Merge pull request #15380 from sethmanheim/wk6-24

prmerger-automator[bot] · web-flow · commit 41c6fb62c59e · 2024-06-26T16:18:21.000Z
AKS Arc freshness reviews
diff --git a/AKS-Hybrid/ad-sso.md b/AKS-Hybrid/ad-sso.md
@@ -3,7 +3,7 @@ title: Use Active Directory single sign-on for secure connection to Kubernetes A
 description: Use Active Directory Authentication to securely connect to the API server with SSO credentials
 author: sethmanheim
 ms.topic: how-to
-ms.date: 02/15/2024
+ms.date: 06/24/2024
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: sulahiri
@@ -21,7 +21,7 @@ You can create a secure connection to your Kubernetes API server in AKS enabled
 
 ## Overview of AD in AKS enabled by Arc
 
-Without Active Directory authentication, users must rely on a certificate-based _kubeconfig_ file when connecting to the API server via the `kubectl` command. The kubeconfig file contains secrets such as private keys and certificates that need to be carefully distributed, which can be a significant security risk.
+Without Active Directory authentication, you must rely on a certificate-based _kubeconfig_ file when you connect to the API server via the `kubectl` command. The **kubeconfig** file contains secrets such as private keys and certificates that need to be carefully distributed, which can be a significant security risk.
 
 As an alternative to using certificate-based kubeconfig, you can use AD SSO credentials as a secure way to connect to the API server. AD integration with AKS Arc lets users on a Windows domain-joined machine connect to the API server via `kubectl` using their SSO credentials. This removes the need to manage and distribute certificate-based kubeconfig files that contain private keys.
 
@@ -32,7 +32,7 @@ Another security benefit with AD integration is that the users and groups are st
 > [!NOTE]
 > Currently, AD SSO connectivity is only supported for workload clusters.
 
-This article guides you through the following steps to set up Active Directory as the identity provider and to enable SSO via `kubectl`:
+This article guides you through the steps to set up Active Directory as the identity provider and to enable SSO via `kubectl`:
 
 - Create the AD account for the API server, and then create the [keytab](https://web.mit.edu/kerberos/krb5-devel/doc/basic/keytab_def.html) file associated with the account. See [Create AD Auth using the keytab file](#create-ad-auth-using-the-keytab-file) to create the AD account and generate the keytab file.
 - Use the [keytab](https://web.mit.edu/kerberos/krb5-devel/doc/basic/keytab_def.html) file to install AD Auth on the Kubernetes cluster. As part of this step, a default role-based access control (RBAC) configuration is automatically created.
@@ -87,21 +87,21 @@ Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/apise
 
 If the cluster host isn't domain-joined, use the admin user name or group name in SID format, as shown in the following example.
 
-If using an admin user:
+Admin user:
 
 ```powershell
 Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/apiserver@CONTOSO.COM -adminUserSID <User SID>
 ```  
 
-If using an admin group:
+Admin group:
 
 ```powershell
 Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/apiserver@CONTOSO.COM -adminGroupSID <Group SID>
 ```
 
 To find the SID for the user account, see [Determine the user or group security identifier](#determine-the-user-or-group-security-identifier).
 
-Before proceeding to the next steps, make note of the following items:
+Before you proceed to the next steps, make note of the following items:
 
 - Make sure the keytab file is named **current.keytab**.
 - Replace the SPN that corresponds to your environment.
@@ -154,19 +154,19 @@ You should copy the following three files from the AKS workload cluster to your
 
 ### Step 6: Connect to the API server from the client machine
 
-After you've completed the previous steps, use your SSO credentials to sign in to your Windows domain-joined client machine. Open PowerShell, and then attempt to access the API server using `kubectl`. If the operation completes successfully, you have set up AD SSO correctly.
+After you complete the previous steps, use your SSO credentials to sign in to your Windows domain-joined client machine. Open PowerShell, and then attempt to access the API server using `kubectl`. If the operation completes successfully, you set up AD SSO correctly.
 
 ## Create and update the AD group role binding
 
-As mentioned in Step 2, a default role binding with cluster admin privileges is created for the user and/or the group that was provided during installation. Role binding in Kubernetes defines the access policies for AD groups. This step describes how to use RBAC to create new AD group role bindings in Kubernetes and to edit existing role bindings. For example, the cluster admin may want to grant additional privileges to users by using AD groups (which makes the process more efficient). For more information about RBAC, see [using RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
+As mentioned in Step 2, a default role binding with cluster admin privileges is created for the user and/or the group that was provided during installation. Role binding in Kubernetes defines the access policies for AD groups. This step describes how to use RBAC to create new AD group role bindings in Kubernetes and to edit existing role bindings. For example, the cluster admin might want to grant additional privileges to users by using AD groups (which makes the process more efficient). For more information about RBAC, see [using RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
 
 When you create or edit other AD group RBAC entries, the subject name should have the **microsoft:activedirectory:CONTOSO\group name** prefix. Note that the names must contain a domain name and a prefix that are enclosed by double quotes.
 
