Skip to content

Commit f925083

Browse files
committed
Merge branch 'main' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into azure-arc-vm-management
2 parents 8ba6c71 + 5e25372 commit f925083

File tree

111 files changed

+1436
-1703
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

111 files changed

+1436
-1703
lines changed

.openpublishing.redirection.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1674,6 +1674,11 @@
16741674
"source_path": "azure-stack/hci/security-update/hci-security-update-apr-2024.md",
16751675
"redirect_url": "/azure-stack/hci/security-update/security-update-apr-2024",
16761676
"redirect_document_id": false
1677+
},
1678+
{
1679+
"source_path": "azure-local/concepts/network-hud-overview.md",
1680+
"redirect_url": "/azure/azure-local/concepts/network-atc-overview",
1681+
"redirect_document_id": false
16771682
}
16781683
]
16791684
}

AKS-Arc/aks-arc-diagnostic-checker.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,6 @@ $urlArray = @(
105105
"https://k8connecthelm.azureedge.net",
106106
"https://guestnotificationservice.azure.com",
107107
"https://sts.windows.net",
108-
"https://k8sconnectcsp.azureedge.net",
109108
"https://graph.microsoft.com"
110109
)
111110
$urlList=$urlArray -join ","

AKS-Arc/aks-hci-network-system-requirements.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ Kubernetes nodes are deployed as specialized virtual machines in AKS enabled by
3030
3131
The following parameters are required in order to use a logical network for AKS Arc cluster create operation:
3232

33-
| Logical network parameter| Description| Required parameter for AKS Arc cluster|
33+
| [Az CLI logical networks parameter](/azure-stack/hci/manage/create-logical-networks?tabs=azurecli) | Description| Required parameter for AKS Arc cluster|
3434
|------------------|---------|-----------|
3535
| `--address-prefixes` | AddressPrefix for the network. Currently only 1 address prefix is supported. Usage: `--address-prefixes "10.220.32.16/24"`. | ![Supported](media/aks-hybrid-networks/check.png) |
3636
| `--dns-servers` | Space-separated list of DNS server IP addresses. Usage: `--dns-servers 10.220.32.16 10.220.32.17`. | ![Supported](media/aks-hybrid-networks/check.png) |
@@ -76,12 +76,12 @@ You need to ensure that the DNS server of the logical network can resolve the FQ
7676

7777
When you deploy Azure Local, you allocate a contiguous block of at least [six static IP addresses on your management network's subnet](/azure-stack/hci/deploy/deploy-via-portal#specify-network-settings), omitting addresses already used by the physical machines. These IPs are used by Azure Local and internal infrastructure (Arc Resource Bridge) for Arc VM management and AKS Arc. If your management network that provides IP addresses to Arc Resource Bridge related Azure Local services are on a different VLAN than the logical network you used to create AKS clusters, you need to ensure that the following ports are opened to successfully create and operate an AKS cluster.
7878

79-
| Destination Port | Destination | Source | Description | Cross VLAN networking notes |
79+
| Destination Port | Destination | Source | Description | Bi-directional cross VLAN networking notes |
8080
|------------------|-------------|--------|-------------|----------------|
81-
| 22 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to collect logs for troubleshooting. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port.|
82-
| 6443 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to communicate with Kubernetes APIs. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port.|
83-
| 55000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC server | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port. |
84-
| 65000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC authentication | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port. |
81+
| 22 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to collect logs for troubleshooting. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port and vice-versa.|
82+
| 6443 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to communicate with Kubernetes APIs. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port and vice-versa.|
83+
| 55000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC server | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port and vice-versa. |
84+
| 65000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC authentication | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port and vice-versa. |
8585

8686
## Next steps
8787
[IP address planning and considerations for Kubernetes clusters and applications](aks-hci-ip-address-planning.md)

AKS-Arc/workload-identity.md

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ description: Learn how to deploy and configure an AKS Arc cluster with workload
44
author: sethmanheim
55
ms.author: sethm
66
ms.topic: how-to
7-
ms.date: 11/08/2024
7+
ms.date: 01/23/2025
8+
ms.reviewer: leslielin
89

910
---
1011

@@ -167,16 +168,32 @@ $MSIPrincipalId=$(az identity show --resource-group $resource_group_name --name
167168

