a standard-tier AKS-cluster.|
-|**Converting fleet types**|Can convert a hubless fleet to a hubful fleet.|Can't convert a hubful fleet to a hubless fleet.|
+|**Converting fleet types**|Can be upgraded to a Kubernetes Fleet resource with a hub cluster.|Can't be downgraded to a Kubernetes Fleet resource without a hub cluster.|
 
-## Hubless fleets
+## Kubernetes Fleet resource without hub clusters
 
-Without a hub cluster, Fleet acts solely as a grouping entity in Azure Resource Manager. Certain scenarios, such as update runs, don't require a Kubernetes API and thus don't require a hub cluster. To take full advantage of all the features available on Fleet, you need a hubful fleet.
+Without a hub cluster, Kubernetes Fleet acts solely as a grouping entity in Azure Resource Manager (ARM). Certain scenarios, such as update runs, don't require a Kubernetes API and thus don't require a hub cluster. To take full advantage of all the features available, you need a Kubernetes Fleet resource with a hub cluster.
 
-For more information, see [Create a hubless fleet][create-hubless-fleet].
+For more information, see [Create a Kubernetes Fleet resource without a hub cluster][create-fleet-without-hub].
 
-## Hubful fleets
+## Kubernetes Fleet resource with hub clusters
 
-A hubful fleet has an AKS-managed hub cluster, which is used to store configuration for workload orchestration and layer-4 load balancing.
+A Kubernetes Fleet resource with a hub cluster has an associated AKS-managed cluster, which is used to store the configuration for workload orchestration and layer-4 load balancing.
 
-Upon the creation of a hubful fleet, a hub cluster is automatically created in the same subscription under a managed resource group named `FL_*`. To improve reliability, hub clusters are locked down by denying any user initiated mutations to the corresponding AKS clusters (under the Fleet-managed resource group `FL_*`) and their underlying Azure resources (under the AKS-managed resource group `MC_FL_*`), such as VMs, via Azure deny assignments. Control plane operations, such as changing the hub cluster's configuration through Azure Resource Manager (ARM) or deleting the cluster entirely, are denied. Data plane operations, such as connecting to the hub cluster's Kubernetes API server in order to configure workload orchestration, are not denied.
+Upon the creation of a Kubernetes Fleet resource with a hub cluster, a hub AKS cluster is automatically created in the same subscription under a managed resource group that begins with `FL_`. To improve reliability, hub clusters are locked down by denying any user-initiated mutations to the corresponding AKS clusters (under the Fleet-managed resource group `FL_`) and their underlying Azure resources (under the AKS-managed resource group `MC_FL_*`), such as virtual machines (VMs), via Azure deny assignments. Control plane operations, such as changing the hub cluster's configuration through Azure Resource Manager (ARM) or deleting the cluster entirely, are denied. Data plane operations, such as connecting to the hub cluster's Kubernetes API server in order to configure workload orchestration, are not denied.
 
 Hub clusters are exempted from [Azure policies][azure-policy-overview] to avoid undesirable policy effects upon hub clusters.
 
-### Public and private hubful fleets
+### Network access modes for hub cluster
 
-For hubful fleets, there are two subtypes:
+For a Kubernetes Fleet resource with a hub cluster, there are two network access modes:
 
-- **Public hubful fleets** expose the hub cluster to the internet. This means that with the right credentials, anyone on the internet can connect to the hub server. This configuration can be useful during the development and testing phase, but represents a security concern, which is largely undesirable in production.
+- **Public hub clusters** expose the hub cluster to the internet. This means that with the right credentials, anyone on the internet can connect to the hub cluster. This configuration can be useful during the development and testing phase, but represents a security concern, which is largely undesirable in production.
 
-For more information, see [Create a public hubful fleet][create-public-hubful-fleet].
+For more information, see [Create a Kubernetes Fleet resource with a public hub cluster][create-public-hub-cluster].
 
-- **Private hubful fleets** use a [private AKS cluster][aks-private-cluster] as the hub, which prevents open access over the internet. All considerations for a private AKS cluster apply, so review the prerequisites and limitations to determine whether a private hubful fleet meets your needs.
+- **Private hub clusters** use a [private AKS cluster][aks-private-cluster] as the hub, which prevents open access over the internet. All considerations for a private AKS cluster apply, so review the prerequisites and limitations to determine whether a Kubernetes Fleet resource with a private hub cluster meets your needs.
 
