Merge branch 'main' into md-arm-parameters

Author: ManikaDhiman

.openpublishing.redirection.aks.json

@@ -1489,6 +1489,11 @@
         "source_path": "AKS-Arc/tutorial-kubernetes-upgrade-cluster.md",
         "redirect_url": "/azure/aks/aksarc/overview",
         "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/aks-hci-network-system-requirements.md",
+        "redirect_url": "/azure/aks/aksarc/network-system-requirements",
+        "redirect_document_id": false
       }
     ]
   }

.openpublishing.redirection.azure-local.json

@@ -1924,6 +1924,16 @@
       "source_path": "azure-local/manage/manage-network-atc.md", 
       "redirect_url": "/windows-server/networking/network-atc/manage-network-atc", 
       "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/migrate/migrate-cluster-same-hardware.md", 
+      "redirect_url": "/azure-local/migrate/migration-azure-migrate-overview", 
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/migrate/migrate-cluster-new-hardware.md", 
+      "redirect_url": "/azure-local/migrate/migration-azure-migrate-overview", 
+      "redirect_document_id": false
     }
   ]
 }

AKS-Arc/TOC.yml

@@ -13,7 +13,7 @@
     href: data-collection.md
   - name: Blogs and announcements
     href: blogs-announcements.md
-- name: AKS on Azure Local
+- name: AKS Arc on Azure Local
   expanded: true
   items:
   - name: What's new in AKS on Azure Local
@@ -25,7 +25,7 @@
     - name: Networking
       items:
       - name: Networking concepts and requirements
-        href: aks-hci-network-system-requirements.md
+        href: network-system-requirements.md
       - name: IP address planning
         href: aks-hci-ip-address-planning.md
       - name: Load balancer
@@ -80,12 +80,12 @@
           href: deploy-load-balancer-cli.md
         - name: Azure portal
           href: deploy-load-balancer-portal.md
-        # - name: Troubleshoot issues
-        #   href: load-balancer-troubleshoot.md
     - name: Security
       items:
       - name: Encrypt etcd secrets
         href: encrypt-etcd-secrets.md
+      - name: Validate signed container images
+        href: validate-signed-container-images.md
     - name: AI and Machine Learning
       items:
       - name: Deploy an AI model with the AI toolchain operator
@@ -107,7 +107,7 @@
       - name: Restrict SSH access
         href: restrict-ssh-access.md
       - name: Deploy and configure Workload Identity
-        href: workload-identity.md     
+        href: workload-identity.md
     - name: Storage
       href: concepts-storage.md
       items:
@@ -159,12 +159,18 @@
     items:
     - name: Troubleshoot and known issues
       href: aks-troubleshoot.md
-    - name: AKS on Azure Local support policy
-      href: aks-on-azure-local-support-policy.md
     - name: Get support
-      href: help-support.md
-    - name: Use diagnostic checker
-      href: aks-arc-diagnostic-checker.md
+      items:
+      - name: AKS on Azure Local support policy
+        href: aks-on-azure-local-support-policy.md
+      - name: Get support
+        href: help-support.md
+      - name: Use the support remediation tool
+        href: support-module.md
+      - name: Use diagnostic checker
+        href: aks-arc-diagnostic-checker.md
+    - name: Storage provisioning issue in cluster and node pool creation
+      href: storage-provision-issue.md
     - name: Control plane configuration validation errors
       href: control-plane-validation-errors.md
     - name: K8sVersionValidation error
@@ -199,6 +205,21 @@
       href: connectivity-troubleshoot.md
     - name: Cluster status stuck during upgrade
       href: cluster-upgrade-status.md
+  - name: Security
+    items:  
+    - name: Security book - recommendations and best practices
+      href: /azure/azure-arc/kubernetes/conceptual-security-book?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
+      displayName: security, best practices, recommendations
+    - name: Securing your platform
+      href: /azure/azure-arc/kubernetes/conceptual-secure-your-platform?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
+    - name: Securing your workloads
+      href: /azure/azure-arc/kubernetes/conceptual-secure-your-workloads?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
+    - name: Securing your operations
+      href: /azure/azure-arc/kubernetes/conceptual-secure-your-operations?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
+    - name: Securing your data
+      href: /azure/azure-arc/kubernetes/conceptual-secure-your-data?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
+    - name: Securing your network
+      href: /azure/azure-arc/kubernetes/conceptual-secure-your-network?toc=/azure/aks/aksarc/toc.json&bc=/azure/aks/aksarc/breadcrumb/toc.json
   - name: Reference
     items:
     - name: Azure CLI
@@ -317,7 +338,7 @@
       href: aks-edge-licensing.md
     - name: Microsoft Software License Terms
       href: aks-edge-software-license-terms.md 
-- name: AKS on VMware
+- name: AKS Arc on VMware
   items:
   - name: Overview
     href: aks-vmware-overview.md
@@ -365,7 +386,7 @@
         href: vmsize.yml
       - name: vnet
         href: vnet.yml
-- name: AKS on Windows Server
+- name: AKS Arc on Windows Server
   items:
   - name: AKS on Windows Server retirement
     href: aks-windows-server-retirement.md
@@ -375,7 +396,7 @@
     href: system-requirements.md
   - name: Quickstarts 
     items:
-    - name: Deploy an AKS cluster
+    - name: Deploy an AKS Arc cluster
       items:
       - name: Use PowerShell
         href: kubernetes-walkthrough-powershell.md

