You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Learn the basic cluster and workload components of Kubernetes and how they relate to features in Azure Kubernetes Service (AKS)
4
4
ms.topic: conceptual
5
5
ms.custom: build-2023
6
-
ms.date: 10/31/2022
6
+
ms.date: 12/04/2023
7
7
---
8
8
9
9
# Kubernetes core concepts for Azure Kubernetes Service (AKS)
@@ -71,7 +71,7 @@ To run your applications and supporting services, you need a Kubernetes *node*.
71
71
| ----------------- | ------------- |
72
72
|`kubelet`| The Kubernetes agent that processes the orchestration requests from the control plane along with scheduling and running the requested containers. |
73
73
|*kube-proxy*| Handles virtual networking on each node. The proxy routes network traffic and manages IP addressing for services and pods. |
74
-
|*container runtime*| Allows containerized applications to run and interact with additional resources, such as the virtual network and storage. AKS clusters using Kubernetes version 1.19+ for Linux node pools use `containerd` as their container runtime. Beginning in Kubernetes version 1.20 for Windows node pools, `containerd` can be used in preview for the container runtime, but Docker is still the default container runtime. AKS clusters using prior versions of Kubernetes for node pools use Docker as their container runtime. |
74
+
|*container runtime*| Allows containerized applications to run and interact with additional resources, such as the virtual network or storage. AKS clusters using Kubernetes version 1.19+ for Linux node pools use `containerd` as their container runtime. Beginning in Kubernetes version 1.20 for Windows node pools, `containerd` can be used in preview for the container runtime, but Docker is still the default container runtime. AKS clusters using prior versions of Kubernetes for node pools use Docker as their container runtime. |
75
75
76
76
77
77
@@ -323,7 +323,7 @@ Using the Kubernetes Scheduler, the Deployment Controller runs replicas on any a
323
323
324
324
Two Kubernetes resources, however, let you manage these types of applications:
325
325
326
-
- *StatefulSets* maintain the state of applications beyond an individual pod lifecycle, such as storage.
326
+
- *StatefulSets* maintain the state of applications beyond an individual pod lifecycle.
327
327
- *DaemonSets* ensure a running instance on each node, early in the Kubernetes bootstrap process.
328
328
329
329
### StatefulSets
@@ -338,7 +338,7 @@ Replicas in a StatefulSet are scheduled and run across any available node in an
338
338
339
339
### DaemonSets
340
340
341
-
For specific log collection or monitoring, you may need to run a pod on all, or selected, nodes. You can use *DaemonSet* deploy on one or more identical pods, but the DaemonSet Controller ensures that each node specified runs an instance of the pod.
341
+
For specific log collection or monitoring, you may need to run a pod on all nodes or a select set of nodes. You can use *DaemonSets* to deploy to one or more identical pods. The DaemonSet Controller ensures that each node specified runs an instance of the pod.
342
342
343
343
The DaemonSet Controller can schedule pods on nodes early in the cluster boot process, before the default Kubernetes scheduler has started. This ability ensures that the pods in a DaemonSet are started before traditional pods in a Deployment or StatefulSet are scheduled.
Copy file name to clipboardExpand all lines: articles/aks/free-standard-pricing-tiers.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ In the Standard tier, the Uptime SLA feature is enabled by default per cluster.
43
43
44
44
## Before you begin
45
45
46
-
[Azure CLI](/cli/azure/install-azure-cli) version 2.47.0 or later and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
46
+
Make sure you have installed [Azure CLI](/cli/azure/install-azure-cli) version 2.47.0 or later. Run `az --version` to find your current version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
47
47
48
48
## Create a new cluster in the Free tier or Paid tier
Copy file name to clipboardExpand all lines: articles/aks/upgrade.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.date: 11/21/2023
11
11
12
12
An Azure Kubernetes Service (AKS) cluster will periodically need to be updated to ensure security and compatibility with the latest features. There are two components of an AKS cluster that are necessary to maintain:
13
13
14
-
-*Cluster Kubernetes version*: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the [AKS support window][supported-k8s-versions].
14
+
-*Cluster Kubernetes version*: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important that you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the [AKS support window][supported-k8s-versions].
15
15
-*Node image version*: AKS regularly provides new node images with the latest OS and runtime updates. It's beneficial to upgrade your nodes' images regularly to ensure support for the latest AKS features and to apply essential security patches and hot fixes.
16
16
17
17
For Linux nodes, node image security patches and hotfixes may be performed without your initiation as *unattended updates*. These updates are automatically applied, but AKS doesn't automatically reboot your Linux nodes to complete the update process. You're required to use a tool like [kured][node-updates-kured] or [node image upgrade][node-image-upgrade] to reboot the nodes and complete the cycle.
