Sync release-hci-vmware with main

Sync release-hci-vmware with main

Author: sethmanheim

.openpublishing.publish.config.json

@@ -29,6 +29,18 @@
       "build_entry_point": "docs",
       "template_folder": "_themes"
     },
+    {
+      "docset_name": "AzureLocal",
+      "build_source_folder": "azure-local",
+      "build_output_subfolder": "AzureLocal",
+      "locale": "en-us",
+      "monikers": [],
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      },
+      "build_entry_point": "docs"
+    },
     {
       "docset_name": "AzureStack",
       "build_source_folder": "azure-stack",

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path":"azure-stack/hci/deploy/tutorial-private-forest.md",
+      "redirect_url":"/azure-stack/hci",
+      "redirect_document_id": false
+    },
     {
       "source_path":"azure-stack/hci/manage/bitlocker-on-csv.md",
       "redirect_url":"/azure-stack/hci/manage/manage-bitlocker",

AKS-Hybrid/aks-edge-concept-networking.md

@@ -48,6 +48,9 @@ If AKS Edge Essentials is deployed using a single machine cluster or a scalable
 | **Static MAC Address** | Supported using the `MacAddress` parameter. | Supported using the `MacAddress` parameter. |
 | **Maximum transmission unit (MTU)** | Supported using the `MTU` parameter. | Supported using the `MTU` parameter. |
 
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 ## Single machine cluster
 
 Single machine deployments use an internal virtual switch to manage the networking. This type of deployment must have a Linux node; a Windows node is optional. The following diagram shows a single machine deployment architecture using internal virtual switch:

AKS-Hybrid/aks-edge-howto-connect-to-arc.md

@@ -4,21 +4,21 @@ description: Connect your AKS Edge Essentials clusters to Arc
 author: rcheeran
 ms.author: rcheeran
 ms.topic: how-to
-ms.date: 08/21/2024
+ms.date: 09/27/2024
 ms.custom: template-how-to
 ---
 
 # Connect your AKS Edge Essentials cluster to Arc
 
-This article describes how to connect your AKS Edge Essentials cluster to [Azure Arc](/azure/azure-arc/kubernetes/overview) so that you can monitor the health of your cluster on the Azure portal. If your cluster is connected to a proxy, you can use the scripts provided in the GitHub repo to connect your cluster to Arc [as described here.](./aks-edge-howto-more-configs.md)
+This article describes how to connect your AKS Edge Essentials cluster to [Azure Arc](/azure/azure-arc/kubernetes/overview) so that you can monitor the health of your cluster on the Azure portal. If your cluster is connected to a proxy, you can use the scripts provided in the GitHub repo to connect your cluster to Arc [as described here](./aks-edge-howto-more-configs.md).
 
 ## Prerequisites
 
-In addition to these prerequisites, be sure to meet all [network requirements for Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/network-requirements).
-
-- You need an Azure subscription with either the **Owner** role or a combination of **Contributor** and **User Access Administrator** roles. You can check your access level by navigating to your subscription on the Azure portal, selecting **Access control (IAM)** on the left-hand side of the Azure portal, and then selecting **View my access**. See [the Azure documentation](/azure/azure-resource-manager/management/manage-resource-groups-portal) for more information about managing resource groups.
-- Enable all required resource providers in the Azure subscription, such as **Microsoft.HybridCompute**, **Microsoft.GuestConfiguration**, **Microsoft.HybridConnectivity**, **Microsoft.Kubernetes**, **Microsoft.ExtendedLocation**, and **Microsoft.KubernetesConfiguration**.
-- Create and verify a resource group for AKS Edge Essentials Azure resources.
+- Before connecting to Arc, infrastructure administrators who are the owner or contributor role of the subscription will have to:
+  1. Enable all required resource providers in the Azure subscription, such as **Microsoft.HybridCompute**, **Microsoft.GuestConfiguration**, **Microsoft.HybridConnectivity**, **Microsoft.Kubernetes**, **Microsoft.ExtendedLocation**, and **Microsoft.KubernetesConfiguration**.
+  1. Create and verify a resource group for AKS Edge Essentials Azure resources.
+- To connect to Arc, Kubernetes operators need a [**Kubernetes Cluster - Azure Arc Onboarding**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-cluster---azure-arc-onboarding) role for the identity at the resource group level. To disconnect from Arc, operators need an [**Azure Kubernetes Service Arc Contributor Role**](/azure/role-based-access-control/built-in-roles/containers#azure-kubernetes-service-arc-contributor-role) role for the identity at the resource group level. To check your access level, navigate to your subscription on the Azure portal, select **Access control (IAM)** on the left-hand side, and then select **View my access**. See [the Azure documentation](/azure/azure-resource-manager/management/manage-resource-groups-portal) for more information about managing resource groups. Infrastructure administrators with owner or contributor roles can also perform actions to connect or disconnect from Arc.
+- In addition to these prerequisites, make sure you meet all [network requirements for Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/network-requirements).
 
