Merge pull request #16659 from MicrosoftDocs/main

Taojunshen · web-flow · commit 3151e9b39e9e · 2024-12-24T06:58:54.000+08:00
12/23/2024 PM Publish
diff --git a/AKS-Hybrid/aks-create-clusters-cli.md b/AKS-Hybrid/aks-create-clusters-cli.md
@@ -247,7 +247,7 @@ To see the Azure Vote app in action, open a web browser to the external IP addre
 Run the `az aksarc delete` command to clean up the cluster you created:
 
 ```azurecli
-az aksarc delete --resource-group $aksclustername --name $resource_group
+az aksarc delete --name $aksclustername --resource-group $resource_group
 ```
 
 ## Next steps
diff --git a/AKS-Hybrid/create-clusters-bicep.md b/AKS-Hybrid/create-clusters-bicep.md
@@ -36,163 +36,38 @@ Before you begin, make sure you have the following prerequisites:
 
 To create an SSH key pair (same as Azure AKS), use the following procedure:
 
-1. [Open a Cloud Shell session](https://shell.azure.com) in your browser.
-1. Create an SSH key pair using the `az sshkey create` Azure CLI command or the `ssh-keygen` command:
+1. [Open a Cloud Shell session](https://shell.azure.com) in your browser or open a terminal on your local machine.
+1. Create an SSH key pair using `az sshkey create`:
 
    ```azurecli
-   # Create an SSH key pair using Azure CLI
-   az sshkey create --name "mySSHKey" --resource-group "myResourceGroup"
+   az sshkey create --name <Public_SSH_Key> --resource-group <Resource_Group_Name>
    ```
 
-   Or, create an SSH key pair using `ssh-keygen`:
+   Or, create a local SSH key pair using `ssh-keygen`:
 