 Some other details to consider:
 
 - Whether you choose a public or private hub, the type can't be changed after creation.
-- When using an AKS private cluster, you have the ability to configure fully qualified domain names (FQDNs) and FQDN subdomains. This functionality doesn't apply to the private cluster used in a private hubful fleet.
+- When using an AKS private cluster, you have the ability to configure fully qualified domain names (FQDNs) and FQDN subdomains. This functionality doesn't apply to the private hub cluster of the Kubernetes Fleet resource.
 - When you connect to a private hub cluster, you can use the same methods that you would use to [connect to any private AKS cluster][aks-private-cluster-connect]. However, connecting using AKS command invoke and private endpoints aren't currently supported.
-- When you use private hubful fleets, you're required to specify the subnet in which the Fleet hub cluster's node VMs reside. This process differs slightly from the AKS private cluster equivalent. For more information, see [Create a private hubful fleet][create-private-hubful-fleet].
+- When you use private hub clusters, you're required to specify the subnet in which the Kubernetes Fleet hub cluster's node VMs reside. This process differs slightly from the AKS private cluster equivalent. For more information, see [create a Kubernetes Fleet resource with a private hub cluster][create-private-hub-cluster].
 
-<!-- TODO: NEED REVIEW ON THE WORDING OF ABOVE BULLETS -->
 
 ## Next steps
 
@@ -70,6 +69,6 @@ Now that you understand the different types of Kubernetes fleet resources, see [
 [aks-private-cluster-connect]: /azure/aks/private-clusters?tabs=azure-portal#options-for-connecting-to-the-private-cluster
 [azure-policy-overview]: /azure/governance/policy/overview
 [quickstart-create-fleet]: quickstart-create-fleet-and-members.md
-[create-hubless-fleet]: quickstart-create-fleet-and-members.md?tabs=hubless#create-a-fleet-resource
-[create-public-hubful-fleet]: quickstart-create-fleet-and-members.md?tabs=hubful#public-hub
-[create-private-hubful-fleet]: quickstart-create-fleet-and-members.md?tabs=hubful#private-hub
+[create-fleet-without-hub]: quickstart-create-fleet-and-members.md?tabs=without-hub-cluster#create-a-fleet-resource
+[create-public-hub-cluster]: quickstart-create-fleet-and-members.md?tabs=with-hub-cluster#public-hub-cluster
+[create-private-hub-cluster]: quickstart-create-fleet-and-members.md?tabs=with-hub-cluster#private-hub-cluster

articles/kubernetes-fleet/concepts-rbac.md

@@ -12,19 +12,19 @@ ms.topic: conceptual
 
 [Azure role-based access control (Azure RBAC)][azure-rbac-overview] is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.
 
-This article provides an overview of the various built-in Azure RBAC roles that you can use to access Azure Kubernetes Fleet Manager (Fleet) resources.
+This article provides an overview of the various built-in Azure RBAC roles that you can use to access Azure Kubernetes Fleet Manager (Kubernetes Fleet) resources.
 
 ## Control plane
 
-This role grants access to Azure Resource Manager (ARM) Fleet resources and subresources, and is applicable both to hubless and hubful Fleets.
+This role grants access to Azure Resource Manager (ARM) Fleet resources and subresources, and is applicable both Kubernetes Fleet resource with and without a hub cluster.
 
 |Role name|Description|Usage|
 |---------|-----------|-----|
-|[Azure Kubernetes Fleet Manager Contributor][azure-rbac-fleet-manager-contributor-role]|This role grants read and write access to Azure resources provided by Azure Kubernetes Fleet Manager, including fleets, fleet members, fleet update strategies, fleet update runs, and more.|You can use this role to grant Contributor permissions that apply solely to Fleet resources and subresources. For example, this role can be given to an Azure administrator tasked with defining and maintaining Fleet resources.|
+|[Azure Kubernetes Fleet Manager Contributor][azure-rbac-fleet-manager-contributor-role]|This role grants read and write access to Azure resources provided by Azure Kubernetes Fleet Manager, including fleets, fleet members, fleet update strategies, fleet update runs, and more.|You can use this role to grant Contributor permissions that apply solely to Kubernetes Fleet resources and subresources. For example, this role can be given to an Azure administrator tasked with defining and maintaining Fleet resources.|
 
 ## Data plane
 
-These roles grant access to Fleet hub Kubernetes objects, and are therefore only applicable to hubful Fleets.
+These roles grant access to Fleet hub Kubernetes objects, and are therefore only applicable to Kubernetes Fleet resources with a hub cluster.
 