 > [!NOTE]
 > You need the **Contributor** role to be able to delete the resources within the resource group. Commands to disconnect from Arc will fail without this role assignment.
@@ -29,7 +29,7 @@ In addition to these prerequisites, be sure to meet all [network requirements fo
 
 Run the following commands in an elevated PowerShell window to install the dependencies in PowerShell:
 
-```PowerShell
+```powershell
 Install-Module Az.Resources -Repository PSGallery -Force -AllowClobber -ErrorAction Stop  
 Install-Module Az.Accounts -Repository PSGallery -Force -AllowClobber -ErrorAction Stop 
 Install-Module Az.ConnectedKubernetes -Repository PSGallery -Force -AllowClobber -ErrorAction Stop  
@@ -41,21 +41,21 @@ Provide details of your Azure subscription in the [**aksedge-config.json**](http
 
 > [!IMPORTANT]
 > Client secrets are a form of password. Proper management is critical to the security of your environment.
-> * When you create the client secret, set a very short expiration time, based on the registration timing and scope for your deployment.
-> * Be sure to protect the client secret value and the configuration file from general access.
-> * Consider that if a cluster's configuration file is backed up while it has the client secret stored, the client secret is available to anyone with access to the backup.
-> * Once you register a cluster, remove the client secret from the configuration file for that cluster.
-> * Once you register all clusters in scope for your task, you should rotate the client secret and/or delete the service principal from your Microsoft Entra ID environment.
+> - When you create the client secret, set a very short expiration time, based on the registration timing and scope for your deployment.
+> - Be sure to protect the client secret value and the configuration file from general access.
+> - Consider that if a cluster's configuration file is backed up while it has the client secret stored, the client secret is available to anyone with access to the backup.
+> - Once you register a cluster, remove the client secret from the configuration file for that cluster.
+> - Once you register all clusters in scope for your task, you should rotate the client secret and/or delete the service principal from your Microsoft Entra ID environment.
 
 | Attribute | Value type      |  Description |
 | :------------ |:-----------|:--------|
-|`ClusterName` | string | Provide a name for your cluster. The default value is `hostname_cluster`. |
+|`ClusterName` | string | The name of your cluster. The default value is `hostname_cluster`. |
 |`Location` | string | The location of your resource group. Choose the location closest to your deployment. |
 |`SubscriptionId` | GUID | Your subscription ID. In the Azure portal, select the subscription you're using and copy/paste the subscription ID string into the JSON. |
-|`TenantId` | GUID | Your tenant ID. In the Azure portal, search Microsoft Entra ID, which should take you to the **Default Directory** page. From here, you can copy/paste the tenant ID string into the JSON. |
+|`TenantId` | GUID | Your tenant ID. In the Azure portal, search **Microsoft Entra ID**, which should take you to the **Default Directory** page. From here, you can copy/paste the tenant ID string into the JSON. |
 |`ResourceGroupName` | string | The name of the Azure resource group to host your Azure resources for AKS Edge Essentials. You can use an existing resource group, or if you add a new name, the system creates one for you. |
-|`ClientId` | GUID | Provide the application ID of the Azure service principal to use as credentials. AKS Edge Essentials uses this service principal to connect your cluster to Arc. You can use the **App Registrations** page in the Microsoft Entra resource page on the Azure portal, to list and manage the service principals in a tenant. Be aware that the service principal requires the **Kubernetes Cluster - Azure Arc Onboarding** role at either the subscription or resource group level. For more information, see [Microsoft Entra identity requirements for service principals](/azure/azure-arc/kubernetes/system-requirements#microsoft-entra-identity-requirements). |
-|`ClientSecret` | string | Provide the password for the service principal. |
+|`ClientId` | GUID | Provide the application ID of the Azure service principal to use as credentials. AKS Edge Essentials uses this service principal to connect your cluster to Arc. You can use the **App Registrations** page in the Microsoft Entra resource page on the Azure portal to list and manage the service principals in a tenant. Be aware that the service principal requires the **Kubernetes Cluster - Azure Arc Onboarding** role at either the subscription or resource group level. For more information, see [Microsoft Entra identity requirements for service principals](/azure/azure-arc/kubernetes/system-requirements#microsoft-entra-identity-requirements). |
+|`ClientSecret` | string | The password for the service principal. |
 
