Updates and edits

Author: sethmanheim

AKS-Hybrid/aks-hci-ip-address-planning.md

@@ -2,7 +2,7 @@
 title: IP address planning for AKS 
 description: Learn about how to plan for IP addresses and reservation, to deploy AKS in production. 
 ms.topic: conceptual
-ms.date: 10/08/2024
+ms.date: 11/19/2024
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: abha
@@ -15,16 +15,15 @@ ms.lastreviewed: 10/08/2024
 
 IP address planning for AKS involves designing a network that supports applications, node pools, pod networks, service communication, and external access. This article walks you through some key considerations for effective IP address planning, and minimum number of IP addresses required to deploy AKS in production. See the [AKS networking concepts and requirements](aks-hci-network-system-requirements.md) before reading this article.
 
-
 ## Simple IP address planning for Kubernetes clusters and applications
 
 In the following scenario walk-through, you reserve IP addresses from a single network for your Kubernetes clusters and services. This example is the most straightforward and simple scenario for IP address assignment.
 
 | IP address requirement    | Minimum number of IP addresses | How and where to make this reservation |
 |------------------|---------|---------------|
-| AKS Arc VM IPs | Reserve one IP address for every worker node in your Kubernetes cluster. For example, if you want to create 3 node pools with 3 nodes in each node pool, you need to have 9 IP addresses in your IP pool. | Reserve IP addresses through IP pools in Arc VM logical network. |
-| AKS Arc K8s version upgrade IPs | Because AKS Arc performs rolling upgrades, reserve one IP address for every AKS Arc cluster for Kubernetes version upgrade operations. | Reserve IP addresses through IP pools in Arc VM logical network. |
-| Control plane IP | Reserve one IP address for every Kubernetes cluster in your environment. For example, if you want to create 5 clusters in total, reserve 5 IP addresses, one for each Kubernetes cluster. | Reserve IP addresses through IP pools in Arc VM logical network. |
+| AKS Arc VM IPs | Reserve one IP address for every worker node in your Kubernetes cluster. For example, if you want to create 3 node pools with 3 nodes in each node pool, you need 9 IP addresses in your IP pool. | Reserve IP addresses through IP pools in the Arc VM logical network. |
+| AKS Arc K8s version upgrade IPs | Because AKS Arc performs rolling upgrades, reserve one IP address for every AKS Arc cluster for Kubernetes version upgrade operations. | Reserve IP addresses through IP pools in the Arc VM logical network. |
+| Control plane IP | Reserve one IP address for every Kubernetes cluster in your environment. For example, if you want to create 5 clusters in total, reserve 5 IP addresses, one for each Kubernetes cluster. | Reserve IP addresses through IP pools in the Arc VM logical network. |
 | Load balancer IPs | The number of IP addresses reserved depends on your application deployment model. As a starting point, you can reserve one IP address for every Kubernetes service. | Reserve IP addresses in the same subnet as the Arc VM logical network, but outside the IP pool. |
 
 ### Example walkthrough for IP address reservation for Kubernetes clusters and applications
@@ -80,7 +79,7 @@ AKS provides a **default value of 10.244.0.0/16** for the pod network CIDR. AKS
 
 The Service network CIDR is the range of IP addresses reserved for Kubernetes services like LoadBalancers, ClusterIP, and NodePort within a cluster. Kubernetes supports the following service types:
 - ClusterIP: The default service type, which exposes the service within the cluster. The IP assigned from the Service network CIDR is only accessible within the Kubernetes cluster.
-- NodePort: Exposes the service on a specific port on each node’s IP address. The ClusterIP is still used internally, but external access is through the node IPs and a specific port.
+- NodePort: Exposes the service on a specific port on each node's IP address. The ClusterIP is still used internally, but external access is through the node IPs and a specific port.
 - LoadBalancer: This type creates a cloud-provider-managed load balancer and exposes the service externally. The cloud provider typically manages the external IP assignment, while the internal ClusterIP remains within the service network CIDR.
 
