sync with main and rebuild

Author: v-sissondan

.openpublishing.redirection.aks.json

@@ -1434,6 +1434,61 @@
         "source_path": "AKS-Arc/azure-hybrid-benefit.md",
         "redirect_url": "/azure/aks/aksarc/pricing",
         "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/aks-known-issues.md",
+        "redirect_url": "/azure/aks/aksarc/aks-troubleshoot",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/aks-whats-new-23h2.md",
+        "redirect_url": "/azure/aks/aksarc/aks-whats-new-local",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/azure-rbac-23h2.md",
+        "redirect_url": "/azure/aks/aksarc/azure-rbac-local",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/kubernetes-rbac-23h2.md",
+        "redirect_url": "/azure/aks/aksarc/kubernetes-rbac-local",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-prepare-application.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-prepare-azure-container-registry.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-deploy-cluster.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-deploy-application.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-scale.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-app-update.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-upgrade-cluster.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
       }
     ]
   }

.openpublishing.redirection.json

@@ -1316,6 +1316,11 @@
       "redirect_url": "/azure/azure-managed-lustre/client-install?pivots=ubuntu-22",
       "redirect_document_id": false
     },
+    {
+      "source_path": "azure-managed-lustre/install-ubuntu-24.md",
+      "redirect_url": "/azure/azure-managed-lustre/client-install?pivots=ubuntu-24",
+      "redirect_document_id": false
+    },
     {
       "source_path": "azure-stack/hci/get-started.md",
       "redirect_url": "/azure-stack/hci/manage/monitor-cluster",

