Merging changes synced from https://github.com/MicrosoftDocs/azure-stack-docs-pr (branch live)

Author: Learn Build Service GitHub App

AKS-Arc/TOC.yml

@@ -188,6 +188,8 @@
     href: aks-edge-overview.md
   - name: System requirements and support matrix
     href: aks-edge-system-requirements.md
+  - name: What's new in AKS Edge Essentials
+    href: aks-edge-whats-new.md
   - name: Quickstart
     href: aks-edge-quickstart.md
   - name: Concepts
@@ -270,8 +272,6 @@
       href: aks-edge-troubleshoot-overview.md
     - name: Logs 
       href: aks-edge-resources-logs.md
-    - name: Release notes and known issues
-      href: https://github.com/Azure/AKS-Edge/releases
     - name: File bugs
       href: https://github.com/Azure/AKS-Edge/issues
     - name: AKS Edge Essentials pricing

AKS-Arc/aks-edge-whats-new.md

@@ -0,0 +1,70 @@
+---
+title: What's new in AKS Edge Essentials
+description: Learn about what's new in AKS Edge Essentials releases.
+ms.topic: overview
+ms.date: 03/12/2025
+author: sethmanheim
+ms.author: sethm 
+ms.reviewer: sumsmith
+ms.lastreviewed: 03/12/2025
+
+---
+
+# What's new in AKS Edge Essentials
+
+AKS Edge Essentials is a lightweight on-premises Kubernetes implementation of Azure Kubernetes Service (AKS) that automates running containerized applications at scale. This article describes the latest features, enhancements, and updates in AKS Edge Essentials releases.
+
+## Release 1.10.868.0 (March 2025)
+
+The following features and improvements were added in this release:
+
+- **Enable secret encryption on AKS Edge Essentials clusters with the Key Management Service (KMS) plugin (preview)**. Following Kubernetes best practices, it's recommended that you encrypt the Kubernetes secret store on clusters. You can enable the KMS plugin in the **aks-edge** config file during deployment. The KMS plugin is set to **disabled** by default during the preview period. For more information about this feature, see the [Key Management Service (KMS) plugin (preview)](aks-edge-howto-secret-encryption.md) documentation.
+- **Key Manager for Kubernetes on AKS Edge Essentials (preview)**. [Key manager for Kubernetes](aks-edge-howto-key-manager.md) is an Azure Arc extension that automates the rotation of the signing key used to issue service account tokens. For more information about the Key Manager extension, see [Key manager for Kubernetes](aks-edge-howto-key-manager.md).
+- **AKS Edge Essentials now connects to Azure Arc during deployment to decrease the number of required deployment steps.** Arc parameters are now required in the **aks-edge** configuration file during deployment. Starting with the next release, the AKS Edge Essentials deployment will be blocked if Arc parameters are missing or invalid.
+- **The Calico CNI + K3s preview has been discontinued**. You must now use Flannel with K3s and Calico with K8s. For more information, see [Single machine deployment](aks-edge-howto-single-node-deployment.md#step-1-single-machine-configuration-parameters).
+
+### Supported versions for 1.10.868.0
+
+The component versions supported in the 1.10.868.0 release are as follows:
+
+- AKS Edge Essentials version: 1.10.868.0
+- Mariner version: 2.0.20250207
+- K8s (upstream Kubernetes) distribution: 1.29.9 (upgrade only), 1.30.5
+- K3s distribution: 1.29.9 (upgrade only), 1.30.6
+- JSON version schema: 1.15
+
+## Release 1.9.262.0 (November 2024)
+
+- Updated the Mariner and Windows versions to include CVE fixes between this release and the previous release.
+
+### Supported versions for 1.9.262.0
+
+The component versions supported in the 1.9.262.0 release are as follows:
+
+- AKS Edge Essentials version: 1.9.262.0
+- Mariner version: 2.0.20241029
+- K8s (upstream Kubernetes) distribution: 1.28.9, 1.29.4
+- K3s distribution: 1.28.5, 1.29.6
+- JSON version schema: 1.14
+
+## Release 1.8.202.0 (September 2024)
+
+- Upgrade from K3s 1.28.3 (July release) to 1.28.5 (September release), and on K8s from 1.28.3 (July release) to 1.28.9 (September release).
+- Upgrade from K3s 1.27.6 (July release) to 1.28.5 (September release), and K3s 1.28.3 (July release) to 1.29.6 (September release)
+- Upgrade from K8s from 1.27.6 (July release) to 1.28.9 (September release), and on K8s from 1.28.3 (July release) to 1.29.4 (September release).
+- There is a new precheck during install to validate **fdatasync** latency. If disk latency is higher than 10ms, the install process returns a non-blocking warning message.
+
+### Supported versions for 1.8.202.0
+
+The component versions supported in the 1.8.202.0 release are as follows:
+
+- AKS Edge Essentials version: 1.8.202.0
+- Mariner version: 2.0.20240731
+- K8s (upstream Kubernetes) distribution: 1.28.9, 1.29.4
+- K3s distribution: 1.28.5, 1.29.6
+- JSON version schema: 1.14
+
+## Next steps
+
+- [AKS Edge Essentials](aks-edge-overview.md)
+- [AKS Edge Essentials requirements and support matrix](aks-edge-system-requirements.md)

