From f3d0514e8b9198cdb1f415fda087ef11b33ae4ec Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:09:40 -0700 Subject: [PATCH 01/25] Add scenarios/azure-aks-docs/articles/aks/windows-faq.yml --- .../articles/aks/windows-faq.yml | 153 ++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 scenarios/azure-aks-docs/articles/aks/windows-faq.yml diff --git a/scenarios/azure-aks-docs/articles/aks/windows-faq.yml b/scenarios/azure-aks-docs/articles/aks/windows-faq.yml new file mode 100644 index 000000000..f08f286ed --- /dev/null +++ b/scenarios/azure-aks-docs/articles/aks/windows-faq.yml @@ -0,0 +1,153 @@ +### YamlMime:FAQ +metadata: + title: "Windows Server on AKS FAQ" + description: Frequently asked questions about Windows Server containers on Azure Kubernetes Service (AKS). + keywords: frequently asked questions, faq + ms.service: azure-kubernetes-service + ms.topic: faq + ms.date: 11/06/2023 +title: "Frequently asked questions about Windows Server on AKS" +summary: | + This article provides answers to some of the most common questions about using Windows Server containers on Azure Kubernetes Service (AKS). + + +sections: + - name: General questions + questions: + - question: | + What kind of disks are supported for Windows? + answer: | + Azure Disks and Azure Files are the supported volume types, and are accessed as New Technology File System (NTFS) volumes in the Windows Server container. + + - question: | + Does Windows support generation 2 virtual machines (VMs)? + answer: | + Generation 2 VMs are supported on Windows for WS2022 only. + + For more information, see [Support for generation 2 VMs on Azure](/azure/virtual-machines/generation-2). + + - question: | + How do I patch my Windows nodes? + answer: | + To get the latest patches for Windows nodes, you can either [upgrade the node pool](./manage-node-pools.md#upgrade-a-single-node-pool) or [upgrade the node image](./node-image-upgrade.md). + + - question: | + Is preserving the client source IP supported? + answer: | + At this time, [client source IP preservation](./concepts-network-ingress.md#ingress-controllers) isn't supported with Windows nodes. + + - question: | + Can I change the maximum number of pods per node? + answer: | + Yes. For more information, see [Maximum number of pods](./concepts-network-ip-address-planning.md#maximum-pods-per-node). + + - question: | + What is the default transmission control protocol (TCP) timeout in Windows OS? + answer: | + The default TCP timeout in Windows OS is four minutes. This value isn't configurable. When an application uses a longer timeout, the TCP connections between different containers in the same node close after four minutes. + + - question: | + Why am I seeing an error when I try to create a new Windows agent pool? + answer: | + If you created your cluster before February 2020 and didn't perform any upgrade operations, the cluster still uses an old Windows image. You might see an error that resembles the following example: + + "The following list of images referenced from the deployment template isn't found: Publisher: MicrosoftWindowsServer, Offer: WindowsServer, Sku: 2019-datacenter-core-smalldisk-2004, Version: latest. Refer to [Find and use Azure Marketplace Virtual Machine images with Azure PowerShell](/azure/virtual-machines/windows/cli-ps-findimage) for instructions on finding available images." + + To fix this issue, you need to perform the following steps: + + 1. Upgrade the [cluster control plane](./manage-node-pools.md#upgrade-a-cluster-control-plane-with-multiple-node-pools), which updates the image offer and publisher. + 2. Create new Windows agent pools. + 3. Move Windows pods from existing Windows agent pools to new Windows agent pools. + 4. Delete old Windows agent pools. + + - question: | + Why am I seeing an error when I try to deploy Windows pods? + answer: | + If you specify a value in `--max-pods` less than the number of pods you want to create, you might see the `No available addresses` error. + + To fix this error, use the `az aks nodepool add` command with a high enough `--max-pods` value. For example: + + ```azurecli + az aks nodepool add \ + --cluster-name $CLUSTER_NAME \ + --resource-group $RESOURCE_GROUP \ + --name $NODEPOOL_NAME \ + --max-pods 3 + ``` + + For more details, see the [`--max-pods` documentation](/cli/azure/aks/nodepool#az-aks-nodepool-add). + + - question: | + Why is there an unexpected user named "sshd" on my virtual machine node? + answer: | + AKS adds a user named "sshd" when installing the OpenSSH service. This user isn't malicious. We recommend that customers update their alerts to ignore this unexpected user account. + + - question: | + How do I rotate the service principal for my Windows node pool? + answer: | + Windows node pools don't support service principal rotation. To update the service principal, create a new Windows node pool and migrate your pods from the older pool to the new one. After your pods are migrated to the new pool, delete the older node pool. + + Instead of service principals, you can use managed identities. For more information, see [Use managed identities in AKS](./use-managed-identity.md). + + - question: | + How do I change the administrator password for Windows Server nodes on my cluster? + answer: | + To change the administrator password using the Azure CLI, use the `az aks update` command with the `--admin-password` parameter. For example: + + ```azurecli + az aks update \ + --resource-group $RESOURCE_GROUP \ + --name $CLUSTER_NAME \ + --admin-password + ``` + + To change the password using Azure PowerShell, use the `Set-AzAksCluster` cmdlet with the `-AdminPassword` parameter. For example: + + ```azurepowershell + Set-AzAksCluster ` + -ResourceGroupName $RESOURCE_GROUP ` + -Name $CLUSTER_NAME ` + -AdminPassword + ``` + + Keep in mind that performing a cluster update causes a restart and only updates the Windows Server node pools. For information about Windows Server password requirements, see [Windows Server password requirements](/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements#reference). + + - question: | + How many node pools can I create? + answer: | + AKS clusters with Windows node pools have the same resource limits as the default limits specified for the AKS service. For more information, see [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)](./quotas-skus-regions.md). + + - question: | + Can I run ingress controllers on Windows nodes? + answer: | + Yes, you can run ingress controllers that support Windows Server containers. + + - question: | + Can my Windows Server containers use gMSA? + answer: | + Yes. Group-managed service account (gMSA) support is generally available (GA) for Windows on AKS. For more information, see [Enable Group Managed Service Accounts (GMSA) for your Windows Server nodes on your Azure Kubernetes Service (AKS) cluster](./use-group-managed-service-accounts.md) + - question: | + Are there any limitations on the number of services on a cluster with Windows nodes? + answer: | + A cluster with Windows nodes can have approximately 500 services (sometimes less) before it encounters port exhaustion. This limitation applies to a Kubernetes Service with External Traffic Policy set to "Cluster". + + When the external traffic policy on a Service is configured as a Cluster, the traffic undergoes an extra Source NAT on the node. This process also results in reservation of a port from the TCPIP dynamic port pool. This port pool is a limited resource (~16K ports by default) and many active connections to a Service can lead to dynamic port pool exhaustion resulting in connection drops. + + If the Kubernetes Service is configured with External Traffic Policy set to "Local", port exhaustion problems aren't