AKS-Arc/TOC.yml

@@ -11,11 +11,11 @@
     href: data-collection.md
   - name: Blogs and announcements
     href: blogs-announcements.md
-- name: AKS on Azure Local, version 23H2
+- name: AKS on Azure Local
   expanded: true
   items:
-  - name: What's new in AKS on Azure Local, version 23H2
-    href: aks-whats-new-23h2.md
+  - name: What's new in AKS on Azure Local
+    href: aks-whats-new-local.md
   - name: Concepts
     items:
     - name: Architecture
@@ -33,9 +33,11 @@
     - name: High availability
       items: 
       - name: Use availability sets
-        href: availability-sets.md   
+        href: availability-sets.md
     - name: Supported scale requirements
       href: scale-requirements.md
+    - name: Connectivity modes
+      href: connectivity-modes.md  
     - name: Billing
       items:
       - name: Pricing details
@@ -76,6 +78,10 @@
           href: deploy-load-balancer-portal.md
         # - name: Troubleshoot issues
         #   href: load-balancer-troubleshoot.md
+    - name: Security
+      items:
+      - name: Encrypt etcd secrets
+        href: encrypt-etcd-secrets.md
     - name: AI and Machine Learning
       items:
       - name: Deploy an AI model with the AI toolchain operator
@@ -85,9 +91,9 @@
       - name: Enable Microsoft Entra ID authentication for Kubernetes clusters
         href: enable-authentication-microsoft-entra-id.md
       - name: Use Azure RBAC for Kubernetes authorization
-        href: azure-rbac-23h2.md
+        href: azure-rbac-local.md
       - name: Use Kubernetes RBAC with Microsoft Entra ID
-        href: kubernetes-rbac-23h2.md
+        href: kubernetes-rbac-local.md
       - name: Retrieve certificate-based admin kubeconfig
         href: retrieve-admin-kubeconfig.md
       - name: Configure SSH keys for a cluster
@@ -99,6 +105,7 @@
       - name: Deploy and configure Workload Identity
         href: workload-identity.md     
     - name: Storage
+      href: concepts-storage.md
       items:
       - name: CSI storage drivers
         items: 
@@ -132,6 +139,8 @@
             href: kubernetes-monitor-object-events.md
           - name: Get kubelet logs
             href: aks-get-kubelet-logs.md
+          - name: Monitor control plane metrics
+            href: control-plane-metrics.md
           - name: Enable Container Insights
             href: /azure/azure-monitor/containers/kubernetes-monitoring-enable
           - name: Monitor Kubernetes audit events
@@ -148,28 +157,40 @@
       href: aks-troubleshoot.md
     - name: Control plane configuration validation errors
       href: control-plane-validation-errors.md
-    - name: Connectivity issues with MetalLB
-      href: load-balancer-issues.md 
     - name: K8sVersionValidation error
       href: cluster-k8s-version.md
     - name: Use diagnostic checker
       href: aks-arc-diagnostic-checker.md
     - name: KubeAPIServer unreachable error
       href: kube-api-server-unreachable.md
-    - name: Can't see VM SKUs on Azure portal
-      href: check-vm-sku.md
-    - name: Deleted AKS Arc cluster still visible on Azure portal
-      href: deleted-cluster-visible.md
+    - name: Can't create/scale AKS cluster due to image issues
+      href: gallery-image-not-usable.md
+    - name: Disk space exhaustion on control plane VMs
+      href: kube-apiserver-log-overflow.md
+    - name: Telemetry pod consumes too much memory and CPU  
+      href: telemetry-pod-resources.md
+    - name: Issues after deleting storage volumes
+      href: delete-storage-volume.md
     - name: Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources
       href: delete-cluster-pdb.md
     - name: Azure Advisor upgrade recommendation
       href: azure-advisor-upgrade.md
-    - name: Issues after deleting storage volumes
-      href: delete-storage-volume.md
+    - name: Deleted AKS Arc cluster still visible on Azure portal
+      href: deleted-cluster-visible.md
+    - name: Can't see VM SKUs on Azure portal
+      href: check-vm-sku.md
+    - name: Connectivity issues with MetalLB
+      href: load-balancer-issues.md
+    - name: Troubleshoot general network validation errors
+      href: network-validation-errors.md
+    - name: Network validation error due to .local domain
+      href: network-validation-error-local.md
   - name: Reference
     items:
     - name: Azure CLI
       href: /cli/azure/aksarc
+    - name: Azure PowerShell
+      href: /powershell/module/az.aksarc/
     - name: REST API reference
       href: /rest/api/hybridcontainer/operation-groups
   - name: Resources
@@ -188,6 +209,8 @@
     href: aks-edge-overview.md
   - name: System requirements and support matrix
     href: aks-edge-system-requirements.md
+  - name: What's new in AKS Edge Essentials
+    href: aks-edge-whats-new.md
   - name: Quickstart
     href: aks-edge-quickstart.md
   - name: Concepts
@@ -222,14 +245,20 @@
       href: aks-edge-howto-deploy-azure-iot.md
     - name: Offline installation
       href: aks-edge-howto-offline-install.md
-    - name: Access TPM secrets
-      href: aks-edge-howto-access-tpm.md
     - name: Additional configuration
       href: aks-edge-howto-more-configs.md
     - name: Use GPU acceleration
       href: aks-edge-gpu.md
-    - name: Configure Workload Identity
-      href: aks-edge-workload-identity.md
+    - name: Security
+      items:
+      - name: Configure Workload Identity
+        href: aks-edge-workload-identity.md      
+      - name: Access TPM secrets
+        href: aks-edge-howto-access-tpm.md
+      - name: Enable secret encryption with the KMS plugin
+        href: aks-edge-howto-secret-encryption.md
+      - name: Use the Key Manager for Kubernetes extension
+        href: aks-edge-howto-key-manager.md        
     - name: Update AKS Edge Essentials
       items:
       - name: Update online
@@ -260,12 +289,12 @@
     items:
     - name: AKS Edge Essentials PowerShell 
       href: ./reference/aks-edge-ps/index.md
+    - name: Get support
+      href: aks-edge-help-support.md
     - name: Troubleshooting 
       href: aks-edge-troubleshoot-overview.md
     - name: Logs 
       href: aks-edge-resources-logs.md
-    - name: Release notes and known issues
-      href: https://github.com/Azure/AKS-Edge/releases
     - name: File bugs
       href: https://github.com/Azure/AKS-Edge/issues
     - name: AKS Edge Essentials pricing
@@ -324,6 +353,8 @@
         href: vnet.yml
 - name: AKS on Windows Server
   items:
+  - name: AKS on Windows Server retirement
+    href: aks-windows-server-retirement.md
   - name: Overview
     href: overview.md
   - name: System requirements
@@ -340,23 +371,6 @@
             href: setup.md
           - name: Create a Kubernetes cluster
             href: create-kubernetes-cluster.md
-  - name: Tutorial
-    items:
-      - name: 1 - Prepare an application
-        href: tutorial-kubernetes-prepare-application.md
-      - name: 2 - Create container registry
-        href: tutorial-kubernetes-prepare-azure-container-registry.md
-      - name: 3 - Deploy a workload cluster
-        href: tutorial-kubernetes-deploy-cluster.md
-      - name: 4 - Run an application
-        href: tutorial-kubernetes-deploy-application.md
-      - name: 5 - Scale an application
-        href: tutorial-kubernetes-scale.md
-      - name: 6 - Update an application
-        href: tutorial-kubernetes-app-update.md
-      - name: 7 - Upgrade Kubernetes cluster 
-        # Remove this, we don tneed to upgrade K8s in this tutorial.
-        href: tutorial-kubernetes-upgrade-cluster.md
   - name: Concepts
     items:
     - name: Quotas and resource limits
@@ -397,8 +411,6 @@
           href: concepts-node-networking.md
         - name: Kubernetes container networking
           href: concepts-container-networking.md
-    - name: Storage
-      href: concepts-storage.md
     - name: Application availability
       href: app-availability.md
     - name: Scale
@@ -538,7 +550,7 @@
       - name: Use OpenFaaS
         href: openfaas.md
       - name: Use Bridge to Kubernetes with Visual Studio Code
-        href: https://code.visualstudio.com/docs/containers/bridge-to-kubernetes
+        href: /visualstudio/bridge/bridge-to-kubernetes-vs-code
       - name: Use Bridge to Kubernetes with Visual Studio
         href: /visualstudio/containers/bridge-to-kubernetes
       - name: Deploy a Java application with Open Liberty or WebSphere Liberty
@@ -557,7 +569,7 @@
       href: aks-hybrid-preview-uninstall.md
     - name: Troubleshooting overview
       href: troubleshoot-overview.md
-    - name: Azure Arc enabled Kubernetes
+    - name: Azure Arc-enabled Kubernetes
       href: known-issues-arc.yml
     - name: Pre-installation validation tests
       href: validation-tests.md
@@ -583,12 +595,6 @@
       href: known-issues-uninstall.yml
     - name: Other
       href: known-issues.yml
-    - name: Azure Local issues
-      items:
-      - name: Cluster validation reporting in Azure Local
-        href: /azure-stack/hci/manage/validate-qos
-      - name: CredSSP in Azure Local
-        href: /azure-stack/hci/manage/troubleshoot-credssp
     - name: Support policies
       href: support-policies.md
     - name: Get support

