More articles

Author: sethmanheim

AKS-Arc/concepts-security-access-identity.md

@@ -121,7 +121,7 @@ With this feature, you not only give users permissions to the AKS resource acros
 
 ## Microsoft Entra integration
 
-Enhance your AKS cluster security with Microsoft Entra integration. Built on enterprise identity management experience, Microsoft Entra ID is a multitenant, cloud-based directory and identity management service that combines core directory services, application access management, and identity protection. With Microsoft Entra ID, you can integrate on-premises identities into AKS clusters to provide a single source for account management and security.
+Microsoft Entra integration can help to enhance your AKS cluster security. Built on enterprise identity management experience, Microsoft Entra ID is a multitenant, cloud-based directory and identity management service that combines core directory services, application access management, and identity protection. With Microsoft Entra ID, you can integrate on-premises identities into AKS clusters to provide a single source for account management and security.
 
 :::image type="content" source="media/concepts-security-access-identity/entra-integration.png" alt-text="Flowchart showing Entra integration." lightbox="media/concepts-security-access-identity/entra-integration.png":::
 
@@ -143,7 +143,6 @@ The following table contains a summary of how users can authenticate to Kubernet
 3. Run `kubectl` commands.
    - The first command can trigger browser-based authentication to authenticate to the Kubernetes cluster, as described in the following table.
 
-
 | Description                                                  | Role grant required                                          | Cluster admin Microsoft Entra groups                       | When to use                                                  |
 | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | Admin login using client certificate                  | [Azure Kubernetes Service Arc Cluster Admin Role](/azure/role-based-access-control/built-in-roles/containers#azure-kubernetes-service-arc-cluster-admin-role). This role allows `az aksarc get-credentials` to be used with the `--admin` flag, which downloads a non-Microsoft Entra cluster admin certificate into the user's **.kube/config**. This is the only purpose of the Azure Kubernetes Admin role. | n/a                                                          | If you're permanently blocked by not having access to a valid Microsoft Entra group with access to your cluster. |

AKS-Arc/create-kubernetes-cluster.md

@@ -3,7 +3,7 @@ title: Quickstart to create a local Kubernetes cluster using Windows Admin Cente
 description: Learn how to create a local Kubernetes cluster using Windows Admin Center
 author: sethmanheim
 ms.topic: quickstart
-ms.date: 12/27/2023
+ms.date: 07/03/2025
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: dawhite

AKS-Arc/deploy-load-balancer-cli.md

@@ -3,7 +3,7 @@ title: Create a MetalLB load balancer using the Azure CLI
 description: Learn how to deploy extension for MetalLB for Azure Arc enabled Kubernetes clusters
 ms.topic: how-to
 ms.custom: devx-track-azurecli
-ms.date: 04/02/2024
+ms.date: 07/03/2025
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: xinyuhe
@@ -14,13 +14,13 @@ ms.lastreviewed: 04/02/2024
 
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 
-The main purpose of a load balancer is to distribute traffic across multiple nodes in a Kubernetes cluster. This can help prevent downtime and improve overall performance of applications. AKS enabled by Azure Arc supports creating [MetalLB](https://metallb.universe.tf/) load balancer instance on your Kubernetes cluster using an Arc extension.
+The main purpose of a load balancer is to distribute traffic across multiple nodes in a Kubernetes cluster. This can help prevent downtime and improve overall performance of applications. AKS enabled by Azure Arc supports creating a [MetalLB](https://metallb.universe.tf/) load balancer instance on your Kubernetes cluster using an Arc extension.
 