 AKS provides a **default value of 10.96.0.0/12** for the service network CIDR. AKS does not support customizations for the service network CIDR today.

AKS-Hybrid/aks-hci-network-system-requirements.md

@@ -2,7 +2,7 @@
 title: AKS enabled by Azure Arc network requirements
 description: Learn about AKS network prerequisites.
 ms.topic: overview
-ms.date: 04/02/2024
+ms.date: 11/19/2024
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: abha
@@ -20,7 +20,7 @@ In this conceptual article, the following key components are introduced. These c
 - Logical network for AKS Arc VMs and control plane IP
 - Load balancer for containerized applications
 
-## Logical network for AKS Arc VMs and control plane IP
+## Logical networks for AKS Arc VMs and control plane IP
 
 Kubernetes nodes are deployed as specialized virtual machines in AKS enabled by Arc. These VMs are allocated IP addresses to enable communication between Kubernetes nodes. AKS Arc uses Azure Local logical networks to provide IP addresses and networking for the underlying VMs of the Kubernetes clusters. For more information about logical networks, see [Logical networks for Azure Local](/azure-stack/hci/manage/create-logical-networks?tabs=azurecli). You must plan to reserve one IP address per AKS cluster node VM in your Azure Local environment.
 

AKS-Hybrid/aks-networks.md

@@ -3,7 +3,7 @@ title: Create logical networks for Kubernetes clusters on Azure Local, version 2
 description: Learn how to create Arc-enabled logical networks for AKS.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 04/02/2024
+ms.date: 11/19/2024
 ms.author: sethm 
 ms.lastreviewed: 04/01/2024
 ms.reviewer: abha

AKS-Hybrid/arc-gateway-aks-arc.md

@@ -12,9 +12,9 @@ ms.lastreviewed: 11/18/2024
 
 # Simplify network configuration requirements with Azure Arc Gateway (preview)
 
-If you use enterprise proxies to manage outbound traffic, the Azure Arc gateway (preview) can help simplify the process of enabling connectivity.
+If you use enterprise proxies to manage outbound traffic, Azure Arc gateway can help simplify the process of enabling connectivity.
 
-The Azure Arc gateway (preview) lets you:
+The Azure Arc gateway (currently in preview) lets you:
 
 - Connect to Azure Arc by opening public network access to only seven fully qualified domain names (FQDNs).
 - View and audit all traffic that the Arc agents send to Azure via the Arc gateway.
@@ -28,59 +28,59 @@ The Azure Arc gateway (preview) lets you:
 
 The Arc gateway works by introducing two new components:
 
-- The **Arc gateway resource** is an Azure Resource that serves as a common front end for Azure traffic. The gateway resource is served on a specific domain/URL. You must create this resource by following the steps outlined in this article. After you successfully create the gateway resource, this domain/URL is included in the success response.
-- The **Arc Proxy** is a new component that runs as its own pod (called "Azure Arc Proxy"). This component acts as a forward proxy used by Azure Arc agents and extensions. There is no configuration required on your part for the Azure Arc Proxy. 
+- The **Arc gateway resource** is an Azure resource that serves as a common front end for Azure traffic. The gateway resource is served on a specific domain/URL. You must create this resource by following the steps described in this article. After you successfully create the gateway resource, this domain/URL is included in the success response.
+- The **Arc Proxy** is a new component that runs as its own pod (called *Azure Arc Proxy*). This component acts as a forward proxy used by Azure Arc agents and extensions. There is no configuration required on your part for the Azure Arc Proxy.
 
-Visit [how the Azure Arc gateway works](https://learn.microsoft.com/azure/azure-arc/kubernetes/arc-gateway-simplify-networking?tabs=azure-cli) to learn more.
+For more information, see [how the Azure Arc gateway works](/azure/azure-arc/kubernetes/arc-gateway-simplify-networking?tabs=azure-cli).
 