 Here are two examples:
 
 ### Example 1
 
-```yml
+```yaml
 apiVersion: rbac.authorization.k8s.io/v1 
 kind: ClusterRoleBinding 
 metadata: 
@@ -185,7 +185,7 @@ subjects:
 
 The following example shows how to create a custom role and role binding for a [namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) with an AD group. In the example, `SREGroup` is a pre-existing group in the Contoso Active Directory. When users are added to the AD group, they're immediately granted privileges.
 
-```yml
+```yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
diff --git a/AKS-Hybrid/concepts-container-networking.md b/AKS-Hybrid/concepts-container-networking.md
@@ -2,7 +2,7 @@
 title: Container networking concepts
 description: Learn about container networking in AKS enabled by Azure Arc.
 ms.topic: conceptual
-ms.date: 10/04/2022
+ms.date: 06/24/2024
 ms.author: sethm 
 ms.lastreviewed: 05/31/2022
 ms.reviewer: mikek
@@ -19,7 +19,7 @@ author: sethmanheim
 
 Application components must work together to process their tasks in a container-based microservices approach. Kubernetes provides resources that enable application communications and allow you to connect to and expose applications internally or externally. You can load balance your applications to build highly available applications.
 
-More complex applications may require configuration of ingress traffic for SSL/TLS termination or routing of multiple components. You may also need to restrict the flow of network traffic into or between pods and nodes for security.
+More complex applications might require configuration of ingress traffic for SSL/TLS termination or routing of multiple components. You might also need to restrict the flow of network traffic into or between pods and nodes for security.
 
 This article introduces the core concepts that provide networking to your applications in AKS enabled by Arc:
 
@@ -119,16 +119,16 @@ Calico supports multiple data planes including: a Linux eBPF data plane, a Linux
 > [!IMPORTANT]
 > Currently, the default selection is to use Calico in an overlay networking mode. To enable Flannel, use the `-primaryNetworkPlugin` parameter of the [`New-AksHciCluster`](./reference/ps/new-akshcicluster.md) PowerShell command and specify `flannel` as the value. This value cannot be changed after you deploy the cluster, and it applies to both Windows and Linux cluster nodes.
 
-Here's an example:
+For example:
 
 ```powershell
 New-AksHciCluster -name MyCluster -primaryNetworkPlugin 'flannel'
 ```
 
 ## Next steps
 
-This article covers networking concepts for containers in AKS nodes on Azure Stack HCI. For more information on AKS on Azure Stack HCI concepts, see the following articles:
+This article covers networking concepts for containers in AKS nodes on Azure Stack HCI. For more information about AKS on Azure Stack HCI concepts, see the following articles:
 
 - [Network concepts for AKS nodes](./concepts-node-networking.md)
 - [Clusters and workloads](./kubernetes-concepts.md)
-- [Secure traffic between pods using network policies](./calico-networking-policy.md).
+- [Secure traffic between pods using network policies](./calico-networking-policy.md)
diff --git a/AKS-Hybrid/concepts-node-networking.md b/AKS-Hybrid/concepts-node-networking.md
@@ -2,7 +2,7 @@
 title: Node virtual machine networking in AKS enabled by Azure Arc
 description: Learn about virtual machine networking in AKS Arc, including static IP and DHCP networking and load balancers.
 ms.topic: conceptual
-ms.date: 10/10/2022
+ms.date: 06/24/2024
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: mikek
@@ -16,7 +16,7 @@ author: sethmanheim
 
 [!INCLUDE [applies-to-azure stack-hci-and-windows-server-skus](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 
-You can choose between two IP address assignment models for your networking architecture for AKS enabled by Azure Arc. AKS supports [several deployment options](aks-overview.md) for Azure Kubernetes Service (AKS).
+You can choose between two IP address assignment models for your networking architecture for AKS enabled by Arc. AKS supports [several deployment options](aks-overview.md) for Azure Kubernetes Service (AKS):
 
