Sync release-hotfixes with main

Sync release-hotfixes with main

Author: sethmanheim

AKS-Hybrid/aks-edge-troubleshoot-overview.md

@@ -4,7 +4,7 @@ description: Learn about common issues and workarounds in AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
 ms.topic: conceptual
-ms.date: 07/22/2024
+ms.date: 12/12/2024
 ms.custom: template-concept
 ---
 
@@ -59,6 +59,10 @@ This script checks for the missing images and reimports them as needed.
 
    :::image type="content" source="media/aks-edge/aks-edge-azure-arc-proxy.png" alt-text="Screenshot showing internet options." lightbox="media/aks-edge/aks-edge-azure-arc-proxy.png":::
 
+## Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources
+
+For information about this known issue, see [Can't fully delete AKS Arc cluster with PDB resources](delete-cluster-pdb.md) in the AKS Arc documentation.
+
 ## Offline deployments
 
 ### Failed to get nodeagent certificate: Not Found

AKS-Hybrid/delete-cluster-pdb.md

@@ -4,14 +4,14 @@ description: Learn how to troubleshoot when deleted workload cluster resources c
 ms.topic: troubleshooting
 author: sethmanheim
 ms.author: sethm
-ms.date: 11/18/2024
+ms.date: 12/12/2024
 ms.reviewer: leslielin
 
 ---
 
 # Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources
 
-[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
+[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)], AKS Edge Essentials
 
 When you delete an AKS Arc cluster that has [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) (PDB) resources, the deletion might fail to remove the PDB resources. By default, PDB is installed in the workload identity-enabled AKS Arc cluster.
 
@@ -37,12 +37,24 @@ Before you delete the AKS Arc cluster, access the AKS Arc cluster's **kubeconfig
     kubectl delete pdb azure-wi-webhook-controller-manager -n arc-workload-identity 
     ```
 
-1. Delete the AKS Arc cluster:
+### [AKS on Azure Local](#tab/aks-on-azure-local)
+
+4. Delete the AKS Arc cluster:
 
     ```azurecli
     az aksarc delete -n $aks_cluster_name -g $resource_group_name
     ```
 
+### [AKS Edge Essentials](#tab/aks-edge-essentials)
+
+4. Delete the AKS Arc cluster:
+
+    ```azurecli
+    az connectedk8s delete -n <cluster_name> -g <resource_group>
+    ```
+
+---
+
 ## Next steps
 
 [Known issues in AKS enabled by Azure Arc](aks-known-issues.md)

azure-local/deploy/azure-verification.md

@@ -31,7 +31,7 @@ Azure verification for VM enables you to use these benefits available only on Az
 | Extended Security Update (ESUs)          | Get security updates at no extra cost for end-of-support SQL and Windows Server VMs on Azure Local. <br/> For more information, see [Free Extended Security Updates (ESU) on Azure Local](../manage/azure-benefits-esu.md). | You must enable [Legacy OS support](#legacy-os-support) for older VMs running version Windows Server 2012 or earlier with [Latest Servicing Stack Updates](https://msrc.microsoft.com/update-guide/advisory/ADV990001).|
 | Azure Virtual Desktop (AVD)                    | AVD session hosts can run only on Azure infrastructure. Activate your Windows multi-session VMs on Azure Local using Azure VM verification. <br/> Licensing requirements for AVD still apply. See [Azure Virtual Desktop pricing](/azure/virtual-desktop/azure-stack-hci-overview#pricing). | Activated automatically for VMs running version Windows 11 multi-session with 4B update released on April 9, 2024 (22H2: [KB5036893](https://support.microsoft.com/topic/april-9-2024-kb5036893-os-builds-22621-3447-and-22631-3447-a674a67b-85f5-4a40-8d74-5f8af8ead5bb), 21H2: [KB5036894](https://support.microsoft.com/topic/april-9-2024-kb5036894-os-build-22000-2899-165dd6e1-74be-45b7-84e3-0f2a25d375f3)) or later. You must enable [legacy OS support](#legacy-os-support) for VMs running version Windows 10 multi-session with 4B update released on April 9, 2024  [KB5036892](https://support.microsoft.com/topic/april-9-2024-kb5036892-os-builds-19044-4291-and-19045-4291-cb5d2d42-6b10-48f7-829a-be7d416a811b) or later. |
 | Windows Server Datacenter: Azure Edition | Azure Edition VMs can run only on Azure infrastructure. Activate your [Windows Server Azure Edition](/windows-server/get-started/azure-edition) VMs and use the latest Windows Server innovations and other exclusive features. <br/> Licensing requirements still apply. See ways to [license Windows Server VMs on Azure Local](../manage/vm-activate.md?tabs=azure-portal).         | Activated automatically for VMs running Windows Server Azure Edition 2022 with 4B update released on April 9, 2024 ([KB5036909](https://support.microsoft.com/topic/april-9-2024-kb5036909-os-build-20348-2402-36062ce9-f426-40c6-9fb9-ee5ab428da8c)) or later. |
-| Azure Update Manager | Get [Azure Update Manager](/azure/update-manager/overview?branch=main&tabs=azure-arc-vms) at no cost. This service provides a SaaS solution to manage and govern software updates to VMs on Azure Local. | Available automatically for Arc VMs. You must enable Azure verification for non Arc VMs. For more information, see [Azure Update Manager frequently asked questions](/azure/update-manager/update-manager-faq#what-is-the-pricing-for-azure-update-manager). |
+| Azure Update Manager | Get [Azure Update Manager](/azure/update-manager/overview?branch=main&tabs=azure-arc-vms) at no cost. This service provides a SaaS solution to manage and govern software updates to VMs on Azure Local. | Available automatically for Arc VMs. With Software Assurance, you can attest your machine using Arc's Windows Server Azure benefits and licenses, and get AUM for free. For more information, see [Azure Update Manager frequently asked questions](/azure/update-manager/update-manager-faq#what-is-the-pricing-for-azure-update-manager). |
 | Azure Policy guest configuration         | Get [Azure Policy guest configuration](/azure/governance/policy/concepts/guest-configuration) at no cost. This Arc extension enables the auditing and configuration of OS settings as code for machines and VMs. | Arc agent version 1.39 or later. See [Latest Arc agent release](/azure/azure-arc/servers/agent-release-notes). |
 
 > [!NOTE]

azure-local/manage/create-arc-virtual-machines.md

@@ -14,7 +14,7 @@ ms.date: 11/05/2024
 
 [!INCLUDE [hci-applies-to-23h2](../includes/hci-applies-to-23h2.md)]
 
-This article describes how to create an Arc VM starting with the VM images that you've created on your Azure Local instance. You can create Arc VMs using the Azure CLI, Azure portal, or Azure Resource Manager template.
+This article describes how to create an Arc virtual machine (VM) starting with the VM images that you created on your Azure Local instance. You can create Arc VMs using the Azure CLI, Azure portal, or Azure Resource Manager template.
 
 ## About Azure Local resource
 
@@ -36,7 +36,7 @@ Before you create an Azure Arc-enabled VM, make sure that the following prerequi
 
 - If using a client to connect to your Azure Local, see [Connect to Azure Local via Azure CLI client](./azure-arc-vm-management-prerequisites.md#azure-command-line-interface-cli-requirements).
 
-- Access to a network interface that you have created on a logical network associated with your Azure Local. You can choose a network interface with static IP or one with a dynamic IP allocation. For more information, see how to [Create network interfaces](./create-network-interfaces.md).
+- Access to a network interface that you created on a logical network associated with your Azure Local. You can choose a network interface with static IP or one with a dynamic IP allocation. For more information, see how to [Create network interfaces](./create-network-interfaces.md).
 
 # [Azure portal](#tab/azureportal)
 
@@ -56,6 +56,26 @@ Before you create an Azure Arc-enabled VM, make sure that the following prerequi
 - Access to a logical network that you associate with the VM on your Azure Local. For more information, see how to [Create logical network](./create-logical-networks.md).
 - [Download the sample Bicep template](https://aka.ms/hci-vmbiceptemplate)
 
+# [Terraform template](#tab/terraformtemplate)
+
+[!INCLUDE[hci-vm-prerequisites](../includes/hci-vm-prerequisites.md)]
+
+- Access to a logical network that you associate with the VM of your Azure Local. For more information, see [Create logical networks](../manage/create-logical-networks.md).
+- Make sure Terraform is installed and up to date on your machine.
+    - To verify your Terraform version, run the `terraform -v` command.
+    
+    Here's an example of sample output:
+    ```output
+    PS C:\Users\username\terraform-azurenn-avm-res-azurestackhci-virtualmachineinstance> terraform -v 
+    Terraform vi.9.8 on windows_amd64
+    + provider registry.terraform.io/azure/azapi vl.15.0 
+    + provider registry.terraform.io/azure/modtm V0.3.2 
+    + provider registry.terraform.io/hashicorp/azurerm v3.116.0 
+    + provider registry.terraform.io/hashicorp/random V3.6.3
+    ```
+- Make sure Git is installed and up to date on your machine.
+    -  To verify your version of Git, run the `git --version` command.
+
 ---
 
 ## Create Arc VMs
@@ -72,7 +92,7 @@ Follow these steps on the client running az CLI that is connected to your Azure
 
 ### Create a Windows VM
 
-Depending on the type of the network interface that you created, you can create a VM that has network interface with static IP or one with a dynamic IP allocation. 
+Depending on the type of the network interface that you created, you can create a VM that has network interface with static IP or one with a dynamic IP allocation.
 
 > [!NOTE]
 > If you need more than one network interface with static IPs for your VM, create the interface(s) now before you create the VM. Adding a network interface with static IP, after the VM is provisioned, is not supported.
@@ -122,9 +142,6 @@ Here we create a VM that uses specific memory and processor counts on a specifie
     az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId 
    ```
 
-
-
-
 The VM is successfully created when the `provisioningState` shows as `succeeded`in the output.
 
