link updates and code fence formatting

Azure · Nov 22, 2022 · 19061e0 · 19061e0
1 parent 2607ad1
commit 19061e0
Show file tree

Hide file tree

Showing 25 changed files with 173 additions and 138 deletions.
diff --git a/.github/ISSUE_TEMPLATE/general-feedback.md b/.github/ISSUE_TEMPLATE/general-feedback.md
@@ -1,7 +1,6 @@
 ---
 name: General feedback
-about: For positive or negative feedback on Microsoft docs or Reference Implementation,
-  success stories, etc
+about: For positive or negative feedback on Microsoft Learn or Reference Implementation, success stories, etc
 title: ''
 labels: feedback
 assignees: mosabami

diff --git a/README.md b/README.md
@@ -2,19 +2,19 @@
 
 Azure Landing Zone Accelerators are architectural guidance, reference architecture, reference implementations and automation packaged to deploy workload platforms on Azure at Scale and aligned with industry proven practices.
 
-AKS Landing Zone Accelerator represents the strategic design path and target technical state for an Azure Kubernetes Service (AKS) deployment. This solution provides an architectural approach and reference implementation to prepare landing zone subscriptions for a scalable Azure Kubernetes Service (AKS) cluster. For the architectural guidance, check out [AKS Landing Zone Accelerator](https://docs.microsoft.com/azure/cloud-adoption-framework/scenarios/aks/enterprise-scale-landing-zone) in Microsoft Docs. 
+AKS Landing Zone Accelerator represents the strategic design path and target technical state for an Azure Kubernetes Service (AKS) deployment. This solution provides an architectural approach and reference implementation to prepare landing zone subscriptions for a scalable Azure Kubernetes Service (AKS) cluster. For the architectural guidance, check out [AKS landing zone accelerator](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/app-platform/aks/landing-zone-accelerator) in Microsoft Learn. 
 
 Below is a picture of what a golden state looks like and open source software like flux and traefik integrate well within the AKS ecosystem.
 
 ![Golden state platform foundation with AKS landingzone highlighted in red](./media/aks-eslz-architecture.png)
 
-The AKS Landing Zone Accelerator is only concerned with what gets deployed in the landing zone subscription highlighted by the red box in the picture above. It is assumed that an appropriate platform foundation is already setup which may or may not be the [official ESLZ](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/architecture) platform foundation. This means that policies and governance should already be in place or should be setup after this implementation and are not a part of the scope this reference implementaion. The policies applied to management groups in the hierarchy above the subscription will trickle down to the AKS Landing Zone Accelerator landing zone subscription.
+The AKS Landing Zone Accelerator is only concerned with what gets deployed in the landing zone subscription highlighted by the red box in the picture above. It is assumed that an appropriate platform foundation is already setup which may or may not be the [official ESLZ](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/) platform foundation. This means that policies and governance should already be in place or should be setup after this implementation and are not a part of the scope this reference implementaion. The policies applied to management groups in the hierarchy above the subscription will trickle down to the AKS Landing Zone Accelerator landing zone subscription.
 
 ---
 
 ## Choosing a Deployment Model
 
-The reference implementations are spread across three repos that all build on top of the [AKS Secure Baseline](https://docs.microsoft.com/azure/architecture/reference-architectures/containers/aks/secure-baseline-aks) and Azure Landing Zones.
+The reference implementations are spread across three repos that all build on top of the [AKS baseline reference architecture](https://learn.microsoft.com/azure/architecture/reference-architectures/containers/aks/baseline-aks) and Azure Landing Zones.
 
 1. This one
 1. The [AKS Construction Helper](https://github.com/Azure/Aks-Construction)

diff --git a/SECURITY.md b/SECURITY.md
@@ -4,7 +4,7 @@
 
 Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://learn.microsoft.com/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
 
 ## Reporting Security Issues
 

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/ARM/01-Setup-Hub.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/ARM/01-Setup-Hub.md
@@ -80,7 +80,7 @@ To easily modify manifest files, you will connect to the control plane using Rem
 Prerequisites
 To get started, you need to have done the following steps:
 
-1. Install an OpenSSH compatible SSH client (PuTTY is not supported). https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
+1. Install an OpenSSH compatible SSH client (PuTTY is not supported). <https://learn.microsoft.com/windows-server/administration/openssh/openssh_install_firstuse>
 2. Install Visual Studio Code.
 
 When the Remote-SSH vs code extension is installed you should see the following icon in the lower left screen of your vs code windows

diff --git a/...rivateCluster/ARM/Infrastructure-Deployment/Hub/Templates/aks-eslz-firewall.template.json b/...rivateCluster/ARM/Infrastructure-Deployment/Hub/Templates/aks-eslz-firewall.template.json
@@ -386,7 +386,7 @@
                                 },
                                 {
                                     "name": "ubuntu-security-patches",
-                                    "description": "This address lets the Linux cluster nodes download the required security patches and updates per https://docs.microsoft.com/azure/aks/limit-egress-traffic#optional-recommended-fqdn--application-rules-for-aks-clusters.",
+                                    "description": "This address lets the Linux cluster nodes download the required security patches and updates per https://learn.microsoft.com/azure/aks/limit-egress-traffic#optional-recommended-fqdn--application-rules-for-aks-clusters.",
                                     "sourceIpGroups": [
                                         "[resourceId('Microsoft.Network/ipGroups', variables('aksIpGroupName'))]"
                                     ],
@@ -404,7 +404,7 @@
                                 },
                                 {
                                     "name": "azure-monitor",
-                                    "description": "All required for Azure Monitor for containers per https://docs.microsoft.com/azure/aks/limit-egress-traffic#azure-monitor-for-containers",
+                                    "description": "All required for Azure Monitor for containers per https://learn.microsoft.com/azure/aks/limit-egress-traffic#azure-monitor-for-containers",
                                     "sourceIpGroups": [
                                         "[resourceId('Microsoft.Network/ipGroups', variables('aksIpGroupName'))]"
                                     ],
@@ -424,7 +424,7 @@
                                 },
                                 {
                                     "name": "azure-policy",
-                                    "description": "All required for Azure Policy per https://docs.microsoft.com/azure/aks/limit-egress-traffic#azure-policy",
+                                    "description": "All required for Azure Policy per https://learn.microsoft.com/azure/aks/limit-egress-traffic#azure-policy",
                                     "sourceIpGroups": [
                                         "[resourceId('Microsoft.Network/ipGroups', variables('aksIpGroupName'))]"
                                     ],

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Apps/RatingsApp/README.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Apps/RatingsApp/README.md
@@ -1,30 +1,33 @@
 # Deploying the Workload
-A suggested example workload for the cluster is detailed in this MS Learning Workshop https://docs.microsoft.com/en-us/learn/modules/aks-workshop/. 
 
 To deploy this workload, you will need to be able to access the Azure Container Registry that was deployed as part of the supporting infrastructure for AKS.  The container registry was configured to only be accessible from a build agent on the private network. 
 
 If you use the Dev Server for this, the following tools must be installed:
+
 1. Azure CLI
+
+```bash
 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+```
 
 2. Docker CLI
+
+```bash
 apt install docker.io
+```
 
 You will need to clone the following repos:
 
-1. The public repo for the Fruit Smoothie API.  
+1. The public repo for the Fruit Smoothie API.
+
+```bash
 git clone https://github.com/MicrosoftDocs/mslearn-aks-workshop-ratings-api.git
+```
 
 2. The public repo for the Fruit Smootie Web Frontend:
+
+```bash
 git clone https://github.com/MicrosoftDocs/mslearn-aks-workshop-ratings-web.git
+```
 
 3. This repo, for the application code  - /Enterprise-Scale-for-AKS/Scenarios/Secure-Baseline/Apps/RatingsApp
-
-
-
-
-
-
-
-
-
diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/02-AAD/ad_groups.ps1 b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/02-AAD/ad_groups.ps1
@@ -16,5 +16,5 @@ if($isInstalled){
     New-AzADGroup -DisplayName $aksops -MailNickname $aksops
 }
 else {
-    Write-Output "Azuer Powershell not installed. Installation steps in: https://docs.microsoft.com/en-us/powershell/azure/install-az-ps"
+    Write-Output "Azuer Powershell not installed. Installation steps in: https://learn.microsoft.com/powershell/azure/install-az-ps"
 }
diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/02-aad.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/02-aad.md
@@ -4,24 +4,24 @@ This is the starting point for the instructions on deploying the [AKS Baseline p
 
 ## Steps
 
-1. Latest [Azure CLI installed](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) (must be at least 2.37), or you can perform this from Azure Cloud Shell by clicking below.
+1. Latest [Azure CLI installed](https://learn.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) (must be at least 2.37), or you can perform this from Azure Cloud Shell by clicking below.
 1. An Azure subscription.
 
    The subscription used in this deployment cannot be a [free account](https://azure.microsoft.com/free); it must be a standard EA, pay-as-you-go, or Visual Studio benefit subscription. This is because the resources deployed here are beyond the quotas of free subscriptions.
 
    > :warning: The user or service principal initiating the deployment process _must_ have the following minimal set of Azure Role-Based Access Control (RBAC) roles:
    >
-   > * [Contributor role](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) is _required_ at the subscription level to have the ability to create resource groups and perform deployments.
-   > * [User Access Administrator role](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#user-access-administrator) is _required_ at the subscription level since you'll be performing role assignments to managed identities across various resource groups.
+   > * [Contributor role](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) is _required_ at the subscription level to have the ability to create resource groups and perform deployments.
+   > * [User Access Administrator role](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#user-access-administrator) is _required_ at the subscription level since you'll be performing role assignments to managed identities across various resource groups.
 
 1. **This step only applies if you are creating a new AAD group for this deployment. If you have one already existing and you are a part of it, you can skip this prerequisite, and the remaining steps in this page, move on to the next page by clicking on the link at the bottom**. 
 
    An Azure AD tenant to associate your Kubernetes RBAC Cluster API authentication to.
 