likely to occur at 500 services. + + - question: | + How do I change the time zone of a running container? + answer: | + To change the time zone of a running Windows Server container, connect to the running container with a PowerShell session. For example: + + ```azurecli + kubectl exec -it CONTAINER-NAME -- powershell + ``` + + In the running container, use [Set-TimeZone](/powershell/module/microsoft.powershell.management/set-timezone) to set the time zone of the running container. For example: + + ```azurepowershell + Set-TimeZone -Id "Russian Standard Time" + ``` + + To see the current time zone of the running container or an available list of time zones, use [Get-TimeZone](/powershell/module/microsoft.powershell.management/get-timezone). From 92b8924b60b2408e52bd6093658b62ef92d15afb Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:09:44 -0700 Subject: [PATCH 02/25] Update scenarios/azure-aks-docs/articles/aks/TOC.yml --- scenarios/azure-aks-docs/articles/aks/TOC.yml | 68 ++++++++++++++----- 1 file changed, 52 insertions(+), 16 deletions(-) diff --git a/scenarios/azure-aks-docs/articles/aks/TOC.yml b/scenarios/azure-aks-docs/articles/aks/TOC.yml index a0e104f78..4221b0b95 100644 --- a/scenarios/azure-aks-docs/articles/aks/TOC.yml +++ b/scenarios/azure-aks-docs/articles/aks/TOC.yml @@ -109,6 +109,8 @@ href: monitor-aks.md - name: Network Observability href: network-observability-overview.md + - name: Advanced Network Observability + href: advanced-network-observability-concepts.md - name: Security items: - name: Security concepts @@ -160,12 +162,16 @@ href: concepts-ai-ml-language-models.md - name: Fine-tuning language models href: concepts-fine-tune-language-models.md + - name: Machine learning operations (MLOps) + href: concepts-machine-learning-ops.md - name: Advanced Container Networking Services items: - name: Advanced Container Networking Services overview href: advanced-container-networking-services-overview.md - name: Advanced Network Observability overview href: advanced-network-observability-concepts.md + - name: Security + href: advanced-network-container-services-security-concepts.md - name: Storage href: concepts-storage.md - name: Scaling @@ -246,6 +252,10 @@ href: windows-best-practices.md - name: Enforce best practices with deployment safeguards href: deployment-safeguards.md + - name: AI and machine learning + items: + - name: Machine learning operations (MLOps) + href: best-practices-ml-ops.md - name: How-to guides items: - name: AKS extension for Visual Studio Code @@ -336,6 +346,8 @@ href: spot-node-pool.md - name: Node pool snapshot href: node-pool-snapshot.md + - name: Add a Virtual Machines node pool + href: virtual-machines-node-pools.md - name: Use system node pools href: use-system-pools.md - name: Resize node pools @@ -354,6 +366,16 @@ items: - name: Stateful workloads items: + - name: Overview + href: stateful-workloads-overview.md + - name: Deploy a MongoDB cluster + items: + - name: Overview + href: mongodb-overview.md + - name: Create MongoDB infrastructure + href: create-mongodb-infrastructure.md + - name: Deploy MongoDB cluster + href: deploy-mongodb-cluster.md - name: Deploy a highly available PostgreSQL database items: - name: Overview @@ -478,6 +500,8 @@ href: use-cvm.md - name: Use Dedicated Hosts with AKS href: use-azure-dedicated-hosts.md + - name: Restrict access to IMDS + href: imds-restriction.md - name: Authentication and authorization items: - name: Use managed identities @@ -492,8 +516,10 @@ href: enable-authentication-microsoft-entra-id.md - name: Manage local accounts href: manage-local-accounts-managed-azure-ad.md - - name: Cluster access control + - name: Cluster access control with Conditional Access href: access-control-managed-azure-ad.md + - name: Cluster access control with Privileged Identity Management + href: privileged-identity-management.md - name: Microsoft Entra integration (legacy) href: azure-ad-integration-cli.md - name: Enable GMSA integration @@ -586,6 +612,8 @@ href: use-node-public-ips.md - name: Restrict and control cluster egress traffic href: limit-egress-traffic.md + - name: Configure Static Egress Gateway + href: configure-static-egress-gateway.md - name: Ingress items: - name: Use application routing add-on @@ -624,6 +652,10 @@ href: private-clusters.md#use-a-private-endpoint-connection - name: Diagnose and solve UDP packet drops href: troubleshoot-udp-packet-drops.md + - name: Network Security + items: + - name: FQDN Filtering with Advanced Container Networking Services + href: advanced-network-container-services-security-cli.md - name: Storage items: - name: CSI storage drivers @@ -712,16 +744,8 @@ href: events.md - name: Monitor kube-audit events href: monitor-apiserver.md - - name: Monitor control plane metrics - href: monitor-control-plane-metrics.md - - name: Monitor reference - href: monitor-aks-reference.md - - name: Control plane metrics reference - href: control-plane-metrics-default-list.md - name: View the kubelet logs href: kubelet-logs.md - - name: View container data in real time - href: container-insights-live-data.md - name: Cost analysis items: - name: Enable cost analysis on your cluster @@ -758,6 +782,10 @@ href: istio-support-policy.md - name: Istio service mesh add-on performance href: istio-scale.md + - name: Latency comparison for Istio + href: istio-latency.md + - name: Telemetry API for Istio service mesh + href: istio-telemetry.md - name: Open Service Mesh AKS add-on items: - name: About Open Service Mesh @@ -800,10 +828,14 @@ items: - name: About Kubernetes Event-driven Autoscaler (KEDA) href: keda-about.md - - name: Use ARM template - href: keda-deploy-add-on-arm.md - - name: Use Azure CLI - href: keda-deploy-add-on-cli.md + - name: Enable KEDA add-on for your cluster + items: + - name: Use an ARM template + href: keda-deploy-add-on-arm.md + - name: Use the Azure CLI + href: keda-deploy-add-on-cli.md + - name: Enable on an existing cluster using the Azure portal + href: enable-keda-existing-cluster.md - name: Securely scale your applications using the Kubernetes Event-driven Autoscaling (KEDA) add-on and workload identity href: keda-workload-identity.md - name: Kubernetes Event-driven Autoscaler (KEDA) integrations @@ -847,7 +879,7 @@ - name: Windows Server containers items: - name: Windows Server containers FAQ - href: windows-faq.md + href: windows-faq.yml - name: Connect remotely href: rdp.md - name: Use HostProcess containers @@ -938,6 +970,8 @@ href: ai-toolchain-operator.md - name: Deploy data and ML pipelines with Flyte href: use-flyte.md + - name: Work with clusters using Copilot + href: /azure/copilot/work-aks-clusters?toc/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json - name: DevOps items: - name: Azure DevOps Project @@ -969,7 +1003,7 @@ - name: Deploy to Azure href: eks-edw-deploy.md - name: FAQ - href: faq.md + href: faq.yml - name: Reference items: - name: Azure CLI @@ -991,6 +1025,8 @@ - name: Azure Policy built-ins displayName: samples, policies, definitions href: ./policy-reference.md + - name: AKS monitoring data reference + href: monitor-aks-reference.md - name: Resources items: - name: Build your skills with Microsoft Learn training @@ -1014,4 +1050,4 @@ - name: Support options for AKS href: aks-support-help.md - name: Troubleshooting documentation for AKS - href: /troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes \ No newline at end of file + href: /troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes From 730d95be11844407ee142fd943c7424993066d0f Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:09:47 -0700 Subject: [PATCH 03/25] Add scenarios/azure-aks-docs/articles/aks/faq.yml --- scenarios/azure-aks-docs/articles/aks/faq.yml | 365 ++++++++++++++++++ 1 file changed, 365 