AKS-Arc/create-clusters-terraform.md

@@ -70,11 +70,11 @@ az login
     required_providers { 
       azapi = { 
         source  = "azure/azapi" 
-        version = "~> 1.13" 
+        version = "~> 2.0" 
       } 
       azurerm = { 
        source  = "hashicorp/azurerm" 
-       version = "~> 3.74" 
+       version = "~> 4.0" 
       } 
      }
     }
@@ -88,13 +88,13 @@ az login
    }
    ```
 
-1. Create another file named **main.tf** that points to the latest AKS Arc AVM module, and insert the following code. You can read the description and input of the module and add optional parameters as needed. To find the admin group object ID, see [Enable Microsoft Entra authentication for Kubernetes clusters](enable-authentication-microsoft-entra-id.md). You can [follow this guidance](https://github.com/Azure/Edge-infrastructure-quickstart-template/blob/main/doc/AKS-Arc-Admin-Groups.md) to find it in your Azure environment.
+1. Create another file named **main.tf** that points to the latest AKS Arc AVM module, and insert the following code. You can read the description and input of the module and add optional parameters as needed. To find the admin group object ID, see [Enable Microsoft Entra authentication for Kubernetes clusters](enable-authentication-microsoft-entra-id.md). You can [follow this guidance](https://github.com/Azure/Edge-infrastructure-quickstart-template/blob/main/doc/AKS-Arc-Admin-Groups.md) to find it in your Azure environment. To enable Azure RBAC, update the corresponding parameter and see [Enable Azure RBAC for Kubernetes Authorization](azure-rbac-23h2.md) for prerequisites.
 
    ```terraform
    module "aks_arc" { 
    # Make sure to use the latest AVM module version
    source = "Azure/avm-res-hybridcontainerservice-provisionedclusterinstance/azurerm" 
-   version = "~>0.6"
+   version = "~>2.0"
 
    # Make sure to provide all required parameters  
    resource_group_id = "<Resource_Group>" 
@@ -106,6 +106,7 @@ az login
    ssh_public_key =  "Your_SSH_Key"
 
    # Optional parameters, update them as needed
+   enable_azure_rbac = false
    enable_workload_identity = false 
    enable_oidc_issuer = false 
    rbac_admin_group_object_ids = ["<Admin_Group_Object_ID>"]
@@ -114,7 +115,7 @@ az login
 
