Ideosyncratic rules

Author: Orin-Thomas

learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/includes/2-azure-kubernetes-pod-configuration.md

@@ -2,10 +2,10 @@ You can apply and enforce security settings on pods hosted in Azure Kubernetes S
 
 ### Explore Azure Policy add-on for AKS
 
-[Azure Policy for Kubernetes](https://learn.microsoft.com/azure/governance/policy/concepts/policy-for-kubernetes) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards in a centralized, consistent manner. Current Azure Policy add-on versions still use Gatekeeper v3. On supported add-on and Kubernetes versions, the add-on can also generate Kubernetes-native ValidatingAdmissionPolicy (VAP) resources for Common Expression Language (CEL)-based policies. Azure Policy makes it possible to manage and report on the compliance state of your AKS environment.
+[Azure Policy for Kubernetes](/azure/governance/policy/concepts/policy-for-kubernetes) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards in a centralized, consistent manner. Current Azure Policy add-on versions still use Gatekeeper v3. On supported add-on and Kubernetes versions, the add-on can also generate Kubernetes-native ValidatingAdmissionPolicy (VAP) resources for Common Expression Language (CEL)-based policies. Azure Policy makes it possible to manage and report on the compliance state of your AKS environment.
 
 > [!NOTE]
-> You can implement namespace-level security policies for individual AKS clusters (without relying on Azure Policy) by using [Pod Security Admission](https://learn.microsoft.com/azure/aks/use-psa). Pod Security Admission is enabled by default in AKS clusters running Kubernetes version 1.23 or later, but AKS doesn't enforce baseline or restricted policies on namespaces automatically. To apply a profile, label the namespace (for example, `pod-security.kubernetes.io/enforce=restricted`). PSA replaces the Kubernetes PodSecurityPolicy feature, which was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25. In enterprise scenarios, you should consider using Azure Policy-based policies instead.
+> You can implement namespace-level security policies for individual AKS clusters (without relying on Azure Policy) by using [Pod Security Admission](/azure/aks/use-psa). Pod Security Admission is enabled by default in AKS clusters running Kubernetes version 1.23 or later, but AKS doesn't enforce baseline or restricted policies on namespaces automatically. To apply a profile, label the namespace (for example, `pod-security.kubernetes.io/enforce=restricted`). PSA replaces the Kubernetes PodSecurityPolicy feature, which was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25. In enterprise scenarios, you should consider using Azure Policy-based policies instead.
 
 To implement Azure Policy for AKS, register the `Microsoft.PolicyInsights` resource provider in the subscription, verify that the cluster runs a supported AKS Kubernetes version, and then install the Azure Policy add-on for AKS. The add-on manages interaction between Azure Policy and Gatekeeper components, including the following tasks:
 
@@ -23,7 +23,7 @@ To install the Azure Policy add-on for AKS, you can use the Azure portal, Azure
 
 ### Review built-in Azure Policy for AKS initiative and policy definitions targeting pod configurations
 
-Commonly used [Azure Policy built-in initiatives](https://learn.microsoft.com/azure/governance/policy/samples/built-in-initiatives#kubernetes) for AKS targeting pod security include:
+Commonly used [Azure Policy built-in initiatives](/azure/governance/policy/samples/built-in-initiatives#kubernetes) for AKS targeting pod security include:
 
 - Kubernetes cluster pod security baseline standards for Linux-based workloads.
 - Kubernetes cluster pod security restricted standards for Linux-based workloads.

learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/includes/4-configure-application-azure-kubernetes-cluster.md

@@ -4,13 +4,13 @@ AKS supports both stateless and stateful workloads. Stateful workloads typically
 
 ### Select the right storage service
 
-When choosing the optimal storage for AKS containerized workloads, review [AKS storage concepts](https://learn.microsoft.com/azure/aks/concepts-storage) and choose from the following options:
+When choosing the optimal storage for AKS containerized workloads, review [AKS storage concepts](/azure/aks/concepts-storage) and choose from the following options:
 
 - **Application-level access to structured or semi-structured data**. For structured or semi-structured data, use a platform managed database, such as Azure SQL, Azure Database for MySQL, Azure Database for PostgreSQL, and Azure Cosmos DB.
 - **File-level access to data**. For shared application data that requires high performance, use Azure NetApp Files or Azure Files SSD provisioned v2 shares (`PremiumV2_LRS` or `PremiumV2_ZRS`). The earlier `Premium_LRS` and `Premium_ZRS` SSD shares are still supported, but provisioned v2 is recommended for new deployments. For shared data that requires moderate performance, use Azure Files HDD pay-as-you-go or HDD provisioned v2 shares.
 - **Block-level access to data (self-managed)**. For applications requiring consistently low latency, high IOPS, and high throughput, use Azure Premium SSD, Azure Premium SSD v2, or Azure Ultra Disk Storage. These options provide flexibility when you want to manage storage characteristics yourself.
 - **Object-level access to data**. For large unstructured data, interact with Azure Blob Storage directly, or mount Blob Storage by using the Azure Blob CSI driver with NFS v3.0 or BlobFuse.
-- **Block-level access to data (fully managed)**. For a fully managed, cloud-based volume management and orchestration solution, consider [Azure Container Storage](https://learn.microsoft.com/azure/storage/container-storage/container-storage-introduction). It integrates with Kubernetes, allowing dynamic and automatic provisioning of persistent volumes. Azure Container Storage 2.0.x supports local NVMe disks; 2.1.x and later add support for Azure Elastic SAN. Use Azure Container Storage 2.1.x or later for local NVMe or Azure Elastic SAN, and a supported 1.x release for Azure Disks, because the 2.x line doesn't support Azure Disks.
+- **Block-level access to data (fully managed)**. For a fully managed, cloud-based volume management and orchestration solution, consider [Azure Container Storage](/azure/storage/container-storage/container-storage-introduction). It integrates with Kubernetes, allowing dynamic and automatic provisioning of persistent volumes. Azure Container Storage 2.0.x supports local NVMe disks; 2.1.x and later add support for Azure Elastic SAN. Use Azure Container Storage 2.1.x or later for local NVMe or Azure Elastic SAN, and a supported 1.x release for Azure Disks, because the 2.x line doesn't support Azure Disks.
 
 ### Plan for pod volumes
 

learn-pr/wwl-azure/deploy-applications-azure-kubernetes-service/includes/5-deploy-application-azure-kubernetes-cluster.md

@@ -26,7 +26,7 @@ Stateful workloads that require stable network identities, ordered deployment or
 
 Most stateless applications in AKS should be managed by Deployments rather than as individually scheduled pods. Kubernetes can monitor Deployment health and status to ensure that the required number of replicas run within the cluster. When scheduled individually, pods don't have a controller to create a replacement if the pod is deleted or the node fails. The kubelet might restart containers on the same node according to the pod's restart policy, but Kubernetes doesn't recreate the pod elsewhere. In addition, Deployments support controlled rollouts and rollbacks.
 
-To help define the Deployment, you use a manifest file in YAML format. You reference the manifest file when running the `kubectl create` or `kubectl apply` commands. For more information, see [AKS cluster and workload concepts](https://learn.microsoft.com/azure/aks/concepts-clusters-workloads).
+To help define the Deployment, you use a manifest file in YAML format. You reference the manifest file when running the `kubectl create` or `kubectl apply` commands. For more information, see [AKS cluster and workload concepts](/azure/aks/concepts-clusters-workloads).
 
 ### Deploy AKS workloads with Helm