Merge pull request #15929 from MicrosoftDocs/main

9/25/2024 PM Publish

Author: Taojunshen

AKS-Hybrid/aks-edge-concept-networking.md

@@ -48,6 +48,9 @@ If AKS Edge Essentials is deployed using a single machine cluster or a scalable
 | **Static MAC Address** | Supported using the `MacAddress` parameter. | Supported using the `MacAddress` parameter. |
 | **Maximum transmission unit (MTU)** | Supported using the `MTU` parameter. | Supported using the `MTU` parameter. |
 
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 ## Single machine cluster
 
 Single machine deployments use an internal virtual switch to manage the networking. This type of deployment must have a Linux node; a Windows node is optional. The following diagram shows a single machine deployment architecture using internal virtual switch:

AKS-Hybrid/aks-edge-howto-multi-node-deployment.md

@@ -48,6 +48,10 @@ The key parameters to note for a scalable Kubernetes deployment are:
     :::image type="content" source="media/aks-edge/hyper-v-external-switch.png" alt-text="Screenshot of Hyper-V switch manager." lightbox="media/aks-edge/hyper-v-external-switch.png":::
 
 - **IP addresses**: You must allocate free IP addresses from your network for the **Control Plane**, **Kubernetes services**, and **Nodes (VMs)**. See the [AKS Edge Essentials networking overview](./aks-edge-concept-networking.md) for more details. For example, in a local network with the 192.168.1.0/24 IP address range, you might have 1.151 and above outside of the DHCP scope, and therefore are likely to be free. AKS Edge Essentials currently supports IPv4 addresses only. Ideally, you will know what free IP addresses you can use; however, you can use the [AksEdge-ListUsedIPv4s](https://github.com/Azure/AKS-Edge/blob/main/tools/scripts/network/AksEdge-ListUsedIPv4s.ps1) script from the [GitHub repo](https://github.com/Azure/AKS-Edge) to view IPs that are currently in use, to avoid using those IP addresses in your configuration. The following parameters will need to be provided in the `Network` section of the configuration file: `ControlPlaneEndpointIp`, `Ip4GatewayAddress`, `Ip4PrefixLength`, `ServiceIPRangeSize`, `ServiceIPRangeStart`, and `DnsServers`.
+
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 - The `Network.NetworkPlugin` value by default is `flannel`. Flannel is the default CNI for a K3S cluster. In a K8S cluster, change the `NetworkPlugin` to `calico`.
 - In addition to the previous parameters, you can set the following parameters according to your deployment configuration, [as described here](aks-edge-deployment-config-json.md): `LinuxNode.CpuCount`, `LinuxNode.MemoryInMB`, `LinuxNode.DataSizeInGB`, `LinuxNode.Ip4Address`, `WindowsNode.CpuCount`, `WindowsNode.MemoryInMB`, `WindowsNode.Ip4Address`, `Init.ServiceIPRangeSize`, and `Network.InternetDisabled`.
 

AKS-Hybrid/aks-edge-howto-setup-machine.md

@@ -34,6 +34,7 @@ You can deploy an AKS Edge Essentials cluster on either a single machine or on m
    | K3s installer (1.28.5) | [aka.ms/aks-edge/k3s-msi-1.28](https://aka.ms/aks-edge/k3s-msi-1.28) |
    | K8s installer (1.27.6) | [aka.ms/aks-edge/k8s-msi-1.27](https://aka.ms/aks-edge/k8s-msi-1.27)  |
    | K3s installer (1.27.6) | [aka.ms/aks-edge/k3s-msi-1.27](https://aka.ms/aks-edge/k3s-msi-1.27) |
+   | Windows node files | [aka.ms/aks-edge/windows-node-zip](https://aka.ms/aks-edge/windows-node-zip) |
 
 1. In addition to the MSI, Microsoft provides samples and tools that you can download from the [AKS Edge GitHub repo](https://github.com/Azure/AKS-Edge). Navigate to the **Code** tab and click the **Download Zip** button to download the repository as a **.zip** file. Extract the GitHub **.zip** file to a local folder.
 1. Before you install, make sure you uninstall any private preview installations and reboot your system before proceeding.

AKS-Hybrid/aks-edge-howto-single-node-deployment.md

@@ -42,6 +42,9 @@ The key parameters for single machine deployment are:
 New-AksEdgeDeployment -JsonConfigFilePath .\aksedge-config.json
 ```
 
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 ## Step 3: validate your cluster
 
 Confirm that the deployment was successful by running:

AKS-Hybrid/azure-rbac-23h2.md

@@ -52,7 +52,7 @@ Before you begin, make sure you have the following prerequisites:
   - New role assignments can take up to five minutes to propagate and be updated by the authorization server.
 - Once Azure RBAC is enabled, you can access your Kubernetes cluster with the given permissions using either direct mode or proxy mode.
   - To access the Kubernetes cluster directly using the `az aksarc get-credentials` command, you need the **Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action**, which is included in the **Azure Kubernetes Service Arc Cluster User** role permission.
-  - To access the Kubernetes cluster from anywhere with a proxy mode using the `az connectedk8s proxy` command, or from the Azure portal, you need the **Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action** action, which is included in the **Azure Arc-enabled Kubernetes Cluster User** role permission. Meanwhile, you must verify that the agents and the machine performing the onboarding process meet the network requirements specified in [Azure Arc-enabled Kubernetes network requirements](/azure/azure-arc/kubernetes/network-requirements?tabs=azure-cloud#details).
+  - To access the Kubernetes cluster from anywhere with a proxy mode using the `az connectedk8s proxy` command, or from the Azure portal, you need the **Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action** action, which is included in the **Azure Arc enabled Kubernetes Cluster User** role permission. Meanwhile, you must verify that the agents and the machine performing the onboarding process meet the network requirements specified in [Azure Arc-enabled Kubernetes network requirements](/azure/azure-arc/kubernetes/network-requirements?tabs=azure-cloud#details).
 - To use **kubectl**, you can access it using either Azure RBAC or the AAD Admin Group.
   - To use kubectl with Azure RBAC, you need the **Azure Arc Kubernetes Viewer** role scoped to the connected cluster resource.
   - To use kubectl with the AAD Admin Group, you don't need any specific role, but you must ensure you are in one of the groups in the **add-admin-group** list of the connected cluster resource.
@@ -149,7 +149,7 @@ kubectl get nodes
 
 ### Access your cluster from a client device (proxy mode)
 
-To access the Kubernetes cluster from anywhere with a proxy mode using `az connectedk8s proxy` command, you need the **Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action**, which is included in **Azure Arc-enabled Kubernetes Cluster User** role permission.
+To access the Kubernetes cluster from anywhere with a proxy mode using `az connectedk8s proxy` command, you need the **Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action**, which is included in **Azure Arc enabled Kubernetes Cluster User** role permission.
 
 Run the following steps on another client device: