Merge branch 'release-local-2504' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into 2-2504

Author: sipastak

.openpublishing.redirection.aks.json

@@ -1454,6 +1454,41 @@
         "source_path": "AKS-Arc/kubernetes-rbac-23h2.md",
         "redirect_url": "/azure/aks/aksarc/kubernetes-rbac-local",
         "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-prepare-application.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-prepare-azure-container-registry.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-deploy-cluster.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-deploy-application.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-scale.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-app-update.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
+      },
+      {
+        "source_path": "AKS-Arc/tutorial-kubernetes-upgrade-cluster.md",
+        "redirect_url": "/azure/aks/aksarc/overview",
+        "redirect_document_id": false
       }
     ]
   }

AKS-Arc/TOC.yml

@@ -33,9 +33,11 @@
     - name: High availability
       items: 
       - name: Use availability sets
-        href: availability-sets.md   
+        href: availability-sets.md
     - name: Supported scale requirements
       href: scale-requirements.md
+    - name: Connectivity modes
+      href: connectivity-modes.md  
     - name: Billing
       items:
       - name: Pricing details
@@ -76,6 +78,10 @@
           href: deploy-load-balancer-portal.md
         # - name: Troubleshoot issues
         #   href: load-balancer-troubleshoot.md
+    - name: Security
+      items:
+      - name: Encrypt etcd secrets
+        href: encrypt-etcd-secrets.md
     - name: AI and Machine Learning
       items:
       - name: Deploy an AI model with the AI toolchain operator
@@ -360,23 +366,6 @@
             href: setup.md
           - name: Create a Kubernetes cluster
             href: create-kubernetes-cluster.md
-  - name: Tutorial
-    items:
-      - name: 1 - Prepare an application
-        href: tutorial-kubernetes-prepare-application.md
-      - name: 2 - Create container registry
-        href: tutorial-kubernetes-prepare-azure-container-registry.md
-      - name: 3 - Deploy a Kubernetes cluster
-        href: tutorial-kubernetes-deploy-cluster.md
-      - name: 4 - Run an application
-        href: tutorial-kubernetes-deploy-application.md
-      - name: 5 - Scale an application
-        href: tutorial-kubernetes-scale.md
-      - name: 6 - Update an application
-        href: tutorial-kubernetes-app-update.md
-      - name: 7 - Upgrade Kubernetes cluster 
-        # Remove this, we don tneed to upgrade K8s in this tutorial.
-        href: tutorial-kubernetes-upgrade-cluster.md
   - name: Concepts
     items:
     - name: Quotas and resource limits

AKS-Arc/aks-edge-software-license-terms.md

@@ -68,7 +68,7 @@ These license terms are an agreement between you and Microsoft Corporation (or o
 
 **10. APPLICABLE LAW AND PLACE TO RESOLVE DISPUTES.** If you acquired the software in the United States or Canada, the laws of the state or province where you live (or, if a business, where your principal place of business is located) govern the interpretation of this agreement, claims for its breach, and all other claims (including consumer protection, unfair competition, and tort claims), regardless of conflict of laws principles, except that the FAA governs everything related to arbitration. If you acquired the software in any other country, its laws apply, except that the FAA governs everything related to arbitration. If U.S. federal jurisdiction exists, you and Microsoft consent to exclusive jurisdiction and venue in the federal court in King County, Washington for all disputes heard in court (excluding arbitration). If not, you and Microsoft consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington for all disputes heard in court (excluding arbitration).
 
-**11. CONSUMER RIGHTS; REGIONAL VARIATIONS.** This agreement describes certain legal rights. You may have other rights, including consumer rights, under the laws of your state, province, or country. Separate and apart from your relationship with Microsoft, you may also have rights with respect to the party from which you acquired the software. This agreement does not change those other rights if the laws of your state, province, or country do not permit it to do so. For example, if you acquired the software in one of the below regions, or mandatory country law applies, then the following provisions apply to you:
+**11. CONSUMER RIGHTS; REGIONAL VARIATIONS.** This agreement describes certain legal rights. You may have other rights, including consumer rights, under the laws of your state, province, or country/region. Separate and apart from your relationship with Microsoft, you may also have rights with respect to the party from which you acquired the software. This agreement does not change those other rights if the laws of your state, province, or country/region do not permit it to do so. For example, if you acquired the software in one of the below regions, or mandatory country/region law applies, then the following provisions apply to you:
 
 **a) Australia.** You have statutory guarantees under the Australian Consumer Law and nothing in this agreement is intended to affect those rights.
 
