Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into appgw-upd

Author: greg-lindsay

articles/iot-hub/iot-hub-ip-filter-classic.md

@@ -7,6 +7,7 @@ ms.author: kgremban
 ms.service: iot-hub
 ms.topic: upgrade-and-migration-article
 ms.date: 10/16/2020
+ROBOTS: NOINDEX
 ---
 
 # IoT Hub classic IP filter and how to upgrade 

articles/iot-hub/iot-hub-ip-filtering.md

@@ -28,7 +28,7 @@ By default, the **IP Filter** grid in the portal for an IoT hub is empty. This d
 
 ## Add or edit an IP filter rule
 
-To add an IP filter rule, select **+ Add IP Filter Rule**. To quickly add your computer's IP address, click the **Add your client IP address**.
+To add an IP filter rule, select **Add IP Filter Rule**. To quickly add your computer's IP address, select **Add your client IP address**.
 
 :::image type="content" source="./media/iot-hub-ip-filtering/ip-filter-add-rule.png" alt-text="Screenshot showing how to add an IP filter rule to an IoT hub.":::
 
@@ -54,9 +54,9 @@ To delete an IP filter rule, select the trash can icon on that row and then sele
 
 :::image type="content" source="./media/iot-hub-ip-filtering/ip-filter-delete-rule.png" alt-text="Screenshot showing how to delete an IoT Hub IP filter rule.":::
 
-## Apply IP filter rules to the built-in Event Hub compatible endpoint
+## Apply IP filter rules to the built-in Event Hubs compatible endpoint
 
-To apply the IP filter rules to the built-in Event Hub compatible endpoint, check the box next to **Apply IP filters to the built-in endpoint?**, then select **Save**.
+To apply the IP filter rules to the built-in Event Hubs compatible endpoint, check the box next to **Apply IP filters to the built-in endpoint?**, then select **Save**.
 
 :::image type="content" source="media/iot-hub-ip-filtering/ip-filter-built-in-endpoint.png" alt-text="Screenshot showing the toggle for the built-in endpoint.":::
 
@@ -69,7 +69,7 @@ If you disable this option, the built-in endpoint is accessible to all IP addres
 
 ## How filter rules are applied
 
-The IP filter rules are applied at the IoT Hub service level. Therefore, the IP filter rules apply to all connections from devices and back-end apps using any supported protocol. Also, you can choose if the [built-in Event Hub compatible endpoint](iot-hub-devguide-messages-read-builtin.md) (not via the IoT Hub connection string) are bound to these rules.
+The IP filter rules are applied at the IoT Hub service level. Therefore, the IP filter rules apply to all connections from devices and back-end apps using any supported protocol. Also, you can choose if the [built-in Event Hubs compatible endpoint](iot-hub-devguide-messages-read-builtin.md) (not via the IoT Hub connection string) are bound to these rules.
 
 Any connection attempt from an IP address that isn't explicitly allowed receives an unauthorized 401 status code and description. The response message does not mention the IP rule. Rejecting IP addresses can prevent other Azure services such as Azure Stream Analytics, Azure Virtual Machines, or the Device Explorer in Azure portal from interacting with the IoT hub.
 
@@ -163,13 +163,8 @@ $iothubResource | Set-AzResource -Force
 
 ## Update IP filter rules using REST
 
-
 You may also retrieve and modify your IoT Hub's IP filter using Azure resource Provider's REST endpoint. See `properties.networkRuleSets` in [createorupdate method](/rest/api/iothub/iothubresource/createorupdate).
 
-## IP filter (classic) retirement
-
-Classic IP filter has been retired. To learn more, see [IoT Hub classic IP filter and how to upgrade](iot-hub-ip-filter-classic.md).
-
 ## Next steps
 
 To further explore the capabilities of IoT Hub, see:

articles/operator-nexus/TOC.yml

@@ -118,6 +118,8 @@
           href: howto-kubernetes-cluster-action-restart.md
         - name: Customize cluster DNS
           href: how-to-customize-kubernetes-cluster-dns.md
+        - name: Customize Worker Nodes
+          href: howto-kubernetes-cluster-customize-workers.md
     - name: Nexus Virtual Machine
       expanded: false
       items:

articles/operator-nexus/howto-kubernetes-cluster-customize-workers.md

@@ -0,0 +1,87 @@
+---
+title: "Azure Operator Nexus: Customize Kubernetes worker nodes with a DaemonSet"
+description: How-to guide for customizing Kubernetes Worker Nodes with a DaemonSet.
+author: joknight
+ms.author: joknight
+ms.service: azure-operator-nexus
+ms.topic: how-to
+ms.date: 01/29/2024
+ms.custom: template-how-to
+---
+
+# Customize worker nodes with a DaemonSet
+
+To meet application requirements, you may need to modify operating system settings, enable a Linux kernel module or install a host-level application package. Use a `DaemonSet` with host privileges to customize worker nodes.
+
+The example `DaemonSet` sets `registry.contoso.com` to bypass the Cloud Services Network proxy for image pulls, installs the SCTP kernel module and sets `fs.inotify.max_user_instances` to `4096`. Finally, the script applies a label to the Kubernetes Node to ensure the DaemonSet only runs once.
+
+
+```yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: customized
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: customized
+  template:
+    metadata:
+      labels:
+        name: customized
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: customized
+                    operator: NotIn
+                    values:
+                      - "1"
+      tolerations:
+        - operator: Exists
+          effect: NoSchedule
+      containers:
+        - name: customized
+          image: mcr.microsoft.com/cbl-mariner/base/core:1.0
+          command:
+            - nsenter
+            - --target
+            - "1"
+            - --mount
+            - --uts
+            - --ipc
+            - --net
+            - --pid
+            - --
+            - bash
+            - -exc
+            - |
+              sed -i '/registrycontoso.com/!s/NO_PROXY=/&registry.contoso.com,/' /etc/systemd/system/containerd.service.d/http-proxy.conf
+              systemctl daemon-reload
+              systemctl restart containerd
+              modprobe sctp
+              sed -i 's/^fs.inotify.max_user_instances.*/fs.inotify.max_user_instances     = 4096/' /etc/sysctl.d/90-system-max-limits.conf
+              kubectl --kubeconfig=/etc/kubernetes/kubelet.conf label node ${HOSTNAME,,} customized=1
+              sleep infinity
+          resources:
+            limits:
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 16Mi
+          securityContext:
+            privileged: true
+      hostNetwork: true
+      hostPID: true
+      hostIPC: true
+      terminationGracePeriodSeconds: 0
+```
+
+And apply the `Daemonset`:
+
+```bash
+kubectl apply -f /path/to/daemonset.yaml
+```