Merge pull request #264647 from tamram/tamram24-0122

helm quickstart: clarify acr must be unique

Author: v-dirichards

articles/aks/TOC.yml

@@ -10,7 +10,7 @@
       href: release-tracker.md
     - name: Supported Kubernetes versions
       href: supported-kubernetes-versions.md
-    - name: Long Term Support
+    - name: Long-term support
       href: long-term-support.md
     - name: Add-ons, extensions, and other integrations
       href: integrations.md
@@ -238,7 +238,7 @@
           href: cluster-configuration.md 
         - name: Manually scale nodes in an AKS cluster
           href: scale-cluster.md
-        - name: Stop an AKS cluster
+        - name: Stop and start an AKS cluster
           href: start-stop-cluster.md
         - name: Configure private clusters
           items:
@@ -266,7 +266,7 @@
                        href: istio-deploy-addon.md
                      - name: Deploy external or internal Istio Ingress
                        href: istio-deploy-ingress.md
-                     - name: Plug in CA certificates for Istio
+                     - name: Plug-in CA certificates for Istio
                        href: istio-plugin-ca.md
                      - name: Upgrade Istio service mesh add-on
                        href: istio-upgrade.md
@@ -359,15 +359,15 @@
           href: use-metrics-server-vertical-pod-autoscaler.md
         - name: Proximity placement groups
           href: reduce-latency-ppg.md
-        - name: Cluster Autoscaler
+        - name: Cluster autoscaler
           items:
-            - name: Cluster Autoscaler overview
+            - name: Cluster autoscaler overview
               href: cluster-autoscaler-overview.md
-            - name: Use the Cluster Autoscaler on AKS
+            - name: Use the cluster autoscaler on AKS
               href: cluster-autoscaler.md
         - name: Node autoprovision
           href: node-autoprovision.md
-        - name: Availability Zones
+        - name: Availability zones
           href: availability-zones.md
     - name: Cluster management
       items:
@@ -393,7 +393,7 @@
               href: image-cleaner.md
             - name: Scan images in your CI/CD Workflow
               href: ../defender-for-cloud/defender-for-container-registries-cicd.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
-            - name: Scanning images in ACR registries
+            - name: Scan images in ACR registries
               href: ../defender-for-cloud/defender-for-containers-introduction.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
         - name: Cluster security
           items:
@@ -421,7 +421,7 @@
               href: use-kms-etcd-encryption.md
         - name: Node security
           items:
-            - name: BYOK for disks
+            - name: BYOK for Azure managed disks
               href: azure-disk-customer-managed-keys.md
             - name: Enable host-based encryption
               href: enable-host-encryption.md

articles/aks/azure-disk-customer-managed-keys.md

@@ -1,14 +1,14 @@
 ---
-title: Use a customer-managed key to encrypt Azure disks in Azure Kubernetes Service (AKS)
-description: Bring your own keys (BYOK) to encrypt AKS OS and Data disks.
+title: Use a customer-managed key to encrypt Azure managed disks in Azure Kubernetes Service (AKS)
+description: Bring your own keys (BYOK) to encrypt managed OS and data disks in AKS.
 ms.topic: article
 ms.custom: devx-track-azurecli, linux-related-content
-ms.date: 11/24/2023
+ms.date: 02/01/2024
 ---
 
-# Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
+# Bring your own keys (BYOK) with Azure managed disks in Azure Kubernetes Service (AKS)
 
-Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
+Azure encrypts all data in a managed disk at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
 
 Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] and [Windows][customer-managed-keys-windows].
 
@@ -21,9 +21,9 @@ Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] a
 
 ## Limitations
 
-* Encryption of OS disk with customer-managed keys can only be enabled when creating an AKS cluster.
+* Encryption of an OS disk with customer-managed keys can only be enabled when creating an AKS cluster.
 * Virtual nodes are not supported.
-* When encrypting ephemeral OS disk-enabled node pool with customer-managed keys, if you want to rotate the key in Azure Key Vault, you need to:
+* When encrypting an ephemeral OS disk-enabled node pool with customer-managed keys, if you want to rotate the key in Azure Key Vault, you need to:
 
    * Scale down the node pool count to 0
    * Rotate the key

articles/aks/concepts-clusters-workloads.md

@@ -11,14 +11,19 @@ ms.date: 01/16/2024
 Application development continues to move toward a container-based approach, increasing our need to orchestrate and manage resources. As the leading platform, Kubernetes provides reliable scheduling of fault-tolerant application workloads. Azure Kubernetes Service (AKS), a managed Kubernetes offering, further simplifies container-based application deployment and management.
 
