The security overview for Azure Kubernetes Application Network has been updated to include a preview disclaimer and new content on security features such as mTLS, workload identities, and authorization policies, enhancing the understanding of security in AKS.

The architecture documentation for Azure Kubernetes Application Network has been updated to include a preview disclaimer and detailed descriptions of the management, control, and data planes, along with their responsibilities in providing a managed service network solution.

This new document provides comprehensive guidance on traffic management use cases for Azure Kubernetes Application Network, including step-by-step instructions for implementing L4/L7 authorization policies, JWT claim-based routing, and fault injection.

The observability overview for Azure Kubernetes Application Network has been updated to include a preview disclaimer and detailed descriptions of observability features, including metrics, logs, and tracing capabilities, enhancing monitoring strategies.

Learn how to enable and view data plane and control plane logs for Azure Kubernetes Application Network in Azure Monitor using Container Insights and diagnostic settings.

Learn how to configure minor version upgrades for Azure Kubernetes Application Network members using self-managed and fully-managed upgrade modes, including how to select versions, initiate upgrades, and roll back if needed.

Learn how to use planned maintenance to schedule component upgrades for Azure Kubernetes Application Network members, including in-cluster data plane components and control plane components.

This article provides a conceptual overview of Azure Kubernetes Fleet Manager multi-cluster networking.

This article provides a conceptual overview of Cross-cluster networking for Azure Kubernetes Fleet Manager.

Get started with Cilium mTLS encryption for Advanced Container Networking Services on your AKS cluster.

Learn about the supported versions of Azure Kubernetes Application Network, their compatible AKS versions, and how to check available versions in your region.

Learn about Azure Kubernetes Application Network, a fully managed, ambient-based service network solution for Azure Kubernetes Service (AKS) that enables secure, policy-driven communication between services without sidecars or changes to your applications.

An overview of Advanced Container Networking Services’ Cilium mTLS encryption capabilities on Azure Kubernetes Service (AKS).

Use the application routing add-on to manage ingress traffic on Azure Kubernetes Service (AKS) using the Kubernetes Gateway API.

Learn how to configure and view Azure Kubernetes Application Network metrics in Azure Monitor, including data plane metrics from your workloads and Azure Kubernetes Application Network components.

Secure ingress traffic with the application routing Gateway API implementation using AKV and the Secrets Store CSI Driver

Learn how to get started with Azure Kubernetes Application Network for AKS, including prerequisites, creating an Application Network resource, connecting an AKS cluster as a member, and managing resources.

The documentation now includes a migration guide for transitioning from RBAC-only to ABAC-enabled mode for Azure Container Registry, emphasizing that ABAC-enabled mode will become the default role assignment permissions mode in the future. Users are advised to assign equivalent ABAC-enabled roles to maintain access, as legacy roles like AcrPull, AcrPush, and AcrDelete will not be honored in ABAC-e…

The documentation for using Virtual Machines node pools in Azure Kubernetes Services (AKS) has been updated to clarify the requirement for a user-assigned managed identity with Network Contributor permissions when deploying into a custom virtual network. Additionally, the command examples for creating an AKS cluster and adding node pools have been enhanced to include the necessary parameters for s…

The documentation now correctly reflects the output of the command `az acr task list-runs –registry $ACR_NAME –output table`, changing "UN ID" to "RUN ID" for clarity. Additionally, the links to the Dockerfiles have been updated to point to the main branch instead of the master branch, ensuring users access the most current versions of the sample files.

The documentation for supported Kubernetes versions has been updated to include details for Kubernetes version 1.36, which is now scheduled for release in April 2026. Additionally, the section for Kubernetes 1.35 has been added, detailing the AKS managed add-ons and components, including specific version updates for azuredisk-csi, azurefile-csi, and other critical components, allowing users to bet…

The documentation now clarifies that users of the Application Routing add-on can migrate to the application routing Gateway API implementation for a Gateway API-based ingress traffic management experience, with production workloads supported through November 2026. Additionally, the links to the Gateway API implementation have been updated for consistency and accuracy. Users are encouraged to plan…

The documentation now clarifies that users can utilize the `maxUnavailable` parameter to upgrade using existing nodes rather than creating new ones, with updated links directing to the relevant sections on customizing unavailable nodes and node surge upgrades. Additionally, users are advised to lower the `maxSurge` setting to minimize extra capacity requirements during upgrades.

The documentation now includes corrected verification commands for the agentic CLI service account setup, ensuring users can accurately verify resource creation based on their chosen access option. Specifically, the commands for checking namespace-scoped read access have been updated to reflect the correct role binding name, enhancing clarity for users implementing these configurations. Additional…

The documentation for manually scaling nodes in an Azure Kubernetes Service (AKS) cluster has been updated to clarify the scaling process and requirements. Users can now explicitly disable the cluster autoscaler to force a user node pool to scale to 0 nodes, and they can also allow autoscaling to zero nodes by setting the `–min-count` parameter of the Cluster Autoscaler to 0. Additionally, the in…

The documentation now clarifies that node pool rollback does not support reverting OS SKU changes, such as switching from Ubuntu to Azure Linux. Users are informed that if they attempt to roll back after changing the OS SKU, the operation will fail due to incompatibility with the previous node image version. To revert an OS SKU change, users should utilize the `az aks nodepool update –os-sku` com…

The documentation now clarifies that the Istio service mesh add-on and the application routing Gateway API implementation cannot be enabled simultaneously, requiring users to disable one before enabling the other. Additionally, it specifies that ConfigMap customizations for `Gateway` resources must adhere to a resource customization allow list, and that configuring HTTPS ingress access via the `TL…

The documentation for configuring availability zones in Azure Kubernetes Service (AKS) has been updated to clarify that users can now specify zones using the `–zones` parameter when creating an AKS cluster or node pool. Additionally, a new section on limitations and considerations has been added, highlighting that users cannot change the number of availability zones after creating a node pool and…

The documentation now includes a detailed section on home region outage behavior for geo-replicated registries. Users can continue to push and pull images, authenticate, and receive webhook deliveries from available geo-replicas even if the home region is unavailable. However, they will be unable to modify registry properties or run ACR Tasks until the home region recovers.

The documentation now includes information on enabling the application routing Gateway API implementation, allowing users to manage ingress traffic using the Kubernetes Gateway API. This enhancement provides users with a more efficient way to handle ingress traffic in their AKS environments.

The documentation now includes a new feature called "Maximum Concurrency," which allows users to control how many clusters can upgrade concurrently within an update stage or update group. Users can set this at both the stage and group levels, with specific limits and behaviors outlined, enhancing their ability to manage updates more effectively. Additionally, the explanations for "Update stage," "…

The documentation for the `userAssignedNatGateway` option in the egress outbound type section has been enhanced to clarify that both Standard and StandardV2 NAT Gateways are supported, with a recommendation to use StandardV2 due to its zone-redundancy and superior bandwidth and throughput. Users can now better understand the advantages of selecting StandardV2 when configuring their NAT gateway in…

The documentation now includes important cautionary notes regarding the use of `ValidatingWebhookConfiguration` or `MutatingWebhookConfiguration` when stopping or starting an AKS cluster. Users are informed that if these configurations apply to cluster-scoped resources, the stop operation may be rejected with a `ValidationError`, and they are provided with specific resolutions to avoid this issue,…

The documentation now emphasizes that Azure Container Storage provides a fully managed solution for block-level access to data, allowing users to dynamically provision persistent volumes for stateful applications on Kubernetes clusters. This update clarifies the integration with Kubernetes and highlights the benefits of using Azure Container Storage over CSI drivers, enhancing user understanding o…

The documentation for horizontal pod autoscaling customization in Istio has been updated to reflect a more accurate section reference, changing it from "horizontal-pod-autoscaling-customization" to "horizontal-pod-autoscaling-hpa-customization." This change clarifies the specific customization options available for users managing autoscaling in their Istio deployments.

The documentation now includes detailed information about the optional `maxConcurrency` settings for stages and groups in the update strategy JSON file. Users can specify how many clusters can upgrade concurrently at both the stage and group levels, allowing for faster upgrades or more controlled rollouts. The examples provided clarify how to set these values, including fixed integers and percenta…

The documentation now recommends deploying a StandardV2 NAT gateway resource to ensure zone-redundancy across multiple availability zones, which provides continued outbound connectivity even if a single zone fails. Additionally, it clarifies that a Standard NAT gateway only offers resiliency within the specific availability zone where it is deployed. This change enhances user understanding of the…

The documentation for Azure Kubernetes Service (AKS) has been updated to provide a clearer overview of using external identity providers with structured authentication. Users can now better understand how to configure authentication using industry-standard OpenID Connect (OIDC) providers like Google and GitHub, enabling centralized identity management and custom claim validation. Additionally, the…

The documentation now specifies that the Application Gateway for Containers Web Application Firewall (WAF) supports only the Default Rule Set (DRS) 2.1 managed rule set, clarifying the version of the rule set that users can utilize. This change ensures users are aware of the specific version they need to implement for effective security management.

The documentation has been updated to reflect changes in the GitHub repository references from "master" to "main" for the context parameter in the Azure Container Registry tutorial. Users can now access the correct Dockerfile links for both the application and base images, ensuring they are using the most current versions in their builds.

The documentation for Azure Container Registry’s zone redundancy has been updated to clarify that zone redundancy is now enabled by default for all registries in regions that support availability zones, across all service tiers (Basic, Standard, and Premium), at no additional cost. Users no longer need to take any action to enable this feature, as it applies automatically to both new and existing…

The documentation now includes a new section on the supported migration path for Azure Kubernetes Service (AKS), detailing that migration to Azure CNI Overlay is a one-way operation from Azure CNI (Node Subnet) or Kubenet. Additionally, it clarifies that updating to Azure CNI Powered by Cilium requires separate operations for IPAM mode and data plane, and it specifies that this update is not suppo…

The documentation now specifies that users can configure GitHub and Google Identity as external identity providers for Azure Kubernetes Service (AKS) control plane authentication using structured authentication. Additionally, it includes detailed steps for setting up JWT authenticators, including creating configuration files and managing RBAC permissions for external users, enhancing the clarity a…

The documentation has been updated to clarify the configuration process for the Application Gateway for Containers with Prometheus and Grafana. Users can now find detailed steps for enabling Prometheus metrics and container logs directly within the Azure portal, including how to create a Prometheus data source in Grafana and visualize metrics and logs. Additionally, the section on Azure Monitor da…

The documentation for configuring the node bin-pack scheduler in Azure Kubernetes Service (AKS) has been updated to clarify the use of the `NodeResourcesFit` scheduling plugin and the default `NodeResourcesFit:LeastAllocated` mode. Users can now better understand how to utilize configurable scheduler profiles to prioritize nodes with higher utilization, as well as the benefits of bin packing for m…