    ```bash  
    ssh-keygen -t rsa -b 4096
    ```
 
-For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed).
-
-## Update and review the Bicep scripts
-
-This section shows the Bicep parameter and template files. These files are also available in an [Azure Quickstart template](https://github.com/Azure/azure-quickstart-templates).
-
-### Bicep parameter file: aksarc.bicepparam
-
-```bicep
-using 'main.bicep'
-param aksClusterName = 'aksarc-bicep-new'
-param aksControlPlaneIP = 'x.x.x.x'
-param sshPublicKey = 'ssh_public_key'
-param hciLogicalNetworkName = 'lnet_name'
-param hciCustomLocationName = 'cl_name'
-param aksNodePoolOSType = 'Linux'
-param aksNodePoolNodeCount = 1
-```
-
-### Bicep template file: main.bicep
-
-```bicep
-@description('The name of AKS Arc cluster resource')
-param aksClusterName string
-param location string = 'eastus'
-
-// Default to 1 node CP
-@description('The name of AKS Arc cluster control plane IP, provide this parameter during deployment')
-param aksControlPlaneIP string
-param aksControlPlaneNodeSize string = 'Standard_A4_v2'
-param aksControlPlaneNodeCount int = 1
-
-// Default to 1 node NP
-param aksNodePoolName string = 'nodepool1'
-param aksNodePoolNodeSize string = 'Standard_A4_v2'
-param aksNodePoolNodeCount int = 1
-@allowed(['Linux', 'Windows'])
-param aksNodePoolOSType string = 'Linux'
-
-@description('SSH public key used for cluster creation, provide this parameter during deployment')
-param sshPublicKey string
-
-// Build LNet ID from LNet name
-@description('The name of LNet resource, provide this parameter during deployment')
-param hciLogicalNetworkName string
-resource logicalNetwork 'Microsoft.AzureStackHCI/logicalNetworks@2023-09-01-preview' existing = {
-  name: hciLogicalNetworkName
-}
-
-// Build custom location ID from custom location name
-@description('The name of custom location resource, provide this parameter during deployment')
-param hciCustomLocationName string
-var customLocationId = resourceId('Microsoft.ExtendedLocation/customLocations', hciCustomLocationName) 
-
-// Create the connected cluster. This is the Arc representation of the AKS cluster, used to create a Managed Identity for the provisioned cluster.
-resource connectedCluster 'Microsoft.Kubernetes/ConnectedClusters@2024-01-01' = {
-  location: location
-  name: aksClusterName
-  identity: {
-    type: 'SystemAssigned'
-  }
-  kind: 'ProvisionedCluster'
-  properties: {
-    agentPublicKeyCertificate: ''
-    aadProfile: {
-      enableAzureRBAC: false
-    }
-  }
-}
-
-// Create the provisioned cluster instance. This is the actual AKS cluster and provisioned on your Azure Local cluster via the Arc Resource Bridge.
-resource provisionedClusterInstance 'Microsoft.HybridContainerService/provisionedClusterInstances@2024-01-01' = {
-  name: 'default'
-  scope: connectedCluster
-  extendedLocation: {
-    type: 'CustomLocation'
-    name: customLocationId
-  }
-  properties: {
-    linuxProfile: {
-      ssh: {
-        publicKeys: [
-          {
-            keyData: sshPublicKey
-          }
-        ]
-      }
-    }
-    controlPlane: {
-      count: aksControlPlaneNodeCount
-      controlPlaneEndpoint: {
-        hostIP: aksControlPlaneIP
-      }
-      vmSize: aksControlPlaneNodeSize
-    }
-    networkProfile: {
-      loadBalancerProfile: {
-        count: 0
-      }
-      networkPolicy: 'calico'
-    }
-    agentPoolProfiles: [
-      {
-        name: aksNodePoolName
-        count: aksNodePoolNodeCount
-        vmSize: aksNodePoolNodeSize
-        osType: aksNodePoolOSType
-      }
-    ]
-    cloudProviderProfile: {
-      infraNetworkProfile: {
-        vnetSubnetIds: [
-          logicalNetwork.id
-        ]
-      }
-    }
-    storageProfile: {
-      nfsCsiDriver: {
-        enabled: true
-      }
-      smbCsiDriver: {
-        enabled: true
-      }
-    }
-  }
-}
-```
-
-The **Microsoft.HybridContainerService/provisionedClusterInstances** resource is defined in the Bicep file. If you want to explore more properties, [see the API reference](/azure/templates/microsoft.hybridcontainerservice/provisionedclusterinstances?pivots=deployment-language-bicep).
-
-## Deploy the Bicep file
-
-1. Save the Bicep file as **main.bicep** to your local computer.
-1. Update the parameters defined in **aksarc.bicepparam** and save it to your local computer.
-1. Deploy the Bicep file using Azure CLI:
+It's recommended that you create an SSH key pair in Azure, as you can use it later for node access or troubleshooting. For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed) and [Restrict SSH Access](restrict-ssh-access.md).
+
+## Download and update the Bicep scripts
+
+Download these two files from the [AKSArc GitHub repo](https://github.com/Azure/aksArc/tree/main/deploymentTemplates) for your Bicep deployment: **main.bicep** and **aksarc.bicepparam**. Update the parameters from **aksarc.bicepparam** as needed, and make sure all the default values from **main.bicep** are correct.
+
+The **Microsoft.HybridContainerService/provisionedClusterInstances** resource type is defined in **main.bicep**. If you want to customize more properties for cluster creation, see the [**provisionedClusterInstances** API Reference](/azure/templates/microsoft.hybridcontainerservice/provisionedclusterinstances?pivots=deployment-language-bicep).
+
+## Deploy the Bicep templates
+
+Create a Bicep deployment using Azure CLI:
 
    ```azurecli
-   az deployment group create --name BicepDeployment --resource-group myResourceGroupName --template-file main.bicep –-parameters aksarc.bicepparam
+   az deployment group create --name BicepDeployment --resource-group <Resource_Group_Name> --parameters aksarc.bicepparam
    ```
 
-## Validate the Bicep deployment and connect to the cluster
+## Validate the deployment and connect to the cluster
 
-You can now connect to your Kubernetes cluster by running the `az connectedk8s proxy` command from your development machine. You can also use **kubectl** to see the node and pod status. Follow the same steps as described in [Connect to the Kubernetes cluster](aks-create-clusters-cli.md#connect-to-the-kubernetes-cluster).
+You can now connect to your Kubernetes cluster by running `az connectedk8s proxy` command from your development machine. You can also use **kubectl** to see the node and pod status. Follow the same steps as described in [Connect to the Kubernetes cluster](aks-create-clusters-cli.md#connect-to-the-kubernetes-cluster).
 
