Updates from: 02/28/2024 02:15:49
Service Microsoft Docs article Related commit history on GitHub Change details
ai-services Azure Kubernetes Recipe https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/containers/azure-kubernetes-recipe.md
Previously updated : 01/10/2022 Last updated : 02/26/2024 ms.devlang: azurecli
ai-services Configure Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/configure-containers.md
Title: Configure containers - Language service
description: Language service provides each container with a common configuration framework, so that you can easily configure and manage storage, logging and telemetry, and security settings for your containers. #-+ - ignite-2023 Last updated 12/19/2023-+ # Configure Language service docker containers
ai-services Multi Region Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/custom-features/multi-region-deployment.md
Title: Deploy custom language projects to multiple regions in Azure AI Language
description: Learn about deploying your language projects to multiple regions. #-+ Last updated 12/19/2023-+
ai-services Project Versioning https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/custom-features/project-versioning.md
Title: Conversational Language Understanding Project Versioning
description: Learn how versioning works in conversational language understanding #-+ Last updated 12/19/2023-+
ai-services Data Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/data-limits.md
Title: Data limits for Language service features
description: Data and service limitations for Azure AI Language features. #-+ Last updated 12/19/2023-+ # Service limits for Azure AI Language
ai-services Developer Guide https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/developer-guide.md
Title: Use the Language SDK and REST API
description: Learn about how to integrate the Language service SDK and REST API into your applications. #-+ Last updated 12/19/2023-+ # SDK and REST developer guide for the Language service
ai-services Encryption Data At Rest https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/encryption-data-at-rest.md
Title: Language service encryption of data at rest description: Learn how the Language service encrypts your data when it's persisted to the cloud. -+ Last updated 12/19/2023-+ #Customer intent: As a user of the Language service, I want to learn how encryption at rest works.
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/language-support.md
Title: Language support for language features
description: This article explains which natural languages are supported by the different features of Azure AI Language. #-+ Last updated 12/19/2023-+ # Language support for Language features
ai-services Migrate Language Service Latest https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/migrate-language-service-latest.md
Title: Migrate to the latest version of Azure AI Language
description: Learn how to move your Text Analytics applications to use the latest version of the Language service. #-+ Last updated 12/19/2023-+ # Migrate to the latest version of Azure AI Language
ai-services Migrate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/migrate.md
Title: "Migrate to Azure AI Language from: LUIS, QnA Maker, and Text Analytics" description: Use this article to learn if you need to migrate your applications from LUIS, QnA Maker, and Text Analytics.-+ Last updated 12/19/2023-+ # Migrating to Azure AI Language
ai-services Model Lifecycle https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/model-lifecycle.md
Title: Model Lifecycle of Language service models
description: This article describes the timelines for models and model versions used by Language service features. #-+ Last updated 01/16/2024-+ # Model lifecycle
ai-services Multilingual Emoji Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/multilingual-emoji-support.md
Title: Multilingual and emoji support in Azure AI Language
description: Learn about offsets caused by multilingual and emoji encodings in Language service features. #-+ Last updated 12/19/2023-+ # Multilingual and emoji support in Language service features
ai-services Previous Updates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/previous-updates.md
Title: Previous language service updates
description: An archive of previous Azure AI Language updates. #-+ Last updated 12/19/2023-+
ai-services Regional Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/regional-support.md
Title: Regional support for Azure AI Language
description: Learn which Azure regions are supported by the Language service. #-+ Last updated 12/19/2023-+
ai-services Role Based Access Control https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/role-based-access-control.md
Title: Role-based access control for the Language service
description: Learn how to use Azure RBAC for managing individual access to Azure resources. #-+ Last updated 12/19/2023-+
ai-services Use Asynchronously https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/concepts/use-asynchronously.md
Title: "How to: Use Language service features asynchronously"
description: Learn how to send Language service API requests asynchronously. #-+ Last updated 12/19/2023-+ # How to use Language service features asynchronously
ai-services App Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/app-architecture.md
Title: When to choose conversational language understanding or orchestration wor
description: Learn when to choose conversational language understanding or orchestration workflow #-+ Last updated 12/19/2023-+
ai-services Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/best-practices.md
Title: Conversational language understanding best practices
description: Apply best practices when using conversational language understanding #-+ Last updated 12/19/2023-+
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/data-formats.md
Title: conversational language understanding data formats
description: Learn about the data formats accepted by conversational language understanding. #-+ Last updated 12/19/2023-+
ai-services Entity Components https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/entity-components.md
Title: Entity components in Conversational Language Understanding
description: Learn how Conversational Language Understanding extracts entities from text #-+ Last updated 12/19/2023-+
ai-services Evaluation Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/evaluation-metrics.md
Title: Conversational Language Understanding evaluation metrics
description: Learn about evaluation metrics in Conversational Language Understanding #-+ Last updated 12/19/2023-+
ai-services Multiple Languages https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/multiple-languages.md
Title: Multilingual projects
description: Learn about which how to make use of multilingual projects in conversational language understanding #-+ Last updated 12/19/2023-+ # Multilingual projects
ai-services None Intent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/concepts/none-intent.md
Title: Conversational Language Understanding None Intent
description: Learn about the default None intent in conversational language understanding #-+ Last updated 12/19/2023-+
ai-services Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/faq.md
Title: Frequently Asked Questions
description: Use this article to quickly get the answers to FAQ about conversational language understanding #-+ Last updated 12/19/2023-+
ai-services Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/glossary.md
Title: Definitions used in conversational language understanding
description: Learn about definitions used in conversational language understanding. #-+ Last updated 12/19/2023-+
ai-services Build Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/build-schema.md
Title: How to build a Conversational Language Understanding project schema
description: Use this article to start building a Conversational Language Understanding project schema #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/call-api.md
Title: Send prediction requests to a conversational language understanding deplo
description: Learn about sending prediction requests for conversational language understanding. #-+ Last updated 12/19/2023-+
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/create-project.md
Title: How to create projects in Conversational Language Understanding
description: Use this article to learn how to create projects in Conversational Language Understanding. #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/deploy-model.md
Title: How to deploy a model for conversational language understanding
description: Use this article to learn how to deploy models for conversational language understanding. #-+ Last updated 12/19/2023-+
ai-services Fail Over https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/fail-over.md
Title: Back up and recover your conversational language understanding models
description: Learn how to save and recover your conversational language understanding models. #-+ Last updated 12/19/2023-+
ai-services Migrate From Luis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/migrate-from-luis.md
Title: Conversational Language Understanding backwards compatibility
description: Learn about backwards compatibility between LUIS and Conversational Language Understanding #-+ Last updated 12/19/2023-+
ai-services Tag Utterances https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/tag-utterances.md
Title: How to tag utterances in Conversational Language Understanding
description: Use this article to tag your utterances in Conversational Language Understanding projects #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/train-model.md
Title: How to train and evaluate models in Conversational Language Understanding
description: Use this article to train a model and view its evaluation details to make improvements. #-+ Last updated 12/19/2023-+
ai-services View Model Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/how-to/view-model-evaluation.md
Title: How to view conversational language understanding models details
description: Use this article to learn about viewing the details for a conversational language understanding model. #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/language-support.md
Title: Conversational language understanding language support
description: This article explains which natural languages are supported by the conversational language understanding feature of Azure AI Language. #-+ Last updated 12/19/2023-+
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/overview.md
Title: Conversational Language Understanding - Azure AI services
description: Customize an AI model to predict the intentions of utterances, and extract important information from them. #-+ Last updated 12/19/2023-+
ai-services Prebuilt Component Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/prebuilt-component-reference.md
Title: Supported prebuilt entity components
description: Learn about which entities can be detected automatically in Conversational Language Understanding #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/quickstart.md
Title: Quickstart - create a conversational language understanding project
description: Quickly start building an AI model to extract information and predict the intentions of text-based utterances. #-+ Last updated 12/19/2023-+ zone_pivot_groups: usage-custom-language-features
ai-services Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/service-limits.md
Title: Conversational Language Understanding limits
description: Learn about the data, region, and throughput limits for Conversational Language Understanding #-+ Last updated 12/19/2023-+
ai-services Bot Framework https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/conversational-language-understanding/tutorials/bot-framework.md
Title: Add natural language understanding to your bot in Bot Framework SDK using conversational language understanding description: Learn how to train a bot to understand natural language. keywords: conversational language understanding, bot framework, bot, language understanding, nlu--++
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/concepts/data-formats.md
Title: Custom NER data formats
description: Learn about the data formats accepted by custom NER. #-+ Last updated 12/19/2023-+
ai-services Evaluation Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/concepts/evaluation-metrics.md
Title: Custom NER evaluation metrics
description: Learn about evaluation metrics in Custom Named Entity Recognition (NER) #-+ Last updated 12/19/2023-+
ai-services Fail Over https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/fail-over.md
Title: Back up and recover your custom Named Entity Recognition (NER) models
description: Learn how to save and recover your custom NER models. #-+ Last updated 12/19/2023-+
ai-services Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/faq.md
Title: Custom Named Entity Recognition (NER) FAQ
description: Learn about Frequently asked questions when using custom Named Entity Recognition. #-+ Last updated 12/19/2023-+
ai-services Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/glossary.md
Title: Definitions and terms used for Custom Named Entity Recognition (NER)
description: Definitions and terms you may encounter when building AI models using Custom Named Entity Recognition #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/call-api.md
Title: Send a Named Entity Recognition (NER) request to your custom model
description: Learn how to send requests for custom NER. #-+ Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, python
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/create-project.md
Title: Create custom NER projects and use Azure resources
description: Learn how to create and manage projects and Azure resources for custom NER. #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/deploy-model.md
Title: How to deploy a custom NER model
description: Learn how to deploy a model for custom NER. #-+ Last updated 12/19/2023-+
ai-services Design Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/design-schema.md
Title: Preparing data and designing a schema for custom NER
description: Learn about how to select and prepare data, to be successful in creating custom NER projects. #-+ Last updated 12/19/2023-+
ai-services Tag Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/tag-data.md
Title: How to label your data for Custom Named Entity Recognition (NER)
description: Learn how to label your data for use with Custom Named Entity Recognition (NER). #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/train-model.md
Title: How to train your Custom Named Entity Recognition (NER) model
description: Learn about how to train your model for Custom Named Entity Recognition (NER). #-+ Last updated 12/19/2023-+
ai-services Use Autolabeling https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/use-autolabeling.md
Title: How to use autolabeling in custom named entity recognition
description: Learn how to use autolabeling in custom named entity recognition. #-+ Last updated 12/19/2023-+ # How to use autolabeling for Custom Named Entity Recognition
ai-services Use Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/use-containers.md
Title: Use Docker containers for Custom Named Entity Recognition on-premises
description: Learn how to use Docker containers for Custom Named Entity Recognition on-premises. #-+ Last updated 12/19/2023-+ keywords: on-premises, Docker, container, natural language processing
ai-services View Model Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/how-to/view-model-evaluation.md
Title: Evaluate a Custom Named Entity Recognition (NER) model
description: Learn how to evaluate and score your Custom Named Entity Recognition (NER) model #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/language-support.md
Title: Language and region support for custom named entity recognition
description: Learn about the languages and regions supported by custom named entity recognition. #-+ Last updated 12/19/2023 -+ # Language support for custom named entity recognition
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/overview.md
Title: Custom named entity recognition - Azure AI services
description: Customize an AI model to label and extract information from documents using Azure AI services. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/quickstart.md
Title: Quickstart - Custom named entity recognition (NER)
description: Quickly start building an AI model to categorize and extract information from unstructured text. #-+ Last updated 12/19/2023-+ zone_pivot_groups: usage-custom-language-features
ai-services Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-named-entity-recognition/service-limits.md
Title: Custom Named Entity Recognition (NER) service limits
description: Learn about the data and service limits when using Custom Named Entity Recognition (NER). #-+ Last updated 12/19/2023-+
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/concepts/data-formats.md
Title: Custom Text Analytics for health data formats
description: Learn about the data formats accepted by custom text analytics for health. #-+ Last updated 12/19/2023-+
ai-services Entity Components https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/concepts/entity-components.md
Title: Entity components in custom Text Analytics for health
description: Learn how custom Text Analytics for health extracts entities from text #-+ Last updated 12/19/2023-+
ai-services Evaluation Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/concepts/evaluation-metrics.md
Title: Custom text analytics for health evaluation metrics
description: Learn about evaluation metrics in custom Text Analytics for health #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/call-api.md
Title: Send a custom Text Analytics for health request to your custom model
description: Learn how to send a request for custom text analytics for health. #-+ Last updated 12/19/2023-+ ms.devlang: http
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/create-project.md
Title: Using Azure resources in custom Text Analytics for health
description: Learn about the steps for using Azure resources with custom text analytics for health. #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/deploy-model.md
Title: Deploy a custom Text Analytics for health model
description: Learn about deploying a model for custom Text Analytics for health. #-+ Last updated 12/19/2023-+
ai-services Design Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/design-schema.md
Title: Preparing data and designing a schema for custom Text Analytics for healt
description: Learn about how to select and prepare data, to be successful in creating custom TA4H projects. #-+ Last updated 12/19/2023-+
ai-services Fail Over https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/fail-over.md
Title: Back up and recover your custom Text Analytics for health models
description: Learn how to save and recover your custom Text Analytics for health models. #-+ Last updated 12/19/2023-+
ai-services Label Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/label-data.md
Title: How to label your data for custom Text Analytics for health
description: Learn how to label your data for use with custom Text Analytics for health. #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/train-model.md
Title: How to train your custom Text Analytics for health model
description: Learn about how to train your model for custom Text Analytics for health. #-+ Last updated 12/19/2023-+
ai-services View Model Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/how-to/view-model-evaluation.md
Title: Evaluate a Custom Text Analytics for health model
description: Learn how to evaluate and score your Custom Text Analytics for health model #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/language-support.md
Title: Language and region support for custom Text Analytics for health
description: Learn about the languages and regions supported by custom Text Analytics for health #-+ Last updated 12/19/2023 -+ # Language support for custom text analytics for health
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/overview.md
Title: Custom Text Analytics for health - Azure AI services
description: Customize an AI model to label and extract healthcare information from documents using Azure AI services. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/quickstart.md
Title: Quickstart - Custom Text Analytics for health (Custom TA4H)
description: Quickly start building an AI model to categorize and extract information from healthcare unstructured text. #-+ Last updated 12/19/2023-+ zone_pivot_groups: usage-custom-language-features
ai-services Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/reference/glossary.md
Title: Definitions used in custom Text Analytics for health
description: Learn about definitions used in custom Text Analytics for health #-+ Last updated 12/19/2023-+
ai-services Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-analytics-for-health/reference/service-limits.md
Title: Custom Text Analytics for health service limits
description: Learn about the data and service limits when using Custom Text Analytics for health. #-+ Last updated 12/19/2023-+
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/concepts/data-formats.md
Title: Custom text classification data formats
description: Learn about the data formats accepted by custom text classification. #-+ Last updated 12/19/2023-+
ai-services Evaluation Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/concepts/evaluation-metrics.md
Title: Custom text classification evaluation metrics
description: Learn about evaluation metrics in custom text classification. #-+ Last updated 12/19/2023-+
ai-services Fail Over https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/fail-over.md
Title: Back up and recover your custom text classification models
description: Learn how to save and recover your custom text classification models. #-+ Last updated 12/19/2023-+
ai-services Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/faq.md
Title: Custom text classification FAQ
description: Learn about Frequently asked questions when using the custom text classification API. #-+ Last updated 12/19/2023-+
ai-services Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/glossary.md
Title: Definitions used in custom text classification
description: Learn about definitions used in custom text classification. #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/call-api.md
Title: Send a text classification request to your custom model
description: Learn how to send requests for custom text classification. #-+ Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, python
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/create-project.md
Title: How to create custom text classification projects
description: Learn about the steps for using Azure resources with custom text classification. #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/deploy-model.md
Title: How to deploy a custom text classification model
description: Learn how to deploy a model for custom text classification. #-+ Last updated 12/19/2023-+
ai-services Design Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/design-schema.md
Title: How to prepare data and define a custom classification schema
description: Learn about data selection, preparation, and creating a schema for custom text classification projects. #-+ Last updated 12/19/2023-+
ai-services Tag Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/tag-data.md
Title: How to label your data for custom classification - Azure AI services
description: Learn about how to label your data for use with the custom text classification. #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/train-model.md
Title: How to train your custom text classification model - Azure AI services
description: Learn about how to train your model for custom text classification. #-+ Last updated 12/19/2023-+
ai-services Use Autolabeling https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/use-autolabeling.md
Title: How to use autolabeling in custom text classification
description: Learn how to use autolabeling in custom text classification. #-+ Last updated 12/19/2023-+ # How to use autolabeling for Custom Text Classification
ai-services View Model Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/how-to/view-model-evaluation.md
Title: View a custom text classification model evaluation - Azure AI services
description: Learn how to view the evaluation scores for a custom text classification model #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/language-support.md
Title: Language support in custom text classification
description: Learn about which languages are supported by custom text classification. #-+ Last updated 12/19/2023-+
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/overview.md
Title: Custom text classification - Azure AI services
description: Customize an AI model to classify documents and other content using Azure AI services. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/quickstart.md
Title: Quickstart - Custom text classification
description: Quickly start building an AI model to identify and apply labels (classify) unstructured text. #-+ Last updated 12/19/2023-+ zone_pivot_groups: usage-custom-language-features
ai-services Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/service-limits.md
Title: Custom text classification limits
description: Learn about the data and rate limits when using custom text classification. #-+ Last updated 12/19/2023 -+
ai-services Triage Email https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/tutorials/triage-email.md
Title: Triage incoming emails with Power Automate
description: Learn how to use custom text classification to categorize and triage incoming emails with Power Automate #-+ Last updated 12/19/2023-+ # Tutorial: Triage incoming emails with power automate
ai-services Azure Machine Learning Labeling https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom/azure-machine-learning-labeling.md
Title: Use Azure Machine Learning labeling in Language Studio
description: Learn how to label your data in Azure Machine Learning, and import it for use in the Language service. #-+ Last updated 12/19/2023-+ # Use Azure Machine Learning labeling in Language Studio
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/entity-linking/how-to/call-api.md
Title: How to call the entity linking API
description: Learn how to identify and link entities found in text with the entity linking API. #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/entity-linking/language-support.md
Title: Language support for key phrase analysis
description: A list of natural languages supported by the entity linking API #-+ Last updated 12/19/2023-+
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/entity-linking/overview.md
Title: What is entity linking in Azure AI Language?