@@ -86,7 +86,7 @@ Subject to the foregoing clause ii., Microsoft will only be liable for slight ne
 **13. LIMITATION ON AND EXCLUSION OF DAMAGES. IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES DESPITE THE PRECEDING DISCLAIMER OF WARRANTY, YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.**
 
 **This limitation applies to (a) anything related to the software, services, content (including code) on third party Internet sites, or third party applications; and (b) claims for breach of contract, warranty, guarantee, or condition; strict liability, negligence, or other tort; or any other claim; in each case to the extent permitted by applicable law.
-It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your state, province, or country may not allow the exclusion or limitation of incidental, consequential, or other damages.**
+It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your state, province, or country/region may not allow the exclusion or limitation of incidental, consequential, or other damages.**
 
 **Please note: As this software is distributed in Canada, some of the clauses in this agreement are provided below in French.**
 

AKS-Arc/aks-overview.md

@@ -2,7 +2,7 @@
 title: What is AKS enabled by Azure Arc?
 description: Learn about AKS enabled by Azure Arc and available deployment options.
 ms.topic: overview
-ms.date: 04/10/2025
+ms.date: 04/14/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: abha
@@ -39,16 +39,11 @@ The following list describes some of the common use cases for AKS, but is not an
 
 The available deployment options are as follows:
 
-- **AKS on Azure Local**: AKS on Azure Local uses Azure Arc to create new Kubernetes clusters on Azure Local directly from Azure. It enables you to use familiar tools like the Azure portal and Azure Resource Manager templates to create and manage your Kubernetes clusters running on Azure Local.
-- **AKS Edge Essentials**: AKS Edge Essentials includes a lightweight Kubernetes distribution with a small footprint and simple installation experience, making it easy for you to deploy Kubernetes on PC-class or "light" edge hardware.
-- **AKS on Windows Server**: Azure Kubernetes Service on Windows Server (and on Azure Local) is an on-premises Kubernetes implementation of AKS that automates running containerized applications at scale, using Windows PowerShell and Windows Admin Center. It simplifies deployment and management of AKS on Windows Server 2019/2022 Datacenter and Azure Local.
-- **AKS on VMWare (preview)**: AKS on VMware (preview) enables you to use Azure Arc to create new Kubernetes clusters on VMware vSphere. With AKS on VMware, you can manage your AKS clusters running on VMware vSphere using familiar tools like Azure CLI.
+- [**AKS on Azure Local**](aks-whats-new-local.md): AKS on Azure Local uses Azure Arc to create new Kubernetes clusters on Azure Local directly from Azure. It enables you to use familiar tools like the Azure portal and Azure Resource Manager templates to create and manage your Kubernetes clusters running on Azure Local.
+- [**AKS Edge Essentials**](aks-edge-overview.md): AKS Edge Essentials includes a lightweight Kubernetes distribution with a small footprint and simple installation experience, making it easy for you to deploy Kubernetes on PC-class or "light" edge hardware.
+- [**AKS on VMWare (preview)**](aks-vmware-overview.md): AKS on VMware (preview) enables you to use Azure Arc to create new Kubernetes clusters on VMware vSphere. With AKS on VMware, you can manage your AKS clusters running on VMware vSphere using familiar tools like Azure CLI.
+- [**AKS on Windows Server**](overview.md): AKS on Windows Server is an on-premises Kubernetes implementation of AKS that automates running containerized applications at scale, using Windows PowerShell and Windows Admin Center. It simplifies deployment and management of AKS on Windows Server 2019/2022 Datacenter.
 
 ## Next steps
 
-To get started with AKS enabled by Azure Arc, see the following deployment option overviews:
-
 - [What's new in AKS on Azure Local](aks-whats-new-local.md)
-- [AKS on Windows Server](overview.md)
-- [AKS Edge Essentials](aks-edge-overview.md)
-- [AKS on VMware (preview)](aks-vmware-overview.md)