insertions(+) create mode 100644 scenarios/azure-aks-docs/articles/aks/faq.yml diff --git a/scenarios/azure-aks-docs/articles/aks/faq.yml b/scenarios/azure-aks-docs/articles/aks/faq.yml new file mode 100644 index 000000000..7f1075475 --- /dev/null +++ b/scenarios/azure-aks-docs/articles/aks/faq.yml @@ -0,0 +1,365 @@ +### YamlMime:FAQ +metadata: + title: "AKS frequently asked questions" + description: Frequently asked questions about Azure Kubernetes Service (AKS) + keywords: frequently asked questions, faq + ms.service: azure-kubernetes-service + ms.topic: faq + ms.date: 11/06/2023 +title: "AKS frequently asked questions" +summary: | + This article provides answers to some of the most common questions about Azure Kubernetes Service (AKS). + + +sections: + - name: Support + questions: + - question: | + Does AKS offer a service-level agreement? + answer: | + AKS provides SLA guarantees in the [Standard pricing tier with the Uptime SLA feature](./free-standard-pricing-tiers.md). + + - question: | + What is platform support, and what does it include? + answer: | + Platform support is a reduced support plan for unsupported "N-3" version clusters. Platform support only includes Azure infrastructure support. + + For more information, see the [platform support policy](./supported-kubernetes-versions.md). + + - question: | + Does AKS automatically upgrade my unsupported clusters? + answer: | + Yes, AKS initiates auto-upgrades for unsupported clusters. When a cluster in an n-3 version (where n is the latest supported AKS GA minor version) is about to drop to n-4, AKS automatically upgrades the cluster to n-2 to remain in an AKS support policy. + + For more information, see [Supported Kubernetes versions](./supported-kubernetes-versions.md), [Planned maintenance windows](./planned-maintenance.md), and [Automatic upgrades](./auto-upgrade-cluster.md). + + - question: | + Can I run Windows Server containers on AKS? + answer: | + Yes, AKS supports Windows Server containers. For more information, see the [Windows Server on AKS FAQ](./windows-faq.yml). + + - question: | + Can I apply Azure reservation discounts to my AKS agent nodes? + answer: | + AKS agent nodes are billed as standard Azure virtual machines. If you purchased [Azure reservations](/azure/cost-management-billing/reservations/save-compute-costs-reservations) for the VM size that you're using in AKS, those discounts are automatically applied. + + - name: Operations + questions: + - question: | + Can I move/migrate my cluster between Azure tenants? + answer: | + No, moving your AKS cluster between tenants is currently unsupported. + + - question: | + Can I move/migrate my cluster between subscriptions? + answer: | + No, moving your AKS cluster between subscriptions is currently unsupported. + + - question: | + Can I move my AKS cluster or AKS infrastructure resources to other resource groups or rename them? + answer: | + No, moving or renaming your AKS cluster and its associated resources isn't supported. + + - question: | + Can I restore my cluster after deleting it? + answer: | + No, you can't restore your cluster after deleting it. When you delete your cluster, the node resource group and all its resources are also deleted. + + If you want to keep any of your resources, move them to another resource group before deleting your cluster. If you want to protect against accidental deletes, you can lock the AKS managed resource group hosting your cluster resources using [Node resource group lockdown](./cluster-configuration.md#create-an-aks-cluster-with-node-resource-group-lockdown). + + - question: | + Can I scale my AKS cluster to zero? + answer: | + You can completely [stop a running AKS cluster](./start-stop-cluster.md) or [scale or autoscale all or specific `User` node pools](./scale-cluster.md#scale-user-node-pools-to-0) to zero. + + You can't directly scale [system node pools](./use-system-pools.md) to zero. + + - question: | + Can I use the Virtual Machine Scale Set APIs to scale manually? + answer: | + No, scale operations using the Virtual Machine Scale Set APIs aren't supported. You can use the AKS APIs (`az aks scale`). + + - question: | + Can I use Virtual Machine Scale Sets to manually scale to zero nodes? + answer: | + No, scale operations using the Virtual Machine Scale Set APIs aren't supported. You can use the AKS API to scale non-system node pools to zero or [stop your cluster](./start-stop-cluster.md) instead. + + - question: | + Can I stop or de-allocate all my VMs? + answer: | + No, this isn't a supported configuration. [Stop your cluster](./start-stop-cluster.md) instead. + + - question: | + Why are two resource groups created with AKS? + answer: | + No, scale operations using the Virtual Machine Scale Set APIs aren't supported. You can use the AKS APIs (`az aks scale`). AKS builds upon many Azure infrastructure resources, including Virtual Machine Scale Sets, virtual networks, and managed disks. These integrations enable you to apply many of the core capabilities of the Azure platform within the managed Kubernetes environment provided by AKS. For example, most Azure virtual machine types can be used directly with AKS and Azure Reservations can be used to receive discounts on those resources automatically. + + To enable this architecture, each AKS deployment spans two resource groups: + + 1. You create the first resource group. This group contains only the Kubernetes service resource. The AKS resource provider automatically creates the second resource group during deployment. An example of the second resource group is *MC_myResourceGroup_myAKSCluster_eastus*. For information on how to specify the name of this second resource group, see the next section. + 2. The second resource group, known as the *node resource group*, contains all of the infrastructure resources associated with the cluster. These resources include the Kubernetes node VMs, virtual networking, and storage. By default, the node resource group has a name like *MC_myResourceGroup_myAKSCluster_eastus*. AKS automatically deletes the node resource group whenever you delete the cluster. You should only use this resource group for resources that share the cluster's lifecycle. + + > [!NOTE] + > Modifying any resource under the node resource group in the AKS cluster is an unsupported action and will cause cluster operation failures. You can prevent changes from being made to the node resource group by [blocking users from modifying resources](./cluster-configuration.md#fully-managed-resource-group-preview) managed by the AKS cluster. + + - question: | + Can I provide my own name for the AKS node resource group? + answer: | + By default, AKS names the node resource group *MC_resourcegroupname_clustername_location*, but you can provide your own name. + + To specify your own resource group name, install the [aks-preview](/cli/azure/aks) Azure CLI extension version *0.3.2* or later. When you create an AKS cluster using the [`az aks create`][az-aks-create] command, use the `--node-resource-group` parameter and specify a name for the resource group. If you use an [Azure Resource Manager template](/azure/templates/microsoft.containerservice/2022-09-01/managedclusters) to deploy an AKS cluster, you can define the resource group name using the *nodeResourceGroup* property. + + - The Azure resource provider automatically creates the secondary resource group. + - You can specify a custom resource group name only when you're creating the cluster. + + As you work with the node resource group, keep in mind that you can't: + + - Specify an existing resource group for the node resource group. + - Specify a different subscription for the node resource group. + - Change the node resource group name after the cluster has