description: An overview of entity linking in Azure AI services, which helps you extract entities from text, and provides links to an online knowledge base. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/entity-linking/quickstart.md
Title: "Quickstart: Entity linking using the client library and REST API"
description: 'Use this quickstart to perform Entity Linking, using C#, Python, Java, JavaScript, and the REST API.' #-+ Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, java, javascript, python
ai-services Language Studio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/language-studio.md
Title: "Quickstart: Get started with Language Studio" description: Use this article to learn about Language Studio, and testing features of Azure AI Language--++ Last updated 12/19/2023
ai-services Use Native Documents https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/native-document-support/use-native-documents.md
> * Azure AI Language public preview releases provide early access to features that are in active development. > * Features, approaches, and processes may change, prior to General Availability (GA), based on user feedback.
-Azure AI Language is a cloud-based service that applies Natural Language Processing (NLP) features to text-based data. The native document support capability enables you to send API requests asynchronously, using an HTTP POST request body to send your data and HTTP GET request query string to retrieve the processed data.
+Azure AI Language is a cloud-based service that applies Natural Language Processing (NLP) features to text-based data. The native document support capability enables you to send API requests asynchronously, using an HTTP POST request body to send your data and HTTP GET request query string to retrieve the status results. Your processed documents are located in your Azure Blob Storage target container.
A native document refers to the file format used to create the original document such as Microsoft Word (docx) or a portable document file (pdf). Native document support eliminates the need for text preprocessing before using Azure AI Language resource capabilities. Currently, native document support is available for the following capabilities:
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/concepts/data-formats.md
Title: Orchestration workflow data formats
description: Learn about the data formats accepted by orchestration workflow. #-+ Last updated 12/19/2023-+
ai-services Evaluation Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/concepts/evaluation-metrics.md
Title: Orchestration workflow model evaluation metrics
description: Learn about evaluation metrics in orchestration workflow #-+ Last updated 12/19/2023-+
ai-services Fail Over https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/concepts/fail-over.md
Title: Save and recover orchestration workflow models
description: Learn how to save and recover your orchestration workflow models. #-+ Last updated 12/19/2023-+
ai-services None Intent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/concepts/none-intent.md
Title: Orchestration workflow none intent
description: Learn about the default None intent in orchestration workflow. #-+ Last updated 12/19/2023-+
ai-services Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/faq.md
Title: Frequently Asked Questions for orchestration projects
description: Use this article to quickly get the answers to FAQ about orchestration projects #-+ Last updated 12/19/2023-+
ai-services Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/glossary.md
Title: Definitions used in orchestration workflow
description: Learn about definitions used in orchestration workflow. #-+ Last updated 12/19/2023-+
ai-services Build Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/build-schema.md
Title: How to build an orchestration project schema
description: Learn how to define intents for your orchestration workflow project. #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/call-api.md
Title: How to send requests to orchestration workflow
description: Learn about sending requests for orchestration workflow. #-+ Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, python
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/create-project.md
Title: Create orchestration workflow projects and use Azure resources
description: Use this article to learn how to create projects in orchestration workflow #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/deploy-model.md
Title: How to deploy an orchestration workflow project
description: Learn about deploying orchestration workflow projects. #-+ Last updated 12/19/2023-+
ai-services Tag Utterances https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/tag-utterances.md
Title: How to tag utterances in an orchestration workflow project
description: Use this article to tag utterances #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/train-model.md
Title: How to train and evaluate models in orchestration workflow
description: Learn how to train a model for orchestration workflow projects. #-+ Last updated 12/19/2023-+
ai-services View Model Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/how-to/view-model-evaluation.md
Title: How to view orchestration workflow models details
description: Learn how to view details for your model and evaluate its performance. #-+ Last updated 12/19/2023-+
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/language-support.md
Title: Language support for orchestration workflow
description: Learn about the languages supported by orchestration workflow. #-+ Last updated 12/19/2023 -+ # Language support for orchestration workflow projects
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/overview.md
Title: Orchestration workflows - Azure AI services
description: Customize an AI model to connect your Conversational Language Understanding, question answering and LUIS applications. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/quickstart.md
Title: Quickstart - Orchestration workflow
description: Quickly start creating an AI model to connect your Conversational Language Understanding, question answering and LUIS applications. #-+ Last updated 12/19/2023-+ zone_pivot_groups: usage-custom-language-features
ai-services Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/service-limits.md
Title: Orchestration workflow limits
description: Learn about the data, region, and throughput limits for Orchestration workflow #-+ Last updated 12/19/2023-+
ai-services Connect Services https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/orchestration-workflow/tutorials/connect-services.md
Title: Integrate custom question answering and conversational language understanding with orchestration workflow description: Learn how to connect different projects with orchestration workflow. keywords: conversational language understanding, bot framework, bot, language understanding, nlu--++
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/overview.md
Title: What is Azure AI Language
description: Learn how to integrate AI into your applications that can extract information and understand written language. #-+ Last updated 12/19/2023-+ # What is Azure AI Language?
ai-services Data Formats https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/concepts/data-formats.md
Title: Custom sentiment analysis data formats
description: Learn about the data formats accepted by custom sentiment analysis. #-+ Last updated 12/19/2023-+
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/call-api.md
Title: Send a Custom sentiment analysis request to your custom model
description: Learn how to send requests for Custom sentiment analysis. #-+ Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, python
ai-services Create Project https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/create-project.md
Title: How to create Custom sentiment analysis projects
description: Learn about the steps for using Azure resources with Custom sentiment analysis. #-+ Last updated 12/19/2023-+
ai-services Deploy Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/deploy-model.md
Title: Deploy a Custom sentiment analysis model
description: Learn about deploying a model for Custom sentiment analysis. #-+ Last updated 12/19/2023-+
ai-services Design Schema https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/design-schema.md
Title: How to prepare data and define a custom sentiment analysis schema
description: Learn about data selection and preparation for custom sentient analysis projects. #-+ Last updated 12/19/2023-+
ai-services Label Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/label-data.md
Title: How to label your data for Custom sentiment analysis - Azure AI services
description: Learn about how to label your data for use with the custom Sentiment analysis. #-+ Last updated 12/19/2023-+
ai-services Train Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/train-model.md
Title: How to train your Custom sentiment analysis model - Azure AI services
description: Learn about how to train your model for Custom sentiment analysis. #-+ Last updated 12/19/2023-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/quickstart.md
Title: Quickstart - Custom sentiment analysis
description: Quickly start building an AI model to identify the sentiment of text. #-+ Last updated 01/25/2024-+ zone_pivot_groups: usage-custom-language-features
ai-services Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/how-to/call-api.md
Title: How to perform sentiment analysis and opinion mining
description: This article will show you how to detect sentiment, and mine for opinions in text. #-+ Last updated 12/19/2023-+
ai-services Use Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/how-to/use-containers.md
Title: Install and run Docker containers for Sentiment Analysis
description: Use the Docker containers for the Sentiment Analysis API to perform natural language processing such as sentiment analysis, on-premises. #-+ Last updated 12/19/2023-+ keywords: on-premises, Docker, container, sentiment analysis, natural language processing
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/language-support.md
Title: Sentiment Analysis and Opinion Mining language support
description: This article explains which languages are supported by the Sentiment Analysis and Opinion Mining features of the Language service. #-+ Last updated 12/19/2023-+
ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/overview.md
Title: What is sentiment analysis and opinion mining in the Language service?
description: An overview of the sentiment analysis feature in Azure AI services, which helps you find out what people think of a topic by mining text for clues. #-+ Last updated 01/25/2024-+
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/quickstart.md
Title: "Quickstart: Use the Sentiment Analysis client library and REST API"
description: Use this quickstart to start using the Sentiment Analysis API. #-+ Last updated 01/25/2024-+ ms.devlang: csharp # ms.devlang: csharp, java, javascript, python
ai-services Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/summarization/quickstart.md
Last updated 12/19/2023-+ ms.devlang: csharp # ms.devlang: csharp, java, javascript, python
ai-services Power Automate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/tutorials/power-automate.md
Title: Use Language service in power automate
description: Learn how to use Azure AI Language in power automate, without writing code. #-+ Last updated 12/19/2023-+
ai-services Use Kubernetes Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/tutorials/use-kubernetes-service.md
Title: Deploy a key phrase extraction container to Azure Kubernetes Service
description: Deploy a key phrase extraction container image to Azure Kubernetes Service, and test it in a web browser. #-+ Last updated 12/19/2023-+
ai-services Whats New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/whats-new.md
Title: What's new in Azure AI Language?
description: Find out about new releases and features for the Azure AI Language. #-+ Previously updated : 01/31/2024- Last updated : 02/26/2024+ # What's new in Azure AI Language?
ai-services Use Your Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/concepts/use-your-data.md
Previously updated : 01/09/2023 Last updated : 02/26/2024 recommendations: false
If you're using your own index, you will be prompted in the Azure OpenAI Studio
In this example, the fields mapped to **Content data** and **Title** provide information to the model to answer questions. **Title** is also used to title citation text. The field mapped to **File name** generates the citation names in the response.
-Mapping these fields correctly helps ensure the model has better response and citation quality. You can additionally configure this [in the API](../reference.md#completions-extensions) using the `fieldsMapping` parameter.
+Mapping these fields correctly helps ensure the model has better response and citation quality. You can additionally configure this [in the API](../references/on-your-data.md) using the `fieldsMapping` parameter.
+
+### Search filter (API)
+
+If you want to implement additional value-based criteria for query execution, you can set up a search filter using the `filter` parameter in the [REST API](../references/azure-search.md).
+ # [Azure Cosmos DB for MongoDB vCore](#tab/mongo-db)
Once you have added the URL/web address for data ingestion, the web pages from y
Data is ingested into Azure AI search using the following process:
-1. Ingestion assets are created in Azure AI Search resource and Azure storage account. Currently these assets are: indexers, indexes, data sources, a [custom skill](/azure/search/cognitive-search-custom-skill-interface) in the search resource, and a container (later called the chunks container) in the Azure storage account. You can specify the input Azure storage container using the [Azure OpenAI studio](https://oai.azure.com/), or the [ingestion API (preview)](../reference.md#start-an-ingestion-job-preview).
+1. Ingestion assets are created in Azure AI Search resource and Azure storage account. Currently these assets are: indexers, indexes, data sources, a [custom skill](/azure/search/cognitive-search-custom-skill-interface) in the search resource, and a container (later called the chunks container) in the Azure storage account. You can specify the input Azure storage container using the [Azure OpenAI studio](https://oai.azure.com/), or the [ingestion API (preview)](/rest/api/azureopenai/ingestion-jobs).
2. Data is read from the input container, contents are opened and chunked into small chunks with a maximum of 1,024 tokens each. If vector search is enabled, the service calculates the vector representing the embeddings on each chunk. The output of this step (called the "preprocessed" or "chunked" data) is stored in the chunks container created in the previous step.
Use the following sections to learn how to improve the quality of responses give
### Runtime parameters
-You can modify the following additional settings in the **Data parameters** section in Azure OpenAI Studio and [the API](../reference.md#completions-extensions). You don't need to reingest your data when you update these parameters.
+You can modify the following additional settings in the **Data parameters** section in Azure OpenAI Studio and [the API](../references/on-your-data.md). You don't need to reingest your data when you update these parameters.
|Parameter name | Description |
You can modify the following additional settings in the **Data parameters** sect
You can define a system message to steer the model's reply when using Azure OpenAI On Your Data. This message allows you to customize your replies on top of the retrieval augmented generation (RAG) pattern that Azure OpenAI On Your Data uses. The system message is used in addition to an internal base prompt to provide the experience. To support this, we truncate the system message after a specific [number of tokens](#token-usage-estimation-for-azure-openai-on-your-data) to ensure the model can answer questions using your data. If you are defining extra behavior on top of the default experience, ensure that your system prompt is detailed and explains the exact expected customization.
-Once you select add your dataset, you can use the **System message** section in the Azure OpenAI Studio, or the `roleInformation` [parameter in the API](../reference.md#completions-extensions).
+Once you select add your dataset, you can use the **System message** section in the Azure OpenAI Studio, or the `roleInformation` [parameter in the API](../references/on-your-data.md).
:::image type="content" source="../media/use-your-data/system-message.png" alt-text="A screenshot showing the system message option in Azure OpenAI Studio." lightbox="../media/use-your-data/system-message.png":::
ai-services Use Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/use-web-app.md
Along with Azure OpenAI Studio, APIs and SDKs, you can also use the available st
## Web app customization
-You can customize the app's frontend and backend logic. For example, you could change the icon that appears in the center of the app by updating `/frontend/src/assets/Contoso.svg` and then redeploying the app [using the Azure CLI](https://github.com/microsoft/sample-app-aoai-chatGPT#deploy-with-the-azure-cli). See the source code for the web app, and more information on [GitHub](https://github.com/microsoft/sample-app-aoai-chatGPT).
+You can customize the app's frontend and backend logic. The app provides several [environment variables](https://github.com/microsoft/sample-app-aoai-chatGPT#common-customization-scenarios-eg-updating-the-default-chat-logo-and-headers) for common customization scenarios such as changing the icon in the app. See the source code for the web app, and more information on [GitHub](https://github.com/microsoft/sample-app-aoai-chatGPT).
When customizing the app, we recommend:
When customizing the app, we recommend:
- When you rotate API keys for your Azure OpenAI or Azure AI Search resource, be sure to update the app settings for each of your deployed apps to use the new keys.
-Sample source code for Azure OpenAI On Your Data web app is available on [GitHub](https://github.com/microsoft/sample-app-aoai-chatGPT). Source code is provided "as is" and as a sample only. Customers are responsible for all customization and implementation of their web apps using Azure OpenAI On Your Data.
+Sample source code for the web app is available on [GitHub](https://github.com/microsoft/sample-app-aoai-chatGPT). Source code is provided "as is" and as a sample only. Customers are responsible for all customization and implementation of their web apps.