 ## Prerequisites
 
-- An Azure Arc enabled Kubernetes cluster with at least one Linux node. You can create a Kubernetes cluster on Azure Local using the [Azure CLI](aks-create-clusters-cli.md) or the [Azure portal](aks-create-clusters-portal.md). AKS on Azure Local clusters are Arc-enabled by default.
-- Make sure you have enough IP addresses for the load balancer. For AKS on Azure Local, ensure that the IP addresses reserved for the load balancer do not conflict with the IP addresses in Arc VM logical networks and control plane IPs. For more information about IP address planning and networking in Kubernetes, see [Networking requirements for Kubernetes](aks-hci-network-system-requirements.md) and [IP address planning for Kubernetes](aks-hci-ip-address-planning.md).
-- This how-to guide assumes you understand how Metal LB works. For more information, see the [overview for MetalLB for Kubernetes](load-balancer-overview.md).
+- An Azure Arc-enabled Kubernetes cluster with at least one Linux node. You can create a Kubernetes cluster on Azure Local using the [Azure CLI](aks-create-clusters-cli.md) or the [Azure portal](aks-create-clusters-portal.md). AKS on Azure Local clusters are Arc-enabled by default.
+- Make sure you have enough IP addresses for the load balancer. For AKS on Azure Local, ensure that the IP addresses reserved for the load balancer don't conflict with the IP addresses in Arc VM logical networks and control plane IPs. For more information about IP address planning and networking in Kubernetes, see [Networking requirements for Kubernetes](aks-hci-network-system-requirements.md) and [IP address planning for Kubernetes](aks-hci-ip-address-planning.md).
+- This how-to guide assumes you understand how MetalLB works. For more information, see the [overview for MetalLB for Kubernetes](load-balancer-overview.md).
 
 ## Install the Azure CLI extension
 
@@ -34,28 +34,29 @@ az extension add -n k8s-runtime --upgrade
 
 Configure the following variables before proceeding:
 
-| Parameter                      | Description             | 
+| Parameter                      | Description             |
 | ----------------------------- | ------------------------ |
 | `$subId`    | Azure subscription ID of your Kubernetes cluster. |
 | `$rgName` | Azure resource group of your Kubernetes cluster. |
 | `$clusterName` | The name of your Kubernetes cluster. |
 
-### Option 1: Enable Arc extension for MetalLB using `az k8s-runtime load-balancer enable` command
+### Option 1: Enable Arc extension for MetalLB using `az k8s-runtime load-balancer enable`
 
-To enable the Arc extension for MetalLB using the following command, you must have [Graph permission Application.Read.All](/graph/permissions-reference#applicationreadall). You can check if you have this permission by logging into your Azure subscription, and running the following command: 
+To enable the Arc extension for MetalLB using the following command, you must have [Graph permission Application.Read.All](/graph/permissions-reference#applicationreadall). You can check if you have this permission by logging into your Azure subscription, and running the following command:
 
 ```azurecli
-`az ad sp list --filter "appId eq '087fca6e-4606-4d41-b3f6-5ebdf75b8b4c'" --output json`
+az ad sp list --filter "appId eq '087fca6e-4606-4d41-b3f6-5ebdf75b8b4c'" --output json
 ```
+
 If the command fails, contact your Azure tenant administrator to get `Application.Read.All` role.
 
-If you do have the permission, you can use the [`az k8s-runtime load-balancer enable`](/cli/azure/k8s-runtime/load-balancer#az-k8s-runtime-load-balancer-enable) command to install the Arc extension and register the resource provider for your Kubernetes cluster. The `--resource-uri` parameter refers to the resource manager ID of your Kubernetes cluster.
+If you do have the permission, you can use the [`az k8s-runtime load-balancer enable`](/cli/azure/k8s-runtime/load-balancer#az-k8s-runtime-load-balancer-enable) command to install the Arc extension and register the resource provider for your Kubernetes cluster. The `--resource-uri` parameter refers to the resource manager ID of your Kubernetes cluster:
 
 ```azurecli
 az k8s-runtime load-balancer enable --resource-uri subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Kubernetes/connectedClusters/$clusterName
 ```
 
-### Option 2: Enable Arc extension for MetalLB using `az k8s-extension add` command
+### Option 2: Enable Arc extension for MetalLB using `az k8s-extension add`
 
