Merge pull request #263051 from MGoedtel/task198966

v-dirichards · web-flow · commit fc1cdfcea9e9 · 2024-01-11T15:41:20.000-06:00
Updated concepts-security
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -105,14 +105,14 @@
           href: network-observability-overview.md
     - name: Security
       items:
+        - name: Security concepts
+          href: concepts-security.md
         - name: Access and identity
           href: concepts-identity.md
         - name: Security vulnerability management
           href: concepts-vulnerability-management.md
         - name: Security Baseline
           href: /security/benchmark/azure/baselines/aks-security-baseline?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
-        - name: Container Security
-          href: concepts-security.md
         - name: Confidential Containers security policy
           href: ../confidential-computing/confidential-containers-aks-security-policy.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
         - name: Security controls by Azure Policy
diff --git a/articles/aks/concepts-security.md b/articles/aks/concepts-security.md
@@ -4,7 +4,7 @@ description: Learn about security in Azure Kubernetes Service (AKS), including m
 author: miwithro
 ms.topic: conceptual
 ms.custom: build-2023
-ms.date: 10/31/2023
+ms.date: 01/11/2024
 ms.author: miwithro
 ---
 
@@ -82,25 +82,6 @@ Because of compliance or regulatory requirements, certain workloads may require
 * [Confidential Containers][confidential-containers] (preview), also based on Kata Confidential Containers, encrypts container memory and prevents data in memory during computation from being in clear text, readable format, and tampering. It helps isolate your containers from other container groups/pods, as well as VM node OS kernel. Confidential Containers (preview) uses hardware based memory encryption (SEV-SNP).
 * [Pod Sandboxing][pod-sandboxing] (preview) provides an isolation boundary between the container application and the shared kernel and compute resources (CPU, memory, and network) of the container host.
 
-## Cluster upgrades
-
-Azure provides upgrade orchestration tools to upgrade of an AKS cluster and components, maintain security and compliance, and access the latest features. This upgrade orchestration includes both the Kubernetes master and agent components. 
-
-To start the upgrade process, specify one of the [listed available Kubernetes versions](supported-kubernetes-versions.md). Azure then safely cordons and drains each AKS node and upgrades.
-
-### Cordon and drain
-
-During the upgrade process, AKS nodes are individually cordoned from the cluster to prevent new pods from being scheduled on them. The nodes are then drained and upgraded as follows:
-
-1. A new node is deployed into the node pool. 
-    * This node runs the latest OS image and patches.
-1. One of the existing nodes is identified for upgrade. 
-1. Pods on the identified node are gracefully terminated and scheduled on the other nodes in the node pool.
-1. The emptied node is deleted from the AKS cluster.
-1. Steps 1-4 are repeated until all nodes are successfully replaced as part of the upgrade process.
-
-For more information, see [Upgrade an AKS cluster][aks-upgrade-cluster].
-
 ## Network security
 
 For connectivity and security with on-premises networks, you can deploy your AKS cluster into existing Azure virtual network subnets. These virtual networks connect back to your on-premises network using Azure Site-to-Site VPN or Express Route. Define Kubernetes ingress controllers with private, internal IP addresses to limit services access to the internal network connection.