 ## Initialize Terraform
 
-Run [`terraform init`](https://www.terraform.io/docs/commands/init.html) to initialize the Terraform deployment. Make sure to use the `-upgrade` flag to upgrade the necessary provider plugins to the latest version:
+Run [`terraform init`](https://www.terraform.io/docs/commands/init.html) to initialize the Terraform deployment. Make sure to use the `-upgrade` flag to upgrade the necessary provider plugins to the latest version:
 
 ```terraform
 terraform init -upgrade

azure-local/concepts/physical-network-requirements.md

@@ -75,6 +75,7 @@ If your switch isn't included, contact your switch vendor to ensure that your sw
 |-----  |---| :-:  | :-:  | :-:   | :-:   |
 | [CX 8100 series](https://www.arubanetworks.com/resource/cx-8100-series-switch-data-sheet/) <br>(10 GbE)|AOS CX version 10.12.0006 or later |&check;| &check;| &check;| &check; |
 | [CX 8325 series](https://www.arubanetworks.com/resource/aruba-8325-switch-series-data-sheet/) <br>(10, 25, 100 GbE)|AOS CX version 10.11.1010 or later |&check;| &check;| &check;| &check; |
+| [CX 8325H series](https://www.hpe.com/psnow/doc/a00059009enw) <br>(10, 25, 40, 100 GbE)| AOS CX version 10.15.1005 or later |&check;| &check;| &check;| &check; |
 | [CX 8325P series](https://www.hpe.com/psnow/doc/a00059009enw) <br>(40, 100 GbE)| AOS CX version 10.15.0005 or later |&check;| &check;| &check;| &check; |
 | [CX 8360 series](https://www.arubanetworks.com/resource/aruba-cx-8360-switch-series-data-sheet/) <br>(10, 25 GbE) |AOS CX version 10.11.1010 or later |&check;| &check;| &check;| &check; |
 | [CX 10000 series](https://www.arubanetworks.com/resource/aruba-cx-10000-switch-series-data-sheet/) <br>(10, 25 GbE)|AOS CX version 10.11.1010 or later|&check;| &check;| &check;| &check; |
@@ -89,6 +90,7 @@ If your switch isn't included, contact your switch vendor to ensure that your sw
 |-----  |---| :-:  | :-:  | :-:   | :-:   |
 | [CX 8100 series](https://www.arubanetworks.com/resource/cx-8100-series-switch-data-sheet/) <br>(10 GbE)|AOS CX version 10.12.0006 or later |&check;| &check;| &check;| &check; |
 | [CX 8325 series](https://www.arubanetworks.com/resource/aruba-8325-switch-series-data-sheet/) <br>(10, 25, 100 GbE)|AOS CX version 10.11.1010 or later |&check;| &check;| &check;| &check; |
+| [CX 8325H series](https://www.hpe.com/psnow/doc/a00059009enw) <br>(10, 25, 40, 100 GbE)| AOS CX version 10.15.1005 or later |&check;| &check;| &check;| &check; |
 | [CX 8325P series](https://www.hpe.com/psnow/doc/a00059009enw) <br>(40, 100 GbE)| AOS CX version 10.15.0005 or later |&check;| &check;| &check;| &check; |
 | [CX 8360 series](https://www.arubanetworks.com/resource/aruba-cx-8360-switch-series-data-sheet/) <br>(10, 25 GbE) |AOS CX version 10.11.1010 or later |&check;| &check;| &check;| &check; |
 | [CX 10000 series](https://www.arubanetworks.com/resource/aruba-cx-10000-switch-series-data-sheet/) <br>(10, 25 GbE)|AOS CX version 10.11.1010 or later|&check;| &check;| &check;| &check; |

azure-local/deploy/deployment-local-identity-with-key-vault.md

@@ -3,7 +3,7 @@ title: Deploy Azure Local, version 23H2 using local identity with Azure Key Vaul
 description: Learn how to use local identity with Azure Key Vault for Azure Local, version 23H2 deployment (preview).
 author: alkohli
 ms.topic: how-to
-ms.date: 02/20/2025
+ms.date: 03/11/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ms.service: azure-local
@@ -37,7 +37,7 @@ Using local identity with Key Vault on Azure Local offers several benefits, part
 
 Before you start, make sure that you:
 
-- Sign the [Local Identity with Azure Key Vault Preview signup form](https://forms.office.com/pages/responsepage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAN__v7SnuFUNjBYOTVZTjRaTUtVVFVWSU1EM1dWWFpSOC4u&route=shorturl) to participate in the limited public preview. For more information about how we collect, use, and protect your personal data during your participation in the preview, review [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
+- Send an email to [[email protected]](mailto:azurelocalidentity@microsoft.com) to participate in the limited public preview. For more information about how we collect, use, and protect your personal data during your participation in the preview, review [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
 
 - Satisfy the [prerequisites and complete deployment checklist](./deployment-prerequisites.md). Skip the AD-specific prerequisites.