### Updating the web app
ai-services Quotas Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/quotas-limits.md
- ignite-2023 - references_regions Previously updated : 02/06/2024 Last updated : 02/27/2024
The default quota for models varies by model and region. Default quota limits ar
| Region | Text-Embedding-Ada-002 | text-embedding-3-small | text-embedding-3-large | GPT-35-Turbo | GPT-35-Turbo-1106 | GPT-35-Turbo-16K | GPT-35-Turbo-Instruct | GPT-4 | GPT-4-32K | GPT-4-Turbo | GPT-4-Turbo-V | Babbage-002 | Babbage-002 - finetune | Davinci-002 | Davinci-002 - finetune | GPT-35-Turbo - finetune | GPT-35-Turbo-1106 - finetune | |:--|:-|:-|:-|:|:--|:-|:|:--|:|:--|:-|:--|:-|:--|:-|:--|:-|
-| australiaeast | 350 K | - | - | 300 K | 120 K | 300 K | - | 40 K | 80 K | 80 K | - | - | - | - | - | - | - |
+| australiaeast | 350 K | - | - | 300 K | 120 K | 300 K | - | 40 K | 80 K | 80 K | 30 K | - | - | - | - | - | - |
| brazilsouth | 350 K | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | | canadaeast | 350 K | 350 K | 350 K | 300 K | 120 K | 300 K | - | 40 K | 80 K | 80 K | - | - | - | - | - | - | - | | eastus | 240 K | 350 K | 350 K | 240 K | - | 240 K | 240 K | - | - | 80 K | - | - | - | - | - | - | - |
The default quota for models varies by model and region. Default quota limits ar
| westeurope | 240 K | - | - | 240 K | - | - | - | - | - | - | - | - | - | - | - | - | - | | westus | 350 K | - | - | - | 120 K | - | - | - | - | 80 K | 30 K | - | - | - | - | - | - | - ### General best practices to remain within rate limits To minimize issues related to rate limits, it's a good idea to use the following techniques:
ai-services Custom Avatar Record Video Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/text-to-speech-avatar/custom-avatar-record-video-samples.md
Title: How to record video samples for custom text to speech avatar - Speech service
-description: Learn how to prepare high-quality video samples for creating a custom text to speech avatar
+description: Learn how to prepare high-quality video samples for creating a custom text to speech avatar.
keywords: how to record video samples for custom text to speech avatar
This article provides instructions on preparing high-quality video samples for creating a custom text to speech avatar.
-Custom text to speech avatar model building requires training on a video recording of a real human speaking. This person is the avatar talent. You must get sufficient consent under all relevant laws and regulations from the avatar talent to create a custom avatar from their talent's image or likeness.
+Custom text to speech avatar model building requires training on a video recording of a real human speaking. This person is the avatar talent. You must get sufficient consent under all relevant laws and regulations from the avatar talent to create a custom avatar from their talent's image or likeness. Refer to [Get consent file from the avatar talent](custom-avatar-create.md#get-consent-file-from-the-avatar-talent) to learn requirement of consent statement video.
## Recording environment -- We recommend recording in a professional video shooting studio or a well-lit place with a clean background.-- The background of the video should be clean, smooth, pure-colored, and a green screen is the best choice.-- Ensure even and bright lighting on the actor's face, avoiding shadows on face or reflections on actor's glasses and clothes.-- Camera requirement: A minimum of 1080-P resolution and 36 FPS.-- Other devices: You can use a teleprompter to remind the script during recording but ensure it doesn't affect the actor's gaze towards the camera. Provide a seat if the avatar needs to be in a sitting position.
+We recommend recording in a professional video shooting studio or a well-lit place.
-## Appearance of the actor
+### Background requirement
-The custom text to speech avatar doesn't support customization of clothes or looks. Therefore, it's essential to carefully design and prepare the avatar's appearance when recording the training data. Consider the following tips:
+- If you need a commercial, multi-scene avatar, the background of the video should be clean, smooth, pure-colored, and a green screen is the best choice.
+- If your avatar only needs to be used in a single scene, you can select a specific scene to record (such as in your office), but the background can't be subtracted and changed.
+- Tips about using a pure-colored background (such as green screen) in shooting:
+
+ | Dos | Don'ts |
+ |--|--|
+ | - A green screen is set behind your back, and if your avatar video shows the full body of the actor, including feet, there should be a green screen under the feet. And the back green screen and floor green screen should be completely connected. <br/>- The green screen should be flat, and the color is uniform.<br/> - The actor should keep 0.5 m ΓÇô 1 m distance away from the back background.<br/>- The green screen can be properly lit to prevent shadows.<br/>- The full outline of the actor is within the edge of the green screen.| - The actor shouldn't stand too close to the green screen.<br/>- Avoid the actorΓÇÖs head and hands spilling out of the green screen when speaking.|
+
+### Lighting requirement
+
+- Ensure even and bright lighting on the actor's face, avoiding shadows on the face or reflections on actor's glasses and clothes.
+- Try to avoid the impact of changes in ambient light on actors. It's recommended to turn off the projector, close the curtains to avoid daylight changes, and use a stable artificial light source, etc.
-- The actor's hair should have a smooth and glossy surface, avoiding messy hair or backgrounds showing through the hair.
+### Devices
+
+- Camera requirement: A minimum of 1080-P resolution and 25 FPS (frames per second).
+- Don't change the position of light and camera after settling down during the whole video shooting.
+- You can use a teleprompter to remind the script during recording but ensure it doesn't affect the actor's gaze towards the camera. Provide a seat if the avatar needs to be in a sitting position.
+- For half-length or seated digital avatars, provide a seat for the actor. If you don't want the image of the chair to appear, you can choose a simple chair.
+
+## Appearance of the actor
-- Avoid wearing clothing that is too similar to the background color or reflective materials like white shirts. Avoid clothing with obvious lines or items with logos and brand names you don't want to highlight.
+The custom text to speech avatar doesn't support customization of clothes or looks. Therefore, it's essential to carefully design and prepare the avatar's appearance when recording the training data. Consider the following tips:
-- Ensure the actor's face is clearly visible, not obscured by hair, sunglasses, or accessories.
+| Categories | Dos | Don'ts |
+||-|-|
+| **Hair** | - The actorΓÇÖs hair should have a smooth and glossy surface.</br>- Even the actorΓÇÖs bangs or broken hair should have a clear and smooth border.</br>- Choose a hairstyle that is easy to keep consistent during the whole video recording. | - Avoid messy hair or backgrounds showing through the hair.</br>- Do not let hair block the eyes or eyebrows.</br>- Avoid shadows on the face caused by hairstyle.</br>- Avoid hair changes too much during speech and body gesture. For example, the high ponytail of an actor may appear, disappear, and swing during speaking. |
+| **Clothing** | - Pay attention to clothing status and make sure no significant changes on the clothing during speaking. | - Avoid wearing clothing and accessories that are too loose, heavy, or complex, as they may impact the consistency of clothing status during speaking and body gesture.</br>- Avoid wearing clothing that is too similar to the background color or reflective materials like white shirts or translucent materials.</br>- Avoid clothing with obvious lines or items with logos and brand names you don't want to highlight.</br>- Avoid reflective elements such as metal belts, shiny leather shoes, and leather pants. |
+| **Face** | - Ensure the actor's face is clearly visible. | - Avoid face obscured by hair, sunglasses, or accessories. |
## What video clips to record
You need three types of basic video clips:
**Status 0 speaking:** - Status 0 represents the posture you can naturally maintain most of the time while speaking. For example, arms crossed in front of the body or hanging down naturally at the sides.
- - Maintain a front-facing pose with minimal body movement. The actor can nod slightly, but don't move the body too much.
+ - Maintain a front-facing pose. The actor can move slightly to show a relaxed status, like moving the head or shoulder slightly, but don't move the body too much.
- Length: keep speaking in status 0 for 3-5 minutes.
+
+**Samples of status 0 speaking:**
+
+![Animated graphic depicting Lisa speaking in status 0, representing the posture naturally maintained while speaking.](media/status-0-lisa.gif)
+
+![Animated graphic depicting Harry speaking in status 0, representing the posture naturally maintained while speaking.](media/status-0-harry.gif)
+
+![Animated graphic depicting Lori speaking in status 0, representing the posture naturally maintained while speaking.](media/status-0-lori.gif)
**Naturally speaking:** - Actor speaks in status 0 but with natural hand gestures from time to time. - Hands should start from status 0 and return after making gestures. - Use natural and common gestures when speaking. Avoid meaningful gestures like pointing, applause, or thumbs up. - Length: Minimum 5 minutes, maximum 30 minutes in total. At least one piece of 5-minute continuous video recording is required. If recording multiple video clips, keep each clip under 10 minutes.
+
+**Samples of natural speaking:**
+
+![Animated graphic depicting sample of Lisa speaking in status 0 with natural hand gestures, representing the posture naturally maintained while speaking.](media/natural-lisa.gif)
+
+![Animated graphic depicting sample of Harry speaking in status 0 with natural hand gestures, representing the posture naturally maintained while speaking.](media/natural-harry.gif)
+
+![Animated graphic depicting sample of Lori speaking in status 0 with natural hand gestures, representing the posture naturally maintained while speaking.](media/natural-lori.gif)
**Silent status:**
- - Maintain status 0 but don't speak.
- - Maintain a smile or nodding head as if listening or waiting.
- - Length: 1 minute.
-Here are more tips for recording video clips:
+This video clip is important if you build a real-time conversation with the custom avatar. The video clip is used as the main template for both speaking and listening status for a chatbot.
-- Ensure all video clips are taken in the same conditions.-- Mind facial expressions, which should be suitable for the avatar's use case. For example, look positive and be smile if the custom text to speech avatar will be used as customer service, and look professionally if the avatar will be used for news reporting.-- Maintain eye gaze towards the camera, even when using a teleprompter-- Return your body to status 0 when pausing speaking.-- Speak on a self-chosen topic, and minor speech mistakes like miss a word or mispronounced are acceptable. If the actor misses a word or mispronounces something, just go back to status 0, pause for 3 seconds, and then continue speaking.-- Consciously pause between sentences and paragraphs. When pausing, go back to the status 0 and close your lips.-- Maintain high-quality audio, avoiding background noise, like other people's voice.
+ - Maintain status 0, don't speak, but still feel relaxed.
+ - Even remaining in status 0, don't keep completely still; you can move a little bit but not too much. Perform like you're waiting.
+ - Maintain a smile as if listening or waiting patiently.
+ - Length: 1 minute.
+
+**Samples of silent status:**
+
+![Animated graphic depicting sample of Lisa maintaining silent status without speaking but still feeling relaxed.](media/silent-lisa.gif)
+
+![Animated graphic depicting sample of Harry maintaining silent status without speaking but still feeling relaxed.](media/silent-harry.gif)
+
+![Animated graphic depicting sample of Lori maintaining silent status without speaking but still feeling relaxed.](media/silent-lori.gif)
+
+**Gestures (optional):**
+
+Gesture video clips are optional, and customers who have the need to insert certain gestures in the avatar speaking can follow this guideline to take gesture videos. Gesture insertion is only enabled for batch mode avatar; real-time avatar doesnΓÇÖt support gesture insertion at this point. Each custom avatar model can support no more than 10 gestures.
+
+**Gesture tips:**
+- Each gesture clip should be within 10 seconds.
+- Gestures should start from status 0 and end with status 0; otherwise, the gesture clip can't be smoothly inserted into the avatar video.
+- The gesture clip only captures the body gestures; the actor doesnΓÇÖt have to speak during making gestures.
+- We recommend designing a list of gestures before recording; here are some examples of gesture video clips:
+
+**Samples of gesture:**
+
+| Gestures | Samples |
+|--||
+| Delivering sell link/promotion code | ![An animated graphic depicting sample of delivering sell link.](media/delivering-sell-link.gif) |
+| Introducing the product | ![An animated graphic depicting sample of introducing the product.](media/introducing-the-product.gif) |
+| Displaying the price (number from 1 to 10-fist-number with each hand) | Right hand ![An animated graphic depicting sample of displaying the price with right hand.](media/displaying-the-price-with-right-hand.gif) Left hand ![An animated graphic depicting sample of displaying the price with left hand.](media/displaying-the-price-with-left-hand.gif) |
+
+High-quality avatar models are built from high-quality video recordings, including audio quality. Here are more tips for actorΓÇÖs performance and recording video clips:
+
+| **Dos** | **Don'ts** |
+||--|
+| - Ensure all video clips are taken in the same conditions.</br>- During the recording process, design the size and display area of the character you need so that the character can be displayed on the screen appropriately.</br> - Actor should be steady during the recording. </br> - Mind facial expressions, which should be suitable for the avatar's use case. For example, look positive and smile if the custom text to speech avatar is used as customer service. Look professionally if the avatar is used for news reporting.</br> - Maintain eye gaze towards the camera, even when using a teleprompter.</br> - Return your body to status 0 when pausing speaking.</br> - Speak on a self-chosen topic, and minor speech mistakes like miss a word or mispronounced are acceptable. If the actor misses a word or mispronounces something, just go back to status 0, pause for 3 seconds, and then continue speaking.</br> - Consciously pause between sentences and paragraphs. When pausing, go back to the status 0 and close your lips. </br> - The audio should be clear and loud enough; bad audio quality impacts training result.</br> - Keep the shooting environment quiet. | - Don't adjust the camera parameters, focal length, position, angle of view. Don't move the camera; keep the person's position, size, angle, consistent in the camera.</br> - Characters that are too small may lead to a loss of image quality during post-processing. Characters that are too large may cause the screen to overflow during gestures and movements.</br> - Don't make too long gestures or too much movement for one gesture; for example, actorΓÇÖs hands are always making gestures and forget to go back to status 0.</br> - The actor's movements and gestures must not block the face.</br> - Avoid small movements of the actor like licking lips, touching hair, talking sideways, constant head shaking during speech, and not closing up after speaking.</br> - Avoid background noise; staff should avoid walking and talking during video recording.</br> - Avoid other peopleΓÇÖs voice recorded during the actor speaking. |
## Data requirements -- Avatar training video recording file format: .mp4 or .mov.-- Resolution: At least 1920x1080.-- Frame rate per second: At least 25 FPS.
+Doing some basic processing of your video data is helpful for model training efficiency, such as:
+
+- Make sure that the character is in the middle of the screen, the size and position are consistent during the video processing. Each video processing parameter such as brightness, contrast remains the same and doesn't change.
+- The start and end of the clip should be kept in state 0; the actors should close their mouths and smile, and look ahead. The video should be continuous, not abrupt.
+
+**Avatar training video recording file format:** .mp4 or .mov.
+
+**Resolution:** At least 1920x1080.
+
+**Frame rate per second:** At least 25 FPS.
## Next steps
ai-studio Flow Process Image https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/flow-process-image.md
Title: Process images in prompt flow (preview)-
-description: Learn how to incorporate images into prompt flow.
---
+ Title: Process images in prompt flow
+
+description: Learn how to use images in prompt flow.
+ --- Previously updated : 02/05/2024 Last updated : 2/26/2024+++
-# Process images in prompt flow (preview)
+# Process images in prompt flow
+ Multimodal Large Language Models (LLMs), which can process and interpret diverse forms of data inputs, present a powerful tool that can elevate the capabilities of language-only systems to new heights. Among the various data types, images are important for many real-world applications. The incorporation of image data into AI systems provides an essential layer of visual understanding.
-In this article, you'll learn:
+In this article, you learn:
> [!div class="checklist"] > - How to use image data in prompt flow > - How to use built-in GPT-4V tool to analyze image inputs.
In this article, you'll learn:
> - How to create a batch run using image data. > - How to consume online endpoint with image data.
-> [!IMPORTANT]
-> Prompt flow image support is currently in public preview. This preview is provided without a service-level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
- ## Image type in prompt flow Prompt flow input and output support Image as a new data type.
To use image data in prompt flow authoring page:
:::image type="content" source="../media/prompt-flow/how-to-process-image/add-image-type-input.png" alt-text="Screenshot of flow authoring page showing adding flow input as Image type." lightbox = "../media/prompt-flow/how-to-process-image/add-image-type-input.png"::: 2. Preview the image. If the image isn't displayed correctly, delete the image and add it again. :::image type="content" source="../media/prompt-flow/how-to-process-image/flow-input-image-preview.png" alt-text="Screenshot of flow authoring page showing image preview flow input." lightbox = "../media/prompt-flow/how-to-process-image/flow-input-image-preview.png":::
-3. You might want to **preprocess the image using Python tool** before feeding it to LLM, for example, you can resize or crop the image to a smaller size.
+3. You might want to preprocess the image using the [Python tool](./prompt-flow-tools/python-tool.md) before feeding it to the LLM. For example, you can resize or crop the image to a smaller size.
:::image type="content" source="../media/prompt-flow/how-to-process-image/process-image-using-python.png" alt-text="Screenshot of using python tool to do image preprocessing." lightbox = "../media/prompt-flow/how-to-process-image/process-image-using-python.png"::: > [!IMPORTANT]
- > To process image using Python function, you need to use the `Image` class, import it from `promptflow.contracts.multimedia` package. The Image class is used to represent an Image type within prompt flow. It is designed to work with image data in byte format, which is convenient when you need to handle or manipulate the image data directly.
+ > To process images using a Python function, you need to use the `Image` class that you import from the `promptflow.contracts.multimedia` package. The `Image` class is used to represent an `Image` type within prompt flow. It is designed to work with image data in byte format, which is convenient when you need to handle or manipulate the image data directly.
> > To return the processed image data, you need to use the `Image` class to wrap the image data. Create an `Image` object by providing the image data in bytes and the [MIME type](https://developer.mozilla.org/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types) `mime_type`. The MIME type lets the system understand the format of the image data, or it can be `*` for unknown type.
