More articles

sethmanheim · sethmanheim · commit 43ee9410ad64 · 2025-07-03T10:57:38.000-07:00
diff --git a/AKS-Arc/aks-edge-concept-clusters-nodes.md b/AKS-Arc/aks-edge-concept-clusters-nodes.md
@@ -4,7 +4,7 @@ description: Learn about clusters and nodes running on AKS Edge Essentials.
 author: sethmanheim
 ms.author: sethm
 ms.topic: concept-article
-ms.date: 07/11/2024
+ms.date: 07/03/2025
 ms.custom: template-concept
 ---
 
@@ -18,7 +18,7 @@ When you create an AKS Edge Essentials deployment, AKS Edge Essentials creates a
 
 ![Screenshot showing the the VMs in AKS Edge.](./media/aks-edge/aks-edge-vm.png)
 
-Deployments can only create one Linux VM on a given host machine. This Linux VM can act as both the control plane node and as a worker node based on your deployment needs. This curated VM is based on [CBL-Mariner](https://github.com/microsoft/CBL-Mariner). CBL-Mariner is an internal Linux distribution for Microsoft's cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and enhances Microsoft's ability to stay current on Linux updates. For more information, see [CBL-Mariner security](https://github.com/microsoft/CBL-Mariner/blob/2.0/SECURITY.md). The Linux virtual machine is built on four-point comprehensive premises:
+Deployments can only create one Linux VM on a given host machine. This Linux VM can act as both the control plane node and as a worker node based on your deployment needs. This curated VM is based on [CBL-Mariner](https://github.com/microsoft/CBL-Mariner). CBL-Mariner is an internal Linux distribution for Microsoft's cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and enhances Microsoft's ability to stay current on Linux updates. For more information, see [CBL-Mariner security](https://github.com/microsoft/CBL-Mariner/blob/2.0/SECURITY.md). The Linux virtual machine is built on a four-point comprehensive premise:
 
 - Servicing updates
 - Read-only root filesystem
@@ -27,7 +27,7 @@ Deployments can only create one Linux VM on a given host machine. This Linux VM
 
 Running a Windows node is optional and you can create a Windows node if you need to deploy Windows containers. This node runs as a Windows virtual machine based on [Windows 10 IoT Enterprise LTSC 2019](/lifecycle/products/windows-10-iot-enterprise-ltsc-2019). The Windows VM brings all the security features and capabilities of Windows 10.
 
-You can define the amount of CPU and memory resources that you'd like to allocate for each of the VMs. This static allocation enables you to control how resources are used and ensures that applications running on the host have the required resources.
+You can define the amount of CPU and memory resources that you want to allocate for each of the VMs. This static allocation enables you to control how resources are used and ensures that applications running on the host have the required resources.
 
 Finally, AKS Edge Essentials doesn't offer dynamic creation of virtual machines. If a node VM goes down, you have to recreate it. That said, if you have a full deployment with multiple control plane nodes and worker nodes, if a VM goes down, Kubernetes moves workloads to an active node.
 
@@ -47,7 +47,7 @@ After you set up your machines, you can deploy AKS Edge Essentials in the follow
 
 ![Diagram showing AKS Edge Essentials deployment scenarios.](./media/aks-edge/aks-edge-deployment-options.jpg)
   
-Once you've created your cluster, you can deploy your applications and connect your cluster to Arc, to enable Arc extensions such as Azure Monitor and Azure Policy. You can also choose to use GitOps to manage your deployments.
+Once you create your cluster, you can deploy your applications and connect your cluster to Arc, to enable Arc extensions such as Azure Monitor and Azure Policy. You can also choose to use GitOps to manage your deployments.
 
 ## Next steps
 
diff --git a/AKS-Arc/certificates-overview.md b/AKS-Arc/certificates-overview.md
@@ -3,10 +3,10 @@ title: Overview of certificate management in AKS on Windows Server
 description: Learn how to manage certificates for secure communication between in-cluster components in AKS by provisioning and managing certificates in AKS on Windows Server.
 author: sethmanheim
 ms.topic: concept-article
-ms.date: 01/10/2024
+ms.date: 07/03/2025
 ms.author: sethm 
 ms.lastreviewed: 04/01/2023
-ms.reviewer: sulahiri
+ms.reviewer: leslielin
 
 # Intent: As an IT Pro, I want to learn how to use certificates to secure communication between in-cluster components on my AKS deployment.
 # Keyword: control plane nodes secure communication certificate revocation
@@ -105,9 +105,9 @@ A `notBefore` time can be specified to revoke only certificates that are issued
 > [!NOTE]
 > Revocation of `kubelet` server certificates is currently not available.
 