AKS-Arc/connectivity-modes.md

@@ -0,0 +1,46 @@
+---
+title: Connectivity modes in AKS Arc on Azure Local
+description: Learn about running AKS on Azure Local in disconnected and semi-connected mode.
+ms.topic: overview
+ms.date: 04/16/2025
+author: sethmanheim
+ms.author: sethm 
+ms.reviewer: abha
+ms.lastreviewed: 04/08/2025
+ms.custom: conceptual
+
+---
+
+# Connectivity modes in AKS on Azure Local
+
+AKS on Azure Local requires connectivity to Azure in order to use features such as Kubernetes cluster upgrades, and identity and access options such as Azure Entra ID. Also, Azure Arc agents on the AKS Arc cluster must remain connected to enable functionality such as [configuring (GitOps)](/azure/azure-arc/kubernetes/conceptual-gitops-flux2), Arc extensions, and [cluster connect](/azure/azure-arc/kubernetes/conceptual-cluster-connect). Since AKS on Azure Local clusters deployed at the edge might not always have stable network access, the Kubernetes cluster might occasionally be unable to reach Azure when it operates in a semi-connected state.
+
+## Understand connectivity modes
+
+When working with AKS on Azure Local clusters, it's important to understand how network connectivity modes impact your operations.
+
+- **Fully connected**: With ongoing network connectivity, AKS and Arc agents can consistently communicate with Azure. In this mode, there is typically little delay with tasks such as scaling out your AKS Arc cluster, upgrading the Kubernetes version, propagating GitOps configurations, enforcing Azure Policy and Gatekeeper policies, or collecting workload metrics and logs in Azure Monitor.
+
+- **Semi-connected**:  Refers to a temporary loss of connectivity with Azure, which is supported for a duration of up to 30 days. This constraint is due to the 30-day validity period of certificates managed by AKS on Azure Local. If network connectivity is not restored within this timeframe, the AKS Arc cluster may cease to function. To maintain cluster operability, it is recommended that the AKS Arc cluster establish connectivity with Azure at least once every 30 days. Failure to do so may result in certificate expiration, requiring the cluster to be deleted and redeployed.
+
+- **Disconnected**: We currently do not support running AKS on Azure Local in a disconnected environment beyond 30 days.
+
+## Impact of semi-connected mode (temporary disconnection) on AKS on Azure Local operations
+
+The connectivity status of a cluster is determined by the time of the latest heartbeat received from the Azure Arc agents deployed on the cluster.
+
+| AKS operation | Impact of temporary disconnection | Details | Workaround |
+| ------------- | ---------------------------------- |---------|------------|
+| Creating, updating, upgrading, and deleting Kubernetes clusters | Not supported | Since Kubernetes CRUD operations are driven by Azure, you can't perform any CRUD operations while disconnected. | No supported workaround. |
+| Scaling the Kubernetes cluster | Partially supported | You can't manually scale an existing nodepool or add a new nodepool to the Kubernetes cluster. | Your Kubernetes cluster scales dynamically if you [enabled autoscalar](auto-scale-aks-arc.md) while creating the Kubernetes cluster. |
+| Access the Kubernetes cluster | Partially supported | You can't use [Azure Entra](enable-authentication-microsoft-entra-id.md) and `az connectedk8s proxy`, since they require connectivity to Azure. | [Retrieve admin kubeconfig](retrieve-admin-kubeconfig.md) to access the Kubernetes cluster. |
+| Viewing Kubernetes cluster status | Partially supported | You can't use the Azure portal or Azure Resource Manager APIs to view Kubernetes cluster status. | Use local tools such as [kubectl get](https://kubernetes.io/docs/reference/kubectl/quick-reference/#viewing-and-finding-resources). |
+| MetalLB Arc extension | Partially supported | Your load balancer continues working but you can't add or remove IP pools or update MetalLB configuration. | No supported workaround. |
+| AKS cluster and application observability | Partially supported | You can't use Container Insights and [create diagnostic settings using Container Insights](kubernetes-monitor-audit-events.md#create-a-diagnostic-setting), since they require connectivity to Azure. | Use [3rd party on-premises monitoring solutions](aks-monitor-logging.md). |
+| SSH into the Kubernetes VMs | Supported | You can SSH into Kubernetes VMs. | No workaround needed. |
+| Collect logs for troubleshooting | Supported | You can collect logs for troubleshooting issues. | No workaround needed. |
+
+## Next steps
+
+- [Azure Arc connectivity modes](/azure//azure-arc/kubernetes/conceptual-connectivity-modes)
+- [Create and manage Kubernetes clusters on-premises using Azure CLI](aks-create-clusters-cli.md)

AKS-Arc/deploy-gpu-node-pool-22h2.md

@@ -1,5 +1,5 @@
 ---
-title: Use GPUs for compute-intensive workloads
+title: Use GPUs for compute-intensive workloads in AKS on Windows Server
 description: Learn how to deploy GPU-enabled node pools in AKS on Windows Server.
 author: sethmanheim
 ms.topic: how-to
@@ -11,7 +11,7 @@ ms.lastreviewed: 03/21/2023
 # Keyword: Run GPU workloads on Kubernetes
 ---
 
-# Use GPUs for compute-intensive workloads
+# Use GPUs for compute-intensive workloads in AKS on Windows Server
 
 [!INCLUDE [aks-hybrid-applies-to-azure-stack-hci-windows-server-sku](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 

AKS-Arc/deploy-gpu-node-pool.md

@@ -3,7 +3,7 @@ title: Use GPUs for compute-intensive workloads in AKS on Azure Local
 description: Learn how to deploy GPU-enabled node pools in AKS enabled by Arc on Azure Local.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 03/25/2025
+ms.date: 04/14/2025
 ms.author: sethm 
 ms.lastreviewed: 03/21/2025
 ms.reviewer: abha
@@ -17,7 +17,7 @@ ms.reviewer: abha
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 
 > [!NOTE]
-> For information about GPUs in AKS on Azure Local 22H2, see [Use GPUs (Azure Local 22H2)](deploy-gpu-node-pool-22h2.md).
+> For information about GPUs in AKS on Windows Server, see [Use GPUs in AKS on Windows Server](deploy-gpu-node-pool-22h2.md).
 
 Graphical Processing Units (GPU) are used for compute-intensive workloads such as machine learning, deep learning, and more. This article describes how to use GPUs for compute-intensive workloads in AKS enabled by Azure Arc.