If the Image object from Python node is set as the flow output, you can preview
## Use GPT-4V tool
-Azure OpenAI GPT-4 Turbo with Vision tool and OpenAI GPT-4V are built-in tools in prompt flow that can use OpenAI GPT-4V model to answer questions based on input images. You can find the tool by selecting **More tool** in the flow authoring page.
+The [Azure OpenAI GPT-4 Turbo with Vision tool](./prompt-flow-tools/azure-open-ai-gpt-4v-tool.md) and OpenAI GPT-4V are built-in tools in prompt flow that can use OpenAI GPT-4V model to answer questions based on input images. You can find the tool by selecting **+ More tools** in the flow authoring page.
Add the [Azure OpenAI GPT-4 Turbo with Vision tool](./prompt-flow-tools/azure-open-ai-gpt-4v-tool.md) to the flow. Make sure you have an Azure OpenAI connection, with the availability of GPT-4 vision-preview models.
You can assign a value to the image input through the following ways:
- Reference from the flow input of Image type. - Reference from other node's output of Image type.-- Upload, drag, paste an image, or specify an image URL or the relative image path.
+- Upload, drag, or paste an image, or specify an image URL or the relative image path.
## Build a chatbot to process images
-In this section, you'll learn how to build a chatbot that can process image and text inputs.
+In this section, you learn how to build a chatbot that can process image and text inputs.
Assume you want to build a chatbot that can answer any questions about the image and text together. You can achieve this by following the steps below:
If the batch run outputs contain images, you can check the **flow_outputs datase
You can [deploy a flow to an online endpoint for real-time inference](./flow-deploy.md).
-Currently the **Test** tab in the deployment detail page does not support image inputs or outputs.
+Currently the **Test** tab in the deployment detail page doesn't support image inputs or outputs.
For now, you can test the endpoint by sending request including image inputs. To consume the online endpoint with image input, you should represent the image by using the format `{"data:<mime type>;<representation>": "<value>"}`. In this case, `<representation>` can either be `url` or `base64`.
-If the flow generates image output, it will be returned with `base64` format, for example, `{"data:<mime type>;base64": "<base64 string>"}`.
+If the flow generates image output, it is returned with `base64` format, for example, `{"data:<mime type>;base64": "<base64 string>"}`.
## Next steps
ai-studio Azure Open Ai Gpt 4V Tool https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/prompt-flow-tools/azure-open-ai-gpt-4v-tool.md
description: This article introduces the Azure OpenAI GPT-4 Turbo with Vision to
Previously updated : 1/8/2024 Last updated : 2/26/2024
The prompt flow *Azure OpenAI GPT-4 Turbo with Vision* tool enables you to use y
- An [Azure AI hub resource](../../how-to/create-azure-ai-resource.md) with a GPT-4 Turbo with Vision model deployed in one of the regions that support GPT-4 Turbo with Vision: Australia East, Switzerland North, Sweden Central, and West US. When you deploy from your project's **Deployments** page, select: `gpt-4` as the model name and `vision-preview` as the model version.
-## Connection
+## Build with the Azure OpenAI GPT-4 Turbo with Vision tool
-Set up connections to provisioned resources in prompt flow.
+1. Create or open a flow in [Azure AI Studio](https://ai.azure.com). For more information, see [Create a flow](../flow-develop.md).
+1. Select **+ More tools** > **Azure OpenAI GPT-4 Turbo with Vision** to add the Azure OpenAI GPT-4 Turbo with Vision tool to your flow.
-| Type | Name | API KEY | API Type | API Version |
-|-|-|-|-|-|
-| AzureOpenAI | Required | Required | Required | Required |
+ :::image type="content" source="../../media/prompt-flow/azure-openai-gpt-4-vision-tool.png" alt-text="Screenshot of the Azure OpenAI GPT-4 Turbo with Vision tool added to a flow in Azure AI Studio." lightbox="../../media/prompt-flow/azure-openai-gpt-4-vision-tool.png":::
+
+1. Select the connection to your Azure OpenAI Service. For example, you can select the **Default_AzureOpenAI** connection. For more information, see [Prerequisites](#prerequisites).
+1. Enter values for the Azure OpenAI GPT-4 Turbo with Vision tool input parameters described [here](#inputs). For example, you can use this example prompt:
+
+ ```jinja
+ # system:
+ As an AI assistant, your task involves interpreting images and responding to questions about the image.
+ Remember to provide accurate answers based on the information present in the image.
+
+ # user:
+ Can you tell me what the image depicts?
+ ![image]({{image_input}})
+ ```
+
+1. Select **Validate and parse input** to validate the tool inputs.
+1. Specify an image to analyze in the `image_input` input parameter. For example, you can upload an image or enter the URL of an image to analyze. Otherwise you can paste or drag and drop an image into the tool.
+1. Add more tools to your flow as needed, or select **Run** to run the flow.
+1. The outputs are described [here](#outputs).
+
+Here's an example output response:
+
+```json
+{
+ "system_metrics": {
+ "completion_tokens": 96,
+ "duration": 4.874329,
+ "prompt_tokens": 1157,
+ "total_tokens": 1253
+ },
+ "output": "The image depicts a user interface for Azure's OpenAI GPT-4 service. It is showing a configuration screen where settings related to the AI's behavior can be adjusted, such as the model (GPT-4), temperature, top_p, frequency penalty, etc. There's also an area where users can enter a prompt to generate text, and an option to include an image input for the AI to interpret, suggesting that this particular interface supports both text and image inputs."
+}
+```
## Inputs
-| Name | Type | Description | Required |
-||-||-|
+The following are available input parameters:
+
+| Name | Type | Description | Required |
+| - | - | -- | -- |
| connection | AzureOpenAI | The Azure OpenAI connection to be used in the tool. | Yes | | deployment\_name | string | The language model to use. | Yes | | prompt | string | Text prompt that the language model uses to generate its response. | Yes |
Set up connections to provisioned resources in prompt flow.
## Outputs
+The following are available output parameters:
+ | Return Type | Description | |-|| | string | The text of one response of conversation |+
+## Next steps
+
+- [Learn more about how to create a flow](../flow-develop.md)
+
aks App Routing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/app-routing.md
The application routing add-on with NGINX delivers the following:
* Integration with [Azure DNS][azure-dns-overview] for public and private zone management * SSL termination with certificates stored in Azure Key Vault.
-For other configuration information related to SSL encryption and DNS integration, review [DNS and SSL configuration][dns-ssl-configuration] and [application routing add-on configuration][custom-ingress-configurations].
+For other configurations, see:
+
+* [DNS and SSL configuration][dns-ssl-configuration]
+* [Application routing add-on configuration][custom-ingress-configurations]
+* [Configure internal NGIX ingress controller for Azure private DNS zone][create-nginx-private-controller].
With the retirement of [Open Service Mesh][open-service-mesh-docs] (OSM) by the Cloud Native Computing Foundation (CNCF), using the application routing add-on is the default method for all AKS clusters.
When the application routing add-on is disabled, some Kubernetes resources might
* [Configure custom ingress configurations][custom-ingress-configurations] shows how to create an advanced Ingress configuration and [configure a custom domain using Azure DNS to manage DNS zones and setup a secure ingress][dns-ssl-configuration].
+* To integrate with an Azure internal load balancer and configure a private Azure DNS zone to enable DNS resolution for the private endpoints to resolve specific domains, see [Configure internal NGIX ingress controller for Azure private DNS zone][create-nginx-private-controller].
+ * Learn about monitoring the ingress-nginx controller metrics included with the application routing add-on with [with Prometheus in Grafana][prometheus-in-grafana] (preview) as part of analyzing the performance and usage of your application. <!-- LINKS - internal -->
When the application routing add-on is disabled, some Kubernetes resources might
[custom-ingress-configurations]: app-routing-nginx-configuration.md [az-aks-create]: /cli/azure/aks#az-aks-create [prometheus-in-grafana]: app-routing-nginx-prometheus.md
+[create-nginx-private-controller]: create-nginx-ingress-private-controller.md
<!-- LINKS - external --> [kubernetes-ingress-object-overview]: https://kubernetes.io/docs/concepts/services-networking/ingress/
aks Azure Cni Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-cni-overview.md
Last updated 9/13/2023
By default, AKS clusters use [kubenet][kubenet] and create a virtual network and subnet. With *kubenet*, nodes get an IP address from a virtual network subnet. Network address translation (NAT) is then configured on the nodes, and pods receive an IP address "hidden" behind the node IP. This approach reduces the number of IP addresses that you need to reserve in your network space for pods to use.
-With [Azure Container Networking Interface (CNI)][cni-networking], every pod gets an IP address from the subnet and can be accessed directly. Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod. These IP addresses must be unique across your network space and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, and often leads to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.
+With [Azure Container Networking Interface (CNI)][cni-networking], every pod gets an IP address from the subnet and can be accessed directly. Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod. These IP addresses must be unique across your network space and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, and often leads to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.
+
+> [!NOTE]
+>
+> This article is only introducing traditional Azure CNI. For [Azure CNI Overlay][azure-cni-overlay] and [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], refer to their documentation instead.
## Prerequisites
Although it's technically possible to specify a service address range within the
* **Can I deploy VMs in my cluster subnet?**
- Yes.
+ Yes. But for [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], the VMs cannot be deployed in pod's subnet.
* **What source IP do external systems see for traffic that originates in an Azure CNI-enabled pod?** Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod.
+
+ But for [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], no matter the connection is inside the same virtual network or cross virtual networks, the pod IP is always the source address for any traffic from the pod. This is because the [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation] implements [Microsoft Azure Container Networking][github-azure-container-networking] infrastructure, which gives end-to-end experience. Hence, it eliminates the use of [`ip-masq-agent`][ip-masq-agent], which is still used by traditional Azure CNI.
* **Can I configure per-pod network policies?**
Learn more about networking in AKS in the following articles:
* [Use an internal load balancer with Azure Kubernetes Service (AKS)](internal-lb.md)
-* [Create a basic ingress controller with external network connectivity][aks-ingress-basic]
-
-* [Enable the HTTP application routing add-on][aks-http-app-routing]
-
-* [Create an ingress controller that uses an internal, private network and IP address][aks-ingress-internal]
-
-* [Create an ingress controller with a dynamic public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-tls]
-
-* [Create an ingress controller with a static public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-static-tls]
+* [Use the application routing addon in Azure Kubernetes Service (AKS)](app-routing.md)
<!-- IMAGES --> [advanced-networking-diagram-01]: ./media/networking-overview/advanced-networking-diagram-01.png
Learn more about networking in AKS in the following articles:
[cni-networking]: https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md [kubenet]: concepts-network.md#kubenet-basic-networking [github]: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml
+[github-azure-container-networking]: https://github.com/Azure/azure-container-networking
+[ip-masq-agent]: https://kubernetes.io/docs/tasks/administer-cluster/ip-masq-agent/
<!-- LINKS - Internal --> [az-aks-create]: /cli/azure/aks#az_aks_create
Learn more about networking in AKS in the following articles:
[ManagedClusterAgentPoolProfile]: /azure/templates/microsoft.containerservice/managedclusters#managedclusteragentpoolprofile-object [aks-network-concepts]: concepts-network.md [aks-network-nsg]: concepts-network.md#network-security-groups
-[aks-ingress-basic]: ingress-basic.md
-[aks-ingress-tls]: ingress-tls.md
-[aks-ingress-static-tls]: ingress-static-ip.md
-[aks-http-app-routing]: http-application-routing.md
-[aks-ingress-internal]: ingress-internal-ip.md
[az-extension-add]: /cli/azure/extension#az_extension_add [az-extension-update]: /cli/azure/extension#az_extension_update [az-feature-register]: /cli/azure/feature#az_feature_register
Learn more about networking in AKS in the following articles:
[network-comparisons]: concepts-network.md#compare-network-models [system-node-pools]: use-system-pools.md [prerequisites]: configure-azure-cni.md#prerequisites
+[azure-cni-overlay]: azure-cni-overlay.md
+[configure-azure-cni-dynamic-ip-allocation]: configure-azure-cni-dynamic-ip-allocation.md
aks Configure Azure Cni Dynamic Ip Allocation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/configure-azure-cni-dynamic-ip-allocation.md
Azure CNI provides the capability to monitor IP subnet usage. To enable IP subne
Set the variables for subscription, resource group and cluster. Consider the following as examples:
-```azurecli
-
- $s="subscriptionId"
-
- $rg="resourceGroup"
-
- $c="ClusterName"
-
- az account set -s $s
-
- az aks get-credentials -n $c -g $rg
-
+```azurecli-interactive
+az account set -s $subscription
+az aks get-credentials -n $clusterName -g $resourceGroup
``` ### Apply the config
Learn more about networking in AKS in the following articles:
* [Use a static IP address with the Azure Kubernetes Service (AKS) load balancer](static-ip.md) * [Use an internal load balancer with Azure Kubernetes Service (AKS)](internal-lb.md)-
-* [Create a basic ingress controller with external network connectivity][aks-ingress-basic]
-* [Enable the HTTP application routing add-on][aks-http-app-routing]
-* [Create an ingress controller that uses an internal, private network and IP address][aks-ingress-internal]
-* [Create an ingress controller with a dynamic public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-tls]
-* [Create an ingress controller with a static public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-static-tls]
+* [Use the application routing addon in Azure Kubernetes Service (AKS)](app-routing.md)
<!-- LINKS - External --> [github]: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml <!-- LINKS - Internal -->
-[aks-ingress-basic]: ingress-basic.md
-[aks-ingress-tls]: ingress-tls.md
-[aks-ingress-static-tls]: ingress-static-ip.md
-[aks-http-app-routing]: http-application-routing.md
-[aks-ingress-internal]: ingress-internal-ip.md
[azure-cni-prereq]: ./configure-azure-cni.md#prerequisites [azure-cni-deployment-parameters]: ./azure-cni-overview.md#deployment-parameters [az-aks-enable-addons]: /cli/azure/aks#az_aks_enable_addons
aks Create Nginx Ingress Private Controller https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/create-nginx-ingress-private-controller.md
+
+ Title: Configure internal NGIX ingress controller for Azure private DNS zone
+description: Understand how to configure an ingress controller with a private IP address and an Azure private DNS zone using the application routing add-on for Azure Kubernetes Service.
+++ Last updated : 02/27/2024++++
+# Configure NGINX ingress controller to support Azure private DNS zone with application routing add-on
+
+This article demonstrates how to configure an NGINX ingress controller to work with Azure internal load balancer and configure a private Azure DNS zone to enable DNS resolution for the private endpoints to resolve specific domains.
+
+## Before you begin
+
+- An AKS cluster with the [application routing add-on][app-routing-add-on-basic-configuration].
+- To attach an Azure private DNS Zone, you need the [Owner][rbac-owner], [Azure account administrator][rbac-classic], or [Azure co-administrator][rbac-classic] role on your Azure subscription.
+
+## Connect to your AKS cluster
+
+To connect to the Kubernetes cluster from your local computer, you use `kubectl`, the Kubernetes command-line client. You can install it locally using the [az aks install-cli][az-aks-install-cli] command. If you use the Azure Cloud Shell, `kubectl` is already installed.
+
+The following example configures connecting to your cluster named *myAKSCluster* in the *myResourceGroup* using the [`az aks get-credentials`][az-aks-get-credentials] command.
+
+```azurecli-interactive
+az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
+```
+
+## Create a virtual network
+
+To publish a private DNS zone to your virtual network, you need to specify a list of virtual networks that are allowed to resolve records within the zone. These are called [virtual network links][virtual-network-links].
+
+The following example creates a virtual network named *myAzureVNet* in the *myResourceGroup* resource group, and one subnet named *mySubnet* to create within the VNet with a specific address prefix.
+
+```azurecli-interactive
+az network vnet create \
+ --name myAzureVNet \
+ --resource-group myResourceGroup \
+ --location eastus \
+ --address-prefix 10.2.0.0/16 \
+ --subnet-name mysubnet \
+ --subnet-prefixes 10.2.0.0/24
+```
+
+## Create an Azure private DNS zone
+
+> [!NOTE]
+> You can configure the application routing add-on to automatically create records on one or more Azure global and private DNS zones for hosts defined on Ingress resources. All global Azure DNS zones and all private Azure DNS zones need to be in the same resource group.
+
+You create a DNS zone using the [az network private-dns zone create][az-network-private-dns-zone-create] command, specifying the name of the zone and the resource group to create it in. The following example creates a DNS zone named *private.contoso.com* in the *myResourceGroup* resource group.