 > [!NOTE]
@@ -134,7 +151,7 @@ In this example, the storage path was specified using the `--storage-path-id` fl
 
 If the flag isn't specified, the workload (VM, VM image, non-OS data disk) is automatically placed in a high availability storage path.
 
-### Create a Linux VM 
+### Create a Linux VM
 
 To create a Linux VM, use the same command that you used to create the Windows VM.
 
@@ -170,12 +187,12 @@ You can input the following parameters for `proxy-server-configuration`:
 <!--| **proxyServerUsername**  |Username for proxy authentication. The username and password are combined in this URL format: `http://username:[email protected]:3128`. An example is: `GusPinto`|
 | **proxyServerPassword**  |Password for proxy authentication. The username and password are combined in a URL format similar to the following: `http://username:[email protected]:3128`. An example is: `UseAStrongerPassword!` |-->
 
-
 Here's a sample command:
 
 ```azurecli
 az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId --proxy-configuration http_proxy="http://ubuntu:[email protected]:3128" https_proxy="http://ubuntu:[email protected]:3128" no_proxy="localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.0.0.0/8,s-cluster.test.contoso.com" cert_file_path="C:\ClusterStorage\UserStorage_1\server.crt"
 ```
+
 For proxy authentication, you can pass the username and password combined in a URL as follows:`"http://username:[email protected]:3128"`.
 
 <!--Depending on the PowerShell version you're running on your VM, you may need to enable the proxy settings for your VM.
@@ -264,7 +281,6 @@ Follow these steps in Azure portal for your Azure Local.
     > [!NOTE]
     > For proxy authentication, you can pass the username and password combined in a URL as follows: `http://username:[email protected]:3128`.
 
-
 1. Set the local VM administrator account credentials used when connecting to your VM via RDP. In the **Administrator account** section, input the following parameters:
 
     :::image type="content" source="./media/create-arc-virtual-machines/create-virtual-machines-administrator-account-domain-join.png" alt-text="Screenshot of guest management enabled inVM extensions on  Basics tab." lightbox="./media/create-arc-virtual-machines/create-virtual-machines-administrator-account-domain-join.png":::
@@ -323,7 +339,6 @@ Follow these steps in Azure portal for your Azure Local.
 
 1. Select **Create**. It should take a few minutes to provision the VM.
 
-
 # [Azure Resource Manager template](#tab/armtemplate)
 
 Follow these steps to deploy the Resource Manager template:
@@ -608,7 +623,7 @@ Follow these steps to deploy the Resource Manager template:
             }
         ]
     }
-   ``` 
+   ```
 
 1. Select **Save**.
 
@@ -634,11 +649,28 @@ Follow these steps to deploy the Resource Manager template:
 
    :::code language="bicep" source="~/../quickstart-templates/quickstarts/microsoft.azurestackhci/vm-windows-disks-and-adjoin/main.bicep":::
 
+# [Terraform template](#tab/terraformtemplate)
+
+You can use the Azure Verified Module (AVM) that contains the Terraform template for creating Virtual Machines. This module ensures your Terraform templates meet Microsoft's rigorous standards for quality, security, and operational excellence, enabling you to seamlessly deploy and manage on Azure. With this template, you can create one or multiple Virtual Machines on your cluster.
+
+### Steps to use the Terraform template
+
+1. Download the Terraform template from [Azure verified module](https://registry.terraform.io/modules/Azure/avm-res-azurestackhci-virtualmachineinstance/azurerm/0.1.2).
+2. Navigate to the **examples** folder in the repository, and look for the following subfolders:
+    - **default**: Creates one virtual machine instance.
+    - **multi**: Creates multiple virtual machine instances.
+3. Choose the appropriate folder for your deployment.
+4. To initialize Terraform in your folder from step 2, run the `terraform init` command.
+5. To apply the configuration that deploys virtual machines, run the `terraform apply` command.
+6. After the deployment is complete, verify your virtual machines via the Azure portal. Navigate to **Resources** > **Virtual machines**.
+
+   :::image type="content" source="./media/create-arc-virtual-machines/terraform-virtual-machines.png" alt-text="Screenshot of select Virtual Machine after deployment." lightbox="./media/create-arc-virtual-machines/terraform-virtual-machines.png":::
+
 ---
 
 ## Use managed identity to authenticate Arc VMs
 
-When the Arc VMs are created on your Azure Local via Azure CLI or Azure portal, a system-assigned managed identity is also created that lasts for the lifetime of the Arc VMs. 
+When the Arc VMs are created on your Azure Local via Azure CLI or Azure portal, a system-assigned managed identity is also created that lasts for the lifetime of the Arc VMs.
 
 The Arc VMs on Azure Local are extended from Arc-enabled servers and can use system-assigned managed identity to access other Azure resources that support Microsoft Entra ID-based authentication. For example, the Arc VMs can use a system-assigned managed identity to access the Azure Key Vault.