 You can assign data plane roles at the Fleet hub cluster scope, or at an individual Kubernetes namespace scope by appending `/namespace/<namespace>` to the role assignment scope.
 
@@ -37,7 +37,7 @@ You can assign data plane roles at the Fleet hub cluster scope, or at an individ
 
 ## Example role assignments
 
-You can grant Azure RBAC roles using the [Azure CLI][azure-cli-overview]. For example, to create a role assignment at the Fleet hub cluster scope:
+You can grant Azure RBAC roles using the [Azure CLI][azure-cli-overview]. For example, to create a role assignment at the Kubernetes Fleet hub cluster scope:
 
 ```azurecli-interactive
 IDENTITY=$(az ad signed-in-user show --output tsv --query id)
@@ -46,7 +46,7 @@ FLEET_ID=$(az fleet show --resource-group $GROUP --name $FLEET --output tsv --qu
 az role assignment create --role 'Azure Kubernetes Fleet Manager RBAC Reader' --assignee "$IDENTITY" --scope "$FLEET_ID"
 ```
 
-You can also scope role assignments to an individual Kubernetes namespace. For example, to create a role assignment for a Fleet hub's default Kubernetes namespace:
+You can also scope role assignments to an individual Kubernetes namespace. For example, to create a role assignment for a Kubernetes Fleet hub's default Kubernetes namespace:
 
 ```azurecli-interactive
 IDENTITY=$(az ad signed-in-user show --output tsv --query id)

articles/kubernetes-fleet/concepts-resource-propagation.md

@@ -62,7 +62,12 @@ The `ClusterResourcePlacement` object supports [using ConfigMap to envelope the
 
 For more information, see the [`ClusterResourcePlacement` API reference][clusterresourceplacement-api].
 
-Once you select the resources, multiple placement policies are available:
+When creating the `ClusterResourcePlacement`, the following affinity types can be specified:
+
+- **requiredDuringSchedulingIgnoredDuringExecution**: As this affinity is of the required type during scheduling, it **filters** the clusters based on their properties.
+- **preferredDuringSchedulingIgnoredDuringExecution**: As this affinity is only of the preferred type, but is not required during scheduling, it provides preferential ranking to clusters based on properties specified by you such as cost or resource availability.
+
+Multiple placement types are available for controlling the number of clusters to which the Kubernetes resource needs to be propagated:
 
 * `PickAll` places the resources into all available member clusters. This policy is useful for placing infrastructure workloads, like cluster monitoring or reporting applications.
 * `PickFixed` places the resources into a specific list of member clusters by name.

articles/kubernetes-fleet/concepts-update-orchestration.md

@@ -49,7 +49,7 @@ An update run can be in one of the following states:
 - **NotStarted**: State of the update run before it is started.
 - **Running**: Upgrade is in progress for at least one of the clusters in the update run.
 - **Pending**: 
-  - **Member cluster**: A member cluster can be in the pending state for any of the following reasons and are surfaced under the message field - 
+  - **Member cluster**: A member cluster can be in the pending state for any of the following reasons and are surfaced under the message field.
     - Maintenance window is not open. Message indicates next opening time.
     - Target Kubernetes version is not yet available in the region of the member. Message links to the release tracker so that you can check status of the release across regions.
     - Target node image version is not yet available in the region of the member. Message links to the release tracker so that you can check status of the release across regions.
@@ -64,7 +64,7 @@ An update run can be in one of the following states:
     - When consistent node image is chosen for an upgrade run, if it's not possible to find the target image version for one of the node pools, then upgrade is skipped for that cluster. An example situation for this is when a new node pool with a new VM SKU is added after an update run has started.
   - **Group**:
     - All member clusters were detected as `Skipped` by the system.
-    - You initiated a skip at the group level
+    - You initiated a skip at the group level.
   - **Stage**:
     - All groups in the stage were detected as `Skipped` by the system.
     - You initiated a skip at the stage level.