 This article introduces core concepts:
+
 * Kubernetes infrastructure components:
-    * *control plane*
-    * *nodes*
-    * *node pools*
-* Workload resources: 
-    * *pods*
-    * *deployments*
-    * *sets*
+
+  * *control plane*
+  * *nodes*
+  * *node pools*
+
+* Workload resources:
+
+  * *pods*
+  * *deployments*
+  * *sets*
+
 * Group resources using *namespaces*.
 
 ## What is Kubernetes?
@@ -365,18 +370,17 @@ When you create an AKS cluster, the following namespaces are available:
 | *kube-system* | Where core resources exist, such as network features like DNS and proxy, or the Kubernetes dashboard. You typically don't deploy your own applications into this namespace.                                      |  
 | *kube-public*                                                                            | Typically not used, but can be used for resources to be visible across the whole cluster, and can be viewed by any user.                                                                                    |  
 
-
 For more information, see [Kubernetes namespaces][kubernetes-namespaces].
 
 ## Next steps
 
 This article covers some of the core Kubernetes components and how they apply to AKS clusters. For more information on core Kubernetes and AKS concepts, see the following articles:
 
-- [Kubernetes / AKS access and identity][aks-concepts-identity]
-- [Kubernetes / AKS security][aks-concepts-security]
-- [Kubernetes / AKS virtual networks][aks-concepts-network]
-- [Kubernetes / AKS storage][aks-concepts-storage]
-- [Kubernetes / AKS scale][aks-concepts-scale]
+- [AKS access and identity][aks-concepts-identity]
+- [AKS security][aks-concepts-security]
+- [AKS virtual networks][aks-concepts-network]
+- [AKS storage][aks-concepts-storage]
+- [AKS scale][aks-concepts-scale]
 
 <!-- EXTERNAL LINKS -->
 [cluster-api-provider-azure]: https://github.com/kubernetes-sigs/cluster-api-provider-azure

articles/aks/long-term-support.md

@@ -1,118 +1,126 @@
 ---
-title: Long term support for Azure Kubernetes Service (AKS)
-description: Learn about Azure Kubernetes Service (AKS) Long term support for Kubernetes
+title: Long-term support for Azure Kubernetes Service (AKS)
+description: Learn about Azure Kubernetes Service (AKS) long-term support for Kubernetes
 ms.topic: article
-ms.date: 08/16/2023
+ms.date: 01/24/2024
 ms.author: juda
 author: justindavies
-#Customer intent: As a cluster operator or developer, I want to understand how Long Term Support for Kubernetes on AKS works.
+#Customer intent: As a cluster operator or developer, I want to understand how long-term support for Kubernetes on AKS works.
 ---
 
-# Long term support
-The Kubernetes community releases a new minor version approximately every four months, with a support window for each version for one year.  This support in terms of  Azure Kubernetes Service (AKS) is called "Community Support."
+# Long-term support
 
-AKS supports versions of Kubernetes that are within this Community Support window, to push bug fixes and security updates from community releases.
+The Kubernetes community releases a new minor version approximately every four months, with a support window for each version for one year. In Azure Kubernetes Service (AKS), this support window is called "Community support."
 
-While innovation delivered with this release cadence provides huge benefits to you, it challenges you to keep up to date with Kubernetes releases, which can be made more difficult based on the number of AKS clusters you have to maintain.  
+AKS supports versions of Kubernetes that are within this Community support window, to push bug fixes and security updates from community releases.
 
+While innovation delivered with this release cadence provides huge benefits to you, it challenges you to keep up to date with Kubernetes releases, which can be made more difficult based on the number of AKS clusters you have to maintain.  
 
 ## AKS support types
-After approximately one year, the Kubernetes version exits Community Support and your AKS clusters are now at-risk as bug fixes and security updates become unavailable.  
 
-AKS provides one year Community Support and one year of Long Term Support (LTS) to back port security fixes from the community upstream in our public repository. Our upstream LTS working group contributes efforts back to the community to provide our customers with a longer support window.
+After approximately one year, the Kubernetes version exits Community support and your AKS clusters are now at risk as bug fixes and security updates become unavailable.  
+
+AKS provides one year Community support and one year of long-term support (LTS) to back port security fixes from the community upstream in our public repository. Our upstream LTS working group contributes efforts back to the community to provide our customers with a longer support window.
 