@@ -68,4 +68,4 @@ For more information what cluster operations may trigger specific upgrade events
Copy file name to clipboardExpand all lines: articles/api-management/api-management-howto-disaster-recovery-backup-restore.md
+2-7Lines changed: 2 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ author: dlepow
7
7
8
8
ms.service: api-management
9
9
ms.topic: how-to
10
-
ms.date: 07/27/2022
10
+
ms.date: 11/30/2023
11
11
ms.author: danlep
12
12
ms.custom: devx-track-azurepowershell
13
13
---
@@ -334,13 +334,8 @@ Restore is a long-running operation that may take up to 30 or more minutes to co
334
334
335
335
## Storage networking constraints
336
336
337
-
### Access using storage access key
338
-
339
-
If the storage account is **[firewall][azure-storage-ip-firewall] enabled** and a storage key is used for access, then the customer must **Allow** the set of [Azure API Management control plane IP addresses][control-plane-ip-address] on their storage account for backup or restore to work. The storage account can be in any Azure region except the one where the API Management service is located. For example, if the API Management service is in West US, then the Azure Storage account can be in West US 2 and the customer needs to open the control plane IP 13.64.39.16 (API Management control plane IP of West US) in the firewall. This is because the requests to Azure Storage aren't SNATed to a public IP from compute (Azure API Management control plane) in the same Azure region. Cross-region storage requests will be SNATed to the public IP address.
340
-
341
-
### Access using managed identity
342
337
343
-
If an API Management system-assigned managed identity is used to access a firewall-enabled storage account, ensure that the storage account [grants access to trusted Azure services](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services).
338
+
If the storage account is **[firewall][azure-storage-ip-firewall] enabled**, it's recommended to use the API Management instance's system-assigned managed identity for access to the account. Ensure that the storage account [grants access to trusted Azure services](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services).
344
339
345
340
## What is not backed up
346
341
-**Usage data** used for creating analytics reports **isn't included** in the backup. Use [Azure API Management REST API][azure api management rest api] to periodically retrieve analytics reports for safekeeping.
Copy file name to clipboardExpand all lines: articles/api-management/api-management-howto-policies.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,13 +13,14 @@ ms.author: danlep
13
13
---
14
14
# Policies in Azure API Management
15
15
16
-
In Azure API Management, API publishers can change API behavior through configuration using *policies*. Policies are a collection of statements that are run sequentially on the request or response of an API. Popular statements include:
16
+
In Azure API Management, API publishers can change API behavior through configuration using *policies*. Policies are a collection of statements that are run sequentially on the request or response of an API. API Management provides more than 50 policies out of the box that you can configure to address common API scenarios such as authentication, rate limiting, caching, and transformation of requests or responses. For a complete list, see [API Management policy reference](api-management-policies.md).
17
+
18
+
Popular policies include:
17
19
18
20
* Format conversion from XML to JSON
19
21
* Call rate limiting to restrict the number of incoming calls from a developer
20
22
* Filtering requests that come from certain IP addresses
21
23
22
-
Many more policies are available out of the box. For a complete list, see [API Management policy reference](api-management-policies.md).
23
24
24
25
Policies are applied inside the gateway between the API consumer and the managed API. While the gateway receives requests and forwards them, unaltered, to the underlying API, a policy can apply changes to both the inbound request and outbound response.
25
26
@@ -116,6 +117,8 @@ In API Management, a [GraphQL resolver](configure-graphql-resolver.md) is config
116
117
117
118
For more information, see [Configure a GraphQL resolver](configure-graphql-resolver.md).
+[Author policies using Microsoft Copilot for Azure](../copilot/author-api-management-policies.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
20
21
21
22
> [!IMPORTANT]
22
23
> [Limit call rate by subscription](rate-limit-policy.md) and [Set usage quota by subscription](quota-policy.md) have a dependency on the subscription key. A subscription key isn't required when other policies are applied.
@@ -100,10 +101,5 @@ More information about policies:
100
101
-[Validate parameters](validate-parameters-policy.md) - Validates the request header, query, or path parameters against the API schema.
101
102
-[Validate headers](validate-headers-policy.md) - Validates the response headers against the API schema.
102
103
-[Validate status code](validate-status-code-policy.md) - Validates the HTTP status codes in responses against the API schema.
103
-
## Next steps
104
104
105
-
For more information about working with policies, see:
106
-
107
-
+[Tutorial: Transform and protect your API](transform-api.md)
Copy file name to clipboardExpand all lines: articles/api-management/api-management-policy-expressions.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -241,14 +241,15 @@ The `context` variable is implicitly available in every policy [expression](api-
241
241
|`bool VerifyNoRevocation(input: this System.Security.Cryptography.X509Certificates.X509Certificate2)`|Performs an X.509 chain validation without checking certificate revocation status.<br /><br />`input` - certificate object<br /><br />Returns `true` if the validation succeeds; `false` if the validation fails.|
242
242
243
243
244
-
## Next steps
244
+
## Related content
245
245
246
246
For more information working with policies, see:
247
247
248
248
+[Policies in API Management](api-management-howto-policies.md)
249
-
+[Transform APIs](transform-api.md)
250
-
+[Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
251
-
+[Policy samples](./policy-reference.md)
249
+
+[Tutorial: Transform and protect APIs](transform-api.md)
250
+
+[Policy reference](./api-management-policies.md) for a full list of policy statements and their settings
+[Author policies using Microsoft Copilot for Azure](../copilot/author-api-management-policies.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
0 commit comments