The document has been updated to clarify the process of expanding pod CIDR space in Azure CNI Overlay AKS clusters. It specifies that the operation is applicable only to Linux nodes and includes detailed requirements and parameters for the operation.

This update introduces an AKS audit policy that controls event logging based on user actions and resource types. It details the different audit levels and provides a comprehensive table summarizing key audit policy rules applied in AKS.

The document has been revised to enhance clarity regarding Azure CNI Overlay networking in AKS. It includes a more detailed description of the networking model, its architecture, and the differences from the traditional kubenet model.

This article has been updated to provide clearer instructions on setting up Azure CNI Overlay in AKS, including dual-stack networking configuration and example workload deployment. It emphasizes the importance of understanding the network plugin behavior.

The document has been updated to reflect the latest date and improve the customer intent section, making it clearer for new users looking to get started with Azure Kubernetes Service.

The tutorial has been renamed and updated to focus on signing container images with Notation and Artifact Signing, replacing references to Trusted Signing. It provides a clearer description of the signing process and its significance.

The documentation has been updated to remove all references to "Trusted Signing," replacing it with "Artifact Signing" throughout the content. This change clarifies the terminology and ensures consistency, allowing users to better understand the streamlined signing experience offered by Artifact Signing. Additionally, links to tutorials for signing and verifying container images in both standard a…

The documentation for LocalDNS in AKS has been updated to include specific instructions for users utilizing Node Auto-Provisioning (NAP). Users can now find guidance on how to enable, disable, and configure LocalDNS when using NAP, enhancing their ability to manage DNS queries effectively within their AKS clusters. Additionally, the description of the `Disabled` parameter has been clarified to spe…

The documentation now emphasizes that after enabling API Server VNet Integration with the command `az aks update –enable-apiserver-vnet-integration`, users must immediately restart the cluster due to control plane resource transition. This restart is crucial as it ensures that all nodes reliably reconnect to the new API server endpoint, and delaying it increases the risk of capacity becoming unav…

The documentation now includes a specific error message users may encounter when running commands related to KMS in AKS, stating that "the object has been modified; please apply your changes to the latest version and try again" is safe to ignore. Additionally, the instructions for updating secrets using the `kubectl get secrets` command have been clarified to emphasize that this error can be disre…

The documentation has been updated to replace all references to "Trusted Signing" with "Artifact Signing," reflecting a shift in terminology for the certificate management service used in the context of signing container images with Ratify on AKS. Users can now follow updated instructions for signing container images and configuring identity and access controls, ensuring they are aligned with the…

The documentation has been updated to reflect the transition from "Trusted Signing" to "Artifact Signing" in the GitHub workflows tutorial. Users can now follow revised instructions to sign container images using the Artifact Signing feature, including changes to workflow file names, role assignments, and plugin references. Additionally, the tutorial emphasizes the importance of timestamping for A…

The documentation now clarifies that when using the `kubectl replace` command for secrets, users may encounter an error stating, "The object has been modified; please apply your changes to the latest version and try again," which is safe to ignore. Additionally, the section on updating all secrets has been enhanced to emphasize that this error can be disregarded, ensuring users can proceed without…

The documentation now includes enhanced details on the LocalDNS feature, clarifying its modes: `Disabled`, `Preferred`, and `Required`, along with their implications for DNS query resolution. Users can now enforce LocalDNS on their node pools by setting the mode to `Required`, ensuring that all prerequisites are met for successful deployment. Additionally, the documentation introduces support for…

The support policy for Azure Service Mesh (ASM) has been updated to reflect changes in the release timelines and supported versions. Specifically, the expected deprecation dates for versions asm-1-25 and asm-1-27 have been clarified, and the supported versions for asm-1-27 and asm-1-28 have been expanded to include additional versions, allowing users to plan their upgrades more effectively. Users…

The documentation now includes updated references to retired Microsoft Defender for Cloud features, specifically highlighting Microsoft Defender for Containers. Users can find relevant information about these retired features more easily, enhancing their understanding of the current capabilities and limitations within the service. Additionally, the inclusion of the 21Vianet retirement notice provi…

The documentation for the KMS data encryption concepts has been updated to clarify that AKS creates and manages only the encryption keys, removing references to Azure Key Vault. This change helps users better understand the specific responsibilities of AKS regarding key management.

The documentation has been updated to reflect changes in the `gateId` format used for approvals in Kubernetes Fleet. Users should now reference the new example `gateId` format, which includes a different identifier, ensuring they are using the correct values when approving gates. Additionally, the command examples have been updated to align with this new `gateId`, enhancing clarity for users execu…

The documentation has been updated to replace all references to "Trusted Signing" with "Artifact Signing." Users will now find updated instructions on verifying container images in GitHub Actions workflows, including changes to the root certificate downloads and the example `trustpolicy.json`. This change clarifies the terminology and ensures consistency throughout the tutorial.

The documentation for Node Auto-Provisioning (NAP) has been updated to remove the limitation regarding Disk Encryption Sets, indicating that users can now utilize Disk Encryption Sets with NAP. This change enhances the flexibility and security options available for users provisioning nodes in Azure Kubernetes Service.

The documentation has been updated to replace all references to "Trusted Signing" with "Artifact Signing," reflecting a change in terminology throughout the tutorial. Users will now learn how to sign container images in GitHub Actions using Artifact Signing, which includes updated commands, parameters, and descriptions relevant to this feature. Additionally, the setup instructions and account deta…

The documentation now includes a note clarifying that the error message "The object has been modified; please apply your changes to the latest version and try again" is safe to ignore when running specific commands. Additionally, it emphasizes that users should update all secrets using the `kubectl get secrets` command to ensure previously created secrets are no longer encrypted, and suggests subd…

The documentation has removed the "Preview" labels from the Artifact Signing section, indicating that it is now fully available for use. Additionally, all references to "Trusted Signing" have been updated to "Artifact Signing," clarifying the terminology throughout the article and ensuring users understand the current features and capabilities related to signing container images with Notation.

The documentation for managing Azure Kubernetes Service (AKS) has been updated to include important considerations when updating a cluster. Users are now explicitly informed that if they were using the `–attach-acr` parameter to pull images from Azure Container Registry (ACR), they must run the `az aks update` command after the cluster update to ensure the new kubelet has the necessary permission…

The documentation now specifies that users should replace `<RESOURCE_GROUP>` and `<CLUSTER_NAME>` with their actual AKS cluster’s resource group and name when using the `az aks get-credentials` and `az aks agent-init` commands. Additionally, the example command for querying node health with the agentic CLI has been updated to reflect this change, ensuring users provide the correct parameters for t…

The documentation now includes a new section on verifying KMS configuration after enabling KMS encryption, providing users with a specific Azure CLI command to check the security profile of their AKS cluster. The output format has also been updated to show detailed KMS configuration, including the status of Azure Key Vault integration and infrastructure encryption settings. This enhancement allows…