 > [!IMPORTANT]
-> Note that Azure Local and AKS do not support TLS terminating proxies, ExpressRoute/site-to-site VPN or private endpoints.
-> In addition, there is a limit of five Arc gateway resources per Azure subscription.
+> Azure Local and AKS do not support TLS terminating proxies, ExpressRoute/site-to-site VPN or private endpoints. Also, there is a limit of five Arc gateway resources per Azure subscription.
 
 ## Before you begin
-- Ensure you've gone through the [pre-requisites for creating AKS clusters on Azure Local](/aks-hci-network-system-requirements.md)
-- **The following Azure permissions are required** to create Arc gateway resources and manage their association with AKS Arc clusters:
-    - `Microsoft.Kubernetes/connectedClusters/settings/default/write`
-    - `Microsoft.hybridcompute/gateways/read`
-    - `Microsoft.hybridcompute/gateways/write`
-- **An Arc gateway resource** can be created using Azure CLI or Azure portal. Visit [create the Arc gateway resource in Azure](/hci/deploy/deployment-azure-arc-gateway-overview#create-the-arc-gateway-resource-in-azure) for more information on how to create an Arc gateway resource for your AKS clusters and Azure Local. Once you've created the Arc gateway resource, get the gateway resource ID by running the following command:
 
-```
-$gatewayId = "(az arcgateway show --name <gateway's name> --resource-group <resource group> --query id -o tsv)"
-```
+- Ensure you've completed the [pre-requisites for creating AKS clusters on Azure Local](/aks-hci-network-system-requirements.md)
+- The following Azure permissions are required to create Arc gateway resources and manage their association with AKS Arc clusters:
+  - `Microsoft.Kubernetes/connectedClusters/settings/default/write`
+  - `Microsoft.hybridcompute/gateways/read`
+  - `Microsoft.hybridcompute/gateways/write`
+- You can create an Arc gateway resource using Azure CLI or the Azure portal. For more information about how to create an Arc gateway resource for your AKS clusters and Azure Local, see [create the Arc gateway resource in Azure](/hci/deploy/deployment-azure-arc-gateway-overview#create-the-arc-gateway-resource-in-azure). When you create the Arc gateway resource, get the gateway resource ID by running the following command:
 
+  ```azurecli
+  $gatewayId = "(az arcgateway show --name <gateway's name> --resource-group <resource group> --query id -o tsv)"
+  ```
 
 ## Confirm access to required URLs
 
-Ensure your Arc gateway URL and all of the URLs below are allowed through your enterprise firewall: 
+Ensure your Arc gateway URL and all of the URLs below are allowed through your enterprise firewall:
 
 |URL  |Purpose  |
 |---------|---------|
-|`[Your URL prefix].gw.arc.azure.com`       | Your gateway URL. This URL can be obtained by running `az arcgateway list` after you create the resource.         |
-|`management.azure.com`    |Azure Resource Manager Endpoint, required for ARM control channel.         |
+|`[Your URL prefix].gw.arc.azure.com`       | Your gateway URL. You can obtain this URL by running `az arcgateway list` after you create the resource.         |
+|`management.azure.com`    |Azure Resource Manager endpoint, required for the Azure Resource Manager control channel.         |
 |`<region>.obo.arc.azure.com`     |Required when [Cluster connect](conceptual-cluster-connect.md) is configured.         |
 |`login.microsoftonline.com`, `<region>.login.microsoft.com`     | Microsoft Entra ID endpoint, used for acquiring identity access tokens.         |
-|`gbl.his.arc.azure.com`, `<region>.his.arc.azure.com`   |The cloud service endpoint for communicating with Arc Agents. Uses short names, for example `eus` for East US.          |
+|`gbl.his.arc.azure.com`, `<region>.his.arc.azure.com`   |The cloud service endpoint for communicating with Arc Agents. Uses short names; for example `eus` for East US.          |
 |`mcr.microsoft.com`, `*.data.mcr.microsoft.com`     |Required to pull container images for Azure Arc agents.         |
 
