Learn how to create an AKS cluster with node auto-provisioning in a custom virtual network.

Learn how to configure container network metrics filtering to optimize data collection and reduce storage costs in Azure Kubernetes Service (AKS) with Cilium.

This article shows you how to configure node pools for Node Auto-Provisioning (NAP) in Azure Kubernetes Service (AKS), including SKU selectors, limits, and weights.

Learn how to troubleshoot SNAT port exhaustion issues for a Standard Load Balancer in Azure Kubernetes Service (AKS).

New page added.

Learn about node auto-provisioning in AKS, including how it works, prerequisites, upgrade behavior, limitations, and resources to get started.

This article provides an overview of managed identities in Azure Kubernetes Service (AKS), including system-assigned, user-assigned, and pre-created kubelet managed identities. It also explains how they work, role assignments, and AKS-specific managed identity features.

Learn how you can configure a public standard load balancer in Azure Kubernetes Service (AKS) to meet your workload needs, including changing the inbound pool type, scaling outbound IPs, and configuring allocated outbound ports.

Learn how to set scheduler profiles to achieve advanced scheduling behaviors on Azure Kubernetes Service (AKS).

Learn how to enable or disable node auto-provisioning (NAP) in AKS using the Azure CLI or ARM templates.

Learn about node image updates for NAP in AKS, including how it works, recommended maintenance windows, and examples to get started.

Learn about Azure Linux with OS Guard (preview) on Azure Kubernetes Service (AKS), including key features, region availability, and resources to get started.

Learn about scheduler configuration and advanced scheduling concepts for Azure Kubernetes Service (AKS).

This article provides a conceptual overview of Azure Kubernetes Fleet Manager integration with Azure Arc-enabled Kubernetes clusters.

Learn the step-by-step process of how AKS performs rolling upgrades to minimize disruption to your running workloads.

Learn how to use shared health probes for Services with externalTrafficPolicy set to Cluster in Azure Kubernetes Service (AKS) to improve load balancer efficiency and reduce configuration complexity.

Learn how to provision a fully managed GPU node pool on your new or existing cluster on Azure Kubernetes Service (AKS).

Learn about networking configuration requirements and recommendations for AKS clusters using node auto-provisioning (NAP), including supported configurations, subnet behavior, RBAC setup, and CIDR considerations.

This article provides a conceptual overview of the different types of member clusters supported in Azure Kubernetes Fleet Manager.

Learn how to configure node disruption policies for node auto-provisioning (NAP) nodes in Azure Kubernetes Service (AKS) to optimize resource utilization.

The documentation has been updated to correct the anchor links for several Azure CLI commands, specifically for `az aks get-credentials`, `az aks install-cli`, and `az group delete`. Users can now access these commands using the updated links that replace underscores with hyphens, ensuring proper navigation to the relevant sections in the documentation.

The documentation for the Azure CLI commands has been updated to correct the anchor links for several commands, including `az aks show` and `az aks update-credentials`, ensuring that users can navigate to the correct sections without issues. Additionally, the links for `az ad sp create for rbac`, `az ad app credential list`, and `az ad app credential reset` have also been updated for consistency.…

The documentation for upgrading the Basic Load Balancer to a Standard Load Balancer on AKS has been updated to correct the command links, changing underscores to hyphens in the command references for `az aks update`, `az aks show`, `az network public-ip show`, and `az aks list`. Users can now more easily access the correct command documentation when following the upgrade process.

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command syntax for several Azure CLI commands. Users can now use hyphens instead of underscores in the command links for `az aks get-credentials`, `az aks create`, `az aks get-upgrades`, and various node pool commands, enhancing consistency and usability. Additionally, the links for `az list ips` and `az pu…

The documentation for Azure NetApp Files has been updated to correct the anchor links for several commands, including `az-aks-show`, `az-netappfiles-account-create`, `az-netappfiles-pool-create`, `az-netappfiles-volume-create`, `az-netappfiles-volume-show`, and `az-network-vnet-subnet-create`. Users can now access these commands more easily through the updated links, which use hyphens instead of u…

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links. Users can now access the commands for creating AKS clusters, updating node pools, adding node pools, and retrieving credentials using the updated anchor format, which replaces underscores with hyphens in the URLs. This change improves the consistency and usability of the documentation…

The documentation has been updated to reflect changes in command syntax for Azure CLI commands related to Azure Service Bus and AKS. Specifically, the command anchors for `az-servicebus-namespace-create`, `az-servicebus-queue-create`, `az-servicebus-queue-authorization-rule-create`, `az-servicebus-namespace-show`, `az-servicebus-queue-authorization-rule-keys-list`, and `az-aks-get-credentials` hav…

The documentation for the Azure CLI commands related to AKS node pools has been updated to reflect changes in the URL structure for command anchors. Users can now access the commands `az aks nodepool add`, `az aks nodepool list`, `az aks nodepool show`, and `az aks nodepool delete` using hyphens instead of underscores in the URLs, improving consistency and usability.

The documentation now includes support for Windows Server 2025 (preview) in addition to Windows Server 2022 and Windows Server 2019 for Long Term Servicing Channel Releases (LTSC). Users are also informed that when enabling managed Prometheus, they must add the parameter `–enable-windows-recording-rules` for accurate dashboard data presentation, and Grafana dashboards for Windows resources have b…

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, replacing underscores with hyphens for better consistency and usability. Users can now access commands such as `az aks create`, `az aks get-credentials`, and others with the updated link formats, improving navigation and clarity in the documentation.

The documentation for configuring the NGINX ingress controller with the application routing add-on for Azure Kubernetes Service (AKS) has been updated to clarify that users can now enable the application routing add-on when creating a new AKS cluster using the `az aks create` command with specific flags. Additionally, the instructions for updating the default ingress controller configuration on an…

The documentation now includes a new section on `CiliumClusterwideNetworkPolicy (CCNP)` that supports FQDN filtering, allowing users to apply policies based on fully qualified domain names. Users can utilize the provided example to create a policy that allows egress traffic to specific FQDNs, enhancing their ability to manage network security in AKS clusters.

The documentation now specifies that users can join both existing Azure Kubernetes Service (AKS) clusters and Arc-enabled Kubernetes clusters (in Preview) as member clusters in the Azure Kubernetes Fleet Manager. Additionally, the required version of the `fleet` Azure CLI extension has been updated to 1.6.2 or later, and users are directed to ensure that the Kubernetes clusters they join meet the…

The documentation for importing images into Azure Container Registry has been updated to clarify the use of the `–registry <source-registry-resource-id>` flag for Entra identity authentication. Additionally, examples have been revised to specify that the `-SourceImage` parameter should only include the source repository and tag, excluding the registry login server name, particularly when access t…

The documentation for using a public Standard Load Balancer in Azure Kubernetes Service (AKS) has been updated to clarify the prerequisites and features available with the Standard SKU. Users can now specify their own outbound public IPs or prefixes when creating or updating an AKS cluster, and the documentation emphasizes the importance of managing outbound ports to prevent SNAT exhaustion. Addit…

The documentation now clarifies that modifying the `Host` header is not supported with a `requestHeaderModifier` rule. Users are instructed to use a `URLRewrite` filter to override the `Host` value specified for the backend target, enhancing their understanding of header management in the Gateway API.

The documentation for the Azure CLI commands related to Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the `az aks create`, `az aks update`, and `az aks show` commands. Users can now access these commands using the updated URL format with hyphens instead of underscores, improving link consistency and usability.

The documentation now includes detailed requirements for configuring Network Security Group (NSG) rules when using custom virtual networks with Azure Kubernetes Service (AKS) clusters. Users must ensure that specific communication types between various subnets are permitted, including rules for API server communication, node-to-node communication, and pod traffic routing. This update clarifies the…

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor formatting. Users can now access the commands `az aks show`, `az aks get-upgrades`, `az aks upgrade`, `az group delete`, and `az aks update` using hyphens instead of underscores in the URLs, improving consistency and usability when navigating the documentation.

The documentation now includes a new section on "WireGuard Encryption," which allows users to secure workload traffic by ensuring that all communication between Cilium-managed endpoints across different nodes within an AKS cluster is encrypted by default. Additionally, the commands for installing or updating the Azure CLI preview extension, registering the `AdvancedNetworkingL7PolicyPreview` featu…

The documentation has been updated to reflect the latest version of the NVIDIA device plugin, now specified as `nvcr.io/nvidia/k8s-device-plugin:v0.18.0`, allowing users to utilize the most recent features and improvements. Additionally, the command anchors for `az aks create`, `az aks nodepool update`, `az aks nodepool add`, and `az aks get-credentials` have been standardized to use hyphens inste…

The documentation for Azure Kubernetes Service (AKS) has been updated to correct the anchor links for several Azure CLI commands, including `az aks get-credentials`, `az aks show`, `az account show`, `az ad user show`, `az role assignment create`, and `az role assignment delete`. Users can now access these commands using the updated links, which use hyphens instead of underscores, improving the ac…

The documentation for the `az aks update` command has been updated to reflect changes in the anchor links, replacing underscores with hyphens for consistency. Users can now access the command documentation more reliably through the updated links, ensuring they are directed to the correct sections when referencing the `az aks update` and `az aks create` commands.

The documentation now includes a new feature, **container network metrics filtering**, which allows users to filter metrics at the source before they are collected and stored, optimizing storage costs and reducing noise. This feature is particularly beneficial in large-scale production environments and supports various filtering dimensions, including namespace, pod, label, and metric-specific filt…

The documentation for the Azure CLI commands related to WireGuard and AKS has been updated to correct the formatting of command links, changing underscores to hyphens in the anchor tags. Users can now more easily access the commands for installing or updating the Azure CLI preview extension, registering the `AdvancedNetworkingWireGuardPreview` feature flag, and verifying successful registration us…

The documentation has been updated to reflect changes in the command links for `az-deployment-group-create` and `az-group-delete`, switching from underscores to hyphens in the anchor URLs. This change ensures that users can access the correct command documentation more easily and consistently.

The documentation for deploying a highly available PostgreSQL database on AKS has been updated to clarify the steps for creating the required infrastructure and to emphasize the importance of using secure authentication flows. Users are now instructed to manage the PodMonitor resource directly due to the deprecation of the operator-managed PodMonitor, allowing for tailored monitoring configuration…

The documentation for the Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the `az aks get-credentials` and `az aks rotate-certs` commands, replacing underscores with hyphens. This change ensures that users can accurately navigate to the relevant sections in the CLI documentation for these commands.

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, specifically replacing underscores with hyphens for better consistency and usability. Users can now access commands such as `az aks create`, `az aks nodepool add`, `az group create`, `az group delete`, and `az ppg create` using the updated links, which improves navigation within the CL…

The documentation now correctly references the `az aks nodepool add` command with the appropriate anchor format, changing from underscores to hyphens in the URL. This update ensures that users can accurately access the command’s documentation when adding a node pool with a unique subnet to their existing AKS cluster using the `–vnet-subnet-id` parameter.

The documentation now specifies that users can create an AMD GPU-enabled node pool using the `az aks nodepool add` command while skipping the default driver installation by setting the `–gpu-driver` parameter to `none`. Additionally, the links for the `az aks get-credentials` command have been updated to use hyphens instead of underscores in the anchors, ensuring consistency and improved navigati…

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, specifically replacing underscores with hyphens for better consistency and usability. Users can now access commands like `az aks create`, `az aks upgrade`, and others with the corrected links, ensuring smoother navigation and improved clarity when referencing these commands in the docu…

The documentation for deploying a fully managed resource group with node resource group lockdown in Azure Kubernetes Service (AKS) has been updated to remove the "preview" designation, indicating that this feature is now generally available. Users can now follow the updated instructions without needing to register the `NRGLockdownPreview` feature flag, as it is no longer required for deployment. A…

The documentation for the Azure CLI commands related to Azure Kubernetes Service (AKS) has been updated to correct the anchor links by replacing underscores with hyphens. Users can now access the commands such as `az-group-create`, `az-aks-create`, and `az-aks-get-credentials` using the updated links, ensuring a smoother navigation experience within the documentation.

The documentation for the `az aks update` command has been updated to reflect the correct anchor format in the links, allowing users to access the Advanced Container Networking Services features, including Container Network Observability and Container Network Security, more easily. Additionally, the instructions for using the `az aks get-credentials` and `az group delete` commands have been clarif…

The documentation now clarifies that API Server VNet Integration is available in all GA public cloud regions except eastus2 and qatarcentral, with ongoing efforts to enable this feature in those regions. Users may encounter an error indicating that the feature is temporarily unavailable in certain regions due to high demand and limited capacity, and they are advised to either retry later or select…

The documentation now includes a note indicating that CloudNativePG will deprecate native Barman Cloud support in favor of the Barman Cloud plugin in an upcoming release. Users are advised to plan for migration to the plugin once it stabilizes, although the current steps in the guide remain functional. Additionally, the formatting of endpoint descriptions has been updated for clarity.

The documentation for the Azure CLI commands has been updated to reflect changes in the anchor links for the `az group create`, `az aks create`, and `az aks get-credentials` commands, switching from underscores to hyphens in the URLs. This change improves the consistency and usability of the documentation, allowing users to access the relevant sections more easily. Users should now use the updated…

The documentation for Azure CLI commands has been updated to reflect changes in the URL structure for command anchors. Users can now access the commands `az group create`, `az aks create`, `az aks nodepool add`, `az aks install-cli`, and `az aks get-credentials` using hyphens instead of underscores in their respective links. This change improves the consistency and usability of the documentation.

The documentation now clarifies that for Kubernetes versions 1.25 and higher, Windows Server 2022 is the default operating system, with Windows Server 2019 being phased out after Kubernetes version 1.32 reaches end-of-life. Additionally, it specifies that Windows Server 2022 will no longer be supported in Kubernetes version 1.35 and above, while Windows Server 2019 will not be supported in version…

The documentation has been updated to redirect users from the "use-managed-identity" section to the "managed-identity-overview" section for Azure Kubernetes Service (AKS) identities. This change provides users with more relevant and comprehensive information regarding managed identities used by AKS, enhancing their understanding and implementation of this feature.

The documentation now clarifies that modifying the `Host` header is not supported with a `requestHeaderModifier` rule. Users are instructed to use a `URLRewrite` filter to override the `Host` value specified to the backend target, enhancing their understanding of header manipulation capabilities in the context of ingress API configurations.

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in the command syntax for the `az aks nodepool` commands. Users can now access the commands `az aks nodepool add`, `az aks nodepool show`, and `az aks nodepool delete` with the correct anchor links, which have been modified from underscores to hyphens in the URLs. This change ensures that users can navigat…

The documentation has been updated to reflect changes in the command links for Azure CLI related to AKS. Users can now access the commands `az aks create`, `az aks show`, and `az aks update` using hyphens in the URLs instead of underscores, improving consistency and usability in the documentation. This change ensures that users can correctly navigate to the relevant sections for these commands.

The documentation for Azure NetApp Files has been updated to correct the command anchor links for several Azure CLI commands, including `az-aks-show`, `az-netappfiles-account-create`, `az-netappfiles-pool-create`, `az-netappfiles-volume-create`, `az-netappfiles-volume-show`, and `az-network-vnet-subnet-create`. Users can now access these commands using the updated links, which use hyphens instead…

The documentation for the Azure CLI commands related to Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the `az aks show`, `az aks start`, and `az aks stop` commands. Users can now access these commands more easily through the updated links, which use hyphens instead of underscores in the anchor names. This change enhances navigation and usability within the documen…

The documentation now includes a new section on "Pod CIDR Expansion" for Azure CNI Overlay clusters, allowing users to expand their Pod CIDR space without recreating the AKS cluster, specifically for Linux nodes. Users must register the `EnableAzureCNIOverlayPodCIDRExpansion` feature flag and can utilize the `az aks update` command to perform the expansion, with specific limitations noted regardin…

The documentation has been updated to reflect that the article now specifically addresses the Center for Internet Security (CIS) Ubuntu 24.04 benchmark, clarifying that the recommendations apply only to this version of the Ubuntu image used by Azure Kubernetes Service (AKS). Users can now find detailed security configurations and compliance information relevant to Ubuntu 24.04, including specific…

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links. Users can now access the commands `az aks create`, `az aks update`, and `az extension add` using hyphens in the URLs instead of underscores, which improves consistency and usability. Additionally, the command `az aks get-versions` has also been updated to use hyphens in its anchor link…

The documentation now clarifies that L7 policy is not supported by `CiliumClusterwideNetworkPolicy` (CCNP), which may impact users relying on this feature. Additionally, the FAQ section has been updated to confirm support for `CiliumLocalRedirectPolicy` and `CiliumClusterwideNetworkPolicy`, providing users with clearer guidance on policy capabilities. The Kubernetes and Cilium version support matr…

The documentation for the Azure CLI commands has been updated to reflect changes in the anchor links for several commands, including `az aks get-credentials`, `az acr create`, `az acr show`, `az acr credential show`, and `az acr delete`. Users can now access these commands using the updated link formats, which replace underscores with hyphens in the URLs, improving consistency and usability.

The documentation for upgrading AKS clusters has been updated to reflect changes in command syntax, specifically in the URLs for the `az aks get-upgrades`, `az aks upgrade`, and `az aks nodepool upgrade` commands. Users will now see hyphens instead of underscores in the command links, which may improve clarity and consistency when referencing these commands.

The documentation for the Azure CLI commands `az aks update` and `az aks upgrade` has been updated to reflect changes in the anchor links, switching from underscores to hyphens. Users can now access the correct sections of the documentation more easily, ensuring they find the relevant information for these commands without confusion.

The documentation now clarifies that application developers can deploy Kubernetes resources into multiple clusters located in both cloud and on-premises environments. Additionally, it specifies that users should join their supported Kubernetes clusters as members of the Fleet Manager, rather than just Azure Kubernetes Service (AKS) clusters, enhancing the flexibility of resource placement across v…

The documentation for the Azure CLI commands related to deleting node pools in AKS has been updated to correct the anchor links. Users can now access the commands for `az aks nodepool delete` and `az aks nodepool delete-machines` using the updated link format, which replaces underscores with hyphens in the URLs. This change ensures that users can navigate to the correct sections of the documentati…

The documentation has been updated to reflect changes in the command anchor links for Azure CLI commands. Users can now access the `az acr create`, `az acr repository list`, and `az group create` commands using the updated link format, which replaces underscores with hyphens in the URLs. This change improves the consistency and usability of the documentation for these commands.

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, specifically for the `az ad sp create`, `az ad sp delete`, `az ad app credential list`, `az aks create`, and `az aks update` commands. Users can now access these commands using the updated anchor formats, which improve link consistency and usability within the documentation.

The documentation for creating a PostgreSQL high availability setup on AKS has been updated to clarify the instructions for defining a new CSI driver storage class. Users are now explicitly informed that their cluster must utilize VM SKUs that support local NVMe drives and that the instructions require Azure Container Storage version 2.0.0 or later. Additionally, minor adjustments were made to imp…

The documentation has been updated to include the requirement for users to install the `aks-preview` extension and register the `AksWindows2025Preview` feature flag when using the `–os-sku Windows2025`. Additionally, users are now instructed to verify the registration status of the feature flag and refresh the registration of the `Microsoft.ContainerService` resource provider before creating an A…

The documentation for the Azure Disk CSI has been updated to reflect changes in command anchor formatting. Users can now access commands such as `az-disk-list`, `az-snapshot-create`, `az-disk-create`, and `az-disk-show` with the correct hyphenated syntax in the links. Additionally, the commands related to extensions and features have also been updated to use hyphens, improving consistency and usab…

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, replacing underscores with hyphens for improved consistency and usability. Users can now access commands such as `az aks show`, `az group show`, and `az ad group create` using the new link formats, enhancing navigation within the CLI documentation.

The documentation for the Azure CLI commands related to AKS node pools has been updated to correct the anchor links for the `az aks nodepool stop`, `az aks nodepool start`, and `az aks nodepool show` commands. Users can now access the correct sections of the documentation using the updated links, which utilize hyphens instead of underscores in the anchor names. This change enhances the usability o…

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in the command links for `az aks create` and `az aks update`. Users can now access these commands using hyphens in the URLs instead of underscores, improving consistency and usability in the command references.

The documentation has been updated to reflect changes in the command links for Azure CLI commands related to Azure Kubernetes Service (AKS) and Azure Key Vault. Users can now access the commands using hyphens instead of underscores in the URLs, which improves consistency and usability when navigating to specific command documentation. This change affects commands such as `az-group-create`, `az-aks…

The documentation for the Azure CLI commands has been updated to reflect changes in anchor links, replacing underscores with hyphens for better consistency and usability. Users can now access the commands for `az aks update`, `az aks show`, `az identity create`, `az identity show`, `az resource list`, `az role assignment create`, `az identity federated credential create`, and `az aks get-credentia…

The documentation for Azure CLI commands has been updated to reflect changes in the anchor links for several commands, including `az-group-create`, `az-network-public-ip-create`, `az-network-nat-gateway-create`, `az-network-vnet-create`, and `az-aks-nodepool-add`. Users can now access these commands using the updated link formats, which use hyphens instead of underscores in the URLs. This change i…

The documentation for the Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the commands `az aks upgrade`, `az aks get-upgrades`, and `az aks nodepool upgrade` by replacing underscores with hyphens. This change ensures that users can accurately navigate to the relevant sections of the documentation when using these commands.

The documentation for the Azure Kubernetes Service (AKS) node pool commands has been updated to correct the anchor links for the `az aks nodepool add` and `az aks nodepool delete` commands. Users can now access the correct sections of the documentation using the updated links, which replace underscores with hyphens in the anchor names, ensuring better navigation and usability.

The documentation for Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the `az aks get-credentials`, `az extension add`, and `az extension update` commands, replacing underscores with hyphens. This change ensures that users can accurately navigate to the relevant sections in the CLI documentation without encountering broken links.

The documentation for the Azure Kubernetes Service (AKS) has been updated to correct the anchor links for several commands, including `az aks get-upgrades`, `az aks upgrade`, `az aks show`, `az aks nodepool add`, `az aks nodepool update`, and `az aks nodepool upgrade`. Users can now access these commands more easily through the updated links, which use hyphens instead of underscores in the anchor…

The documentation for connecting to a private AKS cluster has been updated to clarify that users can now manage the API server using either a virtual machine (VM) or container with access to the cluster’s virtual network (VNet). Additionally, the section now includes a comparison table outlining the key differences and limitations between using Azure Cloud Shell and Azure Bastion for connectivity,…

The documentation now includes information on the support for FQDN filtering through `CiliumClusterwideNetworkPolicy` (CCNP), allowing users to apply FQDN filtering at a cluster-wide level. This enhancement provides users with greater flexibility in managing network security policies within their AKS environments.

The documentation now includes an important note clarifying that when RBAC roles are assigned at a managed namespace scope, access is granted to any unmanaged Kubernetes namespaces on member clusters that share the same name, regardless of their origin. Additionally, the links for the Azure CLI commands have been updated to use hyphens instead of underscores in their anchors, improving consistency…

The documentation has been updated to reflect changes in the command links for Azure CLI features, specifically changing the anchor format from underscores to hyphens for commands like `az-feature-register`, `az-feature-show`, and `az-provider-register`. This adjustment ensures that users can access the correct command documentation more easily and consistently. Additionally, the support status fo…

The documentation now highlights that Application Gateway for Containers supports regular expression matching for `headers`, `queryParams`, and `path` rules using Regular Expression 2 (RE2) syntax. This enhancement allows users to implement more complex routing rules based on these parameters, improving the flexibility and functionality of their application gateway configurations.

The documentation now clarifies that a frontend cannot be associated with more than one Application Gateway for Containers, and it can support more than one frontend. Additionally, it specifies that an Application Gateway for Containers security policy defines security configurations, such as WAF, for the ALB Controller, and that more than one security policy may be referred by a single Applicatio…

The documentation now includes a new section on enabling Istio CNI for the Istio service mesh add-on, providing users with guidance on this feature in the next steps of the deployment process. This addition enhances the deployment experience by offering clear instructions for integrating Istio CNI, which can improve network performance and security for users implementing Istio in their Azure Kuber…

The documentation now clarifies that a fleet resource can manage multiple Kubernetes clusters, not just Azure Kubernetes Service (AKS) clusters, enhancing user understanding of its capabilities. Additionally, users are directed to the "Azure Kubernetes Fleet Manager member cluster types" section to learn about the types of supported Kubernetes clusters that can be joined as members, emphasizing th…

The documentation for Azure CLI commands has been updated to standardize the anchor links by replacing underscores with hyphens. Users can now access the commands for `az-feature-register`, `az-feature-show`, `az-provider-register`, `az-policy-assignment-create`, `az-policy-assignment-delete`, `az-policy-remediation-create`, and `az-aks-update` using the new link formats, improving consistency and…

The documentation now clarifies that Cilium eBPF can bypass iptables in the host namespace, enhancing routing efficiency. Additionally, it emphasizes that when eBPF Host Routing is active, the `ip-masq-agent` remains operational but its iptables rules are ignored, ensuring consistent behavior if eBPF is later disabled. Users should also note that eBPF host routing is incompatible with non-Ubuntu 2…

The documentation for the Azure CLI commands related to Azure Kubernetes Service (AKS) has been updated to standardize the anchor links by replacing underscores with hyphens. Users can now access the commands such as `az-group-create`, `az-network-vnet-create`, and `az-aks-create` using the new link formats, improving consistency and usability in the documentation. Additionally, the links for `az-…

The documentation for monitoring GPU metrics in Azure Kubernetes Service (AKS) has been updated to transition from a how-to guide to a conceptual overview, emphasizing the importance of understanding NVIDIA DCGM GPU metrics for optimizing performance and resource utilization. Users can now learn about the installation and configuration of the NVIDIA DCGM Exporter, including how to verify its opera…

The documentation for creating specialized node pools in Azure Kubernetes Service (AKS) has been updated to include a new section that provides links to various articles on creating different types of node pools, such as Azure Spot, Virtual Machines, and dedicated system node pools. Users can now easily access resources for enabling Federal Information Processing Standards (FIPS) on node pools, ad…

The documentation now includes support for managed identity-based authentication for SMB access to Azure Files, allowing applications to securely access Azure Files without managing credentials. Users must ensure that the user-assigned Kubelet identity has the `Storage File Data SMB MI Admin` role on the storage account, and they can enable managed identity for dynamically provisioned volumes by c…

The documentation for Azure CLI commands has been updated to reflect changes in the anchor links for several commands. Users can now access the commands `az acr create`, `az acr build`, `az group delete`, `az aks get-credentials`, `az aks create`, and `az aks install-cli` using hyphens instead of underscores in the URLs, improving consistency and usability when navigating the documentation.

The documentation now reflects that the Web Application Firewall (WAF) has transitioned from Preview to General Availability (GA), indicating that users can rely on this feature for production use. This change enhances the overall stability and support for users implementing WAF in their application gateway configurations.

The documentation now clarifies that to enable the application routing add-on to reload certificates from Azure Key Vault when they change, users must enable the secret autorotation feature of the Secret Store CSI driver using the `–enable-secret-rotation` argument. Additionally, the summary link for managed identities has been updated to point to the correct overview page.

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in command syntax for several Azure CLI commands, including `az-identity-create`, `az-group-create`, `az-network-vnet-create`, `az-network-vnet-show`, `az-network-vnet-subnet-show`, `az-network-vnet-subnet-list`, `az-role-assignment-create`, and `az-aks-create`, which now use hyphens instead of underscores…

The documentation now specifies that users should use the command `cert-manager oci://quay.io/jetstack/charts/cert-manager –version v1.19.1` instead of the previous version, which was `cert-manager jetstack/cert-manager –version v1.17.1`. Additionally, the section on creating an HTTPRoute has been clarified to emphasize replacing `contoso.com` with the actual domain name for which the certificat…

The documentation for the `NginxIngressController` Custom Resource Definition (CRD) has been updated to clarify that the `loadBalancerAnnotations` field can be used to control the behavior of the NGINX ingress controller’s service. Additionally, references to related documentation have been updated to point to the correct sections, specifically changing links to load balancer annotations and manag…

The documentation now clarifies that clusters being joined to the fleet for the first time after an upgrade do not require reconciliation using the `az fleet member reconcile` command. Additionally, it emphasizes that deleting the resource group will not remove AKS clusters if they are located in a different resource group. These changes enhance user understanding of the upgrade process and resour…

The documentation for Azure CLI commands has been updated to correct the anchor links for several commands, including `az-feature-register`, `az-extension-add`, `az-extension-update`, and `az-provider-register`. Users can now access these commands more easily through the updated links, which use hyphens instead of underscores in their URLs. This change enhances navigation and usability for users r…

The documentation has been updated to reflect changes in the command links for Azure CLI commands. Users can now access the `az group create`, `az group delete`, and `az sshkey create` commands using hyphens in the URLs instead of underscores, improving the consistency and accuracy of the links. This change enhances the user experience by ensuring that the links direct correctly to the relevant co…

The documentation for Azure Kubernetes Service (AKS) has been updated to correct the anchor links for several Azure CLI commands, including `az aks get-credentials`, `az aks create`, `az aks nodepool add`, `az aks update`, `az identity create`, `az identity list`, `az keyvault create`, `az keyvault secret set`, and `az keyvault set-policy`. Users can now access these commands more easily through t…

The documentation for the ALB Controller Helm chart has been updated to include new parameters for `podIdentity` and `init` resources, allowing users to specify a client ID for pod identity and resource limits for the init container. Additionally, the `securityPolicyFeatureFlag` has been clarified to enable the Application Load Balancer Security Policy Resource, enhancing security options for user…

The documentation now clarifies that the Application Gateway for Containers WAF must have its policy in the same subscription and region as the resource. It also specifies that only Default Rule Set (DRS) managed rules are supported, while Bot Manager Ruleset versions 1.0 and 1.1 are the only supported versions, and actions such as JavaScript and Captcha challenges cannot be set on Bot Manager rul…

The documentation for the Azure CLI commands has been updated to reflect changes in the anchor formatting for several commands. Users can now access the `az group create`, `az cosmosdb create`, and `az cosmosdb keys list` commands using hyphens in the URLs instead of underscores, improving consistency and usability in the documentation links.

The documentation for the Azure AKS Load Balancer Annotations has been updated to reflect a change in the reference path, now directing users to "configure-load-balancer-standard.md" instead of "load-balancer-standard.md." This update clarifies the section on customizations via Kubernetes annotations, ensuring users have accurate guidance for configuring load balancers in AKS.

The documentation for upgrading the OS version for Azure Kubernetes Service (AKS) Windows workloads has been updated to clarify that a node pool update to migrate from one Windows Server version to another is not supported, and that different Windows Server versions cannot coexist on the same node pool. Additionally, it now specifies that Windows Server 2025 (in preview) is supported starting in K…

The documentation has been updated to reflect the new version 1.8.9 for several commands related to deploying the Application Gateway for Containers. Users should now reference this updated version in their configurations to ensure compatibility and access to the latest features and improvements.

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command link formatting. Users can now access the commands `az aks nodepool add`, `az aks nodepool show`, `az aks nodepool update`, and `az vm list-skus` using hyphens in the URLs instead of underscores. This change improves the consistency and usability of the command references in the documentation.

The documentation for the Azure CLI commands has been updated to reflect changes in the anchor links for the `az-feature-register`, `az-feature-show`, and `az-provider-register` commands, switching from underscores to hyphens. Users can now access the relevant sections more accurately through the updated links, improving navigation and usability within the documentation.

The documentation now clarifies the pricing structure for enabling the Web Application Firewall (WAF) on Application Gateway for Containers. Users will incur higher charges for each meter when WAF is enabled, with specific rates provided: $0.031 per application gateway for container WAF-hour, $0.018 per frontend WAF-hour, $0.216 per association WAF-hour, and $0.014 per capacity unit WAF-hour. This…

The documentation now includes an important note regarding RBAC roles in managed namespaces, clarifying that these roles will be deleted when the managed namespace is deleted, regardless of the delete policy configuration. This change emphasizes the need for users to be aware of the implications of deleting managed namespaces on their RBAC roles.

The documentation for migrating from Application Gateway Ingress Controller (AGIC) to Application Gateway for Containers (AGC) has been updated to clarify that configurable request timeout values are now available through the `appgw.ingress.kubernetes.io/request-timeout` annotation, linking to the relevant RoutePolicy and IngressBackendSettings. Additionally, users are reminded to identify depende…

The documentation has been updated to reflect changes in the command links for `az-identity-create` and `az-role-assignment-create`, switching from underscores to hyphens in the anchor URLs. This change ensures that users can access the correct sections of the Azure CLI documentation more easily and consistently.

The documentation has been updated to reflect changes in the command links for Azure CLI commands. Users can now access the `az account list`, `az account set`, and `az aks get-credentials` commands using the correct hyphenated format in the URLs, improving the accuracy and usability of the documentation. This change ensures that users can navigate directly to the relevant sections without encount…

The documentation for the Azure CLI commands has been updated to reflect changes in the anchor links for the `az-feature-register`, `az-feature-show`, and `az-provider-register` commands, replacing underscores with hyphens. Users can now access these commands more accurately through the updated links in the documentation.

The documentation has been updated to reflect changes in command anchor links, specifically replacing underscores with hyphens in the URLs for several Azure CLI commands. Users can now access the commands such as `az-group-create`, `az-aks-create`, and others using the updated links, ensuring a smoother navigation experience when referencing these commands in the Azure CLI documentation.

The documentation for Azure CLI commands related to Azure Kubernetes Service (AKS) and Azure Active Directory (AD) has been updated to reflect changes in anchor links, replacing underscores with hyphens for better consistency and usability. Users can now access commands like `az aks create`, `az aks get-credentials`, and `az ad app create` using the updated links, which improves navigation and red…

The documentation for limiting egress traffic in Azure Kubernetes Service (AKS) has been updated to clarify that simply adding a 0.0.0.0/0 route to the Internet will not provide outbound connectivity without a public IP for Source Network Address Translation (SNAT). Additionally, the section on using a pre-created kubelet managed identity has been renamed for clarity, now directing users to "creat…

The documentation has been updated to clarify the requirements for Network Security Groups (NSGs) in custom virtual networks for Azure Kubernetes Service (AKS). Users are now directed to ensure that NSG security rules permit the necessary types of communication between cluster components, with a reference to detailed requirements in the "Custom virtual network requirements" section. Additionally,…

The documentation for the Azure HPC Cache and Azure AKS has been updated to reflect changes in command syntax for several Azure CLI commands. Users can now access the commands with hyphens instead of underscores, such as `az-hpc-cache-create` and `az-aks-show`, improving consistency and usability in command-line operations. Additionally, similar updates were made for commands related to Azure netw…

The documentation now includes updated Helm commands for installing Cert-Manager, specifically changing from `helm upgrade -i` to `helm install` with a new OCI registry source and version v1.19.1. Additionally, users can enable the Gateway API by setting `config.enableGatewayAPI=true` and `crds.enabled=true`, providing more flexibility for deploying Application Gateway for Containers alongside Cer…

The documentation for the Azure CLI commands `az aks get-upgrades` and `az aks upgrade` has been updated to correct the anchor links from using underscores to hyphens. Users can now access the relevant sections more easily, ensuring that the links direct them to the correct command documentation.

The documentation for Azure NetApp Files has been updated to correct the anchor links for several Azure CLI commands, including `az-aks-show`, `az-netappfiles-account-create`, `az-netappfiles-pool-create`, `az-netappfiles-volume-create`, `az-netappfiles-volume-show`, and `az-network-vnet-subnet-create`. Users can now access these commands more easily through the updated links, which use hyphens in…

The documentation now clarifies that users can adjust the TCP Reset on idle timeout period for the Load Balancer in AKS using the `az aks update` command. The default timeout is set to 30 minutes, and users can extend it to 45 minutes or any desired duration by modifying the command accordingly. This change enhances user understanding of how to manage idle timeout settings effectively.

The documentation now includes updated best practices for using the kube-scheduler in Azure Kubernetes Service (AKS). Users can install and configure Kueue for efficient, policy-driven scheduling of batch workloads, and they can also configure a scheduler to optimize pod and job prioritization based on specific nodes and resources. These enhancements provide users with more flexibility and control…

The documentation has been updated to reflect changes in command anchor links for several Azure CLI commands. Users can now access the correct links for `az aks get-credentials`, `az aks install-cli`, `az group create`, `az group delete`, and `az sshkey create`, which have been standardized to use hyphens instead of underscores in their URLs. This change improves the accuracy and usability of the…

The documentation for configuring events for gates has been updated to correct a typo in the command syntax. Users should now use `–advanced-filter` instead of `–advanced-filterdata` when specifying the gate type in the event grid example, ensuring proper functionality in their configurations.

The documentation now includes an important note clarifying that the article applies only to AKS clusters that fully support log ingestion, and that Arc-enabled Kubernetes clusters in preview do not currently support this feature. Users are directed to the "Azure Kubernetes Fleet Manager member cluster types" section for further information on cluster compatibility.

The documentation for the `az aks get-credentials` command has been updated to correct the anchor links from using underscores to hyphens. This change ensures that users can now access the correct sections of the Azure CLI documentation more easily when navigating through the links.