been created. + - Specify names for the managed resources within the node resource group. + - Modify or delete Azure-created tags of managed resources within the node resource group. + + - question: | + Can I modify tags and other properties of the AKS resources in the node resource group? + answer: | + You might get unexpected scaling and upgrading errors if you modify or delete Azure-created tags and other resource properties in the node resource group. AKS allows you to create and modify custom tags created by end users, and you can add those tags when [creating a node pool](manage-node-pools.md#specify-a-taint-label-or-tag-for-a-node-pool). You might want to create or modify custom tags, for example, to assign a business unit or cost center. Another option is to create Azure Policies with a scope on the managed resource group. + + Azure-created tags are created for their respective Azure Services and should always be allowed. For AKS, there are the `aks-managed` and `k8s-azure` tags. Modifying any **Azure-created tags** on resources under the node resource group in the AKS cluster is an unsupported action, which breaks the service-level objective (SLO). + + > [!NOTE] + > In the past, the tag name "Owner" was reserved for AKS to manage the public IP that is assigned on front end IP of the load balancer. Now, services follow use the `aks-managed` prefix. For legacy resources, don't use Azure policies to apply the "Owner" tag name. Otherwise, all resources on your AKS cluster deployment and update operations will break. This doesn't apply to newly created resources. + + - name: Quotas, limits, and region availability + questions: + - question: | + Which Azure regions currently provide AKS? + answer: | + For a complete list of available regions, see [AKS regions and availability](https://azure.microsoft.com/global-infrastructure/services/?products=kubernetes-service). + + - question: | + Can I spread an AKS cluster across regions? + answer: | + No, AKS clusters are regional resources and can't span regions. See [best practices for business continuity and disaster recovery](./operator-best-practices-multi-region.md#plan-for-multiregion-deployment) for guidance on how to create an architecture that includes multiple regions. + + - question: | + Can I spread an AKS cluster across availability zones? + answer: | + Yes, you can deploy an AKS cluster across one or more [availability zones](./availability-zones.md) in [regions that support them](/azure/availability-zones/az-region). + + - question: | + Can I have different VM sizes in a single cluster? + answer: | + Yes, you can use different virtual machine sizes in your AKS cluster by creating [multiple node pools](./create-node-pools.md). + + - question: | + What's the size limit on a container image in AKS? + answer: | + AKS doesn't set a limit on the container image size. However, it's important to understand that the larger the image, the higher the memory demand. A larger size could potentially exceed resource limits or the overall available memory of worker nodes. By default, memory for VM size Standard_DS2_v2 for an AKS cluster is set to 7 GiB. + + When a container image is excessively large, as in the Terabyte (TBs) range, kubelet might not be able to pull it from your container registry to a node due to lack of disk space. + + For Windows Server nodes, Windows Update doesn't automatically run and apply the latest updates. On a regular schedule around the Windows Update release cycle and your own validation process, you should perform an upgrade on the cluster and the Windows Server node pool(s) in your AKS cluster. This upgrade process creates nodes that run the latest Windows Server image and patches, then removes the older nodes. For more information on this process, see [Upgrade a node pool in AKS](./manage-node-pools.md#upgrade-a-single-node-pool). + + - question: | + Are AKS images required to run as root? + answer: | + The following images have functional requirements to "Run as Root" and exceptions must be filed for any policies: + + - *mcr.microsoft.com/oss/kubernetes/coredns* + - *mcr.microsoft.com/azuremonitor/containerinsights/ciprod* + - *mcr.microsoft.com/oss/calico/node* + - *mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi* + + - name: Security, access, and identity + questions: + - question: | + Can I limit who has access to the Kubernetes API server? + answer: | + Yes, there are two options for limiting access to the API server: + + - Use [API Server Authorized IP Ranges](./api-server-authorized-ip-ranges.md) if you want to maintain a public endpoint for the API server but restrict access to a set of trusted IP ranges. + - Use a [private cluster](./private-clusters.md) if you want to limit the API server to *only* be accessible from within your virtual network. + + - question: | + Are security updates applied to AKS agent nodes? + answer: | + AKS patches CVEs that have a "vendor fix" every week. CVEs without a fix are waiting on a "vendor fix" before they can be remediated. The AKS images are automatically updated inside of 30 days. We recommend you apply an updated Node Image on a regular cadence to ensure that latest patched images and OS patches are all applied and current. You can do this using one of the following methods: + + - Manually, through the Azure portal or the Azure CLI. + - By upgrading your AKS cluster. The cluster upgrades [cordon and drain nodes](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) automatically and then bring a new node online with the latest Ubuntu image and a new patch version or a minor Kubernetes version. For more information, see [Upgrade an AKS cluster](./upgrade-cluster.md). + - By using [node image upgrade](./node-image-upgrade.md). + + - question: | + Are there security threats targeting AKS that I should be aware of? + answer: | + Microsoft provides guidance for other actions you can take to secure your workloads through services like [Microsoft Defender for Containers](/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks). The following security threat is related to AKS and Kubernetes that you should be aware of: + + - [New large-scale campaign targets Kubeflow](https://techcommunity.microsoft.com/t5/azure-security-center/new-large-scale-campaign-targets-kubeflow/ba-p/2425750) (June 8, 2021). + + - question: | + Does AKS store any customer data outside of the cluster's region? + answer: | + No, all data is stored in the cluster's region. + + - question: | + How can I avoid permission ownership setting slow issues when the volume has numerous files? + answer: | + Traditionally if your pod is running as a nonroot user (which you should), you must specify a `fsGroup` inside the pod's security context so the volume can be readable and writable by the Pod. This requirement is covered in more detail [here](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + + A side effect of setting `fsGroup` is that each time a volume is mounted, Kubernetes must recursively `chown()` and `chmod()` all the files and directories inside the volume (with a few exceptions noted below). This scenario happens even if group ownership of the volume already matches the requested `fsGroup`. It can be expensive for larger volumes with lots of small files, which can cause pod startup to take a long time. This scenario has been a known problem before v1.20, and the workaround is setting the Pod run as root: + + ```yaml + apiVersion: v1 + kind: Pod + metadata: + name: security-context-demo + spec: + securityContext: + runAsUser: 0 + fsGroup: 0 + ``` + + The issue has been resolved with Kubernetes version 1.20. For more information, see [Kubernetes 1.20: Granular Control of Volume Permission Changes](https://kubernetes.io/blog/2020/12/14/kubernetes-release-1.20-fsgroupchangepolicy-fsgrouppolicy/). + + - name: Networking + questions: + - question: | + How does the managed Control Plane communicate with my Nodes? + answer: | + AKS uses a secure tunnel communication to allow the api-server and individual node kubelets to communicate even on separate virtual networks. The tunnel is secured through mTLS encryption. The current main tunnel that is used by AKS is [Konnectivity, previously known as apiserver-network-proxy](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/). Verify all network rules follow the [Azure required network rules and FQDNs](./limit-egress-traffic.md). + + - question: | + Can my pods use the API server FQDN instead of the cluster IP? + answer: | + Yes, you can add the annotation `kubernetes.azure.com/set-kube-service-host-fqdn` to pods to set the `KUBERNETES_SERVICE_HOST` variable to the domain name of the API server instead of the in-cluster service IP. This is useful in cases where your cluster egress is done via a layer 7 firewall, such as when using Azure Firewall with Application Rules. + + - question: | + Can I configure NSGs with AKS? + answer: | + AKS doesn't apply Network Security Groups (NSGs) to its subnet and doesn't modify any of the NSGs associated with that subnet. AKS only modifies the network interfaces NSGs settings. If you're using CNI, you also must ensure the security rules in the NSGs allow traffic between the node and pod CIDR ranges. If you're using kubenet, you must also ensure the security rules in the NSGs allow traffic between the node and pod CIDR. For more information, see [Network security groups](./concepts-network.md#network-security-groups). + + - question: | + How does Time synchronization work in AKS? + answer: | + AKS nodes run the "chrony" service, which pulls time from the localhost. Containers running on pods get the time from the AKS nodes. Applications launched inside a container use time from the container of the pod. + + - name: Add-ons, extensions, and integrations + questions: + - question: | + Can I use custom VM extensions? + answer: | + No, AKS is a managed service, and manipulation of the IaaS resources isn't supported. To install custom components, use the Kubernetes APIs and mechanisms. For example, use DaemonSets to install required components. + + - question: | + What Kubernetes admission controllers does AKS support? Can admission controllers be added or removed? + answer: | + AKS supports the following [admission controllers](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/): + + - *NamespaceLifecycle* + - *LimitRanger* + - *ServiceAccount* + - *DefaultIngressClass* + - *DefaultStorageClass* + - *DefaultTolerationSeconds* + - *MutatingAdmissionWebhook* + - *ValidatingAdmissionWebhook* + - *ResourceQuota* + - *PodNodeSelector* + - *PodTolerationRestriction* + - *ExtendedResourceToleration* + + Currently, you can't modify the list of admission controllers in AKS. + + - question: | + Can I use admission controller webhooks on AKS? + answer: | + Yes, you can use admission controller webhooks on AKS. It's recommended you exclude internal AKS namespaces, which are marked with the **control-plane** label. For example: + + ```output + namespaceSelector: + matchExpressions: + - key: control-plane + operator: DoesNotExist + ``` + + AKS firewalls the API server egress so your admission controller webhooks need to be accessible from within the cluster. + + - question: | + Can admission controller webhooks impact kube-system and internal AKS namespaces? + answer: | + To protect the stability of the system and prevent custom admission controllers from impacting internal services in the kube-system, namespace AKS has an **Admissions Enforcer**, which automatically excludes kube-system and AKS internal namespaces. This service ensures the custom admission controllers don't affect the services running in kube-system. + + If you have a critical use case for deploying something on kube-system (not recommended) in support of your custom admission webhook, you may add the following label or annotation so that Admissions Enforcer ignores it. + + Label: ```"admissions.enforcer/disabled": "true"``` or Annotation: ```"admissions.enforcer/disabled": true``` + + - question: | + Is Azure Key Vault integrated with AKS? + answer: | + [Azure Key Vault Provider for Secrets Store CSI Driver](./csi-secrets-store-driver.md) provides native integration of Azure Key Vault into AKS. + + - question: | + Can I use FIPS cryptographic libraries with deployments on AKS? + answer: | + FIPS-enabled nodes are now supported on Linux-based node pools. For more information, see [Add a FIPS-enabled node pool](./create-node-pools.md#fips-enabled-node-pools). + + - question: | + How are AKS addons updated? + answer: | + Any patch, including a security patch, is automatically applied to the AKS cluster. Anything bigger than a patch, like major or minor version changes (which can have breaking changes to your deployed objects), is updated when you update your cluster if a new release is available. You can find when a new release is available by visiting the [AKS release notes](https://github.com/Azure/AKS/releases). + + - question: | + What is the purpose of the AKS Linux Extension I see installed on my Linux Virtual Machine Scale Sets instances? + answer: | + The AKS Linux Extension is an Azure VM extension that installs and configures monitoring tools on Kubernetes worker nodes. The extension is installed on all new and existing Linux nodes. It configures the following monitoring tools: + + - [Node-exporter](https://github.com/prometheus/node_exporter): Collects hardware telemetry from the virtual machine and makes it available using a metrics endpoint. Then, a monitoring tool, such as Prometheus, is able to scrap these metrics. + - [Node-problem-detector](https://github.com/kubernetes/node-problem-detector): Aims to make various node problems visible to upstream layers in the cluster management stack. It's a systemd unit that runs on each node, detects node problems, and reports them to the cluster's API server using Events and NodeConditions. + - [ig](https://go.microsoft.com/fwlink/p/?linkid=2260320): An eBPF-powered open-source framework for debugging and observing Linux and Kubernetes systems. It provides a set of tools (or gadgets) designed to gather relevant information, allowing users to identify the cause of performance issues, crashes, or other anomalies. Notably, its independence from Kubernetes enables users to employ it also for debugging control plane issues. + + These tools help provide observability around many node health related problems, such as: + + - Infrastructure daemon issues: NTP service down + - Hardware issues: Bad CPU, memory, or disk + - Kernel issues: Kernel deadlock, corrupted file system + - Container runtime issues: Unresponsive runtime daemon + + The extension **doesn't require additional outbound access** to any URLs, IP addresses, or ports beyond the [documented AKS egress requirements](./limit-egress-traffic.md). It doesn't require any special permissions granted in Azure. It uses kubeconfig to connect to the API server to send the monitoring data collected. + + - name: Troubleshooting cluster issues + questions: + - question: | + Why is my cluster delete taking so long? + answer: | + Most clusters are deleted upon user request. In some cases, especially cases where you bring your own Resource Group or perform cross-RG tasks, deletion can take more time or even fail. If you have an issue with deletes, double-check that you don't have locks on the RG, that any resources outside of the RG are disassociated from the RG, and so on. + + - question: | + Why is my cluster create/update taking so long? + answer: | + If you have issues with create and update cluster operations, make sure you don't have any assigned policies or service constraints that may block your AKS cluster from managing resources like VMs, load balancers, tags, etc. + + - question: | + If I have pod / deployments in state 'NodeLost' or 'Unknown' can I still upgrade my cluster? + answer: | + You can, but we don't recommend it. You should perform updates when the state of the cluster is known and healthy. + + - question: | + If I have a cluster with one or more nodes in an Unhealthy state or shut down, can I perform an upgrade? + answer: | + No, delete/remove any nodes in a failed state or otherwise from the cluster before upgrading. + + - question: | + I ran a cluster delete, but see the error `[Errno 11001] getaddrinfo failed` + answer: | + Most commonly, this error arises if you have one or more Network Security Groups (NSGs) still in use that are associated with the cluster. Remove them and attempt the delete again. + + - question: | + I ran an upgrade, but now my pods are in crash loops, and readiness probes fail + answer: | + Confirm your service principal hasn't expired. See [AKS service principal](./kubernetes-service-principal.md) and [AKS update credentials](./update-credentials.md). + + - question: | + My cluster was working, but suddenly can't provision LoadBalancers, mount PVCs, etc. + answer: | + Confirm your service principal hasn't expired. See [AKS service principal](./kubernetes-service-principal.md) and [AKS update credentials](./update-credentials.md). From d529bc4b3329886bf3ea9d3c811a13e8336fc57f Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:09:53 -0700 Subject: [PATCH 04/25] Update scenarios/azure-aks-docs/articles/aks/.openpublishing.redirection.aks.json --- .../aks/.openpublishing.redirection.aks.json | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/scenarios/azure-aks-docs/articles/aks/.openpublishing.redirection.aks.json b/scenarios/azure-aks-docs/articles/aks/.openpublishing.redirection.aks.json index d84d4e10a..adcd2ae0e 100644 --- a/scenarios/azure-aks-docs/articles/aks/.openpublishing.redirection.aks.json +++ b/scenarios/azure-aks-docs/articles/aks/.openpublishing.redirection.aks.json @@ -120,11 +120,21 @@ "redirect_url": "/azure/aks/servicemesh-about", "redirect_document_id": false }, + { + "source_path_from_root": "/articles/aks/container-insights-live-data.md", + "redirect_url": "/azure/aks/monitor-aks", + "redirect_document_id": false + }, { "source_path_from_root": "/articles/aks/container-service-quotas.md", "redirect_url": "/azure/aks/quotas-skus-regions", "redirect_document_id": true }, + { + "source_path_from_root": "/articles/aks/control-plane-metrics-default-list.md", + "redirect_url": "/azure/aks/monitor-aks-reference", + "redirect_document_id": false + }, { "source_path_from_root": "/articles/aks/create-cluster.md", "redirect_url": "/cli/azure/aks#az_aks_create", @@ -277,7 +287,7 @@ }, { "source_path_from_root": "/articles/aks/mixed-sku-node-pools.md", - "redirect_url": "/azure/aks/what-is-aks", + "redirect_url": "/azure/aks/virtual-machines-node-pools", "redirect_document_id": false }, { @@ -285,6 +295,11 @@ "redirect_url": "/azure/aks/monitor-aks#resource-logs", "redirect_document_id": false }, + { + "source_path_from_root": "/articles/aks/monitor-control-plane-metrics.md", + "redirect_url": "/azure/aks/monitor-aks", + "redirect_document_id": false + }, { "source_path_from_root": "/articles/aks/network-observability-byo-cli.md", "redirect_url": "/azure/aks/network-observability-overview", @@ -514,6 +529,11 @@ "source_path_from_root": "/articles/aks/edge-zones.md", "redirect_url": "/azure/aks/extended-zones", "redirect_document_id": false + }, + { + "source_path_from_root": "/articles/aks/tutorial-kubernetes-app-update.md", + "redirect_url": "/azure/aks/tutorial-kubernetes-upgrade-cluster", + "redirect_document_id": false } ] -} \ No newline at end of file +} From 0e332ebf1261b5f96f1a819990c5751cf78252e4 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:09:58 -0700 Subject: [PATCH 05/25] Update scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml --- scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml b/scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml index c1d029b36..a9c2069dd 100644 --- a/scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml +++ b/scenarios/azure-aks-docs/articles/aks/breadcrumb/TOC.yml @@ -55,4 +55,7 @@ topicHref: /azure/aks/index - name: Azure Kubernetes Service tocHref: /azure/service-connector/ + topicHref: /azure/aks/index + - name: Azure Kubernetes Service + tocHref: /azure/copilot/ topicHref: /azure/aks/index \ No newline at end of file From fa0ea5a19a3ad4776857ad7e4a9f459250902bb1 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:01 -0700 Subject: [PATCH 06/25] Update scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md --- scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md b/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md index 7c7849259..3bbde3f30 100644 --- a/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md +++ b/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md @@ -53,7 +53,7 @@ This diagram illustrates a PostgreSQL cluster setup with one primary replica and Backups are stored on [Azure Blob Storage](/azure/storage/blobs/), providing another way to restore the database in the event of an issue with streaming replication from the primary replica. -:::image source="./media/postgresql-ha-overview/architecture-diagram.png" alt-text="Diagram of CNPG architecture." lightbox="./media/postgresql-ha-overview/architecture-diagram.png"::: +:::image source="./media/postgresql-ha-overview/postgres-architecture-diagram.png" alt-text="Diagram of CNPG architecture." lightbox="./media/postgresql-ha-overview/postgres-architecture-diagram.png"::: > [!NOTE] > For applications that require data separation at the database level, you can add more databases with postInitSQL commands and similar. It is not currently possible with the CNPG operator to add more databases in a declarative way. From 56ff08bf39ddce859742e38f982164509704f73d Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:04 -0700 Subject: [PATCH 07/25] Update metadata for all files --- scenarios/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scenarios/metadata.json b/scenarios/metadata.json index 11f21445e..6461a8a03 100644 --- a/scenarios/metadata.json +++ b/scenarios/metadata.json @@ -53,7 +53,7 @@ } }, { - "status": "inactive", + "status": "active", "key": "azure-docs/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md", "title": "Tutorial: Deploy WordPress on AKS cluster by using Azure CLI", "description": "Learn how to quickly build and deploy WordPress on AKS with Azure Database for MySQL - Flexible Server.", From d79a04bc8de46a693db1f25eed1f2a688889332e Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:09 -0700 Subject: [PATCH 08/25] Updated localized metadata for cs-CZ --- localized/cs-CZ/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/cs-CZ/scenarios/metadata.json b/localized/cs-CZ/scenarios/metadata.json index feee3d213..c29d79396 100644 --- a/localized/cs-CZ/scenarios/metadata.json +++ b/localized/cs-CZ/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "P\u0159ehled nasazen\u00ed vysoce dostupn\u00e9 datab\u00e1ze PostgreSQL v AKS pomoc\u00ed Azure CLI", + "description": "Zjist\u011bte, jak nasadit vysoce dostupnou datab\u00e1zi PostgreSQL v AKS pomoc\u00ed oper\u00e1toru CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/cs-CZ/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 70e135befef915c995cbafd762861899fb32f09a Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:10 -0700 Subject: [PATCH 09/25] Updated localized metadata for de-DE --- localized/de-DE/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/de-DE/scenarios/metadata.json b/localized/de-DE/scenarios/metadata.json index 06db4a757..25324b9d3 100644 --- a/localized/de-DE/scenarios/metadata.json +++ b/localized/de-DE/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "\u00dcbersicht \u00fcber die Bereitstellung einer hochverf\u00fcgbaren PostgreSQL-Datenbank in AKS mithilfe der Azure CLI", + "description": "Hier erfahren Sie, wie Sie mithilfe des CloudNativePG-Operators eine hochverf\u00fcgbare PostgreSQL-Datenbank in AKS bereitstellen.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/de-DE/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 93884b91e329b030fc4f0c15b0dcb461ddceff5a Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:12 -0700 Subject: [PATCH 10/25] Updated localized metadata for es-ES --- localized/es-ES/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/es-ES/scenarios/metadata.json b/localized/es-ES/scenarios/metadata.json index 46e34bfaf..a5e5338cb 100644 --- a/localized/es-ES/scenarios/metadata.json +++ b/localized/es-ES/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Introducci\u00f3n a la implementaci\u00f3n de una base de datos PostgreSQL de alta disponibilidad en AKS con la CLI de Azure", + "description": "Aprenda a implementar una base de datos PostgreSQL de alta disponibilidad en AKS mediante el operador CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/es-ES/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From e12dda9d1970385d3a00ee614088da49aa7531c1 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:14 -0700 Subject: [PATCH 11/25] Updated localized metadata for fr-FR --- localized/fr-FR/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/fr-FR/scenarios/metadata.json b/localized/fr-FR/scenarios/metadata.json index 4aad730e8..18dfaa58e 100644 --- a/localized/fr-FR/scenarios/metadata.json +++ b/localized/fr-FR/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Vue d\u2019ensemble du d\u00e9ploiement d\u2019une base de donn\u00e9es PostgreSQL hautement disponible sur AKS avec Azure\u00a0CLI", + "description": "D\u00e9couvrez comment d\u00e9ployer une base de donn\u00e9es PostgreSQL hautement disponible sur AKS en utilisant l\u2019op\u00e9rateur CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/fr-FR/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 887d998c0027b15f8c56db7bc9a6eb7a3cdea483 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:15 -0700 Subject: [PATCH 12/25] Updated localized metadata for hu-HU --- localized/hu-HU/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/hu-HU/scenarios/metadata.json b/localized/hu-HU/scenarios/metadata.json index 284f393df..b40665221 100644 --- a/localized/hu-HU/scenarios/metadata.json +++ b/localized/hu-HU/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Magas rendelkez\u00e9sre \u00e1ll\u00e1s\u00fa PostgreSQL-adatb\u00e1zis \u00fczembe helyez\u00e9s\u00e9nek \u00e1ttekint\u00e9se az AKS-ben az Azure CLI-vel", + "description": "Megtudhatja, hogyan helyezhet \u00fczembe magas rendelkez\u00e9sre \u00e1ll\u00e1s\u00fa PostgreSQL-adatb\u00e1zist az AKS-en a CloudNativePG oper\u00e1tor haszn\u00e1lat\u00e1val.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/hu-HU/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From d5d3aa0222d86e613fcdc03dc842aeb4d9920c36 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:17 -0700 Subject: [PATCH 13/25] Updated localized metadata for id-ID --- localized/id-ID/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/id-ID/scenarios/metadata.json b/localized/id-ID/scenarios/metadata.json index d0d230902..347d9ce2e 100644 --- a/localized/id-ID/scenarios/metadata.json +++ b/localized/id-ID/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Gambaran umum penyebaran database PostgreSQL yang sangat tersedia di AKS dengan Azure CLI", + "description": "Pelajari cara menyebarkan database PostgreSQL yang sangat tersedia di AKS menggunakan operator CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/id-ID/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 84a16952e3e37a53fd79a71d2f5dfd8f0d357613 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:19 -0700 Subject: [PATCH 14/25] Updated localized metadata for it-IT --- localized/it-IT/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/it-IT/scenarios/metadata.json b/localized/it-IT/scenarios/metadata.json index 6d2021bec..d2f079d9c 100644 --- a/localized/it-IT/scenarios/metadata.json +++ b/localized/it-IT/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Panoramica della distribuzione di un database PostgreSQL a disponibilit\u00e0 elevata nel servizio Azure Kubernetes con l'interfaccia della riga di comando di Azure", + "description": "Informazioni su come distribuire un database PostgreSQL a disponibilit\u00e0 elevata nel servizio Azure Kubernetes usando l'operatore CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/it-IT/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 059399f335923552852c139bb377f1d2bac8be87 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:20 -0700 Subject: [PATCH 15/25] Updated localized metadata for ja-JP --- localized/ja-JP/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/ja-JP/scenarios/metadata.json b/localized/ja-JP/scenarios/metadata.json index ba570ad94..4fa870b4e 100644 --- a/localized/ja-JP/scenarios/metadata.json +++ b/localized/ja-JP/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Azure CLI \u3092\u4f7f\u7528\u3057\u3066\u9ad8\u53ef\u7528\u6027 PostgreSQL \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092 AKS \u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u65b9\u6cd5\u306e\u6982\u8981", + "description": "CloudNativePG \u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u3092\u4f7f\u7528\u3057\u3066\u9ad8\u53ef\u7528\u6027 PostgreSQL \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092 AKS \u4e0a\u306b\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u65b9\u6cd5\u3092\u5b66\u7fd2\u3057\u307e\u3059\u3002", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/ja-JP/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 6cdfcf835043947ac331cb2cf58db29e8426ebf6 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:22 -0700 Subject: [PATCH 16/25] Updated localized metadata for ko-KR --- localized/ko-KR/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/ko-KR/scenarios/metadata.json b/localized/ko-KR/scenarios/metadata.json index cbe37b9df..6de45b371 100644 --- a/localized/ko-KR/scenarios/metadata.json +++ b/localized/ko-KR/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Azure CLI\ub97c \uc0ac\uc6a9\ud558\uc5ec AKS\uc5d0 \uace0\uac00\uc6a9\uc131 PostgreSQL \ub370\uc774\ud130\ubca0\uc774\uc2a4 \ubc30\ud3ec \uac1c\uc694", + "description": "CloudNativePG \uc5f0\uc0b0\uc790\ub97c \uc0ac\uc6a9\ud558\uc5ec AKS\uc5d0 \uace0\uac00\uc6a9\uc131 PostgreSQL \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \ubc30\ud3ec\ud558\ub294 \ubc29\ubc95\uc744 \uc54c\uc544\ubd05\ub2c8\ub2e4.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/ko-KR/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 9fcbbba9aae446dc0bc3ecaa0f080f5aa840a3ab Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:24 -0700 Subject: [PATCH 17/25] Updated localized metadata for nl-NL --- localized/nl-NL/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/nl-NL/scenarios/metadata.json b/localized/nl-NL/scenarios/metadata.json index 6915f1d06..aa3ae2969 100644 --- a/localized/nl-NL/scenarios/metadata.json +++ b/localized/nl-NL/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Overzicht van het implementeren van een maximaal beschikbare PostgreSQL-database op AKS met Azure CLI", + "description": "Meer informatie over het implementeren van een maximaal beschikbare PostgreSQL-database op AKS met behulp van de CloudNativePG-operator.