AKS-Arc/aks-edge-help-support.md

@@ -3,7 +3,7 @@ title: Get support for AKS Edge Essentials
 description: Learn about how to get support and open a support request for AKS Edge Essentials.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 04/07/2025
+ms.date: 07/21/2025
 ms.author: sethm 
 
 # Intent: As an IT Pro, I want to find out what options are available to get help and support, such as creating a ticket.
@@ -14,49 +14,25 @@ ms.author: sethm
 
 If you encounter an issue with AKS Edge Essentials, this article describes how to open a support request.
 
-## Go to Support + troubleshooting in the Azure portal
+## Go to Support + Troubleshooting in the Azure portal
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Browse to the subscription you're using for AKS Edge Essentials. Select the subscription to open its dashboard.
-1. From the **Support + troubleshooting** category in the navigation menu in the left-hand pane, select **New Support Request**:
+1. From the **Help** menu in the left-hand navigation pane, select **Support + Troubleshooting**:
 
-    :::image type="content" source="media/help-support/new-support-request-sidebar.png" alt-text="Screenshot of the Azure portal Help and Support sidebar." lightbox="media/help-support/new-support-request-sidebar.png":::
+    :::image type="content" source="media/help-support/help-left-menu.png" alt-text="Screenshot of the Azure portal Help and Support sidebar.":::
 
-1. From the dropdown, select the **Technical** issue type:
+1. In the text box, briefly describe the issue type, then select **Go**:
 
-    :::image type="content" source="media/help-support/select-type.png" alt-text="Screenshot of issue type selection." lightbox="media/help-support/select-type.png":::
+    :::image type="content" source="media/help-support/issue-help.png" alt-text="Screenshot of service type selection." lightbox="media/help-support/issue-help.png":::
 
-1. Your subscription name should auto-populate in the **Subscription** field. If it doesn't, select it from the dropdown.
+1. If **AKS Edge Essentials** doesn't appear in the list of predefined services, select **None of the above**.
+1. Begin typing **Edge Essentials** in the **Search Options** box of the **Select a service** dropdown.
+1. Select **AKS Edge Essentials** from the dropdown list.
 
-1. Select the **All services** button, then select the **Service type** dropdown. Begin typing **Edge** in the search box to locate the **AKS Edge Essentials** service in the **Compute** category.
+   :::image type="content" source="media/help-support/aks-edge-new-request.png" alt-text="Screenshot of service selection." lightbox="media/help-support/aks-edge-new-request.png":::
 
