Learn how to migrate to KMS v2 for clusters with versions older than 1.27.

Learn how to improve your Domain Name System (DNS) resolution performance and resiliency in AKS using localDNS.

Learn how to connect an AI inference service with MCP in Azure Kubernetes Service (AKS) by using the managed add-on for KAITO.

Learn the basics of Azure Kubernetes Service (AKS) so you can start deploying and managing containerized applications.

Learn how to deploy an AI inference service that supports tool calling in Azure Kubernetes Service (AKS) by using the managed add-on for KAITO.

An overview of Advanced Container Networking Services’ WireGurard encryption capabilities on Azure Kubernetes Service (AKS).

Learn how to create Windows Server node pools with containerd in Azure Kubernetes Service (AKS).

Learn how to update the key vault mode from public to private or private to public for an AKS cluster with Key Management Service (KMS) etcd encryption.

New page added.

Learn how to simplify namespace management and resource isolation in Azure Kubernetes Service (AKS) with managed namespaces.

Learn the best practices for managing your GPU-enabled node pools on Azure Kubernetes Service (AKS)

Learn how to create the infrastructure for deploying highly available GitHub Actions on Azure Kubernetes Service (AKS) using Azure Files.

Proven patterns to use for upgrading Azure Kubernetes Service clusters in production with minimal downtime and maximum safety.

Learn how DNS operates in AKS and how to boost performance and reliability with LocalDNS caching.

In this article, you deploy a Ray cluster for tuning with BlobFuse on Azure Kubernetes Service (AKS).

Learn about how AKS uses Node Problem Detector to expose issues on GPU-enabled nodes.

Limitations

Step-by-step guide on using managed namespaces (preview) in Azure Kubernetes Service (AKS).

Learn how to view observability metrics and improve observability for AKS clusters with KMS etcd encryption.

Get started with WireGuard Encryption Feature for Advanced Container Networking Services on your AKS cluster.

Learn about VM fundamentals on AKS, like different VM sizes, generations, features, how to check for available VM sizes, why some VM sizes might not be available, and what happens when a VM size retires.

Learn how different AKS components are versioned, patched, and upgraded across AKS cluster control plane and nodes.

Learn how to create node pools with unique subnets in Azure Kubernetes Service (AKS).

Learn how to deploy and test highly available GitHub Actions with Azure Files on Azure Kubernetes Service (AKS).

In this article, we provide an overview of deploying highly available GitHub Actions on Azure Kubernetes Service (AKS) using Azure Files.

Configure ingresses for Istio service mesh add-on for Azure Kubernetes Service using the Kubernetes Gateway API

Learn the basics of Kubernetes so you can start deploying and managing containerized applications using Azure Kubernetes Service (AKS).

In this article, you learn how to create and manage network policies for AKS clusters in the Azure portal.

Install Managed Kubernetes Gateway API on Azure Kubernetes Service

Learn how AKS applies the CIS benchmark with the Azure Linux 3.0 image

Learn the advanced features of Azure Kubernetes Service (AKS) so you can optimize your containerized applications.

Install and configure Kueue on your Azure Kubernetes Service (AKS) cluster, including enabling advanced features and verifying deployment.

Learn how to define Kueue deployments and efficiently schedule batch workloads on your Azure Kubernetes Service (AKS) cluster.

The documentation for setting up Container Network Logs with Advanced Container Networking Services in Azure Kubernetes Service has been updated for clarity and accuracy. Users can now find improved instructions on configuring container network logs, including details on the required Azure CLI versions and the specific commands to enable features like stored and on-demand logs. Additionally, the g…

Updates content with clarifications and improvements.

The documentation now reflects that Ubuntu 22.04 is supported in Kubernetes versions 1.25 to 1.36, extending the previous support range. Additionally, the default OS Type for Windows 2022 has been updated to support Kubernetes versions 1.25 to 1.34, ensuring users can utilize this OS SKU in a broader range of Kubernetes versions. Users can also find clarified information regarding the default OS S…

The documentation now includes a customer intent statement that clarifies how developers can use Visual Studio Code to create a Dockerfile with Automated Deployments in the AKS extension. This enhancement helps users understand the purpose of the feature and its benefits for defining application Docker image configurations for consistent Kubernetes deployments.

The documentation now emphasizes that the Basic Load Balancer will be retired on September 30, 2025, urging users to upgrade to the Standard Load Balancer to maintain support for their clusters. Additionally, it clarifies that users must meet specific prerequisites before migrating and provides guidance on how to specify the correct load balancer SKU when creating a new cluster. Users will also fi…

The documentation now includes a customer intent statement that emphasizes the ability for Kubernetes administrators to configure role-based access control using Microsoft Entra group membership. This enhancement allows users to restrict cluster resource access based on user identities, thereby improving security in their Azure Kubernetes Service environments.

The documentation now includes an important note recommending the use of the most secure authentication flow available when creating database user secrets in Azure Kubernetes Service (AKS). Users are advised to consider this flow only when more secure options, such as managed identities, are not viable. Additionally, the operator version for the Prometheus PodMonitor has been updated from 1.23.1 t…

The documentation now includes a new section detailing how to enable cost analysis on an AKS cluster, allowing cloud operations managers to gain insights into resource allocation and optimize Kubernetes spending. Users are informed that enabling cost analysis creates a managed identity named `cost-analysis-identity`, which has read access to the cluster’s node resource group, and they must specify…

The documentation for using Key Management Service (KMS) etcd encryption in Azure Kubernetes Service (AKS) has been updated to clarify that users can now enable KMS for both public and private key vaults. Additionally, the commands for creating and managing key vaults and keys have been enhanced for clarity, including specific parameters for the `az aks create` and `az aks update` commands. Users…

The documentation now includes a clearer customer intent statement, emphasizing the goal of configuring Azure Kubernetes Service clusters with API Server VNet Integration for secure communication. Additionally, the list of supported regions has been updated to reflect new options, enhancing user awareness of available deployment locations. Users can also find improved guidance on setting up Privat…

The documentation now includes a customer intent statement that emphasizes the need for proactive cost recommendations for Azure Kubernetes Service deployments. This addition helps cloud architects understand the importance of optimizing resource usage and reducing expenses while ensuring reliability in their deployments.

The documentation has been updated to clarify that the AI toolchain operator is now referred to as the "AI toolchain operator add-on," which may impact how users identify and utilize this feature. Additionally, the article now includes a more specific customer intent statement, enhancing the context for data scientists looking to fine-tune and deploy language models on Azure Kubernetes Service (AK…

The documentation for configuring and deploying a Valkey cluster on Azure Kubernetes Service (AKS) has been updated to clarify the initialization and configuration processes. Users can now follow enhanced instructions for creating a Valkey cluster with primary nodes in specific zones, ensuring full slot coverage and high availability through proper role assignment and replication verification. Add…

The documentation now includes an important notice regarding the deprecation of Azure Linux 2.0 support in Azure Kubernetes Service (AKS). Users are informed that starting on November 30, 2025, security updates will cease, and by March 31, 2026, node images will be removed, necessitating migration to a supported Azure Linux version to maintain functionality. This change emphasizes the need for dev…

The documentation now includes an important notice that starting on **30 November 2025**, Azure Kubernetes Service (AKS) will no longer support Azure Linux 2.0, with node images being removed on **31 March 2026**. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and security updates.

The documentation now includes a customer intent statement that clarifies the goal of deploying and configuring NGINX ingress on Azure Kubernetes Service using the application routing add-on. This addition helps users understand how to efficiently manage HTTP/HTTPS traffic to their applications while ensuring secure access and integration with Azure DNS.

The documentation for Container Network Logs in Azure Kubernetes Service (AKS) has been updated to provide a clearer overview of its capabilities, including enhanced visibility into network traffic and detailed metadata capture. Users can now utilize two modes for log collection: stored logs, which require custom resources for traffic monitoring, and on-demand logs, which offer real-time visibilit…

The documentation now includes a customer intent statement that clarifies the goal for Kubernetes administrators to move Azure Disk persistent volumes between AKS clusters across subscriptions. This addition emphasizes the importance of managing storage resources effectively while minimizing the risk of data loss during the migration process.

The documentation now states that starting with Kubernetes version 1.34+, new AKS clusters have the OIDC issuer enabled by default, eliminating the need to specify the `–enable-oidc-issuer` flag during cluster creation. This change simplifies the setup process for users creating new clusters on version 1.34 and later, while still allowing the flag to be used as a no-op for backward compatibility.…

The documentation now includes a new section addressing customer intent, specifically aimed at data scientists. It clarifies the differences between small and large language models, helping users select the appropriate model for their AI and machine learning workflows on Kubernetes.

The documentation for Advanced Container Networking Services has been updated to clarify the features available for Azure Kubernetes Service (AKS) clusters. Users can now better understand the distinctions between Container Network Observability and Container Network Security, including the use of Fully Qualified Domain Name (FQDN) filtering for enhanced security. Additionally, the commands for en…

The documentation now includes a customer intent statement that clarifies the goals of Kubernetes administrators regarding the configuration and troubleshooting of the Azure Key Vault provider for the Secrets Store CSI Driver in AKS. This addition helps users understand the purpose of the documentation and how it can assist them in securely managing and automating secrets in their Kubernetes envir…

The documentation for creating node pools in Azure Kubernetes Service (AKS) has been updated to clarify the process of managing multiple node pools. Users can now utilize separate commands for creating, updating, and deleting node pools through the `az aks nodepool` command set, enhancing control over individual node pool operations. Additionally, a warning has been added regarding the deprecation…

The documentation now includes a warning and guidance regarding the use of the force upgrade option, which bypasses Pod Disruption Budget (PDB) constraints and may lead to service disruptions by draining all pods simultaneously. Users are advised to only use this option when PDBs prevent critical upgrades and cannot be resolved, as it can cause complete service unavailability during the upgrade pr…

Updates content with clarifications and improvements.

The documentation for configuring HTTP proxy in Azure Kubernetes Service (AKS) has been updated to clarify that AKS automatically reimages all node pools when the proxy configuration is updated using the `az aks update` command. Users are now advised to utilize Pod Disruption Budgets (PDBs) to protect critical pods during this reimage process. Additionally, the steps for verifying the HTTP proxy c…

The documentation now includes additional Azure Files storage account types, specifically the Standard V2 and Premium V2 SKUs, which allows users to utilize a broader range of storage options for persistent volumes in Azure Kubernetes Service. Furthermore, it emphasizes the importance of protecting connection strings through key rotation or Azure Key Vault, and recommends using Microsoft Entra ID…

The documentation now clarifies that while the Istio add-on allows the use of `EnvoyFilter` types such as Lua, Compressor, and Local Rate Limit, any issues arising from these filters, including those related to Lua scripts or compression libraries, are outside the support scope of the Istio add-on. Users should refer to the support policy document for more information on the support categories for…

The documentation now includes a customer intent statement that helps cloud architects evaluate CNI networking options in Azure Kubernetes Service, aiding in the selection of the most suitable networking model for their clusters. Additionally, the image illustrating the flat network architecture has been updated to provide a clearer representation of the networking model.

The documentation now includes a new section that outlines the intent of Kubernetes administrators to use customer-managed keys for encrypting managed disks in Azure Kubernetes Service. This addition emphasizes the enhanced security and control over data at rest that users can achieve by implementing this feature.

The documentation now clarifies that native sidecar mode for the Istio-based service mesh add-on in Azure Kubernetes Service (AKS) is enabled by default starting with AKS version 1.33 and Istio add-on version asm-1-28. Users can create new AKS clusters with native sidecar mode automatically enabled by selecting version 1.33 or newer and Istio asm-1-27 or newer during cluster creation. Additionally…

The documentation now includes an important notice regarding the deprecation of Azure Linux 2.0 for Azure Kubernetes Service (AKS). Users are informed that support and security updates will end on November 30, 2025, and that node images will be removed on March 31, 2026, necessitating migration to a supported Azure Linux version to ensure continued functionality and security of their node pools.

Updates content with clarifications and improvements.

The documentation now includes a customer intent statement that clarifies the goal of implementing an active-passive disaster recovery strategy for Azure Kubernetes Service. This addition helps solutions architects understand the importance of ensuring application availability and business continuity during regional failures.

The documentation now includes a note emphasizing the requirement to pre-register the `Microsoft.PolicyInsights` resource provider in your subscription for a smoother experience when using AKS Automatic clusters. Additionally, the title and description of the quickstart guide have been updated to remove the "(preview)" designation, indicating that the feature is now fully available. Users can also…

The documentation now provides updated links for creating an Azure Linux node pool and migrating from Ubuntu nodes to Azure Linux nodes. Users can now access a more streamlined guide on creating an AKS cluster with a single node pool using the Azure CLI, as well as a dedicated tutorial for migrating to Azure Linux.

The documentation now includes a customer intent statement that clarifies the goal of configuring an Azure SQL Database with managed identity authentication. This addition helps database administrators understand the benefits of securely connecting and managing database access without exposing credentials.

The documentation has been updated to clarify the process of verifying container image signatures using Ratify and Azure Policy on Azure Kubernetes Service (AKS). Users can now follow detailed instructions on setting up Ratify with either Azure Key Vault or Microsoft’s Trusted Signing service for certificate management, ensuring that only trusted and unaltered images are deployed. Additionally, th…

Updates content with clarifications and improvements.

The documentation now includes a new customer intent section that clarifies the goal of configuring Azure Managed Prometheus for collecting metrics from Istio service mesh workloads. This addition helps Kubernetes operators understand how to monitor performance and ensure application reliability on Azure Kubernetes Service more effectively.

The documentation has been updated to clarify the process of signing and verifying OCI artifacts, including container images, to enhance integrity and authenticity across the software supply chain. Users can now better understand how to utilize the Notary Project and its tooling, Notation, for signing artifacts with options like Azure Key Vault and Trusted Signing, which streamline certificate man…

Updates content with clarifications and improvements.

The documentation has been updated to clarify the process of signing container images using Notation and Azure Key Vault, including a more detailed description of the tools involved. Users can now learn how to create a self-signed certificate in Key Vault, build and push a container image using Azure Container Registry tasks, and validate the image against its signature with the Notation CLI. Addi…

The documentation now includes a clear customer intent statement, emphasizing the goal for Kubernetes administrators to migrate existing Persistent Volumes from in-tree storage classes to CSI drivers in Azure Kubernetes Service. This addition helps users understand the benefits of improved storage management and the importance of a seamless transition without data loss.

The documentation now includes a customer intent statement that clarifies the purpose of configuring the cluster autoscaler for Kubernetes workloads in AKS, emphasizing automatic node adjustment based on application demand. Additionally, the link to the section on monitoring AKS control plane resource logs has been corrected for better accuracy.

The documentation for signing container images with Notation and Trusted Signing has been updated to clarify the setup process and enhance user understanding. Users are now guided to prepare their Azure Container Registry and configure Trusted Signing more explicitly, including detailed steps for setting up the Azure CLI and installing the Notation CLI and Trusted Signing plug-in. Additionally, th…

The documentation now includes a customer intent statement that clarifies the purpose of enabling Azure Hybrid Benefit for Azure Kubernetes Service clusters, emphasizing cost reduction through existing Windows Server licenses. Additionally, a correction was made to the command syntax for enabling Azure Hybrid Benefit, ensuring users have the correct format for the `az aks update` command.

Updates content with clarifications and improvements.

The documentation has been updated to clarify the transition from Docker Content Trust (DCT) to the Notary Project, emphasizing that DCT will be deprecated starting March 31, 2025, and removed by March 31, 2028. Users can now find detailed guidance on disabling DCT and adopting the Notary Project for signing and verifying container images, including methods for integration with Azure Key Vault and…

The documentation now includes guidance for using Transformations in Azure Monitor, allowing users to filter or modify control plane and data plane logs before they are sent to a Log Analytics workspace. This enhancement helps users optimize their log data management, potentially reducing costs and improving efficiency in Azure Kubernetes Service.

The documentation for monitoring Azure Kubernetes Service (AKS) control plane metrics has been updated to clarify that this feature is in preview and to enhance the descriptions of how to utilize Azure Monitor for visibility into critical components like the API server and etcd. Users can now enable control plane metrics by using the managed service for Prometheus add-on during cluster creation or…

The documentation now includes a new customer intent statement that clarifies the goal of creating a highly available PostgreSQL database on a managed Kubernetes service. Users are instructed to wait for the initial cluster operation to complete using the `az aks wait` command before adding a user node pool, which helps prevent conflicts during updates. Additionally, the instructions for enabling…

The documentation now specifies that users can deploy and manage AI and ML workloads on Azure Kubernetes Service (AKS) using the AI toolchain operator add-on, enhancing their ability to optimize performance and reduce complexity. Additionally, the customer intent section has been updated to reflect the goals of data scientists in leveraging existing tools and frameworks for their applications.

The documentation now includes a note clarifying that the integration of Azure Container Registry (ACR) with Azure Kubernetes Service (AKS) using the `az aks –attach-acr` command is not supported for registries configured with "RBAC Registry + ABAC Repository Permissions." Users should be aware of this limitation and can refer to the provided link for more information on ABAC-enabled ACR registri…

Updates content with clarifications and improvements.

The documentation now clarifies that Private Clusters are supported with NAP-enabled clusters, which were previously listed as unsupported. This change allows users to utilize Private Clusters in conjunction with Node Auto-Provisioning (NAP), enhancing their deployment options. For further details, users can refer to the AKS Release Notes dated September 21, 2025.

The documentation now includes an important notice stating that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3`.

Updates content with clarifications and improvements.

The documentation now includes an important notice that starting on November 30, 2025, Azure Kubernetes Service (AKS) will no longer support or provide security updates for Azure Linux 2.0, with node images being removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3`. Additionally, the list of sec…

The documentation now clarifies that the Azure File CSI driver automatically configures the `vers`, `minorversion`, and `sec` properties, and users should not specify these values in their manifests. Additionally, it introduces a new section on Encryption in Transit for NFS file shares, detailing how to enable this feature by setting `encryptInTransit: "true"` in the storage class parameters, enha…

The documentation now includes a customer intent statement that clarifies the goal of upgrading the Istio-based service mesh add-on for Azure Kubernetes Service clusters. This addition helps Kubernetes administrators understand the importance of keeping their applications updated with the latest features and security patches while ensuring minimal downtime.

The documentation now includes a new section that outlines customer intent for Kubernetes administrators looking to implement Layer 7 policies in their clusters. This addition emphasizes the ability to enhance application security and traffic management by controlling communication based on application-specific attributes, providing clearer guidance on the benefits of these policies.

Updates content with clarifications and improvements.

The documentation for creating infrastructure for deploying Apache Airflow on Azure Kubernetes Service (AKS) has been updated to provide a more detailed step-by-step guide, including configuration for identity and storage for production-ready deployments. Users can now set up a high-availability AKS cluster optimized for production workloads, with specific commands updated to reflect the latest co…

The documentation has been updated to reflect the latest recommendations from the CIS Kubernetes V1.27 Benchmark v1.11.1, now applicable to AKS versions 1.29.x through 1.32.x. Users can now find additional details on compliance, including the introduction of an AKS CIS benchmark and the ability to use Azure Policy for Kubernetes to manage service external IPs. Furthermore, the default values for c…

The documentation now includes a customer intent statement that clarifies the purpose of implementing certificate rotation in AKS clusters. This addition helps Kubernetes administrators understand the importance of managing certificate expirations to ensure security and compliance within their clusters.

The documentation now includes a customer intent section that outlines the goals of data scientists in fine-tuning pre-trained language models on specific tasks using Kubernetes. This addition clarifies how users can enhance the performance of their AI and machine learning workflows in a cost-effective and efficient manner.

The documentation for deploying Apache Airflow on Azure Kubernetes Service (AKS) has been updated to reflect the use of Apache Airflow version 3.0.2 and various updated tags for dependencies, including external-secrets and PostgreSQL images. Users can now configure and deploy Airflow with the latest versions, ensuring improved features and security. Additionally, the article emphasizes the configu…

The documentation now includes a customer intent statement that clarifies the goals of implementing performance and scaling best practices for large workloads in Azure Kubernetes Service. Additionally, the command for describing the control plane scaling status has been updated to specify "large-cluster-control-plane-scaling-status," providing users with a more accurate reference for managing larg…

The documentation now includes a customer intent statement that clarifies the goal of configuring kubenet networking for AKS clusters within existing virtual networks, emphasizing the benefits of optimizing IP address management. Additionally, minor formatting adjustments were made to the JSON code snippets for better clarity, ensuring users can easily understand the required parameters for their…

The documentation now includes a customer intent statement that clarifies the need for Kubernetes administrators to restart the KEDA operator pods after enabling Workload Identity. This addition helps users understand the importance of this step to ensure that environment variables are correctly injected for proper functionality.

The documentation now includes updated instructions for accessing the Kubernetes API for both public and private Azure Kubernetes Fleet Manager hub clusters. Users can securely connect to a private hub cluster using Azure Bastion’s native client tunneling feature, which protects the cluster from external exposure while allowing secure access. Additionally, prerequisites have been clarified, includ…

The documentation now includes a customer intent section that highlights how developers can leverage AKS plugins with GitHub Copilot to create clusters and deploy manifests. This enhancement aims to streamline workflows and improve efficiency in managing Azure Kubernetes Service by reducing the need to memorize complex commands.

The documentation now clarifies that users can expand the Pod CIDR during an upgrade by specifying a new range with the `–pod-cidr` parameter. Previously, it stated that the parameter was unnecessary, but the update emphasizes that users have the option to change the Pod CIDR if needed.

The documentation now includes important notices regarding the end of support for Azure Network Policy Manager (NPM) on Windows nodes in AKS by September 30, 2026, and on Linux nodes by September 30, 2028. Users are advised to explore alternative options, such as Network Security Groups (NSGs) for Windows nodes and to migrate Linux nodes to Cilium Network Policy to avoid service disruptions.

The documentation now includes a customer intent statement clarifying that Kubernetes administrators can implement the Azure Blob storage CSI driver on AKS to manage and access unstructured data for containerized applications without altering core Kubernetes code. Additionally, the image used in the examples has been updated from `mcr.microsoft.com/oss/nginx/nginx:1.22` to `mcr.microsoft.com/azure…

The documentation now includes a customer intent statement that clarifies the goal for developers creating a single Azure SQL Database, emphasizing the importance of correct configurations for seamless application connectivity without network access or server idle state issues. This addition helps users better understand the context and requirements for setting up their databases effectively.

The documentation now includes a new step for creating a resource group for the AKS cluster, enhancing clarity for users setting up Azure ultra disks. Additionally, the instructions for creating the AKS cluster and persistent volume claim have been streamlined, ensuring users can easily follow the updated commands and understand the configuration details. Users can now also see the context-setting…

The documentation for creating infrastructure for a Valkey cluster on Azure Kubernetes Service (AKS) has been updated to provide a more comprehensive setup guide. Users can now follow detailed steps for configuring environment variables, provisioning Azure resources, and managing secrets, including the creation of a dedicated node pool for Valkey workloads. Additionally, the guide now includes an…

Updates content with clarifications and improvements.

The documentation now clarifies that node initialization taints will not be visible on nodes using Virtual Machine Scale Sets (VMSS) until an operation triggers a VMSS model update, such as a Kubernetes version or node image version upgrade. Additionally, it specifies that these taints apply to all node pools in the cluster when updating a cluster with a node initialization taint. This change enha…

The documentation now includes a customer intent statement that clarifies the goal for Kubernetes developers configuring Azure NetApp Files with their AKS clusters. This addition helps users understand the purpose of the configuration process, enhancing their ability to provision and manage persistent storage for applications effectively.

The documentation now clarifies that the `Unmanaged` channel is not supported for AKS clusters, and it specifies that kubenet networking is also not supported. This change impacts users by providing clearer guidance on the limitations of network configurations for enhancing security in their AKS clusters.

The documentation for enabling AKS-managed Microsoft Entra integration has been updated to clarify the integration process, stating that the AKS resource provider now manages the client and server apps, simplifying user setup. Additionally, the requirements for installing the AKS addon have been refined, emphasizing the need for specific versions of Azure CLI and kubectl, and the necessity of havi…

Updates content with clarifications and improvements.

The documentation now includes a note emphasizing the requirement to pre-register the `Microsoft.PolicyInsights` resource provider in your subscription for a smoother experience when using Azure Policy with AKS Automatic clusters. Additionally, the title and description of the quickstart guide have been updated to remove the "preview" designation, indicating that users can now refer to a more stab…

The documentation now includes a new section that outlines how to integrate Azure HPC Cache with Azure Kubernetes Service, specifically aimed at cluster operators and developers. This enhancement allows users to improve data access and boost the performance of high-performance computing tasks within their Azure environments.

The documentation now includes a note indicating that after March 31, 2026, new AKS clusters using the AKS-managed virtual network option will default to placing cluster subnets into private subnets, which may affect unsupported scenarios involving other resources in the same subnet. Additionally, users are reminded that the `none` and `block` outbound types are only available with Network Isolate…

The documentation for Azure Kubernetes Service (AKS) Automatic has been updated to remove the "preview" designation, indicating that the service is now fully supported. Additionally, an important note has been added regarding the end of support for Azure Linux 2.0, effective November 30, 2025, which requires users to migrate to a supported version to avoid disruptions in scaling node pools. Users…

The documentation now includes a detailed section on evaluating ephemeral NVMe data disks for maximum performance, emphasizing their suitability for workloads requiring high storage throughput and IOPS. Users are informed about the benefits of NVMe-backed storage for scenarios like AI training, high-performance databases, and batch analytics, along with important considerations regarding data loss…

The documentation now includes an important notice that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and users must migrate to a supported version to avoid issues with node pool scaling. Additionally, users are advised to ensure that the Pod CIDR does not overlap with any external IP addresses or networks when using Azure CNI in Overlay mode, as this could lead to con…

The documentation now emphasizes the importance of using secure authentication flows when configuring and deploying a MongoDB cluster on AKS. A new warning has been added, advising users to consider more secure options, such as managed identities, instead of the described authentication flow, which carries higher risks. Additionally, the description of the article has been updated to clarify that…

The documentation now emphasizes the recommendation of a minimum of two CoreDNS pod replicas per cluster to avoid operational failures during node draining, such as during cluster upgrades. Additionally, it introduces a linear scaling formula to help users determine the appropriate number of replicas based on their specific cluster requirements and DNS traffic patterns, enhancing their ability to…

The documentation now specifies that users need an Azure subscription with Owner or Admin role, linking to a new pricing options page for better clarity on account types. Additionally, references to sample workflows and activities have been updated to ensure users access the most relevant resources for Dapr workflows in AKS.

The documentation now includes a customer intent statement that emphasizes the ability for DevOps engineers managing AKS clusters to configure Image Cleaner for the automatic removal of vulnerable stale images. This enhancement aims to improve the security and efficiency of image management processes.

The documentation now includes a new section on configuring the NGINX ingress controller’s health probe path, specifying that it must be set to "/healthz" for the Azure Load Balancer. Users are guided on how to add the necessary annotation to the ingress controller’s Service and how to define this annotation in a Helm values file during upgrades, which helps maintain service availability and preve…

The documentation now includes a customer intent statement that clarifies the goal of configuring an AKS cluster with Azure CNI Powered by Cilium for high-performance networking and enhanced security. Additionally, it highlights that L3 and L4 `CiliumNetworkPolicy` are supported and can be utilized alongside Kubernetes `NetworkPolicy` resources, providing users with more options for network securi…

The documentation now includes a new section that outlines support and troubleshooting resources specifically for Azure Kubernetes Service. This addition aims to assist Kubernetes administrators in quickly diagnosing and resolving deployment issues, enhancing the overall efficiency of application operations.

The documentation now includes additional parameters for configuring ingress gateways in Istio, allowing Kubernetes administrators to specify allowed IP ranges, disable floating IP addresses, and set TCP idle timeout values for Azure Load Balancer. Users can also find updated guidance on using the Kubernetes Gateway API for ingress configuration, enhancing their ability to manage application traff…

Updates content with clarifications and improvements.

The documentation now includes a customer intent statement that clarifies how Kubernetes developers can utilize Azure App Configuration to manage their Azure Kubernetes Service workloads. Users can dynamically configure their applications using ConfigMaps generated from Azure App Configuration, allowing for seamless integration of feature flags and secrets without the need to modify application co…

The documentation now includes a new section that explains how cloud administrators can access a private Azure Kubernetes Service cluster using the command invoke feature. This enhancement allows users to run management commands without the need for complex network configurations such as VPNs or Express Routes.

The documentation now clarifies that the application routing add-on exposes a private Service `nginx-metrics` for Prometheus metrics at `/metrics` on port 10254, enhancing monitoring capabilities. Users can validate metrics collection by setting up a port forward from a local port to this service, rather than to individual pods. Additionally, the section on configuring Azure Monitor managed servic…

The documentation now includes a customer intent statement that clarifies the purpose of understanding different types of Kubernetes Services in Azure Kubernetes Service (AKS). Additionally, users can create multiple public load balancers within a single AKS cluster using the `LoadBalancer` type, which is beneficial for large clusters or port-heavy workloads. For further details, users are directe…

The documentation has been updated to clarify that the AI Toolchain Operator (KAITO) is now a managed add-on for Azure Kubernetes Service (AKS), simplifying the deployment and operations for AI models. Users can now monitor and visualize AI inference metrics using the managed service for Prometheus and Azure Managed Grafana, with specific instructions on how to collect and export vLLM metrics from…

Updates content with clarifications and improvements.

The documentation now specifies that the `az aks mesh get-revisions` command provides information on Istio add-on revisions compatible with both standard and LTS AKS cluster versions, enhancing clarity for users regarding compatibility. Additionally, the phrasing for obtaining AKS cluster credentials has been improved for better readability. Users can now more easily understand the compatibility s…

The documentation has been updated to reflect that the CIS benchmark now specifically applies to the Azure Linux 2.0 image, replacing previous references to the general Azure Linux benchmark. Users are informed that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and they must migrate to a supported version to continue receiving security updates and support. Additionally…

The documentation has been updated to clarify the process of signing container images using Notation and Azure Key Vault with a CA-issued certificate. Users can now find improved instructions on creating and importing certificates, as well as enhanced details on the prerequisites for using the Notation CLI and Key Vault plug-in. Additionally, the article emphasizes the importance of timestamping f…

The documentation for the Advanced Container Networking Services (ACNS) guide has been updated to clarify its role as the primary solution for network observability in Azure Kubernetes Service (AKS). Users can now leverage Container Network Logs for detailed insights into DNS queries and packet drops, including specific KQL queries for analyzing DNS resolution issues and identifying traffic imbala…

The documentation now includes detailed instructions on how to update the SKU of an existing Azure Kubernetes Service (AKS) cluster, specifically transitioning between the Base SKU and the Automatic SKU. Users can utilize the provided `az aks update` commands to switch SKUs, ensuring that all AKS Automatic features are enabled before making the update. This enhancement allows users to manage their…

Updates content with clarifications and improvements.

Updates content with clarifications and improvements.

The documentation has been updated to clarify the process of signing container images in GitHub Actions using Trusted Signing. Users can now find more precise instructions on setting up a Trusted Signing account and certificate profile, including required attributes, and how to create a GitHub repository for workflow files and secrets. Additionally, the article emphasizes the importance of timesta…

The documentation now includes an important notice that Azure Kubernetes Service (AKS) will discontinue support for Azure Linux 2.0 starting on November 30, 2025, with node images being removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version to ensure continued functionality and security updates. Additionally, it emphasizes that the Azure CNI Overlay is required…

The documentation now includes a customer intent statement that clarifies the goal of provisioning dual-protocol volumes for Azure Kubernetes Service using Azure NetApp Files. This addition helps users understand how to efficiently manage both NFS and SMB workloads in their Kubernetes environments.

The documentation now includes a new security bulletin, AKS-2025-0011, which addresses recent malicious NPM package attacks. It clarifies that Azure Kubernetes Service (AKS) is not impacted by these vulnerabilities since Node.js is not utilized in any core or managed components, and no customer action is required. Users can refer to the bulletin for updates and reassurance regarding the security o…

The documentation now includes an important notice regarding the deprecation of Azure Linux 2.0 support in Azure Kubernetes Service (AKS), effective from 30 November 2025, which will impact users by requiring them to migrate to a supported Azure Linux version to avoid losing functionality. Additionally, the link for creating an Oracle single sign-on (SSO) account has been updated to direct users t…

The documentation now includes guidance for AKS administrators on migrating from the deprecated HTTP application routing feature to the application routing add-on. This change ensures users can maintain a supported configuration and continuity of their cluster’s routing capabilities.

Updates content with clarifications and improvements.

The documentation now includes a customer intent statement that clarifies the purpose of implementing FQDN filtering for network policies in Kubernetes clusters. This addition helps security administrators understand how FQDN filtering can enhance security by simplifying policy management and maintaining compliance without the need for frequent updates due to changing IP addresses.

The documentation now includes a new section that outlines customer intent, specifically addressing how software engineers can apply sustainable engineering principles in their Azure Kubernetes Service (AKS) deployments. This addition helps users understand the importance of minimizing carbon emissions and enhancing operational efficiency in their cloud applications.

The documentation now includes an important notice stating that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the AzureLinux3 OS SKU.

The documentation now includes a new section detailing the compatibility of Istio revisions with AKS long-term support (LTS) clusters, allowing users to understand how newer revisions may be declared compatible as older ones reach end of life. Additionally, the command `az aks mesh get-revisions` has been updated to provide separate outputs for `KubernetesOfficial` and `AKSLongTermSupport`, enhanc…

The documentation now emphasizes the recommendation to use Ephemeral OS disks whenever possible for improved performance and faster node scaling in Azure Kubernetes Service (AKS). Additionally, it introduces Ephemeral NVMe data disks, detailing their benefits for high-performance, temporary storage needs and expanding support to a wider range of Azure VM sizes. Users are advised to utilize Azure C…

The documentation now specifies that the Azure Key Vault Secrets Store CSI Driver supports Azure role-based access control (Azure RBAC) and OpenID Connect (OIDC) for identity-based access methods, enhancing clarity for Kubernetes administrators. Additionally, it emphasizes that the Microsoft Entra pod-managed identity (preview) has been deprecated, and users are encouraged to utilize the Microsoft…

The documentation for configuring a Static Egress Gateway in Azure Kubernetes Service (AKS) has been updated to remove the preview designation, indicating that the feature is now generally available. Additionally, it now specifies that the Static Egress Gateway does not support Private IPs assigned to the gateway node pool, requiring a public IP prefix instead. This change clarifies the requiremen…

The documentation has been updated to clarify the process of creating a node pool with a unique subnet, now directing users to the new section "node-pool-unique-subnet.md." Additionally, the customer intent section has been refined to emphasize the goal of creating a service in AKS that utilizes an internal Azure load balancer for improved security without exposing an external endpoint.

The documentation for the Advanced Container Networking Services in Azure Kubernetes Service (AKS) has been updated to provide a clearer overview of container network metrics, emphasizing their importance for monitoring and optimizing network performance. Users can now better understand how to capture and utilize metrics at both the node and pod levels, including traffic volume, dropped packets, a…

The documentation for the AKS Automatic quickstart has been updated to clarify that users must pre-register the `Microsoft.PolicyInsights` resource provider in their subscription for a smoother experience when enabling Azure Policy on their AKS cluster. Additionally, the required version of the Azure CLI has been updated to 2.77.0 or later, ensuring users are aware of the necessary tools for manag…

The documentation now includes a clearer description of the article’s purpose, emphasizing that users will learn how to create the infrastructure needed for a MongoDB cluster on AKS. Additionally, a new note has been added regarding the default keepalive time in AKS, recommending a shorter duration for better MongoDB performance, which users should consider when configuring their deployments.

Updates content with clarifications and improvements.

The documentation now includes a clearer customer intent statement for Kubernetes administrators, emphasizing the installation of the Azure App Configuration extension on AKS clusters for centralized management of application settings and feature flags. Additionally, the link for creating an Azure subscription has been updated to direct users to a new pricing options page.

The documentation for Deployment Safeguards in Azure Kubernetes Service (AKS) has been updated to clarify that Deployment Safeguards are enabled by default in AKS Automatic and to specify the requirement for Azure Policy add-on registration. Users can now configure Deployment Safeguards using the `az aks safeguards create` and `az aks safeguards update` commands, with options for setting the level…

The documentation for managing signed images with Docker Content Trust (DCT) in Azure Container Registry has been updated to clarify the enabling process and its implications. Users can now enable DCT at the registry level, allowing clients to push signed images while still permitting access to consumers without DCT enabled. Additionally, the article emphasizes that disabling DCT will permanently…

Updates content with clarifications and improvements.

The documentation now clarifies that users can effectively run workloads concurrently on both Spot and On-demand node pools by utilizing priority expanders, which allow for scaling based on assigned priority. Additionally, a new configuration example for setting up a priority expander has been added, providing users with a practical reference for implementation. The guidance on managing workloads…

The documentation now includes a customer intent statement that clarifies the goal of autoscaling GPU workloads on Azure Kubernetes Service using KEDA and NVIDIA metrics. This addition helps users understand the benefits of optimizing resource usage and managing operational costs in response to real-time workload demands.

The documentation now includes an important notice that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, requiring users to migrate to a supported version to avoid losing the ability to scale node pools. Additionally, it clarifies that the Container Network Security feature is not available for clusters that do not use the Cilium data plane, and it provides updated detail…

Updates content with clarifications and improvements.

The documentation has been updated to reflect the new version of the ALB Controller, changing the version from 1.7.9 to 1.7.12 in multiple command examples. Users should now reference the updated version for deploying the Application Gateway for Containers, ensuring they are using the latest features and fixes available in the ALB Controller.

The documentation for AKS supported Kubernetes versions has been updated to reflect the revised release dates for version 1.34. Users can now see that the release dates have changed from August 2025 to October 2025 for the first patch, with subsequent dates also adjusted accordingly. This change provides clearer expectations for users planning their upgrade paths.

The documentation now includes a customer intent statement that clarifies the goal of restricting pod access to the Azure Instance Metadata Service (IMDS) endpoint. This enhancement helps Kubernetes administrators understand the security benefits of implementing such restrictions in their AKS clusters to prevent sensitive information leaks.

The documentation now includes a note indicating that after March 31, 2026, new AKS clusters using the AKS-managed virtual network option will default to placing cluster subnets into private subnets, which may affect unsupported scenarios involving other resources in the same subnet. Users are informed that this change does not impact AKS-managed cluster traffic, and clusters using Bring Your Own…

The documentation now includes enhanced guidance on using Windows Exporter with Managed Prometheus and Grafana for monitoring AKS. Users can now see metrics related to node and pod performance, health, and resource usage, and are instructed to add the parameter ‘–enable-windows-recording-rules’ when enabling Managed Prometheus for accurate dashboard data presentation. Additionally, specific Grafa…

The documentation for customizing node configurations on Kubernetes clusters has been updated to reflect new default values for several parameters across different Ubuntu and Azure Linux versions. Notably, the `fs.file-max` parameter is now set to the maximum possible value to prevent file descriptor exhaustion, and the `kernel.threads-max` has been significantly increased, allowing for more concu…

The documentation now includes a customer intent statement that clarifies the goal of creating and managing persistent volumes using Azure Disks in AKS, enhancing user understanding of the feature’s purpose. Additionally, it emphasizes that when deploying AKS clusters across multiple availability zones with Kubernetes version 1.29 or later, zone-redundant storage (ZRS) will be utilized for managed…

The documentation for configuring Azure CNI for static allocation of CIDR blocks has been updated to clarify the feature’s name and its functionality, now referred to as "Pod Subnet – Static Block Allocation." Users can now find detailed migration steps for transitioning from Dynamic IP Allocation to Static Block Allocation, including creating a new subnet and adding a new agent pool with the appr…

The documentation now includes a customer intent statement that clarifies the purpose of attaching an Azure Container Registry to an AKS cluster, specifically for developers using Visual Studio Code. This addition helps users understand how this integration can streamline their container deployment process and improve resource management.

The documentation now emphasizes that Artifact Streaming (preview) is the recommended alternative for users currently utilizing Teleport (preview) on Azure Kubernetes Service, which will be retired on July 15, 2025. Users are advised to migrate to Artifact Streaming or update their node pools to disable Teleport to avoid potential issues with image pulls and node provisioning failures after the re…

The documentation now includes a note emphasizing the requirement to pre-register the `Microsoft.PolicyInsights` resource provider in your subscription for a smoother experience when enabling Azure Policy on AKS Automatic clusters. Additionally, the title and description of the quickstart guide have been updated to remove the "preview" designation, indicating that users can now access the AKS Auto…

Updates content with clarifications and improvements.

The documentation now includes a customer intent section that clarifies the purpose of installing custom certificate authorities on AKS cluster nodes for secure connections to private registries. Additionally, it highlights that while the Custom CA Trust feature adds certificates to the AKS node’s trust store, these certificates will not be accessible to containers running in pods, requiring separ…

The documentation now highlights the use of the **hostUsers: false** setting, which enables pods to run using a user-namespace, enhancing host isolation and limiting lateral movement during container breakouts. Additionally, the guidance on collaborating with cluster operators has been refined to emphasize the importance of minimizing permissions and access requirements for pods, while also incorp…

The documentation has been updated to reflect the rebranding of the AI toolchain operator to the AI toolchain operator add-on, enhancing clarity for users. Additionally, users can now self-host large language models (LLMs) more efficiently on Kubernetes, with improved support for customization and control over data, as well as updated commands and parameters for deploying models, including the lat…

The documentation now includes a customer intent statement that clarifies the purpose of understanding legacy container networking options in Azure Kubernetes Service (AKS). This addition helps Kubernetes administrators better manage pod IP address management and select the appropriate networking model for their deployment scenarios.

The documentation now includes a customer intent section that clarifies how Kubernetes administrators can configure the Azure App Configuration extension for their AKS clusters. This update emphasizes the ability to optimize settings such as replica count and log verbosity, enhancing application performance and monitoring capabilities.

The documentation now clarifies that for Kubernetes administrators implementing role-based access control in AKS with Microsoft Entra integration, the server application will use user-provided credentials to query group memberships from the MS Graph API only if the user is a member of more than 200 groups. Additionally, it specifies that for users with 200 or fewer group memberships, the groups cl…

The documentation now specifies that only the `EnableImageIntegrityPreview` feature flag needs to be registered on your Azure subscription for validating signed images before deploying them to AKS clusters. The previous requirement to register the `AKS-AzurePolicyExternalData` feature flag has been removed, simplifying the process for Kubernetes administrators focused on ensuring the use of truste…

The documentation now clarifies that using the Kubernetes Gateway API for egress traffic management with the Istio add-on is only supported for the manual deployment model. Additionally, a new section has been added to guide users on configuring ingress for the Istio service mesh add-on with the Kubernetes Gateway API. This change provides users with clearer instructions on supported configuration…

The documentation now includes a new section outlining customer intent for Kubernetes administrators, specifically focusing on configuring a secure ingress gateway with mutual TLS for Istio service mesh. Additionally, users are directed to the "Next Steps" section, which provides guidance on configuring ingress for the Istio service mesh add-on using the Kubernetes Gateway API.

The documentation now includes a customer intent statement that clarifies the goal of integrating Azure Key Vault with an AKS cluster using the Secrets Store CSI Driver, enhancing user understanding of the feature’s purpose. Additionally, the link for creating a free Azure account has been updated to direct users to a more relevant page, ensuring they have the correct resources to get started.

The documentation has been updated to reflect the release of ALB Controller version 1.7.12, which includes improved handling for missing Provider ID. Users can now benefit from this enhancement, along with the previously noted features in version 1.7.9, such as the Web Application Firewall (WAF) Public Preview and updates to the Gateway API.

The documentation now includes a clearer customer intent statement, emphasizing the goal of configuring an NGINX Ingress Controller with TLS on Azure Kubernetes Service for securing application traffic using certificates from Azure Key Vault. Additionally, the link for creating a free Azure account has been updated to direct users to a more relevant page for account options.

The documentation now emphasizes the recommendation for Kubernetes administrators to migrate workloads from Virtual Machine Availability Sets to Virtual Machine Node Pools to ensure ongoing support and benefit from enhanced management features. It introduces a script for this migration that not only transitions the AKS cluster but also upgrades Basic-tier load balancers to Standard-tier, while mai…

The documentation now includes a customer intent statement that clarifies the goal of implementing the Azure Disk CSI driver in AKS clusters, emphasizing efficient storage provisioning and performance enhancement for containerized applications. This addition helps Kubernetes administrators understand the benefits and objectives of using the Azure Disk CSI driver.

Updates content with clarifications and improvements.

The documentation now clarifies that disabling the service mesh add-on will remove all Istio components from the AKS cluster, including Istio CRDs, the control plane, and ingress/egress gateway configurations, as well as the managed namespaces `aks-istio-system` and `aks-istio-ingress`. Users are also informed that to clean up Istio CustomResourceDefinitions (CRDs) after uninstallation, they can r…

The documentation now includes an important notice for Kubernetes administrators regarding the end of support for Azure Linux 2.0 on AKS. Users are informed that after November 30, 2025, security updates will cease, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Administrators are advised to migrate to a supported Azure Linux version to ensure continued funct…

The documentation now includes an important notice stating that Azure Kubernetes Service (AKS) will cease support for Azure Linux 2.0 on November 30, 2025, and that node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to AzureLinux3 to avoid disruptions in their Kubernetes deployments.

Updates content with clarifications and improvements.

The documentation has been updated to clarify the configuration of Azure CNI networking, specifically emphasizing the use of "Pod Subnet" for dynamic IP allocation and enhanced subnet support in Azure Kubernetes Service (AKS). Users can now find detailed instructions on how to manage IP addresses more efficiently and improve the scalability and performance of their Kubernetes clusters, with specif…

The documentation now includes a customer intent statement that clarifies the goal of implementing Azure CNI Overlay networking in AKS clusters, emphasizing efficient IP address management and optimal intra-cluster communication. Additionally, it reiterates the requirement that names for the subnet, VNet, and resource group must be 63 characters or less, which are used as labels in AKS worker node…

The documentation now clarifies that AKS does not support all GPU-enabled VM sizes in Azure and specifies that if a GPU VM size is not listed as supported, necessary GPU software components will not be installed, and support will not be provided. Users can now check available and supported VM sizes using the `az vm list-skus` command, which enhances their ability to select appropriate VM sizes for…

The documentation now includes an important notice stating that starting on November 30, 2025, AKS will no longer support Azure Linux 2.0, and users will need to migrate to a supported version to avoid losing the ability to scale their node pools. Additionally, users can set Dapr configuration options using the `–configuration-settings` parameter in the Azure CLI or the `configurationSettings` pr…

Updates content with clarifications and improvements.

The documentation now includes a critical update regarding the support timeline for Azure Linux 2.0 in AKS. Users are informed that after November 30, 2025, security updates will cease, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Administrators are advised to migrate to a supported Azure Linux version to ensure continued functionality and security.

The documentation now includes a customer intent statement that clarifies the goals of AKS administrators regarding IP address planning and allocation for clusters, emphasizing the importance of resource sufficiency for scaling and upgrading. Additionally, the reference to the Azure CNI Pod Subnet Static Block Allocation has been updated for clarity, providing users with more detailed guidance on…

Updates content with clarifications and improvements.

The documentation now includes a clearer description of how to deploy and manage cluster extensions on Azure Kubernetes Service (AKS), emphasizing the lifecycle management of these extensions. Users can now differentiate between Core and Standard extensions, with specific commands provided for managing each type using the `az aks` and `az k8s-extension` CLI commands. Additionally, the requirements…

The documentation has been updated to clarify the process of verifying container images using Notation and Trusted Signing in GitHub Actions. Users can now find improved instructions on configuring GitHub workflows, including specific commands for creating user-assigned managed identities and assigning roles for accessing Azure Container Registry. Additionally, the descriptions and headings have b…

The documentation now emphasizes that users must reimage the cluster’s node pools immediately after updating the artifact source to Cache when enabling the network isolated cluster feature. This change clarifies the timing of the reimaging process to ensure the feature is properly applied to the cluster.

Updates content with clarifications and improvements.

The documentation now includes an important notice regarding the deprecation of Azure Linux 2.0 support in Azure Kubernetes Service (AKS). Users are informed that starting on November 30, 2025, security updates will cease, and by March 31, 2026, node images will be removed, necessitating migration to a supported Azure Linux version to maintain functionality and compliance.