AKS-Arc/ad-sso.md

@@ -1,31 +1,31 @@
 ---
-title: Use Active Directory single sign-on for secure connection to Kubernetes API server in AKS enabled by Azure Arc
+title: Use Active Directory single sign-on for secure connection to Kubernetes API server in AKS on Windows Server
 description: Use Active Directory Authentication to securely connect to the API server with SSO credentials
 author: sethmanheim
 ms.topic: how-to
-ms.date: 08/07/2024
+ms.date: 04/02/2025
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
-ms.reviewer: sulahiri
+ms.reviewer: leslielin
 
 # Intent: As an IT Pro, I want to ue Active Directory Authentication to securely connect to the Kubernetes API server with SSO credentials.
 # Keyword: secure connection to Kubernetes API server
 
 ---
 
-# Use Active Directory single sign-on for secure connection to Kubernetes API server in AKS enabled by Azure Arc
+# Use Active Directory single sign-on for secure connection to Kubernetes API server in AKS on Windows Server
 
 [!INCLUDE [applies-to-azure stack-hci-and-windows-server-skus](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 
-You can create a secure connection to your Kubernetes API server in AKS enabled by Arc using Active Directory (AD) single sign-on (SSO) credentials.
+You can create a secure connection to your Kubernetes API server in AKS on Windows Server using Active Directory (AD) single sign-on (SSO) credentials.
 