 ## Create AKS Arc clusters with Arc gateway enabled
+
 Run the following command to create AKS Arc clusters with Arc gateway enabled
 
-```azcli
+```azurecli
 az aksarc create -n $clusterName -g $resourceGroup --custom-location $customlocationID --vnet-ids $arcVmLogNetId --aad-admin-group-object-ids $aadGroupID --gateway-id $gatewayId --generate-ssh-keys
 ```
 
 ## Monitor traffic
 
-To audit your gateway's traffic, view the gateway router's logs:
+To audit your gateway traffic, view the gateway router logs:
 
-1. Run `kubectl get pods -n azure-arc`
-2. Identify the Arc Proxy pod (its name will begin with `arc-proxy-`).
-3. Run `kubectl logs -n azure-arc <Arc Proxy pod name>`
+1. Run `kubectl get pods -n azure-arc`.
+1. Identify the Arc Proxy pod (its name will begin with `arc-proxy-`).
+1. Run `kubectl logs -n azure-arc <Arc Proxy pod name>`.
 
-## Additional scenarios
+## Other scenarios
 
-During the public preview, Arc gateway covers endpoints required for AKS Arc clusters, and a portion of endpoints required for additional Arc-enabled scenarios. Based on the scenarios you adopt, additional endpoints are still required to be allowed in your proxy.
+During the public preview, Arc gateway covers endpoints required for AKS Arc clusters, and a portion of endpoints required for additional Arc-enabled scenarios. Based on the scenarios you adopt, additional endpoints must still be allowed in your proxy.
 
 All endpoints listed for the following scenarios must be allowed in your enterprise proxy when Arc gateway is in use:
 
@@ -102,4 +102,5 @@ All endpoints listed for the following scenarios must be allowed in your enterpr
   - `*.monitoring.azure.com`
 
 ## Next steps
-- [Deploy extension for MetalLB for Azure Arc enabled Kubernetes clusters](/deploy-load-balancer-cli.md).
+
+- [Deploy extension for MetalLB for Azure Arc enabled Kubernetes clusters](deploy-load-balancer-cli.md).

AKS-Hybrid/availability-sets.md

@@ -3,7 +3,7 @@ title: Availability sets in AKS enabled by Azure Arc
 description: Learn how to enable availability sets in AKS Arc to improve the availability and distribution of your Kubernetes workloads.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 09/06/2024
+ms.date: 11/19/2024
 ms.author: sethm 
 ms.reviewer: rbaziwane
 ms.lastreviewed: 08/15/2024
@@ -22,12 +22,9 @@ Availability sets offer several benefits for AKS on Azure Local users, such as:
 - Optimizes the resource usage and performance of your cluster by ensuring that VMs are evenly distributed across the available nodes and not concentrated on a single node or a subset of nodes.
 - Aligns with the best practices and expectations of your customers and partners who are looking for a reliable and consistent on-premises Kubernetes experience.
 
-
 ## Enable availability sets
 
-**With AKS on Azure Local, version 23H2, the availability sets feature is enabled by default when you create a node pool.** 
-With AKS on Windows Server, you can enable availability sets feature by adding the `-enableAvailabilitySet` parameter when you create an AKS cluster. For example: `New-AksHciCluster -Name <name> -controlPlaneNodeCount 3 -osType Linux -kubernetesVersion $kubernetesVersion -enableAvailabilitySet`.
-
+With AKS on Azure Local, version 23H2, the availability sets feature is enabled by default when you create a node pool. With AKS on Windows Server, you can enable availability sets feature by adding the `-enableAvailabilitySet` parameter when you create an AKS cluster; for example, `New-AksHciCluster -Name <name> -controlPlaneNodeCount 3 -osType Linux -kubernetesVersion $kubernetesVersion -enableAvailabilitySet`.
 
 ## How availability sets work in AKS enabled by Azure Arc