+
+```azurecli-interactive
+az network private-dns zone create --resource-group myResourceGoup -n private.contoso.com
+```
+
+You create a virtual network link to the DNS zone created earlier using the [az network private-dns link vnet create][az-network-private-dns-link-vnet-create] command. The following example creates a link named *myDNSLink* to the zone *private.contoso.com* for the virtual network *myAzureVNet*. Include the `--registration-enabled` parameter to specify the link is not registration enabled.
+
+```azurecli-interactive
+az network private-dns link vnet create --resource-group myResourceGroup \
+ --name myDNSLink \
+ --zone-name private.contoso.com \
+ --virtual-network myAzureVNet \
+ --registration-enabled false
+```
+
+The Azure DNS private zone auto registration feature manages DNS records for virtual machines deployed in a virtual network. When you link a virtual network with a private DNS zone with this setting enabled, a DNS record gets created for each Azure virtual machine for your AKS node deployed in the virtual network.
+
+## Attach an Azure private DNS zone to the application routing add-on
+
+> [!NOTE]
+> The `az aks approuting zone add` command uses the permissions of the user running the command to create the [Azure DNS Zone][azure-dns-zone-role] role assignment. The **Private DNS Zone Contributor** role is a built-in role for managing private DNS resources and is assigned to the add-on's managed identity. For more information on AKS managed identities, see [Summary of managed identities][summary-msi].
+
+1. Retrieve the resource ID for the DNS zone using the [`az network dns zone show`][az-network-dns-zone-show] command and set the output to a variable named `ZONEID`. The following example queries the zone *private.contoso.com* in the resource group *myResourceGroup*.
+
+ ```azurecli-interactive
+ ZONEID=$(az network private-dns zone show --resource-group myResourceGroup --name private.contoso.com --query "id" --output tsv)
+ ```
+
+1. Update the add-on to enable integration with Azure DNS using the [`az aks approuting zone`][az-aks-approuting-zone] command. You can pass a comma-separated list of DNS zone resource IDs. The following example updates the AKS cluster *myAKSCluster* in the resource group *myResourceGroup*.
+
+ ```azurecli-interactive
+ az aks approuting zone add --resource-group myResourceGroup --name myAKSCluster --ids=${ZONEID} --attach-zones
+ ```
+
+## Create an NGINX ingress controller with a private IP address and an internal load balancer
+
+The application routing add-on uses a Kubernetes [custom resource definition (CRD)][k8s-crds] called [`NginxIngressController`][app-routing-crds] to configure NGINX ingress controllers. You can create more ingress controllers or modify an existing configuration.
+
+`NginxIngressController` CRD has a `loadBalancerAnnotations` field to control the behavior of the NGINX ingress controller's service by setting [load balancer annotations](load-balancer-standard.md#customizations-via-kubernetes-annotations).
+
+Perform the following steps to create an NGINX ingress controller with an internal facing Azure Load Balancer with a private IP address.
+
+1. Copy the following YAML manifest into a new file named **nginx-internal-controller.yaml** and save the file to your local computer.
+
+ ```yml
+ apiVersion: approuting.kubernetes.azure.com/v1alpha1
+ kind: NginxIngressController
+ metadata:
+ name: nginx-internal
+ spec:
+ ingressClassName: nginx-internal
+ controllerNamePrefix: nginx-internal
+ loadBalancerAnnotations:
+ service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ ```
+
+1. Create the NGINX ingress controller resources using the [`kubectl apply`][kubectl-apply] command.
+
+ ```bash
+ kubectl apply -f nginx-internal-controller.yaml
+ ```
+
+ The following example output shows the created resource:
+
+ ```output
+ nginxingresscontroller.approuting.kubernetes.azure.com/nginx-internal created
+ ```
+
+1. Verify the ingress controller was created
+
+ You can verify the status of the NGINX ingress controller using the [`kubectl get nginxingresscontroller`][kubectl-get] command.
+
+ ```bash
+ kubectl get nginxingresscontroller
+ ```
+
+ The following example output shows the created resource. It may take a few minutes for the controller to be available:
+
+ ```output
+ NAME INGRESSCLASS CONTROLLERNAMEPREFIX AVAILABLE
+ default webapprouting.kubernetes.azure.com nginx True
+ nginx-internal nginx-internal nginx-internal True
+ ```
+
+## Deploy an application
+
+The application routing add-on uses annotations on Kubernetes Ingress objects to create the appropriate resources.
+
+1. Create an application namespace called `hello-web-app-routing` to run the example pods using the [`kubectl create namespace`][kubectl-create-namespace] command.
+
+ ```bash
+ kubectl create namespace hello-web-app-routing
+ ```
+
+1. Create the deployment by copying the following YAML manifest into a new file named **deployment.yaml** and save the file to your local computer.
+
+ ```yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: aks-helloworld
+ namespace: hello-web-app-routing
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: aks-helloworld
+ template:
+ metadata:
+ labels:
+ app: aks-helloworld
+ spec:
+ containers:
+ - name: aks-helloworld
+ image: mcr.microsoft.com/azuredocs/aks-helloworld:v1
+ ports:
+ - containerPort: 80
+ env:
+ - name: TITLE
+ value: "Welcome to Azure Kubernetes Service (AKS)"
+ ```
+
+1. Create the service by copying the following YAML manifest into a new file named **service.yaml** and save the file to your local computer.
+
+ ```yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: aks-helloworld
+ namespace: hello-web-app-routing
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ selector:
+ app: aks-helloworld
+ ```
+
+1. Create the cluster resources using the [`kubectl apply`][kubectl-apply] command.
+
+ ```bash
+ kubectl apply -f deployment.yaml -n hello-web-app-routing
+ ```
+
+ The following example output shows the created resource:
+
+ ```output
+ deployment.apps/aks-helloworld created created
+ ```
+
+ ```bash
+ kubectl apply -f service.yaml -n hello-web-app-routing
+ ```
+
+ The following example output shows the created resource:
+
+ ```output
+ service/aks-helloworld created created
+ ```
+
+## Create the Ingress resource that uses a host name on the Azure private DNS zone and a private IP address
+
+1. Copy the following YAML manifest into a new file named **ingress.yaml** and save the file to your local computer.
+
+ Update *`<Hostname>`* with the name of your DNS host, for example, `helloworld.private.contoso.com`. Verify you're specifying `nginx-internal` for the `ingressClassName`.
+
+ ```yml
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: aks-helloworld
+ namespace: hello-web-app-routing
+ spec:
+ ingressClassName: nginx-internal
+ rules:
+ - host: <Hostname>
+ http:
+ paths:
+ - backend:
+ service:
+ name: aks-helloworld
+ port:
+ number: 80
+ path: /
+ pathType: Prefix
+ ```
+
+1. Create the cluster resources using the [`kubectl apply`][kubectl-apply] command.
+
+ ```bash
+ kubectl apply -f ingress.yaml -n hello-web-app-routing
+ ```
+
+ The following example output shows the created resource:
+
+ ```output
+ ingress.networking.k8s.io/aks-helloworld created
+ ```
+
+## Verify the managed Ingress was created
+
+You can verify the managed Ingress was created using the [`kubectl get ingress`][kubectl-get] command.
+
+```bash
+kubectl get ingress -n hello-web-app-routing
+```
+
+The following example output shows the created managed Ingress:
+
+```output
+NAME CLASS HOSTS ADDRESS PORTS AGE
+aks-helloworld nginx-internal helloworld.private.contoso.com 10.224.0.7 80 98s
+```
+
+## Verify the Azure private DNS zone was updated
+
+In a few minutes, run the [az network private-dns record-set a list][az-network-private-dns-record-set-a-list] command to view the A records for your Azure private DNS zone. Specify the name of the resource group and the name of the DNS zone. In this example, the resource group is *myResourceGroup* and DNS zone is *private.contoso.com*.
+
+```azurecli-interactive
+az network private-dns record-set a list --resource-group myResourceGroup --zone-name private.contoso.com
+```
+
+The following example output shows the created record:
+
+```output
+[
+ {
+ "aRecords": [
+ {
+ "ipv4Address": "10.224.0.7"
+ }
+ ],
+ "etag": "188f0ce5-90e3-49e6-a479-9e4053f21965",
+ "fqdn": "helloworld.private.contoso.com.",
+ "id": "/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx/resourceGroups/foo/providers/Microsoft.Network/privateDnsZones/private.contoso.com/A/helloworld",
+ "isAutoRegistered": false,
+ "name": "helloworld",
+ "resourceGroup": "foo",
+ "ttl": 300,
+ "type": "Microsoft.Network/privateDnsZones/A"
+ }
+]
+```
+
+## Next steps
+
+For other configuration information related to SSL encryption other advanced NGINX ingress controller and ingress resource configuration, review [DNS and SSL configuration][dns-ssl-configuration] and [application routing add-on configuration][custom-ingress-configurations].
+
+<!-- LINKS - external -->
+[kubectl-apply]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
+[kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
+[kubectl-create-namespace]: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_namespace/
+[k8s-crds]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/
+[app-routing-crds]: https://aka.ms/aks/approuting/nginxingresscontrollercrd
+
+<!-- LINKS - internal -->
+[summary-msi]: use-managed-identity.md#summary-of-managed-identities
+[rbac-owner]: ../role-based-access-control/built-in-roles.md#owner
+[rbac-classic]: ../role-based-access-control/rbac-and-directory-admin-roles.md#classic-subscription-administrator-roles
+[app-routing-add-on-basic-configuration]: app-routing.md
+[dns-ssl-configuration]: app-routing-dns-ssl.md
+[custom-ingress-configurations]: app-routing-nginx-configuration.md
+[az-aks-approuting-zone]: /cli/azure/aks/approuting/zone
+[az-network-dns-zone-show]: /cli/azure/network/dns/zone#az-network-dns-zone-show
+[az-aks-install-cli]: /cli/azure/aks#az-aks-install-cli
+[az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials
+[virtual-network-links]: ../dns/private-dns-virtual-network-links.md
+[azure-dns-zone-role]: ../dns/dns-protect-private-zones-recordsets.md
+[az-network-private-dns-zone-create]: /cli/azure/network/private-dns/zone?#az-network-private-dns-zone-create
+[az-network-private-dns-link-vnet-create]: /cli/azure/network/private-dns/link/vnet#az-network-private-dns-link-vnet-create
+[az-network-private-dns-record-set-a-list]: /cli/azure/network/private-dns/record-set/a#az-network-private-dns-record-set-a-list
aks Howto Deploy Java Wls App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/howto-deploy-java-wls-app.md
Use the following steps to build the image:
This command should produce output similar to the following example: ```output
- /auxiliary/models/dbmodel.yaml
- /auxiliary/models/archive.zip
/auxiliary/models/model.properties
+ /auxiliary/models/dbmodel.yaml
/auxiliary/models/model.yaml
- /auxiliary/weblogic-deploy/VERSION.txt
- /auxiliary/weblogic-deploy/LICENSE.txt
+ /auxiliary/models/archive.zip
+ /auxiliary/models/appmodel.yaml
/auxiliary/Dockerfile
+ /auxiliary/weblogic-deploy/LICENSE.txt
+ /auxiliary/weblogic-deploy/VERSION.txt
``` 1. Use the following steps to push the auxiliary image to Azure Container Registry:
aks Integrations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/integrations.md
AKS uses the following rules for applying updates to installed add-ons:
| azure-policy | Use Azure Policy for AKS, which enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. | [Understand Azure Policy for Kubernetes clusters][azure-policy-aks] | [GitHub][azure-policy-repo] | | azure-keyvault-secrets-provider | Use Azure Keyvault Secrets Provider addon.| [Use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster][keyvault-secret-provider] | [GitHub][keyvault-secret-provider-repo] | | virtual-node | Use virtual nodes with your AKS cluster. | [Use virtual nodes][virtual-nodes] | [GitHub][virtual-nodes-oss-repo] |
-| http_application_routing | Configure ingress with automatic public DNS name creation for your AKS cluster (retired). | [HTTP application routing add-on on Azure Kubernetes Service (AKS) (retired)][http-app-routing] | [GitHub][app-routing-repo] |
| open-service-mesh | Use Open Service Mesh with your AKS cluster (retired). | [Open Service Mesh AKS add-on (retired)][osm] | [GitHub][osm-repo] | ## Extensions
For more information, see [Windows AKS partner solutions][windows-aks-partner-so
<!-- LINKS --> [aks-repo]: https://github.com/Azure/AKS
-[http-app-routing]: http-application-routing.md
[app-routing-repo]: https://github.com/Azure/aks-app-routing-operator [container-insights]: ../azure-monitor/containers/container-insights-overview.md [virtual-nodes]: virtual-nodes.md
aks Intro Kubernetes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/intro-kubernetes.md
Pods can also connect to other services in a peered virtual network and on-premi
For more information, see the [Network concepts for applications in AKS][aks-networking].
-### Ingress with HTTP application routing
+### Ingress with application routing add-on
-The HTTP application routing add-on helps you easily access applications deployed to your AKS cluster. When enabled, the HTTP application routing solution configures an ingress controller in your AKS cluster.
+The application routing addon is the recommended way to configure an Ingress controller in AKS. The application routing addon is a fully managed, ingress controller for Azure Kubernetes Service (AKS) that provides the following features:
-As applications are deployed, publicly accessible DNS names are auto-configured. The HTTP application routing sets up a DNS zone and integrates it with the AKS cluster. You can then deploy Kubernetes ingress resources as normal.
+* Easy configuration of managed NGINX Ingress controllers based on Kubernetes NGINX Ingress controller.
-To get started with Ingress traffic, see [HTTP application routing][aks-http-routing].
+* Integration with Azure DNS for public and private zone management.
+
+* SSL termination with certificates stored in Azure Key Vault.
+
+For more information about the application routing add-on, see [Managed NGINX ingress with the application routing add-on](app-routing.md).
## Development tooling integration
Learn more about deploying and managing AKS.
[aks-quickstart-powershell]: ./learn/quick-kubernetes-deploy-powershell.md [aks-quickstart-template]: ./learn/quick-kubernetes-deploy-rm-template.md [aks-gpu]: ./gpu-cluster.md
-[aks-http-routing]: ./http-application-routing.md
[aks-networking]: ./concepts-network.md [aks-scale]: ./tutorial-kubernetes-scale.md [aks-upgrade]: ./upgrade-cluster.md
aks Istio Deploy Addon https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/istio-deploy-addon.md
Run the following command to update to the latest version of the extension relea
az extension update --name aks-preview ```
-### Register the _AzureServiceMeshPreview_ feature flag
-
-Register the `AzureServiceMeshPreview` feature flag by using the [az feature register][az-feature-register] command:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-It takes a few minutes for the feature to register. Verify the registration status by using the [az feature show][az-feature-show] command:
-
-```azurecli-interactive
-az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
-
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
- ## Install Istio add-on at the time of cluster creation To install the Istio add-on when creating the cluster, use the `--enable-azure-service-mesh` or`--enable-asm` parameter.
aks Istio Plugin Ca https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/istio-plugin-ca.md
Run the following command to update to the latest version of the extension relea
az extension update --name aks-preview ```
-### Register the _AzureServiceMeshPreview_ feature flag
-
-Register the `AzureServiceMeshPreview` feature flag by using the [az feature register][az-feature-register] command:
-
-```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-It takes a few minutes for the feature to register. Verify the registration status by using the [az feature show][az-feature-show] command:
-
-```azurecli-interactive
-az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview"
-```
-
-When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
-
-```azurecli-interactive
-az provider register --namespace Microsoft.ContainerService
-```
- ### Set up Azure Key Vault 1. You need an [Azure Key Vault resource][akv-quickstart] to supply the certificate and key inputs to the Istio add-on.
aks Node Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/node-access.md
To connect to another node in the cluster, use the `kubectl debug` command. For
> ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p azureuser@127.0.0.1' -o PreferredAuthentications=password azureuser@10.224.0.62 > ```
+## Use Host Process Container to access Windows node
+
+1. Create `hostprocess.yaml` with the following content and replacing `AKSWINDOWSNODENAME` with the AKS Windows node name.
+
+ ```yaml
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ labels:
+ pod: hpc
+ name: hpc
+ spec:
+ securityContext:
+ windowsOptions:
+ hostProcess: true
+ runAsUserName: "NT AUTHORITY\\SYSTEM"
+ hostNetwork: true
+ containers:
+ - name: hpc
+ image: mcr.microsoft.com/windows/servercore:ltsc2022 # Use servercore:1809 for WS2019
+ command:
+ - powershell.exe
+ - -Command
+ - "Start-Sleep 2147483"
+ imagePullPolicy: IfNotPresent
+ nodeSelector:
+ kubernetes.io/os: windows
+ kubernetes.io/hostname: AKSWINDOWSNODENAME
+ tolerations:
+ - effect: NoSchedule
+ key: node.kubernetes.io/unschedulable
+ operator: Exists
+ - effect: NoSchedule
+ key: node.kubernetes.io/network-unavailable
+ operator: Exists
+ - effect: NoExecute
+ key: node.kubernetes.io/unreachable
+ operator: Exists
+ ```
+
+2. Run `kubectl apply -f hostprocess.yaml` to deploy the Windows host process container (HPC) in the specified Windows node.