 - **Static IP networking**: the virtual network allocates static IP addresses to the Kubernetes cluster API server, Kubernetes nodes, underlying VMs, load balancers, and any Kubernetes services that run on top of the cluster.
 - **DHCP networking**: the virtual network allocates dynamic IP addresses to the Kubernetes nodes, underlying VMs, and load balancers using a DHCP server. The Kubernetes cluster API server, and any Kubernetes services you run on top of your cluster, are still allocated static IP addresses.
@@ -49,7 +49,7 @@ This networking model creates a virtual network that allocates IP addresses from
 Specify the following parameters while defining a virtual network with static IP configurations:
 
 > [!IMPORTANT]
-> This version of AKS does not allow any network configuration changes once the AKS host or the workload cluster is deployed. In order to change the networking settings, you must start fresh by removing the workload cluster(s) and uninstalling AKS.
+> This version of AKS does not allow any network configuration changes once the AKS host or the workload cluster is deployed. In order to change the networking settings, you must start fresh by removing the workload clusters and uninstalling AKS.
 
 - Name: The name of your virtual network.
 - Address prefix: The IP address prefix to use for your subnet.
@@ -61,17 +61,14 @@ Specify the following parameters while defining a virtual network with static IP
   > [!NOTE]
   > The VIP pool must be part of the same subnet as the Kubernetes node VM pool.
 
-- vLAN ID: The vLAN ID for the virtual network. If omitted, the virtual network is not tagged.
+- vLAN ID: The vLAN ID for the virtual network. If it's omitted, the virtual network is not tagged.
 
 ## Virtual network with DHCP networking
 
 This networking model creates a virtual network that allocates IP addresses using DHCP to all objects in the deployment.  
 
 You must specify the following parameters while defining a virtual network with static IP configurations:
 
-> [!IMPORTANT]
-> In this version of AKS, it is not possible to change the network configuration once the AKS host or the workload cluster are deployed. The only way to change the networking settings is to start fresh by removing the workload cluster(s) and uninstall AKS.
-
 - Name: The name of your virtual network.
 - Virtual IP pool: The continuous range of IP addresses to be used for your Kubernetes cluster API server and Kubernetes services. 
 
diff --git a/AKS-Hybrid/concepts-storage.md b/AKS-Hybrid/concepts-storage.md
@@ -3,7 +3,7 @@ title: Concepts - Storage options for applications in AKS enabled by Azure Arc
 description: Storage options for applications in AKS enabled by Azure Arc.
 author: sethmanheim
 ms.topic: conceptual
-ms.date: 10/07/2022
+ms.date: 06/24/2024
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: abha
@@ -80,7 +80,7 @@ spec:
       storage: 5Gi 
 ```
 
-When you create a pod definition, the persistent volume claim is specified to request the desired storage. You also then specify the `volumeMount` for your applications to read and write data. The following example YAML manifest shows how the previous persistent volume claim can be used to mount a volume at `/mnt/aks-hci`:
+When you create a pod definition, you specify the persistent volume claim to request the desired storage. You also then specify the `volumeMount` for your applications to read and write data. The following example YAML manifest shows how the previous persistent volume claim can be used to mount a volume at `/mnt/aks-hci`:
 
 ```yaml
 kind: Pod 
diff --git a/AKS-Hybrid/configure-load-balancer.md b/AKS-Hybrid/configure-load-balancer.md
@@ -3,7 +3,7 @@ title: Create and use load balancer with Azure Kubernetes Service in AKS enabled
 description: Learn how to create and use load balancer with Azure Kubernetes Service (AKS) in AKS Arc.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 01/30/2024
+ms.date: 06/24/2024
 ms.author: sethm 
 ms.lastreviewed: 01/30/2024
 ms.reviewer: rbaziwane
@@ -13,13 +13,13 @@ ms.reviewer: rbaziwane
 
 ---
 
-# Create and use load balancer with Azure Kubernetes Service in AKS enabled by Azure Arc
+# Create and use load balancer with Azure Kubernetes Service in AKS enabled by Arc
 
 [!INCLUDE [applies-to-azure stack-hci-and-windows-server-skus](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 
-This article details how to configure **HAProxy** as your load balancer for a workload cluster in AKS Arc. For custom load balancer integration, see [Create and use a custom load balancer](configure-custom-load-balancer.md).
+This article describes how to configure **HAProxy** as your load balancer for a workload cluster in AKS Arc. For custom load balancer integration, see [Create and use a custom load balancer](configure-custom-load-balancer.md).
 
-In AKS enabled by Azure Arc, the load balancer is deployed as a virtual machine (VM) running Linux and **HAProxy + KeepAlive** to provide load balanced services for the workload clusters. AKS load balances requests to the Kubernetes API server, and manages traffic to application services.
+In AKS Arc, the load balancer is deployed as a virtual machine (VM) running Linux and **HAProxy + KeepAlive** to provide load balanced services for the workload clusters. AKS load balances requests to the Kubernetes API server, and manages traffic to application services.
 