-If you use a serial number when you perform a revocation, you can use the `Repair-AksHciClusterCerts` PowerShell command, described below, to get your cluster into a working state. If you use any of the other fields listed earlier, make sure to specify a `notBefore` time.
+If you use a serial number when you perform a revocation, you can use the `Repair-AksHciClusterCerts` PowerShell command, described as follows, to get your cluster into a working state. If you use any of the other fields listed earlier, make sure to specify a `notBefore` time.
 
-```console
+```yaml
 apiVersion: certificates.microsoft.com/v1 
 kind: RenewRevocation 
 metadata: 
diff --git a/AKS-Arc/container-storage-interface-disks.md b/AKS-Arc/container-storage-interface-disks.md
@@ -3,7 +3,7 @@ title: Use Container Storage Interface (CSI) disk drivers in AKS enabled by Azur
 description: Learn how to use Container Storage Interface (CSI) drivers to manage disks in AKS enabled by Arc.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 03/14/2024
+ms.date: 07/03/2025
 ms.author: sethm
 ms.lastreviewed: 01/14/2022
 ms.reviewer: abha
@@ -23,19 +23,19 @@ This article describes how to use Container Storage Interface (CSI) built-in sto
 
 ## Dynamically create disk persistent volumes using built-in storage class
 
-A *storage class* is used to define how a unit of storage is dynamically created with a persistent volume. For more information on how to use storage classes, see [Kubernetes storage classes](https://kubernetes.io/docs/concepts/storage/storage-classes/). 
+A *storage class* is used to define how a unit of storage is dynamically created with a persistent volume. For more information about how to use storage classes, see [Kubernetes storage classes](https://kubernetes.io/docs/concepts/storage/storage-classes/).
 
-In AKS Arc, the **default** storage class is created by default and uses CSI to create VHDX-backed volumes. The reclaim policy ensures that the underlying VHDX is deleted when the persistent volume that used it is deleted. The storage class also configures the persistent volumes to be expandable; you just need to edit the persistent volume claim with the new size.
+In AKS Arc, the default storage class uses CSI to create VHDX-backed volumes. The reclaim policy ensures that the underlying VHDX is deleted when the persistent volume that used it is deleted. The storage class also configures the persistent volumes to be expandable; you just need to edit the persistent volume claim with the new size.
 
-To leverage this storage class, create a [PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) and a respective pod that references and uses it. A PVC is used to automatically provision storage based on a storage class. A PVC can use one of the pre-created storage classes or a user-defined storage class to create a VHDX of the desired size. When you create a pod definition, the PVC is specified to request the desired storage.
+To use this storage class, create a [Persistent Volume Claim (PVC)](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) and a respective pod that references and uses it. A PVC is used to automatically provision storage based on a storage class. A PVC can use one of the pre-created storage classes or a user-defined storage class to create a VHDX of the desired size. When you create a pod definition, the PVC is specified to request the desired storage.
 
 ## Create custom storage class for disks
 
 The default storage class is suitable for most common scenarios. However, in some cases, you may want to create your own storage class that stores PVs at a particular location mapped to a specific performance tier.
 
 If you have Linux workloads (pods), you must create a custom storage class with the parameter `fsType: ext4`. This requirement applies to Kubernetes versions 1.19 and 1.20 or later. The following example shows a custom storage class definition with `fsType` parameter defined:
 