The documentation for Azure Kubernetes Service (AKS) has been updated to clarify the default node images for Windows node pools based on VM size and hypervisor generation. Users can now see that if a VM size supports both Generation 1 and Generation 2, the standard node image for Windows will be selected based on the specific Windows Server version in use. Additionally, the links to related topics…

The documentation has been updated to reflect significant changes in the API specifications for the Application Gateway for Containers. The section previously titled "BackendTLSPolicy" has been renamed to "BackendLoadBalancingPolicy," with corresponding updates to its specifications, including the introduction of "targetRefs" and "loadBalancing" parameters. Users can now configure backend load bal…

The documentation now includes a caution regarding the integration of Azure Kubernetes Service (AKS) with Azure Container Registry (ACR) using the `az aks –attach-acr` command. Users should be aware that this integration is not supported for ABAC-enabled ACR registries with the "RBAC Registry + ABAC Repository Permissions" mode; instead, they must manually assign the `Container Registry Repositor…

The documentation for the Azure Kubernetes Service (AKS) has been updated to correct the anchor links for the commands `az aks show`, `az aks scale`, and `az aks nodepool scale` by replacing underscores with hyphens. This change ensures that users can now access the correct sections of the documentation more easily when navigating through the CLI commands.

The documentation for Azure Kubernetes Service (AKS) and Azure Active Directory (AD) has been updated to correct the anchor links for several commands, including `az-aks-get-credentials`, `az-aks-show`, `az-ad-group-create`, and others. Users can now access the correct sections of the documentation more easily, ensuring they find the relevant information for these commands without confusion.

The documentation now clarifies that Layer 7 (L7) policy is not supported by CiliumClusterwideNetworkPolicy (CCNP), which is crucial for users relying on this feature. Additionally, the overview section has been updated to remove the "Preview" label, indicating that the maximum supported cluster size remains at 1,000 nodes or 40,000 pods, and it reiterates that traffic traversing Envoy proxies may…

The documentation now includes an acknowledgment section highlighting the collaboration with EnterpriseDB and contributions from Gabriele Bartolini, enhancing the credibility of the content. Additionally, the guide has been updated to reflect recent changes in the CloudNativePG operator, including new container image catalogs and updated defaults, which provide users with clearer guidance on selec…

The documentation for the Azure CLI commands has been updated to correct the anchor links for `az-aks-get-credentials`, `az-provider-list`, and `az-provider-register`, changing underscores to hyphens. This change ensures that users can accurately navigate to the relevant sections in the documentation without encountering broken links. Users can now find the correct command references more easily.

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in the command anchor links for the Azure CLI commands. Users can now access the commands `az aks create`, `az aks install-cli`, and `az aks get-credentials` using the updated link format with hyphens instead of underscores, improving the consistency and usability of the documentation.

The documentation for Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, specifically replacing underscores with hyphens in the following commands: `az-aks-nodepool-get-upgrades`, `az-aks-nodepool-show`, `az-aks-nodepool-upgrade`, `az-aks-nodepool-update`, `az-aks-upgrade`, and `az-aks-show`. Users can now access these commands more consistently through the…

The documentation for the Azure Kubernetes Service (AKS) has been updated to reflect changes in command anchor links, specifically for the `az aks update`, `az aks create`, and `az aks show` commands. Users can now access these commands using the updated anchor format, which replaces underscores with hyphens, improving link consistency and usability.

The documentation for Azure Kubernetes Service (AKS) has been updated to correct the anchor links for several commands, including `az aks show`, `az role assignment create`, `az network private link service list`, and `az network private endpoint create`. Users can now access these commands more easily through the updated links, which use hyphens instead of underscores in the URLs. This change enh…

The documentation for using managed identities in Azure Kubernetes Service (AKS) has been significantly restructured to enhance clarity and usability. Users can now learn how to enable and utilize system-assigned, user-assigned, and pre-created kubelet managed identities more effectively, with detailed step-by-step instructions and examples. Additionally, the prerequisites and Azure CLI version re…

The documentation now specifies that the minimum version of Azure CLI required for the steps in this article is updated to 2.79.0. Additionally, users can install or update the Azure CLI preview extension using the updated commands for `az extension add` and `az extension update`, as well as register the `AdvancedNetworkingL7PolicyPreview` feature flag with the corresponding command. These changes…

The documentation has been updated to include new features and fixes in the Application Gateway for Containers. Notably, version 1.8.9 introduces a slow start load balancing algorithm and updates the image to use Azure Linux 3.0, while version 1.7.12 includes a hotfix for pod crashes due to invalid Provider IDs. Additionally, various bug fixes and enhancements have been made across multiple versio…

The documentation now specifies that users can create a new AKS cluster with eBPF Host Routing by enabling Advanced Container Networking Services (ACNS) through the `–enable-acns` flag and setting the acceleration mode with `–acns-datapath-acceleration-mode BpfVeth`. Additionally, the `az aks update` command has been updated to include the `–acns-datapath-acceleration-mode BpfVeth` parameter, a…

The documentation has been updated to reflect the renaming of "Fleet resource" to "Fleet Manager," clarifying the process for creating and managing Kubernetes clusters. Users are now instructed to ensure that clusters they wish to join as members to the Fleet Manager are using supported versions of their respective platforms, with specific permissions outlined for both AKS and Arc-enabled Kubernet…

The documentation now includes instructions for using the `aks-preview` extension and registering the `AksWindows2025Preview` feature flag, which are necessary for deploying Windows Server containers with the `Windows2025` SKU. Additionally, users must ensure they have PowerShell Az module version 9.2.0 or higher to specify the `OsSKU` parameter when creating AKS clusters. The updated content also…

The documentation now specifies the use of the nanoserver base image for creating the `hostprocess.yaml` file, which allows for faster image downloads. Users are instructed to run a script to create this file, and it is clarified that while the nanoserver image does not include PowerShell, it is accessible from the underlying VM when running as a host process container. Additionally, the terminolo…