The Azure Key Vault provider for Secrets Store CSI Driver enables secure and automated management of secrets in Azure Kubernetes Service (AKS). The article provides guidance on configuring the provider, troubleshooting common issues, and optimizing secret handling in your AKS environment.

The documentation includes important updates regarding the retirement of Azure Linux 2.0 node pools in AKS, effective November 30, 2025, and the removal of node images by March 31, 2026. Users are advised to migrate to a supported Azure Linux version.

The article discusses the legacy Key Management Service (KMS) experience for AKS and recommends using the new KMS data encryption experience for clusters running Kubernetes version 1.33 or later, which offers improved key management options.

This article provides updated instructions on deploying an Azure Kubernetes Service (AKS) cluster with Microsoft Entra Workload ID, including creating a managed identity and configuring it for token federation.

This documentation has been updated to reflect the use of Microsoft Entra pod-managed identities in Azure Kubernetes Service (AKS), providing a more streamlined approach to managing identities within AKS.

The article covers the setup process, dual-stack networking configuration, and an example workload deployment for Azure CNI Overlay AKS clusters, emphasizing the importance of understanding networking options.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) nodes.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) applications.

Learn about the options for connecting to a private AKS cluster, including using Azure Cloud Shell, Azure Bastion, virtual network peering, and private endpoints.

This article provides an overview of the networking components you need to consider when planning your Azure Kubernetes Service (AKS) workloads.

This article provides an overview of the networking components you need to consider when planning your Azure Kubernetes Service (AKS) control plane workloads.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) pods.

Learn how to enable Key Management Service (KMS) data encryption with platform-managed keys or customer-managed keys in AKS.

Learn how to upgrade the control plane of an Azure Kubernetes Service (AKS) cluster to get the latest Kubernetes version features and security updates.

Learn how to do an end-to-end, variable-driven AKS deployment of the Open-WebSearch MCP server managed by KMCP.

Learn about encryption at rest for Kubernetes secrets in Azure Kubernetes Service (AKS) using Azure Key Vault and the KMS provider.

Learn how to plan for capacity and costs when upgrading Azure Kubernetes Service (AKS) clusters, including surge node requirements, quota management, and IP address planning.

Learn how to build the foundational Azure infrastructure for a generic AKS cluster that can host any containerized workload.

Learn how to configure and customize rolling upgrades for Azure Kubernetes Service (AKS) node pools, including surge settings, drain timeout, and soak time.

The documentation now specifies that users should install Airflow using the command `helm install airflow apache-airflow/airflow –version 1.15.0`, which updates the version to 1.15.0. Additionally, the instructions for signing in have been clarified to emphasize using the default webserver URL and sign-in credentials provided during the Airflow Helm chart installation.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will cease on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools to a supported Kubernetes version or by switching to the `osSku AzureLinux3`. This c…

The documentation now includes support for Local Redirect Policy (LRP) starting from Kubernetes v1.29 and Cilium v1.14, detailing that for LRP to function with Advanced Container Networking Services (ACNS) – FQDN Filtering, specific Cilium Network Policy egress labels must match node-local DNS cache pod labels. Additionally, users are informed that high-churning workloads like Spark jobs can gener…

The documentation now includes an important notice that starting on **30 November 2025**, Azure Kubernetes Service (AKS) will no longer support Azure Linux 2.0, and by **31 March 2026**, node images will be removed, preventing scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3`. Additionally, the d…

The documentation now includes a critical update regarding the retirement of Azure Linux 2.0, stating that support will end on November 30, 2025, and node images will be removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or changing to `osSku AzureLinux3`. Additionally, users can now configure Dapr monitoring log levels by setti…

The documentation now specifies that starting June 17, 2025, AKS will no longer support Ubuntu 18.04, and users will need to migrate to a supported version to continue scaling their node pools. Additionally, as of November 30, 2025, Azure Linux 2.0 will also lose support and security updates, with node images being removed by March 31, 2026, requiring users to upgrade to a supported Azure Linux ve…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functional…

The documentation now specifies that users should select **Infrastructure Services** instead of **Containers** when navigating to Azure Kubernetes Service (AKS). Additionally, users can now change the preset configuration during cluster creation by selecting **Compare presets** and choosing a different option. The recommended VM size for node pools has been updated to **D2s_v5**, and users are adv…

The documentation now specifies that when deploying the Bicep file for an AKS Automatic cluster, users must provide the user assigned managed identity resource ID instead of the user assigned identity principal ID. Additionally, the parameter name has been updated from `uamiPrincipalId` to `uamiId` for clarity. These changes ensure users have the correct information for successful deployment.

The documentation for enabling and disabling Docker Content Trust (DCT) in the Azure portal has been updated for clarity. Users are now instructed to select "Enabled" or "Disabled" directly after navigating to **Content Trust** under **Policies**, rather than using a ">" symbol, which simplifies the steps for managing DCT settings. Additionally, old screenshots have been removed to enhance the rel…

The documentation for troubleshooting the AI-powered CLI agent for AKS has been updated to clarify instructions for checking the configuration of the large language model (LLM) provider and ensuring the correct model is used with the `–model` parameter. Additionally, users are now advised to uninstall the Azure CLI and reinstall the latest version if the `aks-agent` installation fails, and the er…

The documentation now includes updated guidance on defining a Fleet Manager Auto-upgrade profile for member clusters, which automates the creation and execution of update runs when new Kubernetes versions are released. Users can select between Stable or Rapid Kubernetes release channels for automatic minor version increments, or opt for the preview feature that allows for only patch releases on a…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to maintain functionality. For further det…

The documentation for creating an Azure Kubernetes Fleet Manager using Terraform has been updated to clarify that users can now create a Fleet Manager without a hub cluster and later add AKS and Arc-enabled clusters as member clusters. Additionally, it emphasizes the requirement to explicitly specify the Azure subscription ID when using the 4.x AzureRM Terraform provider, which is crucial for succ…

Starting June 17, 2025, AKS will no longer support Ubuntu 18.04, and from March 17, 2027, support for Ubuntu 20.04 will also end. Users will not be able to scale their node pools, and existing node images will be deleted, necessitating an upgrade to a supported Kubernetes version to migrate to a supported Ubuntu version. Additionally, AKS will cease support for Azure Linux 2.0 on November 30, 2025…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service. For further detai…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionality.

The documentation for accessing a private Azure Kubernetes Service (AKS) cluster has been restructured to clarify the use of the `command invoke` and `Run command` features. Users can now access private clusters without configuring a VPN or Express Route, allowing them to remotely invoke commands like `kubectl` and `helm` through the Azure API. Additionally, the prerequisites section has been enha…

The documentation now includes an important notice that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and users must migrate to a supported version to avoid losing the ability to scale node pools. Additionally, the default configurations for cluster tiers, node operating systems, and scaling methods have been updated, with the default now being a free tier cluster with…

The documentation for the Azure Kubernetes Fleet Manager quickstart has been updated to clarify that users can create a Fleet Manager and later add AKS and Arc-enabled clusters as member clusters. Additionally, it now specifies that if the Fleet Manager has a hub cluster, features such as Kubernetes object propagation and Managed Fleet Namespaces are enabled, enhancing the functionality available…

The documentation now clarifies that the EiT feature is available in preview starting with AKS version 1.33, but it specifies that Ubuntu 20.04, Azure Linux, arm64, and Windows nodes are not supported. This update provides users with clearer guidance on the compatibility of the EiT feature with different node types in AKS.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3` to ensure continued support and functi…

The documentation for the HTTP proxy configuration in Azure Kubernetes Service (AKS) has been updated to remove the trailing slashes from the example proxy URLs. Users should now ensure that their proxy settings are formatted correctly without trailing slashes to avoid potential connectivity issues.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service. For further detai…

The documentation for the AKS auto-upgrade cluster feature has been updated to clarify that users can no longer upgrade the control plane separately from the node pools; both will now be upgraded together during an auto-upgrade. Additionally, the guidance on setting the auto-upgrade channel has been refined, emphasizing that users should select the appropriate channel when creating or updating a c…

The documentation for setting a retention policy for untagged manifests in Azure Container Registry has been updated to clarify that users can now enable this policy through both the Azure portal and the Azure CLI. The default retention period is specified as seven days, but users can set it to any value between 0 and 365 days, allowing for immediate deletion of untagged manifests if set to 0. Add…

The documentation for creating a private Azure Kubernetes Service (AKS) cluster has been updated to emphasize enhanced security and network control features. Users can now find detailed information on configuring private DNS settings, including the use of custom private DNS zones and subzones, as well as the implications of using Azure Private Link service. Additionally, the prerequisites section…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for Azure Kubernetes Service (AKS). Starting on November 30, 2025, AKS will no longer support or provide security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing users from scaling their node pools. Users are advised to migrate to a supported Azure Linux versio…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will cease on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or transitioning to `osSku AzureLinux3` to ensure continued support and functionalit…

The documentation has been updated to reflect the correct URL for the latest plug-in related to trusted signing, now directing users to the Azure Trusted Signing Notation Plugin release page. This change ensures that users can access the most current resources for downloading and verifying the plug-in.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functional…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3`. This change emphasizes the need for us…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation has been updated to clarify the role of hub clusters in Azure Kubernetes Fleet Manager, now explicitly referred to as "Azure Kubernetes Fleet Manager hub clusters." Users can now better understand how hub clusters facilitate resource placement and manage multiple member clusters through the introduction of the fleet-hub-agent and fleet-member-agent components. Additionally, the t…

The documentation for using Kubernetes RBAC with Microsoft Entra ID in Azure Kubernetes Service (AKS) has been updated to clarify the process of managing access to cluster resources. Users can now find detailed instructions on creating example groups and users in Microsoft Entra ID, as well as how to create Roles and RoleBindings in an AKS cluster to grant permissions for resource management. Addi…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service. For further detai…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3`. Additionally, the document emphasizes that specif…

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in the portal navigation and terminology. Users will now find the **Settings** menu item labeled as **Upgrades** instead of **Cluster configuration**, and for newer clusters, the option to manage the automatic upgrade scheduler is now labeled **Edit schedule** instead of **Add schedule**. These updates cla…

The documentation for Azure Kubernetes Fleet Manager has been updated to clarify the role of fleets and member clusters, emphasizing that a fleet is a group of Kubernetes clusters managed as a single entity. Users can now better understand the capabilities of Fleet Manager, including safe multi-cluster updates and resource propagation, especially when configured with a hub cluster. Additionally, t…

The documentation for customizing node configurations in Azure Kubernetes Service (AKS) has been updated to clarify the process of creating custom node configuration files. Users can now specify kubelet and OS configurations when creating or adding node pools using the `az aks create` and `az aks nodepool add` commands, with detailed examples provided for both Linux and Windows node pools. Additio…

The documentation for the Agentic CLI for Azure Kubernetes Service (AKS) has been updated to clarify installation and configuration steps, emphasizing the need for Azure CLI version 2.76 or later and a large language model (LLM) API key from supported providers. Users can now initialize the Agentic CLI using the `az aks agent-init` command, and the documentation provides clearer instructions on ho…

The documentation now includes a dedicated section for obtaining the identity ID and object ID for the Azure Key Vault Secrets provider, enhancing clarity on this process. Additionally, users are advised to utilize the Azure Verified Module for deploying infrastructure with Terraform, along with a recommendation to consider the AKS production pattern module for best practices in production environ…

The documentation now provides an updated link for enabling workload identity on an existing AKS cluster, directing users to the section on enabling the OIDC issuer and Microsoft Entra workload identity. This change clarifies the steps users need to follow if workload identity is not already enabled on their AKS cluster.

The documentation has been updated to clarify the use of Azure RBAC roles with Azure Kubernetes Fleet Manager, emphasizing that these roles now manage access to both ARM and Kubernetes resources. Users can assign Fleet data plane roles at the Fleet scope or individual managed namespace scope, with specific instructions on how to create role assignments for managed namespaces. Additionally, it is n…

The documentation for managing network bypass policies for Azure Container Registry tasks has been updated to include new command syntax for creating agent pools, building images, and creating tasks. Users can now specify parameters such as `agentpool`, `registry`, `subnet-id`, `image`, and `schedule` directly in the commands, enhancing clarity and usability. Additionally, the verification step fo…

The documentation now specifies that users can change a repository’s autoconversion status directly from the **Repositories** pane in the Azure portal by right-clicking the repository. Users can select **Stop artifact streaming** to set the status to **Inactive** or **Start artifact streaming** to set it to **Active**, providing a clearer and more direct method for managing artifact streaming.

The documentation for the Azure Kubernetes Fleet Manager quickstart has been updated to clarify the terminology, changing "Fleet Manager resource" to "Fleet Manager" throughout the document. Additionally, the prerequisites section has been renamed to "Before you begin," and several new prerequisites have been added, including links to resources for deploying cluster-scoped and namespace-scoped res…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS. Starting on November 30, 2025, users will no longer receive support or security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing the scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or…

The documentation now includes an important notice that starting on **30 November 2025**, Azure Kubernetes Service (AKS) will no longer support or provide security updates for Azure Linux 2.0, and by **31 March 2026**, node images will be removed, preventing users from scaling their node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or transit…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionali…

The documentation for the agentic CLI for AKS has been updated to clarify that users can now ask natural language questions about their cluster’s health, configuration, and issues using the `az aks agent` command group. Additionally, the security considerations section emphasizes the need for proper role-based access control permissions and Microsoft Entra integration for authentication, enhancing…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functional…

The documentation has been updated to clarify navigation steps in the Azure portal for continuous patching. Users are now instructed to select **Repositories** and **Tasks** under the **Services** menu, enhancing the clarity of the process for viewing running tasks and newly created repositories. Additionally, old screenshots have been removed to streamline the content.

The documentation now clarifies that Deployment Safeguards in AKS can enforce Baseline, Restricted, and Privileged Pod Security Standards, with the Baseline standards enabled by default in AKS Automatic. Users can configure Deployment Safeguards using the `–pss-level` flag to select the desired security level, ensuring compliance with Kubernetes best practices during resource deployment. Addition…

The documentation for updating the Key Vault mode for an Azure Kubernetes Service (AKS) cluster with KMS etcd encryption has been marked as legacy, indicating that users should be aware that this information may no longer reflect the latest practices. Additionally, the dates have been updated to reflect the current status of the documentation, which may affect users relying on the most recent guid…

The documentation for certificate rotation in Azure Kubernetes Service (AKS) has been updated to include detailed instructions on how to manually rotate certificates and enable autorotation for enhanced security. Users can now find specific prerequisites, including the requirement for Azure CLI version 2.0.77 or later, and clear commands for checking certificate expiration dates for various compon…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS. Starting on November 30, 2025, AKS will no longer support or provide security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing users from scaling their node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node p…

The documentation now includes an important notice that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and users must migrate to a supported version to avoid losing the ability to scale node pools. Additionally, the `–skip-gpu-driver-install` node pool tag will be retired on August 14, 2025, and users are advised to use the `–gpu-driver` field set to `none` to maintai…

The documentation now clarifies the steps for configuring workload identity in the `node.yaml` and `python.yaml` files, specifically emphasizing the need to replace the placeholder `<SERVICE_ACCOUNT_NAME>` with the actual service account name created by the user. Additionally, the reference link for workload identity has been updated to direct users to the section on deploying and configuring Micr…

Starting March 17, 2027, AKS will no longer support Ubuntu 20.04, resulting in the deletion of existing node images and the cessation of security updates, which will prevent users from scaling their node pools. Additionally, as of November 30, 2025, AKS will stop supporting Azure Linux 2.0, with node images being removed by March 31, 2026, necessitating migration to a supported Azure Linux version…

The documentation for Azure Kubernetes Fleet Manager has been updated to indicate that it is now in preview. Users should note this change as it may affect their expectations regarding stability and support for features related to Arc-enabled Kubernetes clusters.

The documentation for migrating from Pod Identity to Workload Identity has been updated to clarify the prerequisites for using Azure Identity supported versions. Users can now find the necessary prerequisites in the "Workload Identity Overview" section, which may help streamline their setup process.

The documentation for the Valkey cluster has been updated to clarify the use of the term "master," which is now referred to as "primary." Additionally, users can now verify the successful push of their Docker image to Azure Container Registry (ACR) using the `az acr repository list` command, which was added to the instructions. The article also emphasizes the importance of using secure authenticat…

The documentation now emphasizes the requirement to specify a Pod CIDR (IP address range for pods) when using a custom CNI in AKS. This change clarifies that the AKS control plane relies on this range for internal traffic routing to pods, and it provides guidance on selecting a non-conflicting CIDR that avoids Azure reserved ranges. Users are now informed that failing to provide a Pod CIDR may lea…

The documentation now includes a critical notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionality…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3` to maintain functionality.

The documentation for deploying a Valkey cluster on Azure Kubernetes Service (AKS) has been updated to replace the terms "master" and "slave" with "primary" and "replica," reflecting Microsoft’s current terminology. Additionally, users are now instructed to export the secret using `export SECRET=$(openssl rand -base64 32)` and to ensure they replace placeholders in Terraform commands with actual o…

The documentation for configuring the AKS scheduler has been updated to clarify that users cannot define a profile called `aks-system`, in addition to the existing restriction on in-tree scheduling plugins. Users are now instructed to create configuration files with the CRD named `upstream`, and specific examples have been provided for creating `bin-pack-cpu-scheduler.yaml` and `pod-topology-sprea…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued functionality.

The documentation now specifies that Managed Fleet Namespaces utilize Azure Resource Manager roles for management and access, replacing the previous reference to control plane roles. Additionally, it clarifies that Kubernetes data plane roles are used for interactions with the Managed Fleet Namespace instance on the Fleet Manager hub cluster, providing users with a clearer understanding of the rol…

The documentation for the Azure Kubernetes Fleet Manager quickstart has been updated to clarify that users can create a Fleet Manager and later add AKS and Arc-enabled clusters as member clusters. Additionally, it now specifies that if the Fleet Manager has a hub cluster, features such as Kubernetes object propagation and Managed Fleet Namespaces are enabled, enhancing the management and orchestra…

The documentation for the "Quickstart: Create an Azure Kubernetes Fleet Manager and join member clusters using Azure CLI" has been updated to clarify the process of creating a Fleet Manager, enhancing user understanding of managing multiple Kubernetes clusters. Additionally, the section titles have been revised for consistency, and new links have been added to resources for deploying cluster-scope…

The documentation now includes an important notice that starting on **30 November 2025**, AKS will cease support and security updates for Azure Linux 2.0, with node images being removed on **31 March 2026**. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3`. Additionally, the section on the "Honor Least-privilege princ…

The title of the article has been updated from "Choose an Azure Kubernetes Fleet Manager option" to "Choosing an Azure Kubernetes Fleet Manager option," reflecting a more active voice. Additionally, the section on billing considerations has been clarified to state that users pay for the hub cluster, which is a single node standard-tier AKS cluster, rather than implying there are no costs associate…

The documentation for Microsoft Entra Workload ID on Azure Kubernetes Service (AKS) has been updated to clarify that workloads can now assign workload identities to authenticate and access Azure resources more seamlessly. Additionally, new sections on prerequisites and limitations have been added, detailing the maximum number of federated identity credentials allowed and the propagation time for t…

The documentation now clarifies that when dedicated data endpoints are enabled, Azure Container Registry (ACR) provides a temporary download link for image layers that is valid for 20 minutes, enhancing security during image pulls. Additionally, the instructions for enabling data endpoints in the Azure portal have been updated to specify selecting the "Use dedicated data endpoint" checkbox instead…

The documentation for validating Valkey resiliency during an Azure Kubernetes Service (AKS) node pool upgrade has been updated to clarify the process and improve user guidance. Users can now find a dedicated section for verifying the Locust client status and monitoring the dashboard during the upgrade process, which enhances their ability to manage upgrades with minimal service disruption. Additio…

The documentation has been updated to reflect new links for connecting to private clusters and virtual network peering. Users can now access the updated sections on connecting to private clusters and learn about connecting using virtual network VNet peering through the new dedicated page, enhancing clarity and usability.

The documentation now clarifies that Fleet Manager’s support for custom resources is based on the KubeFleet CNCF project, enhancing user understanding of its integration. Additionally, a new parameter has been introduced that provides information on the available number of nodes for specific VM SKUs in the cluster, which users can utilize to better manage their resources.

The documentation now reflects that the `acr purge` command is distributed in a new public container image version (`mcr.microsoft.com/acr/acr-cli:0.17`), updated from the previous version 0.14. Users should be aware of this change as it may affect their usage of the command during its preview phase.

The documentation now includes an important notice that starting on **30 November 2025**, AKS will no longer support Azure Linux 2.0, and by **31 March 2026**, users will be unable to scale their node pools unless they migrate to a supported Azure Linux version. Additionally, the sections on PriorityLevelConfigurations and FlowSchemas have been updated to clarify how users can define and manage AP…

The documentation has been updated to reflect the renaming of "Microsoft Entra attribute-based access control (ABAC)" to "Azure attribute-based access control (Azure ABAC)" throughout the article. Users can now enable Azure ABAC for repository permissions in Azure Container Registry by setting the **Role assignment permissions mode** to **RBAC Registry + ABAC Repository Permissions**, allowing for…

The documentation now clarifies that when dedicated data endpoints are enabled during image pulls, Azure Container Registry (ACR) provides a temporary download link for each image layer, valid for 20 minutes. This enhancement ensures users have a secure, short-lived URL for downloading layers, streamlining the image pulling process.

The documentation for "Observability for Azure Kubernetes Service (AKS) Clusters with Key Management Service (KMS) Etcd Encryption" has been updated to mark it as a legacy section, indicating that users should refer to newer resources. Additionally, the command for transitioning to KMS v2 has been changed from "Use KMS v2" to "Migrate to KMS v2," clarifying the action users need to take for upgrad…

The documentation for viewing repositories in the Azure portal has been updated to clarify that Azure Container Registry allows users to store Docker container images and other artifacts in repositories. Users can now see a list of repositories hosting their images and any associated image tags directly in the Azure portal, enhancing their ability to manage and navigate their container images more…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3` to ensure continued support and functionality.

The documentation for using kubelogin to authenticate in Azure Kubernetes Service (AKS) has been updated to clarify that this article now covers all supported Microsoft Entra authentication methods. Users will find new limitations regarding group inclusion by ObjectID and the maximum number of groups in a Microsoft Entra JSON Web Token (JWT) claim. Additionally, the service principal authenticatio…

The documentation for migrating to Key Management Service (KMS) v2 in Azure Kubernetes Service (AKS) has been updated to indicate that it now applies specifically to clusters using the legacy KMS experience. Users are advised to transition to the new KMS data encryption experience for clusters running Kubernetes version 1.33 or later, which provides enhanced features such as platform-managed keys,…

The documentation for Application Gateway for Containers has been updated to clarify the definitions and requirements for its components. Users can now better understand that each frontend defines the entry point for client traffic and that a unique FQDN can be created for CNAME records. Additionally, the documentation emphasizes that a user-assigned managed identity is necessary for each Azure Lo…

The documentation for the Java package has been updated to reflect a new Maven repository link, changing from the previous search.maven.org URL to central.sonatype.com. This change ensures users access the most current version of the Azure Containers Container Registry library.

The documentation for deploying Valkey on Azure Kubernetes Service (AKS) has been updated to clarify that the solution now deploys three Valkey primary pods across two availability zones, with one replica pod per primary in a third zone, utilizing `Standard_E64_v5` SKU nodes. Additionally, the explanation of the `StatefulSet` resources has been refined to emphasize the zone distribution for high a…