-```YAML
+```yaml
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
@@ -56,7 +56,7 @@ volumeBindingMode: Immediate
 allowVolumeExpansion: true  
 ```
 
-If you create a custom storage class, you can specify the location where you want to store PVs. If the underlying infrastructure is Azure Local, this new location could be a volume that's backed by high-performing SSDs/NVMe or a cost-optimized volume backed by HDDs.
+If you create a custom storage class, you can specify the location in which you want to store PVs. If the underlying infrastructure is Azure Local, this new location could be a volume that's backed by high-performing SSDs/NVMe, or a cost-optimized volume backed by HDDs.
 
 Creating a custom storage class is a two-step process:
 
@@ -75,7 +75,8 @@ Creating a custom storage class is a two-step process:
    ```azurecli
    $storagepathID = az stack-hci-vm storagepath show --name $storagepathname --resource-group $resource_group --query "id" -o tsv 
    ```
-2. Create a new custom storage class using the new storage path.
+
+1. Create a new custom storage class using the new storage path.
 
    1. Create a file named **sc-aks-hci-disk-custom.yaml**, and then copy the manifest from the following YAML file. The storage class is the same as the default storage class except with the new `container`. Use the `storage path ID` created in the previous step for `container`. For `group` and `hostname`, query the default storage class by running `kubectl get storageclass default -o yaml`, and then use the values that are specified:
 
@@ -100,9 +101,9 @@ Creating a custom storage class is a two-step process:
       volumeBindingMode: Immediate
       ```
 
-   2. Create the storage class with the [kubectl apply](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply/) command and specify your **sc-aks-hci-disk-custom.yaml** file: 
+   1. Create the storage class with the [kubectl apply](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply/) command and specify your **sc-aks-hci-disk-custom.yaml** file:
   
-      ```console
+      ```azurecli
        $ kubectl apply -f sc-aks-hci-disk-custom.yaml
        storageclass.storage.k8s.io/aks-hci-disk-custom created
       ```
@@ -121,7 +122,7 @@ Creating a custom storage class is a two-step process:
    Get-AksHciStorageContainer -Name "customStorageContainer"
    ```
 
-2. Create a new custom storage class using the new storage path.
+1. Create a new custom storage class using the new storage path.
 
    1. Create a file named **sc-aks-hci-disk-custom.yaml**, and then copy the manifest from the following YAML file. The storage class is the same as the default storage class except with the new `container`. Use the `storage container name` created in the previous step for `container`. For `group` and `hostname`, query the default storage class by running `kubectl get storageclass default -o yaml`, and then use the values that are specified:
 
@@ -146,15 +147,15 @@ Creating a custom storage class is a two-step process:
       volumeBindingMode: Immediate
       ```
 
-   2. Create the storage class with the [kubectl apply](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply/) command and specify your **sc-aks-hci-disk-custom.yaml** file: 
-  
-      ```console
-       $ kubectl apply -f sc-aks-hci-disk-custom.yaml
-       storageclass.storage.k8s.io/aks-hci-disk-custom created
+   1. Create the storage class with the [kubectl apply](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply/) command and specify your **sc-aks-hci-disk-custom.yaml** file:
+
+      ```azurecli
+      $ kubectl apply -f sc-aks-hci-disk-custom.yaml
+      storageclass.storage.k8s.io/aks-hci-disk-custom created
       ```
 
    ---
 
 ## Next steps
 
-- [Use the file Container Storage Interface drivers](container-storage-interface-files.md)
+[Use the Container Storage Interface file drivers](container-storage-interface-files.md)
diff --git a/AKS-Arc/deploy-load-balancer-cli.md b/AKS-Arc/deploy-load-balancer-cli.md
@@ -62,37 +62,37 @@ If you don't have [Graph permission Application.Read.All](/graph/permissions-ref
 
 1. Register the `Microsoft.KubernetesRuntime RP` if you haven't already done so. Note that you only need to register once per Azure subscription. You can also register resource providers using the Azure portal. For more information about how to register resource providers and required permissions, see [how to register a resource provider](/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider).
 
-```azurecli
-az provider register -n Microsoft.KubernetesRuntime
-```
+   ```azurecli
+   az provider register -n Microsoft.KubernetesRuntime
+   ```
 
-You can check if the resource provider has been registered successfully by running the following command.
+   You can check if the resource provider has been registered successfully by running the following command.
 
-```azurecli
-az provider show -n Microsoft.KubernetesRuntime -o table
-```
+   ```azurecli
+   az provider show -n Microsoft.KubernetesRuntime -o table
+   ```
 
-Expected output:
+   Expected output:
 
-```output
-Namespace                    RegistrationPolicy    RegistrationState
----------------------------  --------------------  -------------------
-Microsoft.KubernetesRuntime  RegistrationRequired  Registered
-```
+   ```output
+   Namespace                    RegistrationPolicy    RegistrationState
+   ---------------------------  --------------------  -------------------
+   Microsoft.KubernetesRuntime  RegistrationRequired  Registered
+   ```
 