+
+3. Use `kubectl exec -it [HPC-POD-NAME] -- powershell`.
+
+4. You can run any PowerShell commands inside the HPC container to access the Windows node.
+
+> [!Note]
+>
+> You need to switch the root folder to `C:\` inside the HPC container to access the files in the Windows node.
+ ## SSH using Azure Bastion for Windows If your Linux proxy node isn't reachable, using Azure Bastion as a proxy is an alternative. This method requires that you set up an Azure Bastion host for the virtual network in which the cluster resides. See [Connect with Azure Bastion][azure-bastion] for more details.
aks Operator Best Practices Network https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/operator-best-practices-network.md
An *ingress controller* is a daemon that runs on an AKS node and watches for inc
Ingress controllers must be scheduled on a Linux node. Indicate that the resource should run on a Linux-based node using a node selector in your YAML manifest or Helm chart deployment. For more information, see [Use node selectors to control where pods are scheduled in AKS][concepts-node-selectors].
-> [!NOTE]
-> Windows Server nodes shouldn't run the ingress controller.
+## Ingress with the application routing addon
-There are many scenarios for ingress, including the following how-to guides:
+The application routing addon is the recommended way to configure an Ingress controller in AKS. The application routing addon is a fully managed, ingress controller for Azure Kubernetes Service (AKS) that provides the following features:
-* [Create a basic ingress controller with external network connectivity][aks-ingress-basic]
-* [Create an ingress controller that uses an internal, private network and IP address][aks-ingress-internal]
-* [Create an ingress controller that uses your own TLS certificates][aks-ingress-own-tls]
-* Create an ingress controller that uses Let's Encrypt to automatically generate TLS certificates [with a dynamic public IP address][aks-ingress-tls] or [with a static public IP address][aks-ingress-static-tls]
+* Easy configuration of managed NGINX Ingress controllers based on Kubernetes NGINX Ingress controller.
+
+* Integration with Azure DNS for public and private zone management.
+
+* SSL termination with certificates stored in Azure Key Vault.
+
+For more information about the application routing add-on, see [Managed NGINX ingress with the application routing add-on](app-routing.md).
## Secure traffic with a web application firewall (WAF)
This article focused on network connectivity and security. For more information
[sp-delegation]: kubernetes-service-principal.md#delegate-access-to-other-azure-resources [expressroute]: ../expressroute/expressroute-introduction.md [vpn-gateway]: ../vpn-gateway/vpn-gateway-about-vpngateways.md
-[aks-ingress-internal]: ingress-internal-ip.md
-[aks-ingress-static-tls]: ingress-static-ip.md
-[aks-ingress-basic]: ingress-basic.md
-[aks-ingress-tls]: ingress-tls.md
-[aks-ingress-own-tls]: ingress-own-tls.md
[app-gateway]: ../application-gateway/overview.md [use-network-policies]: use-network-policies.md [advanced-networking]: configure-azure-cni.md
aks Static Ip https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/static-ip.md
Events:
## Next steps
-For more control over the network traffic to your applications, you may want to [create an ingress controller][aks-ingress-basic]. You can also [create an ingress controller with a static public IP address][aks-static-ingress].
+For more control over the network traffic to your applications, use the application routing addon for AKS. For more information about the app routing addon, see [Managed NGINX ingress with the application routing add-on](app-routing.md).
<!-- LINKS - External --> [kubectl-describe]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#describe
aks Use Byo Cni https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/use-byo-cni.md
Learn more about networking in AKS in the following articles:
* [Use a static IP address with the Azure Kubernetes Service (AKS) load balancer](static-ip.md) * [Use an internal load balancer with Azure Kubernetes Service (AKS)](internal-lb.md)
-* [Create a basic ingress controller with external network connectivity][aks-ingress-basic]
-* [Enable the HTTP application routing add-on][aks-http-app-routing]
-* [Create an ingress controller that uses an internal, private network and IP address][aks-ingress-internal]
-* [Create an ingress controller with a dynamic public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-tls]
-* [Create an ingress controller with a static public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-static-tls]
+* [Use the application routing addon in Azure Kubernetes Service (AKS)](app-routing.md)
<!-- LINKS - External --> [kubernetes-cni]: https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/
Learn more about networking in AKS in the following articles:
[az-aks-create]: /cli/azure/aks#az_aks_create [aks-network-concepts]: concepts-network.md [aks-network-nsg]: concepts-network.md#network-security-groups
-[aks-ingress-basic]: ingress-basic.md
-[aks-ingress-tls]: ingress-tls.md
-[aks-ingress-static-tls]: ingress-static-ip.md
-[aks-http-app-routing]: http-application-routing.md
-[aks-ingress-internal]: ingress-internal-ip.md
[deploy-bicep-template]: ../azure-resource-manager/bicep/deploy-cli.md [az-group-create]: /cli/azure/group#az_group_create [deploy-arm-template]: ../azure-resource-manager/templates/deploy-cli.md
aks Use Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/use-managed-identity.md
- devx-track-azurecli - ignite-2023 Previously updated : 02/08/2024 Last updated : 02/27/2024 # Use a managed identity in Azure Kubernetes Service (AKS)
AKS uses several managed identities for built-in services and add-ons.
| Add-on | azure-policy | No identity required. | N/A | No | Add-on | Calico | No identity required. | N/A | No | Add-on | Dashboard | No identity required. | N/A | No
-| Add-on | application-routing | Manages Azure DNS and Azure Key Vault certificates | Key Vault Secrets User role for Key Vault, DNZ Zone Contributor role for DNS zone | No
+| Add-on | application-routing | Manages Azure DNS and Azure Key Vault certificates | Key Vault Secrets User role for Key Vault, DNZ Zone Contributor role for DNS zones, Private DNS Zone Contributor role for private DNS zones | No
| Add-on | HTTPApplicationRouting | Manages required network resources. | Reader role for node resource group, contributor role for DNS zone | No | Add-on | Ingress application gateway | Manages required network resources. | Contributor role for node resource group | No | Add-on | omsagent | Used to send AKS metrics to Azure Monitor. | Monitoring Metrics Publisher role | No
aks Use Windows Hpc https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/use-windows-hpc.md
To use HostProcess features with your deployment, set *hostProcess: true* and *h
```yaml spec: ...
- containers:
- ...
- securityContext:
- windowsOptions:
- hostProcess: true
- ...
+ securityContext:
+ windowsOptions:
+ hostProcess: true
+ ...
hostNetwork: true
+ containers:
... ```
spec:
spec: nodeSelector: kubernetes.io/os: windows
+ securityContext:
+ windowsOptions:
+ hostProcess: true
+ runAsUserName: "NT AUTHORITY\\SYSTEM"
+ hostNetwork: true
containers: - name: powershell
- image: mcr.microsoft.com/powershell:lts-nanoserver-1809
- securityContext:
- windowsOptions:
- hostProcess: true
- runAsUserName: "NT AUTHORITY\\SYSTEM"
+ image: mcr.microsoft.com/powershell:lts-nanoserver-1809 # or lts-nanoserver-ltsc2022
command:
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- - -command
- - |
- $AdminRights = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")
- Write-Host "Process has admin rights: $AdminRights"
- while ($true) { Start-Sleep -Seconds 2147483 }
- hostNetwork: true
+ - powershell.exe
+ - -Command
+ - Start-Sleep -Seconds 2147483
terminationGracePeriodSeconds: 0 ```
app-service Manage Backup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/manage-backup.md
There are two types of backups in App Service. Automatic backups made for your a
| Linked database | Not backed up. | The following linked databases can be backed up: [SQL Database](/azure/azure-sql/database/), [Azure Database for MySQL](../mysql/index.yml), [Azure Database for PostgreSQL](../postgresql/index.yml), [MySQL in-app](https://azure.microsoft.com/blog/mysql-in-app-preview-app-service/). | | [Storage account](../storage/index.yml) required | No. | Yes. | | Backup frequency | Hourly, not configurable. | Configurable. |
-| Retention | 30 days, not configurable. <br>- Days 1-3: hourly backups retained.<br>- Days 4-14: every 3 hourly backup retained.<br>- Days 15-30: every 6 hourly backup retained. | 0-30 days or indefinite. |
+| Retention | 30 days, not configurable. <br>- Days 1-3: hourly backups retained.<br>- Days 4-14: every third hourly backup retained.<br>- Days 15-30: every sixth hourly backup retained. | 0-30 days or indefinite. |
| Downloadable | No. | Yes, as Azure Storage blobs. | | Partial backups | Not supported. | Supported. |
-| Back up over VNet | Not supported. | Supported. |
+| Backups over VNet | Not supported. | Supported. |
<!-
There are two types of backups in App Service. Automatic backups made for your a
:::image type="content" source="./media/manage-backup/open-backups-page.png" alt-text="Screenshot that shows how to open the backups page.":::
-1. Select the automatic backup or custom backup to restore by clicking its **Restore** link.
+1. Select the automatic backup or custom backup to restore by selecting its **Restore** link.
:::image type="content" source="./media/manage-backup/click-restore-link.png" alt-text="Screenshot that shows how to select the restore link.":::
There are two types of backups in App Service. Automatic backups made for your a
1. You can choose to restore your site configuration under **Advanced options**.
-1. Click **Restore**.
+1. Select **Restore**.
# [Azure CLI](#tab/cli)
There are two types of backups in App Service. Automatic backups made for your a
> >
-1. Click **Configure**.
+1. Select **Configure**.
Once the storage account and container is configured, you can initiate an on-demand backup at any time. On-demand backups are retained indefinitely.
To restore a database that's included in a custom backup:
For troubleshooting information, see [Why is my linked database not backed up](#why-is-my-linked-database-not-backed-up).
-## Back up and restore over Azure Virtual Network (preview)
+## Back up and restore over Azure Virtual Network
With [custom backups](#create-a-custom-backup), you can back up your app's files and configuration data to a firewall-protected storage account if the following requirements are fulfilled: - The app is [integrated with a virtual network](overview-vnet-integration.md), or the app is in a v3 [App Service environment](environment/app-service-app-service-environment-intro.md).-- The storage account has [granted access from the virtual network](../storage/common/storage-network-security.md#grant-access-from-a-virtual-network) that the app is integrated with, or that the v3 App Service environment is created with.
+- The storage account [allows access from the virtual network](../storage/common/storage-network-security.md#grant-access-from-a-virtual-network) that the app is integrated with, or that the v3 App Service environment is created with.
To back up and restore over Azure Virtual Network: 1. When configuring [custom backups](#create-a-custom-backup), select **Backup/restore over virtual network integration**. 1. Save your settings by selecting **Configure**.
-If you don't see the checkbox, or if the checkbox is disabled, verify that you have fulfilled the aforementioned requirements.
+If you don't see the checkbox, or if the checkbox is disabled, verify that your resources fulfill the requirements.
-Once the configuration is saved, any manual, scheduled backup, or restore is made through the virtual network. If you make changes to the app, the virtual network, or the storage account that prevent the app from accessing the storage account through the virtual network, the backup or restore operations will fail.
+Once the configuration is saved, any manual, scheduled backup, or restore is made through the virtual network. If you make changes to the app, the virtual network, or the storage account that prevent the app from accessing the storage account through the virtual network, the backup or restore operations fail.
<a name="partialbackups"></a>
Run backups the same way you would normally do it, [custom on-demand](#create-a-
## How backups are stored
-After you have made one or more backups for your app, the backups are visible on the **Containers** page of your storage account, and your app. In the storage account, each backup consists of a`.zip` file that contains the backup data and an `.xml` file that contains a manifest of the `.zip` file contents. You can unzip and browse these files if you want to access your backups without actually performing an app restore.
+After you make one or more backups for your app, the backups are visible on the **Containers** page of your storage account, and your app. In the storage account, each backup consists of a`.zip` file that contains the backup data and an `.xml` file that contains a manifest of the `.zip` file contents. You can unzip and browse these files if you want to access your backups without actually performing an app restore.
The database backup for the app is stored in the root of the .zip file. For SQL Database, this is a BACPAC file (no file extension) and can be imported. To create a database in Azure SQL Database based on the BACPAC export, see [Import a BACPAC file to create a database in Azure SQL Database](/azure/azure-sql/database/database-import).
The **Backups** page shows you the status of each backup. To get log details reg
| A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server). | Check that the connection string is valid. Allow the app's [outbound IPs](overview-inbound-outbound-ips.md) in the database server settings. | | Cannot open server "\<name>" requested by the login. The login failed. | Check that the connection string is valid. | | Missing mandatory parameters for valid Shared Access Signature. | Delete the backup schedule and reconfigure it. |
-| SSL connection is required. Please specify SSL options and retry when trying to connect. | SSL connectivity to Azure Database for MySQL and Azure Database for PostgreSQL isn't supported for database backups. Use the native backup feature in the respective database instead. |
+| SSL connection is required. Specify SSL options and retry when trying to connect. | SSL connectivity to Azure Database for MySQL and Azure Database for PostgreSQL isn't supported for database backups. Use the native backup feature in the respective database instead. |
## Automate with scripts
The following table shows which app configuration is restored when you choose to
A custom backup (on-demand backup or scheduled backup) includes all content and configuration that's included in an [automatic backup](#whats-included-in-an-automatic-backup), plus any linked database, up to the allowable maximum size.
-When [backing up over an Azure Virtual Network](#back-up-and-restore-over-azure-virtual-network-preview), you can't [back up the linked database](#back-up-and-restore-a-linked-database).
+When [backing up over an Azure Virtual Network](#back-up-and-restore-over-azure-virtual-network), you can't [back up the linked database](#back-up-and-restore-a-linked-database).
#### Why is my linked database not backed up? Linked databases are backed up only for custom backups, up to the allowable maximum size. If the maximum backup size (10 GB) or the maximum database size (4 GB) is exceeded, your backup fails. Here are a few common reasons why your linked database isn't backed up:
-* Backups of [TLS enabled Azure Database for MySQL](../mysql/concepts-ssl-connection-security.md) isn't supported. If a backup is configured, you'll encounter backup failures.
-* Backups of [TLS enabled Azure Database for PostgreSQL](../postgresql/concepts-ssl-connection-security.md) isn't supported. If a backup is configured, you'll encounter backup failures.
-* In-app MySQL databases are automatically backed up without any configuration. If you make manual settings for in-app MySQL databases, such as adding connection strings, the backups may not work correctly.
+* Backups of [TLS enabled Azure Database for MySQL](../mysql/concepts-ssl-connection-security.md) isn't supported. If a backup is configured, you get backup failures.
+* Backups of [TLS enabled Azure Database for PostgreSQL](../postgresql/concepts-ssl-connection-security.md) isn't supported. If a backup is configured, you get backup failures.
+* In-app MySQL databases are automatically backed up without any configuration. If you make manual settings for in-app MySQL databases, such as adding connection strings, the backups might not work correctly.
#### What happens if the backup size exceeds the allowable maximum?
Automatic backups can't be restored if the backup size exceeds the maximum size.
#### Can I use a storage account that has security features enabled?
-You can back up to a firewall-protected storage account if it's part of the same virtual network topology as your app. See [Back up and restore over Azure Virtual Network (preview)](#back-up-and-restore-over-azure-virtual-network-preview).
+You can back up to a firewall-protected storage account if it's part of the same virtual network topology as your app. See [Back up and restore over Azure Virtual Network](#back-up-and-restore-over-azure-virtual-network).
#### How do I restore to an app in a different subscription?
The steps are the same as in [How do I restore to an app in a different subscrip
#### Where are the automatic backups stored?
-Automatic backups are simple and stored in the same datacenter as the App Service and should not be relied upon as your disaster recovery plan.
+Automatic backups are simple and stored in the same datacenter as the App Service and shouldn't be relied upon as your disaster recovery plan.
#### How do I stop the automatic backup?
-You cannot stop automatic backup. The automatic backup is stored on the platform and has no effect on the underlying app instance or its storage.
+You can't stop automatic backups. The automatic backup is stored on the platform and has no effect on the underlying app instance or its storage.
<a name="nextsteps"></a>
application-gateway Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/features.md
For more information, see [Overview of SSL termination and end to end SSL with A
Application Gateway Standard_v2 supports autoscaling and can scale up or down based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning.
-For more information about the Application Gateway Standard_v2 features, see [What is Azure Application Gateway v2?](overview-v2.md).
+For more information about the Application Gateway Standard_v2 features, see [What is Azure Application Gateway v2](overview-v2.md).
## Zone redundancy
Web Application Firewall (WAF) is a service that provides centralized protection
Web applications are increasingly targets of malicious attacks that exploit common known vulnerabilities. Common among these exploits are SQL injection attacks, cross site scripting attacks to name a few. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators against threats or intrusions. A WAF solution can also react to a security threat faster by patching a known vulnerability at a central location versus securing each of individual web applications. Existing application gateways can be converted to a Web Application Firewall enabled application gateway easily.
-Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on how to use Azure WAF with Application Gateway to protect against DDoS attacks. For more information, see [What is Azure Web Application Firewall?](../web-application-firewall/overview.md).
+Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on how to use Azure WAF with Application Gateway to protect against DDoS attacks. For more information, see [What is Azure Web Application Firewall](../web-application-firewall/overview.md).
## Ingress Controller for AKS Application Gateway Ingress Controller (AGIC) allows you to use Application Gateway as the ingress for an [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) cluster.
The following table shows an average performance throughput for each application
## Version feature comparison
-For an Application Gateway v1-v2 feature comparison, see [What is Azure Application Gateway v2?](overview-v2.md#feature-comparison-between-v1-sku-and-v2-sku).
+For an Application Gateway v1-v2 feature comparison, see [What is Azure Application Gateway v2](overview-v2.md#feature-comparison-between-v1-sku-and-v2-sku).
## Next steps
application-gateway Alb Controller Backend Health Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/alb-controller-backend-health-metrics.md
Previously updated : 07/24/2023 Last updated : 02/27/2024
Understanding backend health of your Kubernetes services and pods is crucial in identifying issues and assistance in troubleshooting. To help facilitate visibility into backend health, ALB Controller exposes backend health and metrics endpoints in all ALB Controller deployments. ALB Controller's backend health exposes three different experiences:+ 1. Summarized backend health by Application Gateway for Containers resource 2. Summarized backend health by Kubernetes service 3. Detailed backend health for a specified Kubernetes service
ALB Controller's backend health exposes three different experiences:
ALB Controller's metric endpoint exposes both metrics and summary of backend health. This endpoint enables exposure to Prometheus. Access to these endpoints can be reached via the following URLs:+ - Backend Health - http://\<alb-controller-pod-ip\>:8000/backendHealth
- - Output is JSON format
+ - Output is JSON format
- Metrics - http://\<alb-controller-pod-ip\>:8001/metrics
- - Output is text format
+ - Output is text format
Any clients or pods that have connectivity to this pod and port may access these endpoints. To restrict access, we recommend using [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to restrict access to certain clients.
Example output:
Once you have the IP address of your alb-controller pod, you may validate the backend health service is running by browsing to http://\<pod-ip\>:8000. For example, the following command may be run:+ ```bash curl http://10.1.0.247:8000 ``` Example response:
-```
+
+```text
Available paths: Path: /backendHealth Description: Prints the backend health of the ALB.
This experience summarizes of all Kubernetes services with references to Applica
This experience may be accessed by specifying the Application Gateway for Containers resource ID in the query of the request to the alb-controller pod. The following command can be used to probe backend health for the specified Application Gateway for Containers resource.+ ```bash curl http://\<alb-controller-pod-ip-address\>:8000/backendHealth?alb-id=/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/yyyyyyyy/providers/Microsoft.ServiceNetworking/trafficControllers/zzzzzzzzzz ``` Example output:+ ```json { "services": [
This experience searches for the health summary status of a given service.
This experience may be accessed by specifying the name of the namespace, service, and port number of the service in the following format of the query string to the alb-controller pod: _\<namespace\>/\<service\>/\<service-port-number\>_ The following command can be used to probe backend health for the specified Kubernetes service.+ ```bash curl http://\<alb-controller-pod-ip-address\>:8000/backendHealth?service-name=default/service-hello-world/80 ``` Example output:+ ```json { "services": [
This experience shows all endpoints that make up the service, including their co
This experience may be accessed by specifying detailed=true in the query string to the alb-controller pod. For example, we can verify individual endpoint health by executing the following command:+ ```bash curl http://\<alb-controller-pod-ip-address\>:8000/backendHealth?service-name=default/service-hello-world/80\&detailed=true ``` Example output:+ ```json { "services": [
ALB Controller currently surfaces metrics following [text based format](https://
The following Application Gateway for Containers specific metrics are currently available today:
-| Metric Name | Description |
+| Metric Name | Description |
| -- | - | | alb_connection_status | Connection status to an Application Gateway for Containers resource | | alb_reconnection_count | Number of reconnection attempts to an Application Gateway for Containers resources |
application-gateway Alb Controller Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/alb-controller-release-notes.md
Previously updated : 12/05/2023 Last updated : 02/27/2024
The ALB Controller is a Kubernetes deployment that orchestrates configuration an
Each release of ALB Controller has a documented helm chart version and supported Kubernetes cluster version. Instructions for new or existing deployments of ALB Controller are found in the following links:+ - [New deployment of ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md#for-new-deployments) - [Upgrade existing ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md#for-existing-deployments) ## Latest Release (Recommended)
-0.6.3 - Hotfix to address handling of AGC frontends during controller restart in managed scenario
+
+| ALB Controller Version | Gateway API Version | Kubernetes Version | Release Notes |
+| - | - | | - |
+| 1.0.0| v1 | v1.26, v1.27, v1.28 | URL redirect for both Gateway and Ingress API, v1beta1 -> v1 of Gateway API, quality improvements<br/>Breaking Changes: TLS Policy for Gateway API [PolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2.PolicyTargetReferenceWithSectionName)<br/>Listener is now referred to as [SectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SectionName)<br/>Fixes: Request timeout of 3 seconds, [HealthCheckPolicy interval](https://github.com/Azure/AKS/issues/4086), [pod crash for missing API fields](https://github.com/Azure/AKS/issues/4087) |
## Release history+
+0.6.3 - Hotfix to address handling of AGC frontends during controller restart in managed scenario
+ 0.6.2 - Skipped November 6, 2023 - 0.6.1 - Gateway / Ingress API - Header rewrite support, Ingress API - URL rewrite support, Ingress multiple-TLS listener bug fix,
July 25, 2023 - 0.4.023971 - Ingress + Gateway coexistence improvements
July 24, 2023 - 0.4.023961 - Improved Ingress support July 24, 2023 - 0.4.023921 - Initial release of ALB Controller
-* Minimum supported Kubernetes version: v1.25
+
+- Minimum supported Kubernetes version: v1.25
application-gateway Api Specification Kubernetes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/api-specification-kubernetes.md
Title: Application Gateway for Containers API Specification for Kubernetes (preview)
+ Title: Application Gateway for Containers API Specification for Kubernetes
description: This article provides documentation for Application Gateway for Containers' API specification for Kubernetes. Previously updated : 11/6/2023 Last updated : 02/27/2024
-# Application Gateway for Containers API specification for Kubernetes (preview)
+# Application Gateway for Containers API specification for Kubernetes
## Packages
This document defines each of the resource types for `alb.networking.azure.io/v1
(<code>string</code> alias)</h3> <div> <p>AlbConditionReason defines the set of reasons that explain
-why a particular condition type has been raised on the Application Gateway for Containers resource.</p>
+why a particular condition type are raised by the Application Gateway for Containers resource.</p>
</div> <table> <thead>
why a particular condition type has been raised on the Application Gateway for C
</thead> <tbody><tr><td><p>&#34;Accepted&#34;</p></td> <td><p>AlbReasonAccepted indicates that the Application Gateway for Containers resource
-has been accepted by the controller.</p>
+are accepted by the controller.</p>
</td> </tr><tr><td><p>&#34;Ready&#34;</p></td> <td><p>AlbReasonDeploymentReady indicates the Application Gateway for Containers resource
field.</p>
</thead> <tbody><tr><td><p>&#34;Accepted&#34;</p></td> <td><p>AlbConditionTypeAccepted indicates whether the Application Gateway for Containers resource
-has been accepted by the controller.</p>
+are accepted by the controller.</p>
</td> </tr><tr><td><p>&#34;Deployment&#34;</p></td> <td><p>AlbConditionTypeDeployment indicates the deployment status of the Application Gateway for Containers resource.</p>
has been accepted by the controller.</p>
</em> </td> <td>
-<p>Associations are subnet resource IDs the Application Gateway for Containers resource will be associated with.</p>
+<p>Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.</p>
</td> </tr> </tbody>
has been accepted by the controller.</p>
<em>(Optional)</em> <p>Known condition types are:</p> <ul>
-<li>"Accepted"</li>
-<li>"Ready"</li>
+<li>&ldquo;Accepted&rdquo;</li>
+<li>&ldquo;Ready&rdquo;</li>
</ul> </td> </tr>
AlbSpec
</em> </td> <td>
-<p>Associations are subnet resource IDs the Application Gateway for Containers resource will be associated with.</p>
+<p>Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.</p>
</td> </tr> </table>
BackendTLSPolicySpec
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
BackendTLSPolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
BackendTLSPolicyStatus
(<code>string</code> alias)</h3> <div> <p>BackendTLSPolicyConditionReason defines the set of reasons that explain why a
-particular BackendTLSPolicy condition type has been raised.</p>
+particular BackendTLSPolicy condition type is raised.</p>
</div> <table> <thead>
particular BackendTLSPolicy condition type has been raised.</p>
<th>Description</th> </tr> </thead>
-<tbody><tr><td><p>&#34;InvalidCertificateRef&#34;</p></td>
-<td><p>BackendTLSPolicyInvalidCertificateRef is used when an invalid certificate is referenced</p>
-</td>
-</tr><tr><td><p>&#34;Accepted&#34;</p></td>
+<tbody><tr><td><p>&#34;Accepted&#34;</p></td>
<td><p>BackendTLSPolicyReasonAccepted is used to set the BackendTLSPolicyConditionReason to Accepted When the given BackendTLSPolicy is correctly configured</p> </td> </tr><tr><td><p>&#34;InvalidBackendTLSPolicy&#34;</p></td> <td><p>BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn&rsquo;t Accepted</p> </td>
+</tr><tr><td><p>&#34;InvalidCertificateRef&#34;</p></td>
+<td><p>BackendTLSPolicyReasonInvalidCertificateRef is used when an invalid certificate is referenced</p>
+</td>
</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td> <td><p>BackendTLSPolicyReasonInvalidGroup is used when the group is invalid</p> </td>
When the given BackendTLSPolicy is correctly configured</p>
<td><p>BackendTLSPolicyReasonInvalidService is used when the Service is invalid</p> </td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>BackendTLSPolicyReasonNoTargetReference is used when there is no target reference</p>
+<td><p>BackendTLSPolicyReasonNoTargetReference is used when there&rsquo;s no target reference</p>
+</td>
+</tr><tr><td><p>&#34;OverrideNotSupported&#34;</p></td>
+<td><p>BackendTLSPolicyReasonOverrideNotSupported is used when the override isn&rsquo;t supported</p>
</td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td> <td><p>BackendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p> </td>
+</tr><tr><td><p>&#34;SectionNamesNotPermitted&#34;</p></td>
+<td><p>BackendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren&rsquo;t permitted</p>
+</td>
</tr></tbody> </table> <h3 id="alb.networking.azure.io/v1.BackendTLSPolicyConditionType">BackendTLSPolicyConditionType
string
<td> <code>clientCertificateRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
Gateway API .SecretObjectReference </a> </em>
int
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
BackendTLSPolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
constants so that operators and tools can converge on a common
vocabulary to describe BackendTLSPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>"Accepted"</li>
+<li>&ldquo;Accepted&rdquo;</li>
</ul> </td> </tr>
CommonTLSPolicyVerify
<td> <code>caCertificateRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
Gateway API .SecretObjectReference </a> </em>
certificate of the backend.</p>
<h3 id="alb.networking.azure.io/v1.CustomTargetRef">CustomTargetRef </h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.FrontendTLSPolicySpec">FrontendTLSPolicySpec</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.BackendTLSPolicySpec">BackendTLSPolicySpec</a>, <a href="#alb.networking.azure.io/v1.FrontendTLSPolicySpec">FrontendTLSPolicySpec</a>, <a href="#alb.networking.azure.io/v1.HealthCheckPolicySpec">HealthCheckPolicySpec</a>, <a href="#alb.networking.azure.io/v1.RoutePolicySpec">RoutePolicySpec</a>)
</p> <div> <p>CustomTargetRef is a reference to a custom resource that isn&rsquo;t part of the
Kubernetes core API.</p>
<tbody> <tr> <td>
-<code>name</code><br/>
-<em>
-<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ObjectName">
-Gateway API .ObjectName
-</a>
-</em>
-</td>
-<td>
-<p>Name is the name of the referent.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kind</code><br/>
+<code>PolicyTargetReference</code><br/>
<em>
-<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Kind">
-Gateway API .Kind
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
+Gateway API .PolicyTargetReference
</a> </em> </td> <td>
-<p>Kind is the kind of the referent.</p>
+<p>
+(Members of <code>PolicyTargetReference</code> are embedded into this type.)
+</p>
</td> </tr> <tr> <td>
-<code>listeners</code><br/>
+<code>sectionNames</code><br/>
<em> []string </em> </td> <td> <em>(Optional)</em>
-<p>Listener is the name of the Listener.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespace</code><br/>
-<em>
-<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Namespace">
-Gateway API .Namespace
-</a>
-</em>
-</td>
-<td>
-<p>Namespace is the namespace of the referent. When unspecified, the local</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>group</code><br/>
-<em>
-<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Group">
-Gateway API .Group
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Group is the group of the referent.</p>
+<p>SectionNames is the name of the section within the target resource. When
+unspecified, this targetRef targets the entire resource. In the following
+resources, SectionNames is interpreted as the following:</p>
+<ul>
+<li>Gateway: Listener Name</li>
+<li>Service: Port Name</li>
+</ul>
+<p>If a SectionNames is specified, but does not exist on the targeted object,
+the Policy will fail to attach, and the policy implementation will record
+a <code>ResolvedRefs</code> or similar Condition in the Policy&rsquo;s status.</p>
</td> </tr> </tbody>
FrontendTLSPolicyConfig
<p>Default defines default policy configuration for the targeted resource.</p> </td> </tr>
+<tr>
+<td>
+<code>override</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.FrontendTLSPolicyConfig">
+FrontendTLSPolicyConfig
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Override defines policy configuration that should override policy
+configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
+</td>
+</tr>
</table> </td> </tr>
FrontendTLSPolicyStatus
(<code>string</code> alias)</h3> <div> <p>FrontendTLSPolicyConditionReason defines the set of reasons that explain why a
-particular FrontendTLSPolicy condition type has been raised.</p>
+particular FrontendTLSPolicy condition type is raised.</p>
</div> <table> <thead>
When the given FrontendTLSPolicy is correctly configured</p>
<td><p>FrontendTLSPolicyReasonInvalidPolicyType is used when the policy type is invalid</p> </td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>FrontendTLSPolicyReasonNoTargetReference is used when there is no target reference</p>
+<td><p>FrontendTLSPolicyReasonNoTargetReference is used when there&rsquo;s no target reference</p>
+</td>
+</tr><tr><td><p>&#34;OverrideNotSupported&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonOverrideNotSupported is used when the override isn&rsquo;t supported</p>
</td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td> <td><p>FrontendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p> </td>
+</tr><tr><td><p>&#34;SectionNamesNotPermitted&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren&rsquo;t permitted</p>
+</td>
</tr></tbody> </table> <h3 id="alb.networking.azure.io/v1.FrontendTLSPolicyConditionType">FrontendTLSPolicyConditionType
FrontendTLSPolicyConfig
<p>Default defines default policy configuration for the targeted resource.</p> </td> </tr>
+<tr>
+<td>
+<code>override</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.FrontendTLSPolicyConfig">
+FrontendTLSPolicyConfig
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Override defines policy configuration that should override policy
+configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
+</td>
+</tr>
</tbody> </table> <h3 id="alb.networking.azure.io/v1.FrontendTLSPolicyStatus">FrontendTLSPolicyStatus
constants so that operators and tools can converge on a common
vocabulary to describe FrontendTLSPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>"Accepted"</li>
+<li>&ldquo;Accepted&rdquo;</li>
</ul> </td> </tr>
vocabulary to describe FrontendTLSPolicy state.</p>
</td> </tr></tbody> </table>
+<h3 id="alb.networking.azure.io/v1.FrontendTLSPolicyTypeName">FrontendTLSPolicyTypeName
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.PolicyType">PolicyType</a>)
+</p>
+<div>
+<p>FrontendTLSPolicyTypeName is the name of the Frontend TLS Policy.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;2023-06&#34;</p></td>
+<td><p>PredefinedPolicy202306 is the name of the predefined Frontend TLS Policy for the policy &ldquo;2023-06&rdquo;.</p>
+</td>
+</tr><tr><td><p>&#34;2023-06-S&#34;</p></td>
+<td><p>PredefinedPolicy202306Strict is the name of the predefined Frontend TLS Policy for the policy &ldquo;2023-06-S&rdquo;.