-    :::image type="content" source="media/help-support/service-type-edge.png" alt-text="Screenshot showing service selection." lightbox="media/help-support/service-type-edge.png":::
-
-1. Add a short description of your issue in the **Summary** field.
-
-1. Select the appropriate **Problem type** from the dropdown menu for your issue (for example, **Setup and configuration**). Also, select a **Problem subtype** (for example, **Deployment**):
-
-    :::image type="content" source="media/help-support/problem-type-edge.png" alt-text="Screenshot of completed problem type form." lightbox="media/help-support/problem-type-edge.png":::
-
-1. Select **Next**.
-
-1. Review the proposed **Solutions** to determine if they address your issue.
-
-1. If the solutions are not applicable, select **Return to support request** at the top of the page.
-
-1. Select **Next**.
-
-1. Fill in the problem details and description in the appropriate fields: 
-
-    :::image type="content" source="media/help-support/service-request-details.png" alt-text="Screenshot showing details of service request." lightbox="media/help-support/service-request-details.png":::
-
-1. Scroll down and fill in your preferred support method of contact:
-
-    :::image type="content" source="media/help-support/service-request-support-method.png" alt-text="Screenshot showing support method preferences." lightbox="media/help-support/service-request-support-method.png":::
-
-1. Select **Next**. Review the information you submitted. If anything is incorrect, select **Previous** and correct it. When all looks correct, select **Create**.
-
-    :::image type="content" source="media/help-support/review-create-edge.png" alt-text="Screenshot of confirmation screen to create support request." lightbox="media/help-support/review-create-edge.png":::
+[!INCLUDE [help-support-portal](includes/help-support-portal.md)]
 
 ## Next steps
 

AKS-Arc/aks-overview.md

@@ -2,17 +2,39 @@
 title: What is AKS enabled by Azure Arc?
 description: Learn about AKS enabled by Azure Arc and available deployment options.
 ms.topic: overview
-ms.date: 04/14/2025
+ms.date: 07/21/2025
 author: sethmanheim
 ms.author: sethm 
-ms.reviewer: abha
-ms.lastreviewed: 05/28/2024
+ms.reviewer: rcheeran
+ms.lastreviewed: 07/16/2025
 
 ---
 
 # What is AKS enabled by Azure Arc?
 
-Azure Kubernetes Service (AKS) enabled by Azure Arc is a managed Kubernetes service that you can use to deploy and manage containerized applications on-premises, in datacenters, or at edge locations such as retail stores or manufacturing plants. You need minimal Kubernetes expertise to get started with AKS. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. AKS is an ideal platform for deploying and managing containerized applications that require high availability, scalability, and portability. It's also ideal for deploying applications to multiple locations, using open-source tools, and integrating with existing DevOps tools.
+Azure Kubernetes Service (AKS) enabled by Azure Arc on Azure Local is a managed Kubernetes service that you can use to deploy and manage containerized applications on-premises, in datacenters, or at edge locations such as retail stores or manufacturing plants. You need minimal Kubernetes expertise to get started with AKS. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. AKS is an ideal platform for deploying and managing containerized applications that require high availability, scalability, and portability. It's also ideal for deploying applications to multiple locations, using open-source tools, and integrating with existing DevOps tools.
+
+## About AKS on Azure Local
+
+AKS Arc on Azure Local uses [Azure Arc](/azure/azure-arc/overview) to create new Kubernetes clusters on Azure Local directly from Azure. It enables you to use familiar tools like the Azure portal, Azure CLI, and Azure Resource Manager templates to create and manage your Kubernetes clusters running on Azure Local. Since clusters are automatically connected to Arc when they are created, you can use your Microsoft Entra ID for connecting to your clusters from anywhere. This ensures your developers and application operators can provision and configure Kubernetes clusters in accordance with company policies.
+
+Microsoft continues to focus on delivering a consistent user experience for all your AKS clusters. If you have created and managed Kubernetes clusters using Azure, you'll feel right at home managing Kubernetes clusters running on Azure Local using Azure portal or Azure CLI management experiences.
+
+## Simplified AKS component management on Azure Local
+
+AKS Arc on Azure Local includes several infrastructure components that provide Azure experiences, including the Arc Resource Bridge, Custom Location, and the Kubernetes Extension for the AKS Arc operator. These infrastructure components are now included in Azure Local:
+
+- **Arc Resource Bridge**: The Arc Resource Bridge is created automatically when you deploy Azure Local. This lightweight Kubernetes VM connects your Azure Local to Azure Cloud and enables on-premises resource management from Azure. Azure Arc Resource Bridge provides the line of sight to private clouds required to manage resources such as Kubernetes clusters on-premises through Azure.
+- **Custom Location**: Just like Azure Arc Resource Bridge, a custom location is created automatically when you deploy Azure Local. A custom location is the on-premises equivalent of an Azure region and is an extension of the Azure location construct. Custom locations provide a way for tenant administrators to use their data center with the right extensions installed, as target locations for deploying AKS.
+- **Kubernetes Extension for AKS Arc Operators**: The Kubernetes Extension for AKS Operators is automatically installed on Arc Resource Bridge when you deploy Azure Local. It's the on-premises equivalent of an Azure Resource Manager resource provider, to help manage AKS via Azure.
+
+By integrating these components, Azure Arc offers a unified and efficient Kubernetes provisioning and management solution, seamlessly bridging the gap between on-premises and cloud infrastructures.
+
+## Key personas
+
+**Infrastructure administrator**: The role of the infrastructure administrator is to set up Azure Local, which includes all the infrastructure component deployments previously mentioned. Administrators must also set up the platform configuration, such as the networking and storage configuration, so that Kubernetes operators can create and manage Kubernetes clusters.
+
+**Kubernetes operator**: Kubernetes operators can create and manage Kubernetes clusters on Azure Local so they can run applications without coordinating with infrastructure administrators. The operator is given access to the Azure subscription, Azure custom location, and virtual network by the infrastructure administrator. No access to the underlying on-premises infrastructure is necessary. Once the operator has the required access, they can create Kubernetes clusters according to application needs: Windows/Linux node pools, Kubernetes versions, etc.
 
