You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: articles/aks/configure-kubenet.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -226,7 +226,7 @@ When you create an AKS cluster, a network security group and route table are aut
226
226
With kubenet, a route table must exist on your cluster subnet(s). AKS supports bringing your own existing subnet and route table. If your custom subnet doesn't contain a route table, AKS creates one for you and adds rules throughout the cluster lifecycle. If your custom subnet contains a route table when you create your cluster, AKS acknowledges the existing route table during cluster operations and adds/updates rules accordingly for cloud provider operations.
227
227
228
228
> [!WARNING]
229
-
> You can add/update custom rules on the custom route table. However, rules are added by the Kubernetes cloud provider which can't be updated or removed. Rules such as *0.0.0.0/0* must always exist on a given route table and map to the target of your internet gateway, such as an NVA or other egress gateway. Take caution when updating rules.
229
+
> You can add/update custom rules on the custom route table. However, rules are added by the Kubernetes cloud provider which can't be updated or removed. Rules such as *0.0.0.0/0* generally exist on a given route table (unless the egress outbound type is `none`) and map to the target of your internet gateway, such as an NVA or other egress gateway. Take caution when updating rules.
230
230
231
231
Learn more about setting up a [custom route table][custom-route-table].
Copy file name to clipboardexpand all lines: articles/aks/create-node-pools.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -44,7 +44,7 @@ The following limitations apply when you create AKS clusters that support multip
44
44
## Create an AKS cluster
45
45
46
46
> [!IMPORTANT]
47
-
> If you run a single system node pool for your AKS cluster in a production environment, we recommend you use at least three nodes for the node pool. If one node goes down, you lose control plane resources and redundancy is compromised. You can mitigate this risk by having more control plane nodes.
47
+
> If you run a single system node pool for your AKS cluster in a production environment, we recommend you use at least three nodes for the node pool. If one node goes down, the redundancy is compromised. You can mitigate this risk by having more system node pool nodes.
48
48
49
49
1. Create an Azure resource group using the [`az group create`][az-group-create] command.
Copy file name to clipboardexpand all lines: articles/aks/csi-secrets-store-configuration-options.md
+11-12
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: nickomang
5
5
ms.author: nickoman
6
6
ms.subservice: aks-security
7
7
ms.topic: how-to
8
-
ms.date: 10/19/2023
8
+
ms.date: 01/03/2025
9
9
ms.custom: template-how-to, devx-track-azurecli
10
10
---
11
11
@@ -17,17 +17,16 @@ Follow the steps in [Use the Azure Key Vault provider for Secrets Store CSI Driv
17
17
18
18
### Enable and disable auto-rotation
19
19
20
-
> [!NOTE]
21
-
> When the Azure Key Vault provider for Secrets Store CSI Driver is enabled, it updates the pod mount and the Kubernetes secret defined in the `secretObjects` field of `SecretProviderClass`. It does so by polling for changes periodically, based on the rotation poll interval you defined. The default rotation poll interval is *two minutes*.
22
-
23
-
>[!NOTE]
24
-
> When a secret updates in an external secrets store after initial pod deployment, the Kubernetes Secret and the pod mount periodically update depending on how the application consumes the secret data.
25
-
>
26
-
> **Mount the Kubernetes Secret as a volume**: Use the auto-rotation and sync K8s secrets features of Secrets Store CSI Driver. The application needs to watch for changes from the mounted Kubernetes Secret volume. When the CSI Driver updates the Kubernetes Secret, the corresponding volume contents automatically update as well.
27
-
>
28
-
> **Application reads the data from the container filesystem**: Use the rotation feature of Secrets Store CSI Driver. The application needs to watch for the file change from the volume mounted by the CSI driver.
29
-
>
30
-
> **Use the Kubernetes Secret for an environment variable**: Restart the pod to get the latest secret as an environment variable. Use a tool such as [Reloader][reloader] to watch for changes on the synced Kubernetes Secret and perform rolling upgrades on pods.
20
+
Once you enable auto-rotation for Azure Key Vault Secrets Provider, it updates the pod mount and the Kubernetes secret defined in the `secretObjects` field of `SecretProviderClass`. It does so by polling for changes periodically, based on the rotation poll interval you defined. The default rotation poll interval is *two minutes*.
21
+
22
+
23
+
When a secret updates in an external secrets store after initial pod deployment, the Kubernetes Secret and the pod mount periodically update depending on how the application consumes the secret data.
24
+
25
+
* Mount the Kubernetes Secret as a volume: Use the auto-rotation and sync K8s secrets features of Secrets Store CSI Driver. The application needs to watch for changes from the mounted Kubernetes Secret volume. When the CSI Driver updates the Kubernetes Secret, the corresponding volume contents automatically update as well.
26
+
27
+
* Application reads the data from the container filesystem: Use the rotation feature of Secrets Store CSI Driver. The application needs to watch for the file change from the volume mounted by the CSI driver.
28
+
29
+
* Use the Kubernetes Secret for an environment variable: Restart the pod to get the latest secret as an environment variable. Use a tool such as [Reloader][reloader] to watch for changes on the synced Kubernetes Secret and perform rolling upgrades on pods.
0 commit comments