 LTS intends to give you an extended period of time to plan and test for upgrades over a two-year period from the General Availability of the designated Kubernetes version.  
 
-|   | Community Support  |Long Term Support   |
+|   | Community support  |Long-term support   |
 |---|---|---|
 | **When to use** | When you can keep up with upstream Kubernetes releases | When you need control over when to migrate from one version to another  |
 |  **Support versions** | Three GA minor versions | One Kubernetes version (currently *1.27*) for two years  |
 
+## Enable long-term support
 
-## Enable Long Term Support
-
-Enabling and disabling Long Term Support is a combination of moving your cluster to the Premium tier and explicitly selecting the LTS support plan.  
+Enabling and disabling long-term support is a combination of moving your cluster to the Premium tier and explicitly selecting the LTS support plan.  
 
 > [!NOTE]
-> While it's possible to enable LTS when the cluster is in Community Support, you'll be charged once you enable the Premium tier.
+> While it's possible to enable LTS when the cluster is in Community support, you'll be charged once you enable the Premium tier.
 
 ### Create a cluster with LTS enabled
-```
+
+```azurecli
 az aks create --resource-group myResourceGroup --name myAKSCluster --tier premium --k8s-support-plan AKSLongTermSupport --kubernetes-version 1.27
 ```
 
 > [!NOTE]
-> Enabling and disabling LTS is a combination of moving your cluster to the Premium tier, as well as enabling Long Term Support.  Both must either be turned on or off.
+> Enabling and disabling LTS is a combination of moving your cluster to the Premium tier, as well as enabling long-term support.  Both must either be turned on or off.
 
 ### Enable LTS on an existing cluster
-```
+
+```azurecli
 az aks update --resource-group myResourceGroup --name myAKSCluster --tier premium --k8s-support-plan AKSLongTermSupport
 ```
 
 ### Disable LTS on an existing cluster
-```
+
+```azurecli
 az aks update --resource-group myResourceGroup --name myAKSCluster --tier [free|standard] --k8s-support-plan KubernetesOfficial
 ```
 
 ## Long term support, add-ons and features
-The AKS team currently tracks add-on versions where Kubernetes community support exists. Once a version leaves Community Support, we rely on Open Source projects for managed add-ons to continue that support. Due to various external factors, some add-ons and features may not support Kubernetes versions outside these upstream Community Support windows.
+
+The AKS team currently tracks add-on versions where Kubernetes Community support exists. Once a version leaves Community support, we rely on open source projects for managed add-ons to continue that support. Due to various external factors, some add-ons and features may not support Kubernetes versions outside these upstream Community support windows.
 
 See the following table for a list of add-ons and features that aren't supported and the reason why.  
 
 |  Add-on / Feature | Reason it's unsupported |
 ---|---|
 | Istio |  The Istio support cycle is short (six months), and there will not be maintenance releases for Kubernetes 1.27 |
 | Keda | Unable to guarantee future version compatibility with Kubernetes 1.27 |
-| Calico  |  Requires Calico Enterprise agreement past Community Support |
-| Cillium  |  Requires Cillium Enterprise agreement past Community Support |
+| Calico  |  Requires Calico Enterprise agreement past Community support |
+| Cillium  |  Requires Cillium Enterprise agreement past Community support |
 | Azure Linux | Support timeframe for Azure Linux 2 ends during this LTS cycle |
 | Key Management Service (KMS) | KMSv2 replaces KMS during this LTS cycle |
 | Dapr | AKS extensions are not supported |
 | Application Gateway Ingress Controller | Migration to App Gateway for Containers happens during LTS period |
 | Open Service Mesh | OSM will be deprecated|
 | AAD Pod Identity  | Deprecated in place of Workload Identity |
 
-
 > [!NOTE]
->You can't move your cluster to Long Term support if any of these add-ons or features are enabled.  
->Whilst these AKS managed add-ons aren't supported by Microsoft, you're able to install the Open Source versions of these on your cluster if you wish to use it past Community Support.
+>You can't move your cluster to long-term support if any of these add-ons or features are enabled.  
+>Whilst these AKS managed add-ons aren't supported by Microsoft, you're able to install the Open Source versions of these on your cluster if you wish to use it past Community support.
 
 ## How we decide the next LTS version
+
 Versions of Kubernetes LTS are available for two years from General Availability, we mark a later version of Kubernetes as LTS based on the following criteria:
+
 * Sufficient time for customers to migrate from the prior LTS version to the current have passed
 * The previous version has had a two year support window
 
 Read the AKS release notes to stay informed of when you're able to plan your migration.
 
 ### Migrate from LTS to Community support
+
 Using LTS is a way to extend your window to plan a Kubernetes version upgrade. You may want to migrate to a version of Kubernetes that is within the [standard support window](supported-kubernetes-versions.md#kubernetes-version-support-policy).
 
 To move from an LTS enabled cluster to a version of Kubernetes that is within the standard support window, you need to disable LTS on the cluster:
 
-```
+```azurecli
 az aks update --resource-group myResourceGroup --name myAKSCluster --tier [free|standard] --k8s-support-plan KubernetesOfficial
 ```
 