 If you don't have [Graph permission Application.Read.All](/graph/permissions-reference#applicationreadall), you can follow these steps:
 
@@ -72,33 +73,34 @@ az provider show -n Microsoft.KubernetesRuntime -o table
 ```
 
 Expected output:
+
 ```output
 Namespace                    RegistrationPolicy    RegistrationState
 ---------------------------  --------------------  -------------------
 Microsoft.KubernetesRuntime  RegistrationRequired  Registered
 ```
 
-2. To install the Arc extension for MetalLB, obtain the AppID of the MetalLB extension resource provider, and then run the extension create command. You must run the following commands once per Arc Kubernetes cluster.
+1. To install the Arc extension for MetalLB, obtain the AppID of the MetalLB extension resource provider, and then run the extension create command. You must run the following commands once per Arc Kubernetes cluster.
 
 Obtain the Application ID of the Arc extension by running [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list). In order to run the following command, you must be a `user` member of your Azure tenant. For more information about user and guest membership, see [default user permissions in Microsoft Entra ID](/entra/fundamentals/users-default-permissions).
 
 ```azurecli
 $objID = az ad sp list --filter "appId eq '00001111-aaaa-2222-bbbb-3333cccc4444'" --query "[].id" --output tsv
 ```
 
-Once you have the $objID, you can install the MetalLB Arc extension on your Kubernetes cluster. To run the below command, you need to have [**Kubernetes extension contributor**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-extension-contributor) role.
+Once you have the `objID`, you can install the MetalLB Arc extension on your Kubernetes cluster. To run the following command, you must have the [**Kubernetes extension contributor**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-extension-contributor) role.
 
