Merge pull request #50438 from wwlpublish/49c03d11b7ec36232cbd7d3d10bfd053a4ae96506bfb075cb85386a74940cfea-live

 Modules/M04-configure-azure-kubernetes-service-cluster

Author: v-ccolin

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/1-introduction.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: "Introduction"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 3
-content: |
-  [!include[](includes/1-introduction.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.introduction
+title: Introduction
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Introduction
+  description: "Introduction"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/2-understand-azure-policy-kubernetes-clusters.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.understand-azure-policy-kubernetes-clusters
-title: Understand Azure Policy for Kubernetes clusters
-metadata:
-  title: Understand Azure Policy for Kubernetes clusters
-  description: "Understand Azure Policy for Kubernetes clusters"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/2-understand-azure-policy-kubernetes-clusters.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.understand-azure-policy-kubernetes-clusters
+title: Understand Azure Policy for Kubernetes clusters
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Understand Azure Policy for Kubernetes clusters
+  description: "Understand Azure Policy for Kubernetes clusters"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/2-understand-azure-policy-kubernetes-clusters.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/3-install-azure-policy-add-azure-kubernetes-service.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.install-azure-policy-add-azure-kubernetes-service
-title: Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service
-metadata:
-  title: Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service
-  description: "Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/3-install-azure-policy-add-azure-kubernetes-service.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.install-azure-policy-add-azure-kubernetes-service
+title: Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service
+  description: "Try-This exercise - Enable Azure Policy add on for Azure Kubernetes Service"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/3-install-azure-policy-add-azure-kubernetes-service.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/4-assign-policy-definition-azure-kubernetes-cluster.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.assign-policy-definition-azure-kubernetes-cluster
-title: Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster
-metadata:
-  title: Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster
-  description: "Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 8
-content: |
-  [!include[](includes/4-assign-policy-definition-azure-kubernetes-cluster.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.assign-policy-definition-azure-kubernetes-cluster
+title: Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster
+  description: "Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 8
+content: |
+  [!include[](includes/4-assign-policy-definition-azure-kubernetes-cluster.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/5-host-based-encryption-azure-kubernetes-service.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.host-based-encryption-azure-kubernetes-service
-title: Host-based encryption on Azure Kubernetes Service
-metadata:
-  title: Host-based encryption on Azure Kubernetes Service
-  description: "Host-based encryption on Azure Kubernetes Service"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 6
-content: |
-  [!include[](includes/5-host-based-encryption-azure-kubernetes-service.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.host-based-encryption-azure-kubernetes-service
+title: Host-based encryption on Azure Kubernetes Service
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Host-based encryption on Azure Kubernetes Service
+  description: "Host-based encryption on Azure Kubernetes Service"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 6
+content: |
+  [!include[](includes/5-host-based-encryption-azure-kubernetes-service.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/6-create-custom-namespace.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.create-custom-namespace
-title: Create a custom namespace for Azure Kubernetes clusters
-metadata:
-  title: Create a custom namespace for Azure Kubernetes clusters
-  description: "Create a custom namespace for Azure Kubernetes clusters"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 6
-content: |
-  [!include[](includes/6-create-custom-namespace.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.create-custom-namespace
+title: Create a custom namespace for Azure Kubernetes clusters
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Create a custom namespace for Azure Kubernetes clusters
+  description: "Create a custom namespace for Azure Kubernetes clusters"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 6
+content: |
+  [!include[](includes/6-create-custom-namespace.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/7-knowledge-check.yml

@@ -1,60 +1,53 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: "Knowledge check"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 6
-content: |
-  [!include[](includes/7-knowledge-check.md)]
-quiz:
-  title: "Check your knowledge"
-  questions:
-  - content: "What is the purpose of Azure Policy in relation to Kubernetes clusters?"
-    choices:
-    - content: "Azure Policy is used to manage and report on the compliance state of your Kubernetes clusters from multiple places."
-      isCorrect: false
-      explanation: "Incorrect. Azure Policy allows for centralized management and reporting of compliance state."
-    - content: "Azure Policy is used to deploy policy definitions into the cluster as pod templates."
-      isCorrect: false
-      explanation: "Incorrect. Azure Policy deploys policy definitions as constraint templates and constraint custom resources."
-    - content: "Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms."
-      isCorrect: true
-      explanation: "Correct. Azure Policy applies at scale enforcements and safeguards on Kubernetes clusters in a centralized, consistent manner to ensure secure and stable application hosting platforms."
-  - content: "What is host based encryption in Azure Kubernetes Service (AKS)?"
-    choices:
-    - content: "Encryption of data at rest using server side encryption with platform managed keys"
-      isCorrect: false
-      explanation: "Incorrect. Server side encryption with platform managed keys is used by Azure Storage, not host based encryption in AKS."
-    - content: "Encryption of data at rest using customer managed keys for all disks"
-      isCorrect: false
-      explanation: "Incorrect. Host based encryption in AKS can use either platform managed keys or customer managed keys depending on the encryption type set on the disks."
-    - content: "Enables encryption of data at rest on the VM host of AKS agent nodes using platform or customer managed keys, and encrypts data flows to the Storage service"
-      isCorrect: true
-      explanation: "Correct. Host based encryption in AKS encrypts data at rest on the VM host of AKS agent nodes using platform or customer managed keys, and encrypts data flows to the Storage service. It can be enabled at cluster or node pool creation time and requires a specific VM set type and supported VM sizes."
-  - content: "What are the two Azure built-in roles that have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster?"
-    choices:
-    - content: "Resource Group Contributor and Reader"
-      isCorrect: false
-      explanation: "Incorrect. Resource Group Contributor and Reader do not have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."
-    - content: "Virtual Machine Contributor and Network Contributor"
-      isCorrect: false
-      explanation: "Incorrect. Virtual Machine Contributor and Network Contributor do not have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."
-    - content: "Resource Policy Contributor and Owner"
-      isCorrect: true
-      explanation: "Correct. Resource Policy Contributor and Owner have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."
-  - content: "What is the purpose of Azure Policy in relation to Kubernetes clusters?"
-    choices:
-    - content: "Azure Policy is used to deploy policy definitions into the cluster as pod templates."
-      isCorrect: false
-      explanation: "Incorrect. Azure Policy deploys policy definitions as constraint templates and constraint custom resources."
-    - content: "Azure Policy is used to manage and report on the compliance state of your Kubernetes clusters from multiple places."
-      isCorrect: false
-      explanation: "Incorrect. Azure Policy allows for centralized management and reporting of compliance state."
-    - content: "Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms."
-      isCorrect: true
-      explanation: "Correct. Azure Policy applies at scale enforcements and safeguards on Kubernetes clusters in a centralized, consistent manner to ensure secure and stable application hosting platforms."
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.knowledge-check
+title: Module assessment
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Module assessment
+  description: "Knowledge check"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 6
+content: |
+  [!include[](includes/7-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "What is the purpose of Azure Policy in relation to Kubernetes clusters?"
+    choices:
+    - content: "Azure Policy is used to manage and report on the compliance state of your Kubernetes clusters from multiple places."
+      isCorrect: false
+      explanation: "Incorrect. Azure Policy allows for centralized management and reporting of compliance state."
+    - content: "Azure Policy is used to deploy policy definitions into the cluster as pod templates."
+      isCorrect: false
+      explanation: "Incorrect. Azure Policy deploys policy definitions as constraint templates and constraint custom resources."
+    - content: "Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms."
+      isCorrect: true
+      explanation: "Correct. Azure Policy applies at scale enforcements and safeguards on Kubernetes clusters in a centralized, consistent manner to ensure secure and stable application hosting platforms."
+  - content: "What is host based encryption in Azure Kubernetes Service (AKS)?"
+    choices:
+    - content: "Encryption of data at rest using server side encryption with platform managed keys"
+      isCorrect: false
+      explanation: "Incorrect. Server side encryption with platform managed keys is used by Azure Storage, not host based encryption in AKS."
+    - content: "Encryption of data at rest using customer managed keys for all disks"
+      isCorrect: false
+      explanation: "Incorrect. Host based encryption in AKS can use either platform managed keys or customer managed keys depending on the encryption type set on the disks."
+    - content: "Enables encryption of data at rest on the VM host of AKS agent nodes using platform or customer managed keys, and encrypts data flows to the Storage service"
+      isCorrect: true
+      explanation: "Correct. Host based encryption in AKS encrypts data at rest on the VM host of AKS agent nodes using platform or customer managed keys, and encrypts data flows to the Storage service. It can be enabled at cluster or node pool creation time and requires a specific VM set type and supported VM sizes."
+  - content: "What are the two Azure built-in roles that have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster?"
+    choices:
+    - content: "Resource Group Contributor and Reader"
+      isCorrect: false
+      explanation: "Incorrect. Resource Group Contributor and Reader do not have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."
+    - content: "Virtual Machine Contributor and Network Contributor"
+      isCorrect: false
+      explanation: "Incorrect. Virtual Machine Contributor and Network Contributor do not have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."
+    - content: "Resource Policy Contributor and Owner"
+      isCorrect: true
+      explanation: "Correct. Resource Policy Contributor and Owner have the appropriate Azure RBAC policy assignment operations to assign a policy definition to your Kubernetes cluster."

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/8-summary.yml

@@ -1,13 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-azure-kubernetes-service-cluster.summary
-title: Summary
-metadata:
-  title: Summary
-  description: "Summary"
-  ms.date: 03/08/2024
-  author: wwlpublish
-  ms.author: bradj
-  ms.topic: unit
-durationInMinutes: 2
-content: |
-  [!include[](includes/8-summary.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-azure-kubernetes-service-cluster.summary
+title: Summary
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Summary
+  description: "Summary"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 2
+content: |
+  [!include[](includes/8-summary.md)]

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/includes/1-introduction.md

@@ -16,3 +16,4 @@ After completing this module, you'll be able to:
 ## Goals
 
 The goal of this module is to teach you how to use Azure Policy to enforce policies and safeguards on your Kubernetes clusters at scale. Azure Policy Ensures that your cluster is secure, compliant, and consistent across your organization.
+

learn-pr/wwl-azure/configure-azure-kubernetes-service-cluster/includes/2-understand-azure-policy-kubernetes-clusters.md

@@ -28,3 +28,4 @@ The following recommendation applies only to AKS and the Azure Policy Add-on:
  -  Use system node pool with CriticalAddonsOnly taint to schedule Gatekeeper pods.
  -  Secure outbound traffic from your AKS clusters.
  -  If the cluster has aad-pod-identity enabled, Node Managed Identity (NMI) pods modify the nodes' iptables to intercept calls to the Azure Instance Metadata endpoint.
+