 > [!NOTE]
 > You only need to perform this configuration once per Azure subscription. You don't need to repeat the procedure for each Kubernetes cluster.
@@ -70,7 +70,7 @@ Connect-AksEdgeArc -JsonConfigFilePath .\aksedge-config.json
 ```
 
 > [!NOTE]
-> This step can take up to 10 minutes and PowerShell may become stuck on **Establishing Azure Connected Kubernetes for `your cluster name`**. PowerShell outputs `True` and returns to the prompt when the process is complete.
+> This step can take up to 10 minutes and PowerShell might become stuck on **Establishing Azure Connected Kubernetes for `your cluster name`**. PowerShell outputs `True` and returns to the prompt when the process is complete.
 
 :::image type="content" source="media/aks-edge/aks-edge-ps-arc-connection.png" alt-text="Screenshot showing PowerShell prompt while connecting to Arc." lightbox="media/aks-edge/aks-edge-ps-arc-connection.png":::
 

AKS-Hybrid/aks-edge-howto-multi-node-deployment.md

@@ -48,6 +48,10 @@ The key parameters to note for a scalable Kubernetes deployment are:
     :::image type="content" source="media/aks-edge/hyper-v-external-switch.png" alt-text="Screenshot of Hyper-V switch manager." lightbox="media/aks-edge/hyper-v-external-switch.png":::
 
 - **IP addresses**: You must allocate free IP addresses from your network for the **Control Plane**, **Kubernetes services**, and **Nodes (VMs)**. See the [AKS Edge Essentials networking overview](./aks-edge-concept-networking.md) for more details. For example, in a local network with the 192.168.1.0/24 IP address range, you might have 1.151 and above outside of the DHCP scope, and therefore are likely to be free. AKS Edge Essentials currently supports IPv4 addresses only. Ideally, you will know what free IP addresses you can use; however, you can use the [AksEdge-ListUsedIPv4s](https://github.com/Azure/AKS-Edge/blob/main/tools/scripts/network/AksEdge-ListUsedIPv4s.ps1) script from the [GitHub repo](https://github.com/Azure/AKS-Edge) to view IPs that are currently in use, to avoid using those IP addresses in your configuration. The following parameters will need to be provided in the `Network` section of the configuration file: `ControlPlaneEndpointIp`, `Ip4GatewayAddress`, `Ip4PrefixLength`, `ServiceIPRangeSize`, `ServiceIPRangeStart`, and `DnsServers`.
+
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 - The `Network.NetworkPlugin` value by default is `flannel`. Flannel is the default CNI for a K3S cluster. In a K8S cluster, change the `NetworkPlugin` to `calico`.
 - In addition to the previous parameters, you can set the following parameters according to your deployment configuration, [as described here](aks-edge-deployment-config-json.md): `LinuxNode.CpuCount`, `LinuxNode.MemoryInMB`, `LinuxNode.DataSizeInGB`, `LinuxNode.Ip4Address`, `WindowsNode.CpuCount`, `WindowsNode.MemoryInMB`, `WindowsNode.Ip4Address`, `Init.ServiceIPRangeSize`, and `Network.InternetDisabled`.
 

AKS-Hybrid/aks-edge-howto-setup-machine.md

@@ -34,6 +34,7 @@ You can deploy an AKS Edge Essentials cluster on either a single machine or on m
    | K3s installer (1.28.5) | [aka.ms/aks-edge/k3s-msi-1.28](https://aka.ms/aks-edge/k3s-msi-1.28) |
    | K8s installer (1.27.6) | [aka.ms/aks-edge/k8s-msi-1.27](https://aka.ms/aks-edge/k8s-msi-1.27)  |
    | K3s installer (1.27.6) | [aka.ms/aks-edge/k3s-msi-1.27](https://aka.ms/aks-edge/k3s-msi-1.27) |
+   | Windows node files | [aka.ms/aks-edge/windows-node-zip](https://aka.ms/aks-edge/windows-node-zip) |
 
 1. In addition to the MSI, Microsoft provides samples and tools that you can download from the [AKS Edge GitHub repo](https://github.com/Azure/AKS-Edge). Navigate to the **Code** tab and click the **Download Zip** button to download the repository as a **.zip** file. Extract the GitHub **.zip** file to a local folder.
 1. Before you install, make sure you uninstall any private preview installations and reboot your system before proceeding.

AKS-Hybrid/aks-edge-howto-single-node-deployment.md

@@ -42,6 +42,9 @@ The key parameters for single machine deployment are:
 New-AksEdgeDeployment -JsonConfigFilePath .\aksedge-config.json
 ```
 
+> [!IMPORTANT]
+> The Kubernetes `pod cidr` is `10.42.0.0/16` for K3s and `10.244.0.0/24` for K8s. The Kubernetes `service cidr` is `10.43.0.0/16` for K3s and `10.96.0.0/12` for K8s.
+
 ## Step 3: validate your cluster
 
 Confirm that the deployment was successful by running:

AKS-Hybrid/media/aks-edge/akri-opc-plc-fqdn.png

@@ -42,7 +42,6 @@ This article describes the maximum and minimum supported scale count for AKS on
 | System Role                     | VM Size                                | Memory, CPU          |
 |---------------------------------|----------------------------------------|----------------------|
 | AKS Arc control plane nodes  | Standard_A4_v2                         | 8-GB memory, 4 vcpu  |
-| AKS Arc HA Proxy VM          | Standard_A4_v2. (This size is fixed and can't be changed) | 8-GB memory, 4 vcpu  |
 | AKS Arc Linux worker node    | Standard_K8S3_v1                       | 6-GB memory, 4 vcpu  |
 | AKS Arc Windows worker node  | Standard_K8S3_v1                       | 6-GB memory, 4 vcpu  |