    > :warning: The user or service principal initiating the deployment process _must_ have the following minimal set of Azure AD permissions assigned:
    >
-   > * Azure AD [User Administrator](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#user-administrator-permissions) is _required_ to create a "break glass" AKS admin Active Directory Security Group and User. Alternatively, you could get your Azure AD admin to create this for you when instructed to do so.
-   >   * If you are not part of the User Administrator group in the tenant associated to your Azure subscription, please consider [creating a new tenant](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant#create-a-new-tenant-for-your-organization) to use while evaluating this implementation. The Azure AD tenant backing your cluster's API RBAC does NOT need to be the same tenant associated with your Azure subscription.
+   > * Azure AD [User Administrator](https://learn.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#user-administrator-permissions) is _required_ to create a "break glass" AKS admin Active Directory Security Group and User. Alternatively, you could get your Azure AD admin to create this for you when instructed to do so.
+   >   * If you are not part of the User Administrator group in the tenant associated to your Azure subscription, please consider [creating a new tenant](https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant#create-a-new-tenant-for-your-organization) to use while evaluating this implementation. The Azure AD tenant backing your cluster's API RBAC does NOT need to be the same tenant associated with your Azure subscription.
 
 # Create Azure Active Directory Groups for AKS
 
@@ -48,9 +48,11 @@ az ad group create --display-name $aksops --mail-nickname $aksops
 ```
 
 # [PowerShell](#tab/PowerShell)
-Running the command to create the new AAD groups requires the New-AzADGroup cmdlet. More details can be found [here](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-7.0.0).
+
+Running the command to create the new AAD groups requires the New-AzADGroup cmdlet. More details can be found [here](https://learn.microsoft.com/powershell/azure/install-az-ps).
 
 Install New-AzADGroup cmdlet
+
 ```azurepowershell
 Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
 Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/06-aks-cluster.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/06-aks-cluster.md
@@ -25,13 +25,13 @@ if not enter the command below to enable it
 az feature register --namespace "Microsoft.ContainerService" --name "AKS-AzureKeyVaultSecretsProvider"
 ```
 
-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list](https://docs.microsoft.com/en-us/cli/azure/feature#az_feature_list) command:
+It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list](https://learn.microsoft.com/cli/azure/feature#az_feature_list) command:
 
 ```bash
 az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AKS-AzureKeyVaultSecretsProvider')].{Name:name,State:properties.state}"
 ```
 
-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register](https://docs.microsoft.com/en-us/cli/azure/provider#az_provider_register) command:
+When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register](https://learn.microsoft.com/cli/azure/provider#az_provider_register) command:
 
 ```bash
 az provider register --namespace Microsoft.ContainerService
@@ -76,7 +76,7 @@ Review "**parameters-main.json**" file and update the values as required. Please
    > * Admin group which will grant the role "Azure Kubernetes Service Cluster Admin Role". The parameter name is: *aksadminaccessprincipalId*.
    > * Dev/User group which will grant "Azure Kubernetes Service Cluster User Role". The parameter name is: *aksadminaccessprincipalId*.
         
-The Kubernetes community releases minor versions roughly every three months. AKS has it own supportability policy based in the community releases. Before proceeding with the deployment, check the latest version reviewing the [supportability doc](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions). You can also check the latest version by using the following command:
+The Kubernetes community releases minor versions roughly every three months. AKS has it own supportability policy based in the community releases. Before proceeding with the deployment, check the latest version reviewing the [supportability doc](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions). You can also check the latest version by using the following command:
 
 ```azurecli
 az aks get-versions -l <region>
@@ -128,8 +128,8 @@ For the purpose of this deployment when used with kubenet a UDR will be created
 
 It's also possible to use an Azure external solution to watch the scaling operations and auto-update the routes using Azure Automation, Azure Functions or Logic Apps.
 
-[Use kubenet networking with your own IP address ranges in Azure Kubernetes Service (AKS)](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet)
-[Application Gateway infrastructure configuration](https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#supported-user-defined-routes)
+[Use kubenet networking with your own IP address ranges in Azure Kubernetes Service (AKS)](https://learn.microsoft.com/azure/aks/configure-kubenet)
+[Application Gateway infrastructure configuration](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#supported-user-defined-routes)
 
 
 

diff --git a/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/07-workload.md b/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/07-workload.md
@@ -1,6 +1,6 @@
 # Deploy a Basic Workload using the Fruit Smoothie Ratings Application
 
-This application is provided by Microsoft Learning and is used as part of a self-paced Kubernetes training [workshop](https://docs.microsoft.com/en-us/learn/modules/aks-workshop/). You may find reviewing that workshop helpful as it presents some alternative deployment options and features using different architecture requirements. The application consists of a web frontend, an API service and a MongoDB database.
+This application consists of a web frontend, an API service and a MongoDB database.
 
 Because the infrastructure has been deployed in a private AKS cluster setup with private endpoints for the container registry and other components, you will need to perform the application container build and the publishing to the Container Registry from the Dev Jumpbox in the Hub VNET, connecting via the Bastion Host service. If your computer is connected to the hub network, you may be able to just use that as well. The rest of the steps can be performed on your local machine by using AKS Run commands which allow access into private clusters using RBAC. This will help with improving security and will provide a more user-friendly way of editing YAML files.