 And then upgrade the cluster to a later supported version:
 
-```
+```azurecli
 az aks upgrade --resource-group myResourceGroup --name myAKSCluster --kubernetes-version 1.28.3
 ```
+
 > [!NOTE]
 > Kubernetes 1.28.3 is used as an example here, please check the [AKS release tracker](release-tracker.md) for available Kubernetes releases.
 
 There are approximately two years between one LTS version and the next.  In lieu of upstream support for migrating more than two minor versions, there's a high likelihood your application depends on Kubernetes APIs that have been deprecated.  We recommend you thoroughly test your application on the target LTS Kubernetes version and carry out a blue/green deployment from one version to another.
 
 ### Migrate from LTS to the next LTS release
-The upstream Kubernetes community supports a two minor version upgrade path.  The process migrates the objects in your Kubernetes cluster as part of the upgrade process, and provides a tested, and accredited migration path.
+
+The upstream Kubernetes community supports a two-minor-version upgrade path. The process migrates the objects in your Kubernetes cluster as part of the upgrade process, and provides a tested, and accredited migration path.
 
 For customers that wish to carry out an in-place migration, the AKS service will migrate your control plane from the previous LTS version to the latest, and then migrate your data plane.
 
 To carry out an in-place upgrade to the latest LTS version, you need to specify an LTS enabled Kubernetes version as the upgrade target.
 
-```
+```azurecli
 az aks upgrade --resource-group myResourceGroup --name myAKSCluster --kubernetes-version 1.30.2
 ```
 
 > [!NOTE]
-> Kubernetes 1.30.2 is used as an example here, please check the [AKS release tracker](release-tracker.md) for available Kubernetes releases.
+> Kubernetes 1.30.2 is used as an example version in this article. Check the [AKS release tracker](release-tracker.md) for available Kubernetes releases.

articles/aks/quickstart-helm.md

@@ -3,7 +3,7 @@ title: Develop on Azure Kubernetes Service (AKS) with Helm
 description: Use Helm with AKS and Azure Container Registry to package and run application containers in a cluster.
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
-ms.date: 01/18/2024
+ms.date: 01/25/2024
 ---
 
 # Quickstart: Develop on Azure Kubernetes Service (AKS) with Helm
@@ -30,7 +30,7 @@ You need to store your container images in an Azure Container Registry (ACR) to
     az group create --name myResourceGroup --location eastus
     ```
 
-2. Create an Azure Container Registry using the [az acr create][az-acr-create] command. The following example creates an ACR named *myhelmacr* with the *Basic* SKU.
+2. Create an Azure Container Registry with a unique name by calling the [az acr create][az-acr-create] command. The following example creates an ACR named *myhelmacr* with the *Basic* SKU.
 
     ```azurecli-interactive
     az acr create --resource-group myResourceGroup --name myhelmacr --sku Basic
@@ -68,10 +68,10 @@ You need to store your container images in an Azure Container Registry (ACR) to
     New-AzResourceGroup -Name myResourceGroup -Location eastus
     ```
 
-2. Create an Azure Container Registry using the [New-AzContainerRegistry][new-azcontainerregistry] cmdlet. The following example creates an ACR named *myhelmacr* with the *Basic* SKU.
+2. Create an Azure Container Registry with a unique name by calling the [New-AzContainerRegistry][new-azcontainerregistry] cmdlet. The following example creates an ACR named *myhelmacr* with the *Basic* SKU.
 
     ```azurepowershell-interactive
-    New-AzContainerRegistry -ResourceGroupName myResourceGroup -Name myhelmacr -Sku Basic
+    New-AzContainerRegistry -ResourceGroupName myResourceGroup -Name myhelmacr -Sku Basic -Location eastus
     ```
 
     Your output should look similar to the following condensed example output. Take note of your *loginServer* value for your ACR to use in a later step.