 ```azurecli
 az k8s-extension create --cluster-name $clusterName -g $rgName --cluster-type connectedClusters --extension-type microsoft.arcnetworking --config k8sRuntimeFpaObjectId=$objID -n arcnetworking
 ```
 
 ## Deploy MetalLB load balancer on your Kubernetes cluster
 
-You can now create a load balancer for your Kubernetes cluster remotely by running the [`az k8s-runtime load-balancer create`](/cli/azure/k8s-runtime/load-balancer#az-k8s-runtime-load-balancer-create) command. This command creates a custom resource of type `IPAddressPool` in the namespace `kube-system`. 
+You can now create a load balancer for your Kubernetes cluster remotely by running the [`az k8s-runtime load-balancer create`](/cli/azure/k8s-runtime/load-balancer#az-k8s-runtime-load-balancer-create) command. This command creates a custom resource of type `IPAddressPool` in the namespace `kube-system`.
 
 Configure the following variables before proceeding:
 
-| Parameter                      | Description             | 
+| Parameter                      | Description             |
 | ----------------------------- | ------------------------ |
 | `$lbName`    | The name of your MetalLB load balancer instance. |
 | `$advertiseMode` | The mode for your MetalLB load balancer. Supported values are `ARP`, `BGP`, or `Both`. |
@@ -116,7 +118,7 @@ Create a BGP peer for your Kubernetes cluster remotely by running the [`az k8s-r
 
 Configure the following variables before proceeding:
 
-| Parameter                      | Description             | 
+| Parameter                      | Description             |
 | ----------------------------- | ------------------------ |
 | `$peerName` | The name of your BGP peer. |
 | `$myASN` | AS number to use for the local end of the session. |
@@ -129,4 +131,4 @@ az k8s-runtime bgp-peer create --bgp-peer-name $peerName --resource-uri subscrip
 
 ## Next steps
 
-- [Use GitOps Flux v2 Arc extension to deploy applications on your Kubernetes cluster](/azure/azure-arc/kubernetes/monitor-gitops-flux-2)
+[Use GitOps Flux v2 Arc extension to deploy applications on your Kubernetes cluster](/azure/azure-arc/kubernetes/monitor-gitops-flux-2)

AKS-Arc/deploy-load-balancer-portal.md

@@ -2,7 +2,7 @@
 title: Deploy extension for MetalLB for Azure Arc enabled Kubernetes using the Azure portal
 description: Learn how to deploy extension for MetalLB for Azure Arc enabled Kubernetes using the Azure portal
 ms.topic: how-to
-ms.date: 04/02/2024
+ms.date: 07/03/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: abha
@@ -14,13 +14,13 @@ ms.lastreviewed: 04/02/2024
 
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 
-The main purpose of a load balancer is to distribute traffic across multiple nodes in a Kubernetes cluster. This can help prevent downtime and improve overall performance of applications. AKS enabled by Azure Arc supports creating [MetalLB](https://metallb.universe.tf/) load balancer instance on your Kubernetes cluster using the **extension for MetalLB for Azure Arc enabled Kubernetes**
+The main purpose of a load balancer is to distribute traffic across multiple nodes in a Kubernetes cluster. This can help prevent downtime and improve overall performance of applications. AKS enabled by Azure Arc supports creating a [MetalLB](https://metallb.universe.tf/) load balancer instance on your Kubernetes cluster using the **MetalLB extension for Azure Arc enabled Kubernetes**.
 
 ## Prerequisites
 
 - An Azure Arc enabled Kubernetes cluster with at least one Linux node. You can create a Kubernetes cluster on Azure Local using the [Azure CLI](aks-create-clusters-cli.md) or the [Azure portal](aks-create-clusters-portal.md). AKS on Azure Local clusters are Arc enabled by default.
-- Make sure you have enough IP addresses for the load balancer. For AKS on Azure Local, ensure that the IP addresses reserved for the load balancer do not conflict with the IP addresses in Arc VM logical networks and control plane IPs. For more information about IP address planning and networking in Kubernetes, see [Networking requirements for Kubernetes](aks-hci-network-system-requirements.md) and [IP address planning for Kubernetes](aks-hci-ip-address-planning.md).
-- This how-to guide assumes you understand how Metal LB works. For more information, see the [overview for MetalLB for Kubernetes](load-balancer-overview.md).
+- Make sure you have enough IP addresses for the load balancer. For AKS on Azure Local, ensure that the IP addresses reserved for the load balancer don't conflict with the IP addresses in Arc VM logical networks and control plane IPs. For more information about IP address planning and networking in Kubernetes, see [Networking requirements for Kubernetes](aks-hci-network-system-requirements.md) and [IP address planning for Kubernetes](aks-hci-ip-address-planning.md).
+- This how-to guide assumes you understand how MetalLB works. For more information, see the [overview for MetalLB for Kubernetes](load-balancer-overview.md).
 
 ## Deploy MetalLB load balancer using the Azure Arc extension
 
@@ -48,7 +48,7 @@ Once the load balancer is successfully created, it's shown in the list as follow
 To clean up resources, do the following:
 
 - When one of the load balancers is no longer needed, select the start of the row for the load balancer and select **Delete**. Then select **Yes**.
-- When the load balancer service is no longer needed, delete all existing load balancers and then select **Uninstall**. Select **Yes** to uninstall the extension.
+- When the load balancer service is no longer needed, delete all existing load balancers and then select **Uninstall**. Select **Yes** to uninstall the MetalLB extension.
 
 ## Next steps
 

AKS-Arc/load-balancer-overview.md

@@ -57,4 +57,4 @@ No, MetalLB can't be reused across AKS Arc clusters. MetalLB lives as pods in a
 
 ## Next steps
 
-- [Deploy MetalLB using Azure portal](deploy-load-balancer-portal.md)
+[Deploy MetalLB using Azure portal](deploy-load-balancer-portal.md)

AKS-Arc/ssh-connection.md

@@ -4,7 +4,7 @@ description: Learn how to use Secure Shell Protocol (SSH) to connect to worker n
 author: sethmanheim
 ms.topic: how-to
 ms.custom: linux-related-content
-ms.date: 06/27/2024
+ms.date: 07/03/2025
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: abha