-## Overview of AD in AKS enabled by Arc
+## Overview of AD in AKS on Windows Server
 
-Without Active Directory authentication, you must rely on a certificate-based _kubeconfig_ file when you connect to the API server via the `kubectl` command. The **kubeconfig** file contains secrets such as private keys and certificates that need to be carefully distributed, which can be a significant security risk.
+Without Active Directory authentication, you must rely on a certificate-based *kubeconfig* file when you connect to the API server via the `kubectl` command. The **kubeconfig** file contains secrets such as private keys and certificates that need to be carefully distributed, which can be a significant security risk.
 
-As an alternative to using certificate-based kubeconfig, you can use AD SSO credentials as a secure way to connect to the API server. AD integration with AKS Arc lets users on a Windows domain-joined machine connect to the API server via `kubectl` using their SSO credentials. This removes the need to manage and distribute certificate-based kubeconfig files that contain private keys.
+As an alternative to using certificate-based **kubeconfig**, you can use AD SSO credentials as a secure way to connect to the API server. AD integration with AKS Arc lets users on a Windows domain-joined machine connect to the API server via `kubectl` using their SSO credentials. This removes the need to manage and distribute certificate-based **kubeconfig** files that contain private keys.
 
-AD integration uses AD kubeconfig, which is distinct from the certificate-based kubeconfig files and doesn't contain any secrets. However, the certificate-based kubeconfig file can be used for backup purposes, such as troubleshooting, if there are issues with connecting using Active Directory credentials.
+AD integration uses AD **kubeconfig**, which is distinct from the certificate-based **kubeconfig** files and doesn't contain any secrets. However, the certificate-based **kubeconfig** file can be used for backup purposes, such as troubleshooting, if there are issues with connecting using Active Directory credentials.
 
 Another security benefit with AD integration is that the users and groups are stored as [security identifiers (SIDs)](/troubleshoot/windows-server/identity/security-identifiers-in-windows). Unlike group names, SIDs are immutable and unique and therefore present no naming conflicts.
 
@@ -77,7 +77,7 @@ Before you can install AD authentication, the workload cluster must be installed
 
 #### Option 1
 
-For a domain-joined Azure Local or Windows Server cluster, open PowerShell as an administrator and run the following command:
+For a domain-joined Windows Server cluster, open PowerShell as an administrator and run the following command:
 
 ```powershell
 Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/[email protected] -adminUser contoso\bob

AKS-Arc/adapt-apps-mixed-os-clusters.md

@@ -1,6 +1,6 @@
 ---
 title: Adapt applications for use in mixed-OS Kubernetes clusters
-description: Learn how to use node selectors or taints and tolerations on Azure Kubernetes Service to ensure applications in mixed OS Kubernetes clusters running on AKS Arc are scheduled on the correct worker node operating system.
+description: Learn how to use node selectors or taints and tolerations on Azure Kubernetes Service to ensure applications in mixed OS Kubernetes clusters running on AKS on Windows Server are scheduled on the correct worker node operating system.
 author: sethmanheim
 ms.topic: how-to
 ms.date: 06/27/2024
@@ -16,9 +16,9 @@ ms.reviewer: abha
 
 [!INCLUDE [applies-to-azure stack-hci-and-windows-server-skus](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 
-AKS enabled by Arc enables you to run Kubernetes clusters with both Linux and Windows nodes, but you must make small edits to your apps for use in these mixed-OS clusters. This how-to guide describes how to ensure your application gets scheduled on the right host OS using either node selectors or taints and tolerations.
+AKS on Windows Server enables you to run Kubernetes clusters with both Linux and Windows nodes, but you must make small edits to your apps for use in these mixed-OS clusters. This how-to guide describes how to ensure your application gets scheduled on the right host OS using either node selectors or taints and tolerations.
 
-This article assumes a basic understanding of Kubernetes concepts. For more information, see [Kubernetes core concepts for AKS enabled by Arc](kubernetes-concepts.md).
+This article assumes a basic understanding of Kubernetes concepts. For more information, see [Kubernetes core concepts for AKS on Windows Server](kubernetes-concepts.md).
 
 ## Node selectors