Merge branch 'main' of https://github.com/PaulCarterMicrosoft/azure-docs-pr

Author: PaulCarterMicrosoft

articles/aks/availability-zones.md

@@ -3,7 +3,7 @@ title: Use availability zones in Azure Kubernetes Service (AKS)
 description: Learn how to create a cluster that distributes nodes across availability zones in Azure Kubernetes Service (AKS)
 ms.custom: fasttrack-edit, references_regions, devx-track-azurecli, devx-track-linux
 ms.topic: article
-ms.date: 02/22/2023
+ms.date: 12/06/2023
 ---
 
 # Create an Azure Kubernetes Service (AKS) cluster that uses availability zones
@@ -32,7 +32,19 @@ The following limitations apply when you create an AKS cluster using availabilit
 ### Azure disk availability zone support
 
  - Volumes that use Azure managed LRS disks aren't zone-redundant resources, attaching across zones isn't supported. You need to co-locate volumes in the same zone as the specified node hosting the target pod.
- - Volumes that use Azure managed ZRS disks (supported by Azure Disk CSI driver v1.5.0 and later) are zone-redundant resources. You can schedule those volumes on all zone and non-zone agent nodes.
+ - Volumes that use Azure managed ZRS disks are zone-redundant resources. You can schedule those volumes on all zone and non-zone agent nodes, here's an example of how to create a storage class using the StandardSSD_ZRS disk:
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: managed-csi-zrs
+provisioner: disk.csi.azure.com
+parameters:
+  skuName: StandardSSD_ZRS  # or Premium_ZRS
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true
+```
 
 Kubernetes is aware of Azure availability zones since version 1.12. You can deploy a PersistentVolumeClaim object referencing an Azure Managed Disk in a multi-zone AKS cluster and [Kubernetes takes care of scheduling](https://kubernetes.io/docs/setup/best-practices/multiple-zones/#storage-access-for-zones) any pod that claims this PVC in the correct availability zone.
 

articles/aks/csi-secrets-store-driver.md

@@ -4,7 +4,7 @@ description: Learn how to use the Azure Key Vault provider for Secrets Store CSI
 author: nickomang 
 ms.author: nickoman
 ms.topic: how-to 
-ms.date: 10/19/2023
+ms.date: 12/06/2023
 ms.custom: template-how-to, devx-track-azurecli, devx-track-linux
 ---
 
@@ -68,6 +68,9 @@ A container using *subPath volume mount* doesn't receive secret updates when it'
         }
     ```
 
+> [!NOTE]
+> After you enable this feature, AKS creates a managed `identity named azurekeyvaultsecretsprovider-xxx` in the node resource group and assigns it to the Virtual Machine Scale Sets (VMSS) automatically. You can use this managed identity or your own managed identity to access the key vault. It's not supported to prevent creation of the identity.
+
 ## Upgrade an existing AKS cluster with Azure Key Vault provider for Secrets Store CSI Driver support
 
 * Upgrade an existing AKS cluster with Azure Key Vault provider for Secrets Store CSI Driver capability using the [`az aks enable-addons`][az-aks-enable-addons] command and enable the `azure-keyvault-secrets-provider` add-on. The add-on creates a user-assigned managed identity you can use to authenticate to your key vault.
@@ -76,6 +79,9 @@ A container using *subPath volume mount* doesn't receive secret updates when it'
     az aks enable-addons --addons azure-keyvault-secrets-provider --name myAKSCluster --resource-group myResourceGroup
     ```
 
+> [!NOTE]
+> After you enable this feature, AKS creates a managed `identity named azurekeyvaultsecretsprovider-xxx` in the node resource group and assigns it to the Virtual Machine Scale Sets (VMSS) automatically. You can use this managed identity or your own managed identity to access the key vault. It's not supported to prevent creation of the identity.
+
 ## Verify the Azure Key Vault provider for Secrets Store CSI Driver installation
 
 1. Verify the installation is finished using the `kubectl get pods` command, which lists all pods with the `secrets-store-csi-driver` and `secrets-store-provider-azure` labels in the kube-system namespace.

articles/machine-learning/includes/machine-learning-cli-subscription.md

@@ -7,6 +7,6 @@ ms.author: larryfr
 ---
 
 > [!TIP]
-> After logging in, you see a list of subscriptions associated with your Azure account. The subscription information with `isDefault: true` is the currently activated subscription for Azure CLI commands. This subscription must be the same one that contains your Azure Machine Learning workspace. You can find the subscription ID from the [Azure portal](https://portal.azure.com) by visiting the overview page for your workspace. You can also use the SDK to get the subscription ID from the workspace object. For example, `Workspace.from_config().subscription_id`.
+> After logging in, you see a list of subscriptions associated with your Azure account. The subscription information with `isDefault: true` is the currently activated subscription for Azure CLI commands. This subscription must be the same one that contains your Azure Machine Learning workspace. You can find the subscription ID from the [Azure portal](https://portal.azure.com) by visiting the overview page for your workspace..
 > 
 > To select another subscription, use the `az account set -s <subscription name or ID>` command and specify the subscription name or ID to switch to. For more information about subscription selection, see [Use multiple Azure Subscriptions](/cli/azure/manage-azure-subscriptions-azure-cli).