168169
### Create a Kubernetes service account
169170

170-
Create a Kubernetes service account and annotate it with the client ID of the managed identity created in the previous step:
171+
In this step, you create a Kubernetes service account and annotate it with the client ID of the managed identity you created in the previous step.
172+
173+
Use cluster connect to access your cluster from a client device. For more information, see [Access your cluster from a client device](/azure/azure-arc/kubernetes/cluster-connect?tabs=azure-cli%2Cagent-version#access-your-cluster-from-a-client-device):
171174

172175
```azurecli
173176
az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name
174177
```
175178

176-
Open a new window. Copy and paste the following CLI commands:
179+
Open a new CLI command window. Copy and paste the following commands:
177180

178181
```azurecli
179-
$yaml = @" apiVersion: v1 kind: ServiceAccount metadata: annotations: azure.workload.identity/client-id: $MSIId name: $SERVICE_ACCOUNT_NAME namespace: $SERVICE_ACCOUNT_NAMESPACE "@ $yaml = $yaml -replace '\$MSIId', $MSIId ` -replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME ` -replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE $yaml | kubectl apply -f -
182+
$yaml = @"
183+
apiVersion: v1
184+
kind: ServiceAccount
185+
metadata:
186+
annotations:
187+
azure.workload.identity/client-id: $MSIId
188+
name: $SERVICE_ACCOUNT_NAME
189+
namespace: $SERVICE_ACCOUNT_NAMESPACE
190+
"@
191+
192+
$yaml = $yaml -replace '\$MSIId', $MSIId `
193+
-replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME `
194+
-replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE
195+
196+
$yaml | kubectl apply -f -
180197
```
181198

182199
The following output shows successful creation of the service account:

azure-local/TOC.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -590,6 +590,8 @@ items:
590590
href: migrate/migrate-vmware-migrate.md
591591
- name: Enable guest management
592592
href: migrate/migrate-enable-guest-management.md
593+
- name: Maintain static IP addresses
594+
href: migrate/migrate-maintain-ip-addresses.md
593595
- name: FAQ
594596
href: migrate/migrate-faq.yml
595597
- name: Troubleshoot
@@ -824,10 +826,6 @@ items:
824826
href: concepts/persistent-memory-health.md
825827
- name: Nested virtualization
826828
href: concepts/nested-virtualization.md
827-
- name: Host networking
828-
items:
829-
- name: Network HUD overview
830-
href: concepts/network-hud-overview.md
831829
- name: Software Defined Networking (SDN)
832830
items:
833831
- name: SDN overview

azure-local/concepts/compare-windows-server.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.date: 10/21/2024
1010

1111
# Compare Azure Local to Windows Server
1212

13-
> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022
13+
> Applies to: Azure Local 2311.2 and later; Windows Server 2022
1414
1515
This article explains key differences between Azure Local and Windows Server and provides guidance about when to use each. Both products are actively supported and maintained by Microsoft. Many organizations choose to deploy both as they are intended for different and complementary purposes.
1616

azure-local/concepts/datacenter-firewall-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.date: 10/25/2024
1010

1111
# What is Datacenter Firewall?
1212

13-
> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
13+
> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
1414
1515
Datacenter Firewall is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant Software Defined Networking (SDN) firewall. The Datacenter Firewall protects east-west and north-south traffic flows across the network layer of virtual networks and traditional VLAN networks.
1616

azure-local/concepts/gateway-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.custom: kr2b-contr-experiment
1010
---
1111
# What is Remote Access Service (RAS) Gateway for Software Defined Networking?
1212

13-
> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
13+
> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
1414
1515
This article provides an overview of Remote Access Service (RAS) Gateway for Software Defined Networking (SDN) in Azure Local and Windows Server.
1616

azure-local/concepts/network-controller-overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.date: 10/21/2024
1010

1111
# What is Network Controller?
1212

13-
> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
13+
> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
1414
1515
Network Controller is the cornerstone of Software Defined Networking (SDN) management. It's a highly scalable server role that provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual network infrastructure.
1616

azure-local/concepts/network-hud-overview.md

Lines changed: 0 additions & 127 deletions
This file was deleted.

0 commit comments

Comments
 (0)