 ## Overview of AKS enabled by Azure Arc
 

AKS-Arc/aks-troubleshoot.md

@@ -3,10 +3,10 @@ title: Troubleshoot common issues in AKS enabled by Azure Arc
 description: Learn about common issues and workarounds in AKS enabled by Arc.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 06/27/2025
+ms.date: 07/23/2025
 ms.author: sethm 
-ms.lastreviewed: 04/01/2025
-ms.reviewer: abha
+ms.lastreviewed: 07/23/2025
+ms.reviewer: rcheeran
 
 ---
 
@@ -24,10 +24,11 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 
 | AKS Arc CRUD operation | Issue | Fix status |
 |------------------------|-------|------------|
-| AKS cluster create     | [Can't create AKS cluster or scale node pool because of issues with AKS Arc images](gallery-image-not-usable.md) | Partially fixed in 2503 release |
-| AKS steady state       | [AKS Arc telemetry pod consumes too much memory and CPU](telemetry-pod-resources.md) | Active |
-| AKS steady state       | [Disk space exhaustion on control plane VMs due to accumulation of kube-apiserver audit logs](kube-apiserver-log-overflow.md) | Active |
+| AKS steady state       | [Storage provisioning issue impacting cluster and node pool creation](storage-provision-issue.md)|Active|
 | AKS cluster delete     | [Deleted AKS Arc cluster still visible on Azure portal](deleted-cluster-visible.md) | Active |
+| AKS steady state       | [AKS Arc telemetry pod consumes too much memory and CPU](telemetry-pod-resources.md) | Fixed in 2507 release  |
+| AKS cluster create     | [Can't create AKS cluster or scale node pool because of issues with AKS Arc images](gallery-image-not-usable.md) | Fixed in 2507 release |
+| AKS steady state       | [Disk space exhaustion on control plane VMs due to accumulation of kube-apiserver audit logs](kube-apiserver-log-overflow.md) | Fixed in 2507 release |
 | AKS cluster upgrade    | [AKS Arc cluster stuck in "Upgrading" state](cluster-upgrade-status.md) | Fixed in 2505 release |
 | AKS cluster delete     | [Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources](delete-cluster-pdb.md) | Fixed in 2503 release |
 | Azure portal           | [Can't see VM SKUs on Azure portal](check-vm-sku.md) | Fixed in 2411 release |
@@ -43,7 +44,7 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 | Create validation      | [KubeAPIServer unreachable error](kube-api-server-unreachable.md) |
 | Network configuration issues | [Use diagnostic checker](aks-arc-diagnostic-checker.md) |
 | Kubernetes steady state   | [Resolve issues due to out-of-band deletion of storage volumes](delete-storage-volume.md) |
-| Kubernetes steady state   | [Repeated Entra authentication prompts when running kubectl with Kubernetes RBAC](entra-prompts.md) | 
+| Kubernetes steady state   | [Repeated Entra authentication prompts when running kubectl with Kubernetes RBAC](entra-prompts.md) |
 | Release validation     | [Azure Advisor upgrade recommendation message](azure-advisor-upgrade.md) |
 | Network validation | [Network validation error due to .local domain](network-validation-error-local.md) |
 | Network validation | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |