The Azure Key Vault provider for Secrets Store CSI Driver enables secure management of secrets in AKS. The article now includes prerequisites and detailed guidance on configuring the provider, troubleshooting, and optimizing secret handling in AKS environments.

This article explains how to enable Key Management Service (KMS) data encryption for Kubernetes secrets in AKS, detailing both platform-managed and customer-managed key options. It emphasizes the importance of encryption for security and compliance.

The article provides an overview of data encryption at rest for Kubernetes secrets in AKS, detailing the integration with Azure Key Vault and the KMS provider. It explains key management options and the encryption process, enhancing understanding of security measures.

This new article guides users through deploying the Open-WebSearch MCP server on AKS, detailing the setup process and configuration requirements. It emphasizes the importance of careful registry and network configuration for production deployments.

The article has been updated to clarify the deployment and configuration of an AKS cluster with Microsoft Entra Workload ID, including detailed steps for creating a managed identity and configuring token federation.

This article explains the setup process and configuration for Azure CNI Overlay AKS clusters, providing insights into dual-stack networking and workload deployment. It enhances understanding of networking options in AKS.

The article has been updated to provide clearer instructions on installing and using the agentic CLI for AKS, which helps troubleshoot clusters and gain insights using natural language.

This article has been revised to better explain Microsoft’s vulnerability management processes for AKS, aiding cloud security engineers in assessing and mitigating security risks.

The document has been updated to include new strategies for upgrading AKS clusters, enhancing the guidance provided for maintaining production environments.

Learn about the options for connecting to a private AKS cluster, including using Azure Cloud Shell, Azure Bastion, virtual network peering, and private endpoints.

This article provides an overview of the networking components you need to consider when planning your Azure Kubernetes Service (AKS) workloads.

Learn how to configure and customize rolling upgrades for Azure Kubernetes Service (AKS) node pools, including surge settings, drain timeout, and soak time.

Learn how to plan for capacity and costs when upgrading Azure Kubernetes Service (AKS) clusters, including surge node requirements, quota management, and IP address planning.

Learn how to upgrade the control plane of an Azure Kubernetes Service (AKS) cluster to get the latest Kubernetes version features and security updates.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) nodes.

This article provides an overview of the networking components you need to consider when planning your Azure Kubernetes Service (AKS) control plane workloads.

Learn how to build the foundational Azure infrastructure for a generic AKS cluster that can host any containerized workload.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) pods.

This article provides an overview of the networking components you need to consider for Azure Kubernetes Service (AKS) applications.

The documentation now emphasizes the requirement to specify a Pod CIDR (IP address range for pods) when using a custom CNI in AKS. This change clarifies that the AKS control plane relies on this range for internal traffic routing to pods, and it provides guidance on selecting a non-conflicting CIDR that avoids Azure reserved ranges. Users are now informed that failing to provide a Pod CIDR may res…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to the `osSku AzureLinux3` to ensure continued support and functio…

The documentation now clarifies that in both `node.yaml` and `python.yaml`, users need to replace the placeholder `<SERVICE_ACCOUNT_NAME>` with the actual service account name they created for `serviceAccountName`. Additionally, the reference for workload identity has been updated to direct users to the section on deploying and configuring Microsoft Entra workload identity on an Azure Kubernetes S…

The documentation has been updated to reflect the renaming of "Microsoft Entra attribute-based access control (ABAC)" to "Azure attribute-based access control (Azure ABAC)" throughout the article. Users can now enable Azure ABAC for repository permissions in Azure Container Registry by setting the **Role assignment permissions mode** to **RBAC Registry + ABAC Repository Permissions**, allowing for…

The documentation for Application Gateway for Containers has been updated to clarify the definitions and requirements for its components, including frontends and associations. Users can now understand that frontends define the entry point for client traffic and cannot be associated with more than one Application Gateway for Containers, while associations map to a delegated Azure Subnet. Additional…

The documentation for troubleshooting the AI-powered CLI agent for AKS has been updated to clarify instructions and improve readability. Users are now advised to check their large language model (LLM) provider configuration and ensure they are using the correct model with the `–model` parameter. Additionally, the guidance on handling installation failures has been refined to specify uninstalling…

The documentation for accessing a private Azure Kubernetes Service (AKS) cluster has been restructured to clarify the use of the `command invoke` and `Run command` features. Users can now access private clusters without needing to configure a VPN or Express Route, allowing remote invocation of commands like `kubectl` and `helm` through the Azure API. Additionally, the prerequisites section has bee…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation for Azure CNI Powered by Cilium has been updated to include support for Local Redirect Policy (LRP) starting from Kubernetes v1.29 and Cilium v1.14, with specific requirements for Cilium Network Policy egress labels. Additionally, users are now informed that high-churning workloads, such as Spark jobs, can generate a high count of Cilium identities, and they can reduce this by ex…

The documentation for deploying Valkey on Azure Kubernetes Service (AKS) has been updated to clarify that the solution now deploys three Valkey primary pods across two availability zones, with one replica pod per primary in a third zone, utilizing `Standard_E64_v5` SKU nodes. Additionally, the explanation of the `StatefulSet` resources has been refined to emphasize the zone distribution for high a…

The documentation now indicates that the Azure Kubernetes Fleet Manager with Arc-enabled Kubernetes clusters is in preview, providing users with updated context regarding the feature’s availability. This change highlights that users can expect ongoing updates and improvements as the feature evolves.

The documentation for Microsoft Entra Workload ID on Azure Kubernetes Service (AKS) has been updated to clarify that workloads can now assign workload identities to authenticate and access Azure resources more seamlessly. Additionally, the prerequisites section now includes specific limitations, such as the maximum number of federated identity credentials allowed per managed identity and the propa…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionality.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS. Starting on November 30, 2025, users will no longer receive support or security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or swit…

The documentation has been updated to reflect new links for connecting to private clusters and virtual network peering. Users can now access the updated sections on connecting to private clusters and learn about connecting using virtual network VNet peering through the new dedicated page, enhancing clarity and usability.

The documentation now specifies that when deploying a Bicep file using the Azure CLI for an AKS Automatic cluster, users need to provide the user assigned managed identity resource ID instead of the user assigned identity principal ID. Additionally, the parameter for the user assigned identity has been updated from `uamiPrincipalId` to `uamiId`, which may affect how users configure their deploymen…

The documentation for creating a private Azure Kubernetes Service (AKS) cluster has been updated to emphasize enhanced security and network control features. Users can now find detailed instructions on configuring private DNS settings, including options for using custom private DNS zones and subdomains, as well as the implications of using Azure Private Link service. Additionally, the prerequisite…

The documentation for customizing node configurations in Azure Kubernetes Service (AKS) has been updated to clarify the creation of custom node configuration files and their application during cluster creation and node pool addition. Users can now specify configuration files for the `–kubelet-config` and `–linux-os-config` parameters when creating a new AKS cluster or adding a node pool, ensurin…

The documentation for the Azure Kubernetes Fleet Manager quickstart has been updated to clarify the terminology, changing "Fleet Manager resource" to "Fleet Manager" throughout the document. Additionally, the prerequisites section has been renamed to "Before you begin," and several new prerequisites have been added, including links to resources for deploying cluster-scoped and namespace-scoped res…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation now specifies that users should install Airflow using the command `helm install airflow apache-airflow/airflow –version 1.15.0`, ensuring they are using the latest version. Additionally, the instructions for signing in have been clarified to emphasize using the default webserver URL and sign-in credentials provided during the installation process.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service. For further detai…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools to a supported Kubernetes version or by switching to `osSku AzureLinux3`. This change…

The documentation now includes a dedicated section for obtaining the identity ID and object ID for the Azure Key Vault Secrets provider, enhancing clarity on this process. Additionally, users are advised to utilize the Azure Verified Module for deploying infrastructure with Terraform, along with a recommendation to consider the AKS production pattern module for best practices when deploying in pro…

The documentation for the agentic CLI for AKS has been updated to clarify the capabilities of the `az aks agent` command group, emphasizing that users can now ask natural language questions about their cluster’s health, configuration, and issues. Additionally, the security considerations section now specifies the use of Microsoft Entra for authentication instead of Azure AD, and highlights the imp…

The documentation for migrating to Key Management Service (KMS) v2 in Azure Kubernetes Service (AKS) has been updated to indicate that it now applies specifically to clusters using the legacy KMS experience. Users are advised to transition to the new KMS data encryption experience for clusters running Kubernetes version 1.33 or later, which provides enhanced features such as platform-managed keys,…

The documentation for the Valkey cluster has been updated to clarify the use of the term "master," which is now referred to as "primary." Additionally, the section on building and pushing a sample client application has been streamlined, emphasizing the steps to build the application and push the Docker image to Azure Container Registry (ACR). Users can now verify the successful push of the image…

The documentation now includes an important notice stating that starting on **30 November 2025**, AKS will no longer support Azure Linux 2.0, and by **31 March 2026**, node images will be removed, preventing users from scaling their node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3`. Additionally, the docume…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will cease on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionality.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support. For further details,…

Starting March 17, 2027, AKS will no longer support Ubuntu 20.04, resulting in the deletion of existing node images and the cessation of security updates, which will prevent users from scaling their node pools. Additionally, as of November 30, 2025, AKS will stop supporting Azure Linux 2.0, with node images being removed by March 31, 2026, necessitating migration to a supported Azure Linux version…

The documentation for creating an Azure Kubernetes Fleet Manager has been updated to clarify that users can now create a Fleet Manager and later add AKS and Arc-enabled clusters as member clusters. Additionally, it emphasizes that if the Fleet Manager has a hub cluster, enhanced features such as Kubernetes object propagation and Managed Fleet Namespaces will be available. The terminology has also…

The documentation for updating the Key Vault mode for an Azure Kubernetes Service (AKS) cluster with KMS etcd encryption has been updated to indicate that the content is now considered legacy. Users should be aware that this change may affect their understanding of the current best practices for KMS integration with AKS. Additionally, the dates have been revised to reflect the legacy status of the…

The documentation now clarifies that Deployment Safeguards in Azure Kubernetes Service (AKS) can be configured to enforce Baseline, Restricted, or Privileged Pod Security Standards using the `–pss-level` flag. Users can now ensure their workloads comply with these standards, which are enabled by default in AKS Automatic, and understand that the `Enforce` level will block or mutate deployments bas…

The documentation now includes updated guidance on defining a Fleet Manager Auto-upgrade profile for member clusters, which automates the creation and execution of update runs when new Kubernetes versions are released. Users can select between Stable or Rapid Kubernetes release channels for automatic minor version increments, or opt for the preview feature that allows targeting specific Kubernetes…

The documentation now specifies that starting June 17, 2025, AKS will no longer support Ubuntu 18.04, and users will need to migrate to a supported version to continue scaling their node pools. Additionally, as of November 30, 2025, AKS will cease support for Azure Linux 2.0, with node images being removed by March 31, 2026, requiring users to upgrade to a supported Azure Linux version or migrate…

The documentation now includes an important notice that starting on **30 November 2025**, Azure Kubernetes Service (AKS) will no longer support Azure Linux 2.0, and by **31 March 2026**, node images will be removed, preventing users from scaling their node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or transitioning to `osSku AzureLinux3`. A…

The documentation for using kubelogin to authenticate in Azure Kubernetes Service (AKS) has been updated to clarify that all supported Microsoft Entra authentication methods are now covered, including specific limitations regarding group membership and authentication methods. Users can now find detailed information about the service principal authentication method, which is limited to managed Micr…

The documentation for the HTTP proxy configuration in Azure Kubernetes Service (AKS) has been updated to remove the trailing slashes from the example proxy URLs. Users should now use the corrected format without trailing slashes for both the `httpProxy` and `httpsProxy` parameters to ensure proper functionality.

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functional…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS. Starting on November 30, 2025, users will no longer receive support or security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing the scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or…

Starting June 17, 2025, AKS will no longer support Ubuntu 18.04, and from March 17, 2027, support for Ubuntu 20.04 will also end. Users will not be able to scale their node pools or receive security updates for these versions, necessitating an upgrade to a supported Kubernetes version to migrate to a supported Ubuntu version. Additionally, support for Azure Linux 2.0 will cease on November 30, 202…

The documentation now includes an important notice that starting on **30 November 2025**, AKS will no longer support Azure Linux 2.0, and users must migrate to a supported version to avoid losing the ability to scale node pools. Additionally, the sections on scaling, cluster tier, and service level agreements have been updated to clarify that the default configuration now includes a free tier clus…

The documentation has been updated to clarify navigation steps in the Azure portal for continuous patching. Users are now instructed to select **Repositories** and **Tasks** under the **Services** menu, enhancing the clarity of the process for viewing running tasks and newly created repositories. Additionally, old screenshots have been removed to streamline the content.

The documentation for the Java package has been updated to reflect a new Maven repository link, changing from the previous URL on search.maven.org to the new URL on central.sonatype.com. This update ensures users can access the Azure Containers Container Registry library from the correct source.

The documentation for setting a retention policy for untagged manifests in Azure Container Registry has been updated to clarify that users can now enable this policy through both the Azure portal and the Azure CLI. Additionally, the default retention period is specified as seven days, with the option to set it between 0 and 365 days, allowing for immediate deletion of untagged manifests if set to…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation has been updated to reflect that the `acr purge` command is now distributed in a public container image version `0.17`, up from version `0.14`. Users should note this change as it may affect their usage of the command while it remains in preview.

The documentation for using Key Management Service (KMS) etcd encryption in Azure Kubernetes Service (AKS) has been updated to indicate that it now describes the legacy KMS experience. Users are advised to transition to the new KMS data encryption experience for clusters running Kubernetes version 1.33 or later, which includes features like platform-managed keys and automatic key rotation. Additio…

The documentation for the AKS auto-upgrade cluster feature has been updated to clarify that users can no longer upgrade the control plane separately from the node pools; both will now be upgraded together during an auto-upgrade. Additionally, the guidance on using the `az aks upgrade –control-plane-only` command has been updated to reflect this change, including the specific error message users w…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service. For further detai…

The documentation now clarifies that when dedicated data endpoints are enabled during image pulls, Azure Container Registry (ACR) provides a temporary download link for each image layer, valid for 20 minutes. This enhancement ensures users have a secure, short-lived URL for downloading layers, streamlining the image pulling process.

The documentation for Azure Kubernetes Fleet Manager has been updated to clarify the role of fleets and member clusters, emphasizing that a fleet is a group of Kubernetes clusters managed as a single entity. Users can now better understand the capabilities of Fleet Manager, including safe multi-cluster updates and resource propagation, particularly when configured with a hub cluster. Additionally,…

The documentation for configuring the AKS scheduler has been updated to clarify that users cannot define a profile called `aks-system`, in addition to the existing restriction on in-tree scheduling plugins targeting the `aks-system` scheduler. Users are now instructed to create files named `bin-pack-cpu-scheduler.yaml` and `pod-topology-spreader-scheduler.yaml`, both requiring the CRD to be named…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation now clarifies that when dedicated data endpoints are enabled, Azure Container Registry (ACR) provides a temporary download link for image layers that is valid for 20 minutes, enhancing security during image pulls. Additionally, the instructions for enabling data endpoints in the Azure portal have been updated to specify selecting the **Use dedicated data endpoint** checkbox inste…

The documentation now specifies that users should select **Infrastructure Services** instead of **Containers** when navigating to Azure Kubernetes Service (AKS). Additionally, users can now change the preset configuration during cluster creation by selecting **Compare presets** and choosing a different option. The recommended VM size for node pools has been updated to **D2s_v5**, and users are adv…

The documentation for using Microsoft Entra pod-managed identities in Azure Kubernetes Service (AKS) has been updated to clarify that this feature is now referred to as "AKS" instead of "Azure Kubernetes Service." Additionally, users are informed that Microsoft Entra pod-managed identities support two operation modes: Standard Mode and Managed Mode, with specific details on how to manage these mod…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or transitioning to AzureLinux3 to avoid disruptions in service. For further details,…

The documentation now includes an important notice that starting on **30 November 2025**, AKS will no longer support Azure Linux 2.0, and users must migrate to a supported version to avoid losing the ability to scale node pools. Additionally, the `–skip-gpu-driver-install` node pool tag will be retired on **14 August 2025**, and users are advised to use the `–gpu-driver` field set to `none` to m…

The documentation for viewing repositories in the Azure portal has been updated to clarify that Azure Container Registry allows users to store Docker container images and other artifacts in repositories. Users can now see a list of repositories hosting their images and any associated image tags directly in the Azure portal, with detailed steps provided for accessing this information. Additionally,…

The documentation has been updated to clarify the creation process for an Azure Kubernetes Fleet Manager, emphasizing that users can now create a Fleet Manager and add AKS and Arc-enabled clusters as member clusters. Additionally, it highlights that if the Fleet Manager has a hub cluster, users can access enhanced features such as Kubernetes object propagation and Managed Fleet Namespaces. The tit…

The documentation for the "Quickstart: Create an Azure Kubernetes Fleet Manager and join member clusters using Azure CLI" has been updated to clarify the process of creating a Fleet Manager, enhancing user understanding of managing multiple Kubernetes clusters. Additionally, the section titles have been revised for better clarity, and new links to related resources have been added, allowing users…

The documentation for deploying a Valkey cluster on Azure Kubernetes Service (AKS) has been updated to replace the terms "master" and "slave" with "primary" and "replica," reflecting Microsoft’s current terminology. Additionally, users are now instructed to export the secret variable using `export SECRET=$(openssl rand -base64 32)` and to ensure they replace placeholders in Terraform code with act…

The documentation for managing network bypass policies for Azure Container Registry tasks has been updated to include new command syntax for creating agent pools, building images, and creating tasks. Users can now specify parameters such as `agentpool`, `registry`, `subnet-id`, `image`, `task`, and `schedule` directly in the commands, enhancing clarity and usability. Additionally, the verification…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to ensure continued support and functionali…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will cease on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in scaling their node pools…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 for AKS. Starting on November 30, 2025, users will no longer receive support or security updates for Azure Linux 2.0, and by March 31, 2026, node images will be removed, preventing scaling of node pools. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or swit…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0 on AKS, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3` to avoid disruptions in service.

The documentation now includes a critical update regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed by March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3`. Additionally, users can now configure Dapr monitori…

The documentation now includes an important notice that starting on **30 November 2025**, AKS will cease support and security updates for Azure Linux 2.0, with node images being removed on **31 March 2026**. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3`. Additionally, the section on the "Honor Least-privilege princ…

The documentation now includes an important notice that starting on **30 November 2025**, AKS will no longer support Azure Linux 2.0, and by **31 March 2026**, users will be unable to scale their node pools as node images will be removed. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3`. Additionally, the sections on…

The documentation for validating Valkey resiliency during an Azure Kubernetes Service (AKS) node pool upgrade has been updated to clarify the process and improve user guidance. Users can now find a dedicated section for verifying the Locust client status and monitoring the dashboard during the upgrade process, which enhances their ability to manage upgrades with minimal service disruption. Additio…

The documentation has been updated to clarify the use of Azure RBAC roles with Azure Kubernetes Fleet Manager, emphasizing that these roles now manage access to both ARM and Kubernetes resources. Users can assign Fleet data plane roles at the Fleet scope or individual managed namespace scope, with new details on how permissions are granted and revoked when member clusters join or leave a Fleet. Ad…

The documentation now clarifies that Fleet Manager’s support for custom resources is based on the KubeFleet CNCF project, enhancing user understanding of its capabilities. Additionally, a new parameter has been introduced that allows users to check the available number of nodes of a specific VM SKU in the cluster, which is currently in preview via the v1beta1 API.

The documentation for enabling and disabling Docker Content Trust (DCT) in the Azure portal has been updated for clarity. Users are now instructed to select "Enabled" or "Disabled" directly after navigating to **Content Trust** under **Policies**, rather than using a ">" symbol, which simplifies the process. Additionally, old screenshots have been removed to enhance the overall user experience.

The documentation now includes an important notice that starting on **30 November 2025**, Azure Kubernetes Service (AKS) will no longer support or provide security updates for Azure Linux 2.0. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or migrating to `osSku AzureLinux3` before **31 March 2026**, when node images will be removed and scaling of nod…

The documentation has been updated to clarify the process of creating an Azure Kubernetes Fleet Manager using Terraform. Users can now create a Fleet Manager without a hub cluster and later add AKS and Arc-enabled clusters as member clusters, enabling features like Kubernetes object propagation and Managed Fleet Namespaces. Additionally, it is emphasized that when using the 4.x AzureRM Terraform p…

The documentation for "Observability for Azure Kubernetes Service (AKS) Clusters with Key Management Service (KMS) Etcd Encryption" has been updated to mark it as a legacy section, indicating that users should refer to newer documentation for current practices. Additionally, the command for transitioning to KMS v2 has been changed from "Use KMS v2" to "Migrate to KMS v2," clarifying the action use…

The documentation now specifies that Managed Fleet Namespaces utilize Azure Resource Manager roles for management and access, replacing the previous reference to control plane roles. Additionally, it clarifies that Kubernetes data plane roles are used for interaction with the Managed Fleet Namespace instance on the Fleet Manager hub cluster, enhancing user understanding of role applications.

The documentation now specifies that users can change a repository’s autoconversion status directly from the **Repositories** pane in the Azure portal by right-clicking the repository. Users can select **Stop artifact streaming** to set the status to **Inactive** or **Start artifact streaming** to set it to **Active**, providing a clearer and more direct method for managing artifact streaming.

The documentation for using Kubernetes RBAC with Microsoft Entra ID in Azure Kubernetes Service (AKS) has been updated to clarify the process of managing access based on user identity and group membership. Users can now create example groups and roles in Microsoft Entra ID, and the instructions have been refined to enhance clarity on how to set up role bindings and permissions for application deve…

The documentation has been updated to clarify the role of hub clusters in Azure Kubernetes Fleet Manager, now titled "Azure Kubernetes Fleet Manager hub cluster overview." Users can now understand that hub clusters are optional and facilitate resource placement and Fleet Managed Namespaces through a managed version of KubeFleet. Additionally, the section now includes detailed descriptions of the f…

The documentation for migrating from Pod Identity to Workload Identity has been updated to clarify the prerequisites for using Azure Identity supported versions. Users can now find the necessary prerequisites in the "Workload Identity Overview" section, enhancing their understanding of the requirements for successful implementation.

The documentation now provides an updated link for enabling workload identity on an existing AKS cluster, directing users to the section on enabling the OIDC issuer and Microsoft Entra workload identity. This change clarifies the steps users need to follow if workload identity is not already enabled on their AKS cluster.

The documentation for certificate rotation in Azure Kubernetes Service (AKS) has been updated to include detailed instructions on how to manually rotate certificates and enable autorotation for enhanced security. Users can now verify certificate expiration dates for both the cluster and agent nodes using specific commands, and the article emphasizes that AKS automatically rotates non-CA certificat…

The documentation now includes an important notice regarding the retirement of Azure Linux 2.0, stating that support and security updates will end on November 30, 2025, and node images will be removed on March 31, 2026. Users are advised to migrate to a supported Azure Linux version by upgrading their node pools or switching to `osSku AzureLinux3`. Additionally, various sections have been updated…

The article "Choosing an Azure Kubernetes Fleet Manager option" has been updated to provide a clearer overview of the various Azure Kubernetes Fleet Manager options, including a change in terminology from "Multi-cluster managed namespaces" to "Managed Fleet Namespaces." Additionally, the billing considerations section has been refined to clarify that users will incur costs associated with the hub…