 1. To install the Arc extension for MetalLB, obtain the AppID of the MetalLB extension resource provider, and then run the extension create command. You must run the following commands once per Arc Kubernetes cluster.
 
-Obtain the Application ID of the Arc extension by running [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list). In order to run the following command, you must be a `user` member of your Azure tenant. For more information about user and guest membership, see [default user permissions in Microsoft Entra ID](/entra/fundamentals/users-default-permissions).
+   Obtain the Application ID of the Arc extension by running [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list). In order to run the following command, you must be a `user` member of your Azure tenant. For more information about user and guest membership, see [default user permissions in Microsoft Entra ID](/entra/fundamentals/users-default-permissions).
 
-```azurecli
-$objID = az ad sp list --filter "appId eq '00001111-aaaa-2222-bbbb-3333cccc4444'" --query "[].id" --output tsv
-```
+   ```azurecli
+   $objID = az ad sp list --filter "appId eq '00001111-aaaa-2222-bbbb-3333cccc4444'" --query "[].id" --output tsv
+   ```
 
-Once you have the `objID`, you can install the MetalLB Arc extension on your Kubernetes cluster. To run the following command, you must have the [**Kubernetes extension contributor**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-extension-contributor) role.
+   Once you have the `objID`, you can install the MetalLB Arc extension on your Kubernetes cluster. To run the following command, you must have the [**Kubernetes extension contributor**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-extension-contributor) role.
 
-```azurecli
-az k8s-extension create --cluster-name $clusterName -g $rgName --cluster-type connectedClusters --extension-type microsoft.arcnetworking --config k8sRuntimeFpaObjectId=$objID -n arcnetworking
-```
+   ```azurecli
+   az k8s-extension create --cluster-name $clusterName -g $rgName --cluster-type connectedClusters --extension-type microsoft.arcnetworking --config k8sRuntimeFpaObjectId=$objID -n arcnetworking
+   ```
 
 ## Deploy MetalLB load balancer on your Kubernetes cluster
 
diff --git a/AKS-Arc/deploy-windows-application.md b/AKS-Arc/deploy-windows-application.md
@@ -3,7 +3,7 @@ title: Deploy Windows .NET applications
 description: Learn how to deploy a Windows.NET application to your Kubernetes cluster using a custom image stored in Azure Container Registry in AKS on Windows Server.
 author: sethmanheim
 ms.topic: tutorial
-ms.date: 06/26/2024
+ms.date: 07/03/2025
 ms.author: sethm 
 ms.lastreviewed: 1/14/2022
 ms.reviewer: abha
diff --git a/AKS-Arc/includes/csi-in-aks-hybrid-overview.md b/AKS-Arc/includes/csi-in-aks-hybrid-overview.md
@@ -3,15 +3,15 @@ author: sethmanheim
 ms.author: sethm
 ms.service: azure-stack
 ms.topic: include
-ms.date: 02/29/2024
+ms.date: 07/03/2025
 ms.reviewer: abha
 ms.lastreviewed: 10/18/2022
 
 # Overview of CSI file and driver functionality in AKS enabled by Azure Arc
 
 ---
 
-The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By using CSI, AKS enabled by Arc can write, deploy, and iterate plug-ins to expose new storage systems. Using CSI can also improve existing ones in Kubernetes without having to touch the core Kubernetes code and then wait for its release cycles.
+The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By using CSI, AKS enabled by Arc can write, deploy, and iterate plug-ins to expose new storage systems. CSI can also improve existing ones in Kubernetes without having to touch the core Kubernetes code and then wait for its release cycles.
 
 The disk and file CSI drivers used by AKS Arc are [CSI specification](https://github.com/container-storage-interface/spec/blob/master/spec.md)-compliant drivers.
 
diff --git a/AKS-Arc/manage-node-pools.md b/AKS-Arc/manage-node-pools.md
@@ -3,7 +3,7 @@ title: Manage node pools for an AKS cluster
 description: Learn how to manage multiple node pools in AKS on Azure Local.
 ms.topic: how-to
 ms.custom: devx-track-azurecli
-ms.date: 06/03/2024
+ms.date: 07/03/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: rbaziwane
@@ -16,9 +16,9 @@ ms.lastreviewed: 06/03/2024
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 
 > [!NOTE]
-> For information about managing node pools in AKS on Azure Local 22H2, see [Manage node pools](manage-node-pools-22h2.md).
+> For information about managing node pools in AKS on Windows Server, see [Manage node pools](manage-node-pools-22h2.md).
 
-In AKS enabled by Azure Arc, nodes of the same configuration are grouped together into *node pools*. These node pools contain the underlying VMs that run your applications. This article shows you how to create and manage node pools for an AKS cluster.
+In AKS on Azure Local, nodes of the same configuration are grouped together into *node pools*. These node pools contain the underlying VMs that run your applications. This article shows you how to create and manage node pools for an AKS cluster.
 
 ## Create a Kubernetes cluster
 
diff --git a/AKS-Arc/ssh-connection.md b/AKS-Arc/ssh-connection.md
@@ -65,5 +65,5 @@ After you use SSH to connect to the node, you can run `net user administrator *`
 
 ## Next steps
 
-- [Known issues](known-issues.yml).
-- [Windows Admin Center known issues](/azure-stack/aks-hci/known-issues-windows-admin-center).
+- [Known issues](known-issues.yml)
+- [Windows Admin Center known issues](/azure-stack/aks-hci/known-issues-windows-admin-center)