 ## Next steps
 
diff --git a/azure-stack/operator/azure-stack-overview.md b/azure-stack/operator/azure-stack-overview.md
@@ -4,10 +4,10 @@ description: An overview of what Azure Stack Hub is and how it lets you run Azur
 author: sethmanheim
 
 ms.topic: overview
-ms.date: 01/31/2022
+ms.date: 12/23/2024
 ms.author: sethm
 ms.reviewer: unknown
-ms.lastreviewed: 10/31/2024
+ms.lastreviewed: 11/08/2019
 
 # Intent: As an Azure Stack operator, I want an overview of what Azure Stack is so I can start using it.
 # Keyword: use azure stack
@@ -29,7 +29,7 @@ Azure provides a rich platform for developers to build modern apps. However, som
 
 ### Data residency
 
-If the customer deploys Azure Stack Hub disconnected from global Azure and from the internet, no data that is stored on the appliance is sent to Microsoft. Azure Stack Hub is an on-premises appliance. Customers fully own and control the appliance, access to the appliance, and any data stored on the appliance. Disconnected deployment allows for complete control over data location by the customer. A customer can alternatively elect to connect an Azure Stack Hub appliance to global Azure or to the Internet in a hybrid workload scenario (for example, a solution that uses resources deployed on Azure Stack Hub and public Azure with data transmitting between both) or with hybrid cloud management (for example, connecting a virtual machine deployed on Azure Stack Hub to Azure Monitor in public Azure for monitoring.) In such scenarios, the customer is responsible for validating whether the Azure or other online services used with the appliance satisfy any data residency concerns. For more information about data residency, please see [Data residency in Azure](https://azure.microsoft.com/global-infrastructure/data-residency/).
+If the customer deploys Azure Stack Hub disconnected from global Azure and from the internet, no data that is stored on the appliance is sent to Microsoft. Azure Stack Hub is an on-premises appliance. Customers fully own and control the appliance, access to the appliance, and any data stored on the appliance. Disconnected deployment allows for complete control over data location by the customer. A customer can alternatively elect to connect an Azure Stack Hub appliance to global Azure or to the Internet in a hybrid workload scenario (for example, a solution that uses resources deployed on Azure Stack Hub and global Azure with data transmitting between both) or with hybrid cloud management (for example, connecting a virtual machine deployed on Azure Stack Hub to Azure Monitor in global Azure for monitoring.) In such scenarios, the customer is responsible for validating whether the Azure or other online services used with the appliance satisfy any data residency concerns. For more information about data residency, see [Data residency in Azure](https://azure.microsoft.com/global-infrastructure/data-residency/).
 
 ## Azure Stack Hub architecture
 
@@ -45,28 +45,25 @@ The Azure Stack Hub architecture lets you provide Azure services at the edge for
 
 Azure Stack Hub integrated systems are offered through a partnership of Microsoft and hardware partners, creating a solution that offers cloud-paced innovation and computing management simplicity. Because Azure Stack Hub is offered as an integrated hardware and software system, you have the flexibility and control you need, along with the ability to innovate from the cloud.
 
-An Azure Stack Hub integrated system can range in size from 4-16 servers, called a *scale unit*. Integrated systems are jointly supported by the hardware partner and Microsoft. The following diagram shows an example of a scale unit. 
+An Azure Stack Hub integrated system can range in size from 4-16 servers, called a *scale unit*. Integrated systems are supported by the hardware partner and Microsoft. The following diagram shows an example of a scale unit.
 
-![Diagram showing an Azure Stack Hub integrated system](./media/azure-stack-overview/azure-stack-integrated-system.svg). 
-
-<!---add info and image on regions, etc--->
+![Diagram showing an Azure Stack Hub integrated system](./media/azure-stack-overview/azure-stack-integrated-system.svg).
 
 ### Connection models
 
-You can choose to deploy Azure Stack Hub either **connected** to the internet (and to Azure) or **disconnected** from it. 
+You can choose to deploy Azure Stack Hub either **connected** to the internet (and to Azure) or **disconnected** from it.
 
 > For more information, see the considerations for [connected](azure-stack-connected-deployment.md) and [disconnected](azure-stack-disconnected-deployment.md) deployment models.
 
-### Identity provider 
+### Identity provider
 
-Azure Stack Hub uses either Microsoft Entra ID or Active Directory Federation Services (AD FS). Microsoft Entra ID is Microsoft's cloud-based, multi-tenant identity provider. Most hybrid scenarios with internet-connected deployments use Microsoft Entra ID as the identity store.
+Azure Stack Hub uses either Microsoft Entra ID or Active Directory Federation Services (AD FS). Microsoft Entra ID is Microsoft's cloud-based, multitenant identity provider. Most hybrid scenarios with internet-connected deployments use Microsoft Entra ID as the identity store.
 