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/nl-NL/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 9af346440e86929d59315ecc789d6a3947820c58 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:25 -0700 Subject: [PATCH 18/25] Updated localized metadata for pl-PL --- localized/pl-PL/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/pl-PL/scenarios/metadata.json b/localized/pl-PL/scenarios/metadata.json index 7befde9eb..65a7eb40f 100644 --- a/localized/pl-PL/scenarios/metadata.json +++ b/localized/pl-PL/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Om\u00f3wienie wdra\u017cania bazy danych PostgreSQL o wysokiej dost\u0119pno\u015bci w us\u0142udze AKS przy u\u017cyciu interfejsu wiersza polecenia platformy Azure", + "description": "Dowiedz si\u0119, jak wdro\u017cy\u0107 baz\u0119 danych PostgreSQL o wysokiej dost\u0119pno\u015bci w us\u0142udze AKS przy u\u017cyciu operatora CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/pl-PL/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From a0479026ccb0e83c36f8dce403181119145982bb Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:27 -0700 Subject: [PATCH 19/25] Updated localized metadata for pt-BR --- localized/pt-BR/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/pt-BR/scenarios/metadata.json b/localized/pt-BR/scenarios/metadata.json index 0cdc8a4cc..5357b4c86 100644 --- a/localized/pt-BR/scenarios/metadata.json +++ b/localized/pt-BR/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Vis\u00e3o geral da implanta\u00e7\u00e3o de um banco de dados PostgreSQL altamente dispon\u00edvel no AKS com a CLI do Azure", + "description": "Saiba como implantar um banco de dados PostgreSQL altamente dispon\u00edvel no AKS usando o operador CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/pt-BR/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 619377978faa4f2a505ef3e37719ffd53f7eec38 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:29 -0700 Subject: [PATCH 20/25] Updated localized metadata for pt-PT --- localized/pt-PT/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/pt-PT/scenarios/metadata.json b/localized/pt-PT/scenarios/metadata.json index e8f4292d2..f0f0757ec 100644 --- a/localized/pt-PT/scenarios/metadata.json +++ b/localized/pt-PT/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Vis\u00e3o geral da implanta\u00e7\u00e3o de um banco de dados PostgreSQL altamente dispon\u00edvel no AKS com a CLI do Azure", + "description": "Saiba como implantar um banco de dados PostgreSQL altamente dispon\u00edvel no AKS usando o operador CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/pt-PT/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 5e6e26a19e39ccdebb7dd41d6ece02fd27b19848 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:31 -0700 Subject: [PATCH 21/25] Updated localized metadata for ru-RU --- localized/ru-RU/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/ru-RU/scenarios/metadata.json b/localized/ru-RU/scenarios/metadata.json index 380e485e1..e6ba7aa7d 100644 --- a/localized/ru-RU/scenarios/metadata.json +++ b/localized/ru-RU/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "\u041e\u0431\u0437\u043e\u0440 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u0441\u043e\u043a\u043e\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0432 AKS \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Azure CLI", + "description": "\u0423\u0437\u043d\u0430\u0439\u0442\u0435, \u043a\u0430\u043a \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0432 AKS \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430 CloudNativePG.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/ru-RU/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 2ffede38d2725095aa15f978e999740250a4bd2f Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:32 -0700 Subject: [PATCH 22/25] Updated localized metadata for sv-SE --- localized/sv-SE/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/sv-SE/scenarios/metadata.json b/localized/sv-SE/scenarios/metadata.json index 688ec8ab5..784aef3d0 100644 --- a/localized/sv-SE/scenarios/metadata.json +++ b/localized/sv-SE/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "\u00d6versikt \u00f6ver distribution av en PostgreSQL-databas med h\u00f6g tillg\u00e4nglighet p\u00e5 AKS med Azure CLI", + "description": "L\u00e4r dig hur du distribuerar en PostgreSQL-databas med h\u00f6g tillg\u00e4nglighet p\u00e5 AKS med hj\u00e4lp av CloudNativePG-operatorn.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/sv-SE/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From b92e1e59f360c2acd7bc8494e28ca23bafdd94fc Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:34 -0700 Subject: [PATCH 23/25] Updated localized metadata for tr-TR --- localized/tr-TR/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/tr-TR/scenarios/metadata.json b/localized/tr-TR/scenarios/metadata.json index 7c0d2d147..c7db902af 100644 --- a/localized/tr-TR/scenarios/metadata.json +++ b/localized/tr-TR/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "Azure CLI ile AKS'de y\u00fcksek oranda kullan\u0131labilir bir PostgreSQL veritaban\u0131 da\u011f\u0131tmaya genel bak\u0131\u015f", + "description": "CloudNativePG i\u015flecini kullanarak AKS'de y\u00fcksek oranda kullan\u0131labilir bir PostgreSQL veritaban\u0131 da\u011f\u0131tmay\u0131 \u00f6\u011frenin.", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/tr-TR/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From 422c386219ce4f84204e65a15be468cab45b6269 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:35 -0700 Subject: [PATCH 24/25] Updated localized metadata for zh-CN --- localized/zh-CN/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/zh-CN/scenarios/metadata.json b/localized/zh-CN/scenarios/metadata.json index 13296ef1e..0817e4071 100644 --- a/localized/zh-CN/scenarios/metadata.json +++ b/localized/zh-CN/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "\u4f7f\u7528 Azure CLI \u5728 AKS \u4e0a\u90e8\u7f72\u9ad8\u53ef\u7528\u6027 PostgreSQL \u6570\u636e\u5e93\u7684\u6982\u8ff0", + "description": "\u4e86\u89e3\u5982\u4f55\u4f7f\u7528 CloudNativePG operator \u5728 AKS \u4e0a\u90e8\u7f72\u9ad8\u53ef\u7528\u6027 PostgreSQL \u6570\u636e\u5e93\u3002", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/zh-CN/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file From b705d32f08036846f20815e4ec9bda540d23b476 Mon Sep 17 00:00:00 2001 From: naman-msft <146123940+naman-msft@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:10:37 -0700 Subject: [PATCH 25/25] Updated localized metadata for zh-TW --- localized/zh-TW/scenarios/metadata.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/localized/zh-TW/scenarios/metadata.json b/localized/zh-TW/scenarios/metadata.json index 7700b6dce..8b979db02 100644 --- a/localized/zh-TW/scenarios/metadata.json +++ b/localized/zh-TW/scenarios/metadata.json @@ -565,5 +565,17 @@ "configurations": { "region": "eastus" } + }, + { + "status": "active", + "key": "azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "title": "\u4f7f\u7528 Azure CLI \u5728 AKS \u4e0a\u90e8\u7f72\u9ad8\u53ef\u7528\u6027 PostgreSQL \u8cc7\u6599\u5eab\u7684\u6982\u89c0", + "description": "\u77ad\u89e3\u5982\u4f55\u4f7f\u7528 CloudNativePG \u904b\u7b97\u5b50\u5728 AKS \u4e0a\u90e8\u7f72\u9ad8\u53ef\u7528\u6027 PostgreSQL \u8cc7\u6599\u5eab\u3002", + "stackDetails": "", + "sourceUrl": "https://raw.githubusercontent.com/MicrosoftDocs/executable-docs/main/localized/zh-TW/scenarios/azure-aks-docs/articles/aks/postgresql-ha-overview.md", + "documentationUrl": "", + "configurations": { + "region": "" + } } ] \ No newline at end of file