 ## Before you begin
 
diff --git a/AKS-Hybrid/create-ingress-controller.md b/AKS-Hybrid/create-ingress-controller.md
@@ -3,7 +3,7 @@ title: Use an ingress controller in AKS enabled by Azure Arc
 description: Learn how to deploy an ingress controller in Azure Kubernetes Service in AKS enabled by Arc.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 10/18/2022
+ms.date: 06/25/2024
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: EkeleAsonye
@@ -15,7 +15,7 @@ ms.reviewer: EkeleAsonye
 
 An *ingress controller* is a Kubernetes resource that allows external access to services within the Kubernetes cluster. Ingress lets an operator expose a service to external network requests, usually HTTP or HTTPS. You configure access by creating a set of rules that define the inbound connections that reach specific services.
 
-An ingress controller is a piece of software that provides configurable traffic routing for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services. By using an ingress controller and ingress rules, you can use a single IP address to route traffic to multiple services in a Kubernetes cluster.
+An ingress controller is software that provides configurable traffic routing for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services. By using an ingress controller and ingress rules, you can use a single IP address to route traffic to multiple services in a Kubernetes cluster.
 
 After you deploy the controller in your environment, you can then create and deploy the ingress manifest. Currently, you use ingress in AKS Arc by using the NGINX ingress controller. For information about how to install, configure, and use the NGINX ingress controller, see [Installation with Manifests](https://kubernetes.github.io/ingress-nginx/deploy/#azure).
 
@@ -58,7 +58,7 @@ The `spec` section provides information about what's configured. In this example
 
 ## Use ingress to load balance traffic
 
-In the following example, another path is added to the manifest that permits load balancing between different backends of an application. In this example, the operator can split traffic and send it to different service endpoints and deployments based on the path described. Behind each path, is a deployment and a service, which is helpful for endpoints that receive more traffic:
+In the following example, another path is added to the manifest that permits load balancing between different backends of an application. In this example, the operator can split traffic and send it to different service endpoints and deployments based on the path described. Behind each path is a deployment and a service, which is helpful for endpoints that receive more traffic:
 
 ```yaml
 apiVersion: networking.k8s.io/v1  
diff --git a/AKS-Hybrid/kubernetes-concepts.md b/AKS-Hybrid/kubernetes-concepts.md
@@ -3,7 +3,7 @@ title: Kubernetes cluster architecture for AKS enabled by Azure Arc
 description: Learn the basic cluster and workload components of Kubernetes and how they relate to features of AKS enabled by Arc.
 author: sethmanheim
 ms.author: sethm 
-ms.lastreviewed: 01/09/2024
+ms.lastreviewed: 06/24/2024
 ms.reviewer: daschott
 ms.topic: conceptual
 ms.date: 05/16/2022
diff --git a/AKS-Hybrid/pricing.md b/AKS-Hybrid/pricing.md
@@ -1,13 +1,13 @@
 ---
 
 title: Azure Kubernetes Service (AKS) enabled by Azure Arc pricing details
-description: Detailed pricing information for AKS enabled by Azure Arc.
+description: Learn about detailed pricing information for AKS enabled by Azure Arc.
 ms.topic: conceptual
 author: sethmanheim
 ms.author: sethm 
+ms.date: 06/24/2024
 ms.lastreviewed: 05/31/2023
 ms.reviewer: rbaziwane
-ms.date: 10/04/2022
 
 # Intent: As a subscription owner, I want to understand how the AKS Arc service is priced and what I am paying for.
 # Keyword: pricing
@@ -65,4 +65,3 @@ If you enable hyper-threading on your physical computer, AKS also enables hyper-
 ## Next steps
 
 [AKS on Azure Stack HCI pricing details](https://azure.microsoft.com/pricing/details/azure-stack/aks-hci)
-
diff --git a/AKS-Hybrid/scale-cluster.md b/AKS-Hybrid/scale-cluster.md
@@ -2,7 +2,7 @@
 title: Scale an Azure Kubernetes Service cluster
 description: Learn how to scale the number of nodes in a Kubernetes cluster in AKS enabled by Azure Arc.
 ms.topic: article
-ms.date: 10/19/2022
+ms.date: 06/25/2024
 author: sethmanheim
 ms.author: sethm 
 
diff --git a/AKS-Hybrid/troubleshoot-overview.md b/AKS-Hybrid/troubleshoot-overview.md