 For disconnected deployments of Azure Stack Hub, you need to use AD FS. Azure Stack Hub resource providers and other apps work similarly with AD FS or Microsoft Entra ID. Azure Stack Hub includes its own Active Directory instance and an Active Directory Graph API.
 
-
 ## How is Azure Stack Hub managed?
 
-Azure Stack Hub uses the same operations model as Azure. An Azure Stack Hub operator can deliver a variety of services and apps to tenant users, similar to how Microsoft delivers Azure services to tenant users. 
+Azure Stack Hub uses the same operations model as Azure. An Azure Stack Hub operator can deliver a variety of services and apps to tenant users, similar to how Microsoft delivers Azure services to tenant users.
 
 ![Diagram showing Azure Stack Hub job roles](./media/azure-stack-overview/azure-stack-job-roles.svg)
 
@@ -78,7 +75,7 @@ As an Azure Stack Hub operator, you can deliver [VMs](./tutorial-offer-services.
 
 An operator can manage Azure Stack Hub with the [administrator portal](azure-stack-manage-portals.md) or [PowerShell](/powershell/azurestackhub/overview). You can configure Azure Stack Hub to [deliver services](service-plan-offer-subscription-overview.md) to tenants using plans, quotas, offers, and subscriptions. Tenant users can subscribe to multiple offers. Offers can have one or more plans, and plans can have one or more services. Operators also manage capacity and respond to alerts.
 
-Users consume services that the operator offers. Users can provision, monitor, and manage services that they've subscribed to, like web apps, storage, and VMs. Users can manage Azure Stack Hub with the user portal or PowerShell.
+Users consume services that the operator offers. Users can provision, monitor, and manage services that they're subscribed to, like web apps, storage, and VMs. Users can manage Azure Stack Hub with the user portal or PowerShell.
 
 > To learn more about managing Azure Stack Hub, including what accounts to use where, typical operator responsibilities, what to tell your users, and how to get help, review [Azure Stack Hub administration basics](azure-stack-manage-basics.md).
 
@@ -90,7 +87,7 @@ Resource providers are web services that form the foundation for all Azure Stack
 
 There are three foundational IaaS resource providers:
 
-- **Compute**: The Compute Resource Provider lets Azure Stack Hub tenants to create their own VMs. The Compute Resource Provider includes the ability to create VMs as well as VM extensions. The VM extension service helps provide IaaS capabilities for Windows and Linux VMs. As an example, you can use the Compute Resource Provider to provision a Linux VM and run Bash scripts during deployment to configure the VM.
+- **Compute**: The Compute Resource Provider lets Azure Stack Hub tenants to create their own VMs. The Compute Resource Provider includes the ability to create VMs and VM extensions. The VM extension service helps provide IaaS capabilities for Windows and Linux VMs. As an example, you can use the Compute Resource Provider to provision a Linux VM and run Bash scripts during deployment to configure the VM.
 - **Network Resource Provider**: The Network Resource Provider delivers a series of Software Defined Networking (SDN) and Network Function Virtualization (NFV) features for the private cloud. You can use the Network Resource Provider to create resources like software load balancers, public IPs, network security groups, and virtual networks.
 - **Storage Resource Provider**: The Storage Resource Provider delivers four Azure-consistent storage services: [blob](/azure/storage/common/storage-introduction#blob-storage), [queue](/azure/storage/common/storage-introduction#queue-storage), [table](/azure/storage/common/storage-introduction#table-storage), and [Key Vault](/azure/key-vault/) account management providing management and auditing of secrets, such as passwords and certificates. The storage resource provider also offers a storage cloud administration service to facilitate service provider administration of Azure-consistent storage services. Azure Storage provides the flexibility to store and retrieve large amounts of unstructured data, like documents and media files with Azure Blobs, and structured NoSQL based data with Azure Tables.
 
@@ -104,8 +101,8 @@ There are three optional PaaS resource providers that you can deploy and use wit
 
 ## Next steps
 
-[Administration basics](azure-stack-manage-basics.md).
+[Administration basics](azure-stack-manage-basics.md)
 
-[Quickstart: use the Azure Stack Hub administration portal](azure-stack-manage-portals.md).
+[Quickstart: use the Azure Stack Hub administration portal](azure-stack-manage-portals.md)
 
-[Understand usage and billing](azure-stack-usage-reporting.md).
+[Understand usage and billing](azure-stack-usage-reporting.md)