+This is a strict version of the policy &ldquo;2023-06&rdquo;.</p>
+</td>
+</tr></tbody>
+</table>
<h3 id="alb.networking.azure.io/v1.HTTPHeader">HTTPHeader </h3> <p>
case insensitive. (See <a href="https://tools.ietf.org/html/rfc7230#section-3.2"
<p>If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the
-case-insensitivity of header names, "foo" and "Foo" are considered
+case-insensitivity of header names, &ldquo;foo&rdquo; and &ldquo;Foo&rdquo; are considered
equivalent.</p> </td> </tr>
string
<p>HTTPHeaderName is the name of an HTTP header.</p> <p>Valid values include:</p> <ul>
-<li>"Authorization"</li>
-<li>"Set-Cookie"</li>
+<li>&ldquo;Authorization&rdquo;</li>
+<li>&ldquo;Set-Cookie&rdquo;</li>
</ul> <p>Invalid values include:</p> <ul>
-<li>":method" - ":" is an invalid character. This means that HTTP/2 pseudo
-headers are not currently supported by this type.</li>
-<li>"/invalid" - "/ " is an invalid character</li>
+<li>&rdquo;:method&rdquo; - &ldquo;:&rdquo; is an invalid character. This means that HTTP/2 pseudo
+headers aren&rsquo;t currently supported by this type.</li>
+<li>&rdquo;/invalid&rdquo; - &ldquo;/ &rdquo; is an invalid character</li>
</ul> </div> <h3 id="alb.networking.azure.io/v1.HTTPMatch">HTTPMatch
HTTPPathModifierType
</em> </td> <td>
-<p>Type defines the type of path modifier. Additional types may be
+<p>Type defines the type of path modifier. More types may be
added in a future release of the API.</p>
-<p>Note that values may be added to this enum, implementations
-must ensure that unknown values will not cause a crash.</p>
+<p>Values may be added to this enum, implementations
+must ensure unknown values won&rsquo;t cause a crash.</p>
<p>Unknown values here must result in the implementation setting the Accepted Condition for the rule to be false</p> </td>
string
<em>(Optional)</em> <p>ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request
-to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
-of "/xyz" would be modified to "/xyz/bar".</p>
-<p>Note that this matches the behavior of the PathPrefix match type. This
+to &ldquo;/foo/bar&rdquo; with a prefix match of &ldquo;/foo&rdquo; and a ReplacePrefixMatch
+of &ldquo;/xyz&rdquo; would be modified to &ldquo;/xyz/bar&rdquo;.</p>
+<p>This matches the behavior of the PathPrefix match type. This
matches full path elements. A path element refers to the list of labels in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all
-match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>
+match the prefix <code>/abc</code>, but the path <code>/abcd</code> wouldn&rsquo;t.</p>
<p>ReplacePrefixMatch is only compatible with a <code>PathPrefix</code> HTTPRouteMatch.
-Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+Using any other HTTPRouteMatch type on the same HTTPRouteRule results in
the implementation setting the Accepted Condition for the Route to <code>status: False</code>.</p> <table> <thead>
the implementation setting the Accepted Condition for the Route to <code>status:
<tr> <td>/foo/bar</td> <td>/foo</td>
-<td></td>
+<td>&nbsp;</td>
<td>/bar</td> </tr> <tr> <td>/foo/</td> <td>/foo</td>
-<td></td>
+<td>&nbsp;</td>
<td>/</td> </tr> <tr> <td>/foo</td> <td>/foo</td>
-<td></td>
+<td>&nbsp;</td>
<td>/</td> </tr> <tr>
the implementation setting the Accepted Condition for the Route to <code>status:
</tr> </thead> <tbody><tr><td><p>&#34;ReplaceFullPath&#34;</p></td>
-<td><p>FullPathHTTPPathModifier indicates that the full path will be replaced
-by the specified value.</p>
+<td><p>FullPathHTTPPathModifier replaces the full path with the specified value.</p>
</td> </tr><tr><td><p>&#34;ReplacePrefixMatch&#34;</p></td>
-<td><p>PrefixMatchHTTPPathModifier indicates that any prefix path matches will be
-replaced by the substitution value. For example, a path with a prefix
-match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have
-the "/foo" prefix replaced with "/bar" in matching requests.</p>
-<p>Note that this matches the behavior of the PathPrefix match type. This
+<td><p>PrefixMatchHTTPPathModifier replaces any prefix path with the
+substitution value. For example, a path with a prefix
+match of &ldquo;/foo&rdquo; and a ReplacePrefixMatch substitution of &ldquo;/bar&rdquo;
+replace &ldquo;/foo&rdquo; with &ldquo;/bar&rdquo; in matching requests.</p>
+<p>This matches the behavior of the PathPrefix match type. This
matches full path elements. A path element refers to the list of labels in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all
-match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>
+match the prefix <code>/abc</code>, but the path <code>/abcd</code> wouldn&rsquo;t.</p>
</td> </tr></tbody> </table>
GET /foo HTTP/1.1
my-header: foo</p> <p>Config: set:-- name: "my-header"
-value: "bar"</p>
+- name: &ldquo;my-header&rdquo;
+value: &ldquo;bar&rdquo;</p>
<p>Output: GET /foo HTTP/1.1 my-header: bar</p>
GET /foo HTTP/1.1
my-header: foo</p> <p>Config: add:-- name: "my-header"
-value: "bar,baz"</p>
+- name: &ldquo;my-header&rdquo;
+value: &ldquo;bar,baz&rdquo;</p>
<p>Output: GET /foo HTTP/1.1 my-header: foo,bar,baz</p>
my-header: foo,bar,baz</p>
<td> <em>(Optional)</em> <p>Remove the given header(s) from the HTTP request before the action. The
-value of Remove is a list of HTTP header names. Note that the header
-names are case-insensitive (see
+value of Remove is a list of HTTP header names. Header names
+are case-insensitive (see
<a href="https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)">https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)</a>.</p> <p>Input: GET /foo HTTP/1.1
my-header1: foo
my-header2: bar my-header3: baz</p> <p>Config:
-remove: ["my-header1", "my-header3"]</p>
+remove: [&ldquo;my-header1&rdquo;, &ldquo;my-header3&rdquo;]</p>
<p>Output: GET /foo HTTP/1.1 my-header2: bar</p>
HealthCheckPolicySpec
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
HealthCheckPolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
HealthCheckPolicyStatus
(<code>string</code> alias)</h3> <div> <p>HealthCheckPolicyConditionReason defines the set of reasons that explain why a
-particular HealthCheckPolicy condition type has been raised.</p>
+particular HealthCheckPolicy condition type is raised.</p>
</div> <table> <thead>
When the given HealthCheckPolicy is correctly configured</p>
<td><p>HealthCheckPolicyReasonInvalidService is used when the Service is invalid</p> </td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>HealthCheckPolicyReasonNoTargetReference is used when there is no target reference</p>
+<td><p>HealthCheckPolicyReasonNoTargetReference is used when there&rsquo;s no target reference</p>
+</td>
+</tr><tr><td><p>&#34;OverrideNotSupported&#34;</p></td>
+<td><p>HealthCheckPolicyReasonOverrideNotSupported is used when the override isn&rsquo;t supported</p>
</td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td> <td><p>HealthCheckPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p> </td>
+</tr><tr><td><p>&#34;SectionNamesNotPermitted&#34;</p></td>
+<td><p>HealthCheckPolicyReasonSectionNamesNotPermitted is used when the section names aren&rsquo;t permitted</p>
+</td>
</tr></tbody> </table> <h3 id="alb.networking.azure.io/v1.HealthCheckPolicyConditionType">HealthCheckPolicyConditionType
field.</p>
<tbody> <tr> <td>
-<code>port</code><br/>
-<em>
-int32
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Port is the port to use for HealthCheck checks.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>protocol</code><br/>
-<em>
-<a href="#alb.networking.azure.io/v1.Protocol">
-Protocol
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Protocol is the protocol to use for HealthCheck checks.</p>
-</td>
-</tr>
-<tr>
-<td>
<code>interval</code><br/> <em> <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
target resource.</p>
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
HealthCheckPolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
constants so that operators and tools can converge on a common
vocabulary to describe HealthCheckPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>"Accepted"</li>
+<li>&ldquo;Accepted&rdquo;</li>
</ul> </td> </tr>
Protocol
</em> </td> <td>
-<p>Protocol should be one of "HTTP", "HTTPS"</p>
+<p>Protocol should be one of &ldquo;HTTP&rdquo;, &ldquo;HTTPS&rdquo;</p>
</td> </tr> </tbody>
string
</td> <td> <em>(Optional)</em>
-<p>Errors is a list of errors relating to this setting</p>
+<p>Errors are a list of errors relating to this setting</p>
</td> </tr> <tr>
IngressTimeouts
</tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressCertificate">IngressCertificate
-</h3>
-<p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS</a>)
-</p>
-<div>
-<p>IngressCertificate defines a certificate and private key to be used with TLS.</p>
-</div>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Type indicates where the Certificate is stored.
-Can be KubernetesSecret, or KeyVaultCertificate</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>name</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Name is the name of a KubernetesSecret containing the TLS cert and key</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretId</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>SecretID is the resource ID of a KeyVaultCertificate</p>
-</td>
-</tr>
-</tbody>
-</table>
<h3 id="alb.networking.azure.io/v1.IngressExtension">IngressExtension </h3> <div>
IngressExtensionSpec
</td> <td> <em>(Optional)</em>
-<p>Rules defines the rules per host</p>
+<p>Rules define the rules per host</p>
</td> </tr> <tr>
IngressExtensionStatus
(<code>string</code> alias)</h3> <div> <p>IngressExtensionConditionReason defines the set of reasons that explain why a
-particular IngressExtension condition type has been raised.</p>
+particular IngressExtension condition type is raised.</p>
</div> <table> <thead>
particular IngressExtension condition type has been raised.</p>
<td><p>IngressExtensionReasonNoErrors indicates there are no validation errors</p> </td> </tr><tr><td><p>&#34;PartiallyAcceptedWithErrors&#34;</p></td>
-<td><p>IngressExtensionReasonPartiallyAccepted is used to set the IngressExtensionConditionAccepted to Accepted, but with non-fatal validation errors</p>
+<td><p>IngressExtensionReasonPartiallyAccepted is used to set the IngressExtensionConditionAccepted to Accepted, but with nonfatal validation errors</p>
</td> </tr></tbody> </table>
field.</p>
</tr> </thead> <tbody><tr><td><p>&#34;Accepted&#34;</p></td>
-<td><p>IngressExtensionConditionAccepted indicates if the IngressExtension has been accepted (reconciled) by the controller</p>
+<td><p>IngressExtensionConditionAccepted indicates if the IngressExtension is accepted (reconciled) by the controller</p>
</td> </tr><tr><td><p>&#34;Errors&#34;</p></td> <td><p>IngressExtensionConditionErrors indicates if there are validation or build errors on the extension</p>
field.</p>
</td> <td> <em>(Optional)</em>
-<p>Rules defines the rules per host</p>
+<p>Rules define the rules per host</p>
</td> </tr> <tr>
field.</p>
</td> <td> <em>(Optional)</em>
-<p>Rules has detailed status information regarding each Rule</p>
+<p>Rules have detailed status information regarding each Rule</p>
</td> </tr> <tr>
field.</p>
<p>Conditions describe the current conditions of the IngressExtension. Known condition types are:</p> <ul>
-<li>"Accepted"</li>
-<li>"Errors"</li>
+<li>&ldquo;Accepted&rdquo;</li>
+<li>&ldquo;Errors&rdquo;</li>
</ul> </td> </tr>
string
</em> </td> <td>
-<p>Host is used to match against Ingress rules with the same hostname in order to identify which rules are affected by these settings</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>tls</code><br/>
-<em>
-<a href="#alb.networking.azure.io/v1.IngressRuleTLS">
-IngressRuleTLS
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>TLS defines TLS settings for the rule</p>
+<p>Host is used to match against Ingress rules with the same hostname in order to identify which rules affect these settings</p>
</td> </tr> <tr>
IngressRuleTLS
</td> <td> <em>(Optional)</em>
-<p>AdditionalHostnames specifies additional hostnames to listen on</p>
+<p>AdditionalHostnames specifies more hostnames to listen on</p>
</td> </tr> <tr>
string
</td> <td> <em>(Optional)</em>
-<p>Errors is a list of errors relating to this setting</p>
+<p>Errors are a list of errors relating to this setting</p>
</td> </tr> <tr>
bool
</tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS
-</h3>
-<p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)
-</p>
-<div>
-<p>IngressRuleTLS provides options for configuring TLS settings on a rule</p>
-</div>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>certificate</code><br/>
-<em>
-<a href="#alb.networking.azure.io/v1.IngressCertificate">
-IngressCertificate
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Certificate specifies a TLS Certificate to configure a rule with</p>
-</td>
-</tr>
-</tbody>
-</table>
<h3 id="alb.networking.azure.io/v1.IngressTimeouts">IngressTimeouts </h3> <p>
Kubernetes meta/v1.Duration
<td> <code>name</code><br/> <em>
-string
+<a href="#alb.networking.azure.io/v1.FrontendTLSPolicyTypeName">
+FrontendTLSPolicyTypeName
+</a>
</em> </td> <td>
FrontendTLSPolicyType
</p> <div> <p>PreciseHostname is the fully qualified domain name of a network host. This
-matches the RFC 1123 definition of a hostname with 1 notable exception that
-numeric IP addresses are not allowed.</p>
-<p>Note that as per RFC1035 and RFC1123, a <em>label</em> must consist of lower case
+matches the RFC 1123 definition of a hostname with one notable exception that
+numeric IP addresses aren&rsquo;t allowed.</p>
+<p>Per RFC1035 and RFC1123, a <em>label</em> must consist of lower case
alphanumeric characters or &lsquo;-&rsquo;, and must start and end with an alphanumeric character. No other punctuation is allowed.</p> </div> <h3 id="alb.networking.azure.io/v1.Protocol">Protocol (<code>string</code> alias)</h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HealthCheckPolicyConfig">HealthCheckPolicyConfig</a>, <a href="#alb.networking.azure.io/v1.IngressBackendPort">IngressBackendPort</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressBackendPort">IngressBackendPort</a>)
</p> <div> <p>Protocol defines the protocol used for certain properties.
Valid Protocol values are:</p>
</tr> </thead> <tbody><tr><td><p>&#34;HTTP&#34;</p></td>
-<td><p>HTTP implies that the service will use HTTP</p>
+<td><p>HTTP implies that the service uses HTTP</p>
</td> </tr><tr><td><p>&#34;HTTPS&#34;</p></td>
-<td><p>HTTPS implies that the service will be use HTTPS</p>
+<td><p>HTTPS implies that the service uses HTTPS</p>
</td> </tr><tr><td><p>&#34;TCP&#34;</p></td>
-<td><p>TCP implies that the service will be use plain TCP</p>
+<td><p>TCP implies that the service uses plain TCP</p>
</td> </tr></tbody> </table>
header in the response.</p>
following rules:</p> <ul> <li>If redirect scheme is not-empty, the redirect port MUST be the well-known
-port associated with the redirect scheme. Specifically "http" to port 80
-and "https" to port 443. If the redirect scheme does not have a
+port associated with the redirect scheme. Specifically &ldquo;http&rdquo; to port 80
+and &ldquo;https&rdquo; to port 443. If the redirect scheme doesn&rsquo;t have a
well-known port, the listener port of the Gateway SHOULD be used.</li> <li>If redirect scheme is empty, the redirect port MUST be the Gateway Listener port.</li>
Listener port.</li>
<p>Implementations SHOULD NOT add the port number in the &lsquo;Location&rsquo; header in the following cases:</p> <ul>
-<li>A Location header that will use HTTP (whether that is determined via
+<li>A Location header that uses HTTP (whether that is determined via
the Listener protocol or the Scheme field) <em>and</em> use port 80.</li>
-<li>A Location header that will use HTTPS (whether that is determined via
+<li>A Location header that uses HTTPS (whether that is determined via
the Listener protocol or the Scheme field) <em>and</em> use port 443.</li> </ul> </td>
int
<td> <em>(Optional)</em> <p>StatusCode is the HTTP status code to be used in response.</p>
-<p>Note that values may be added to this enum, implementations
-must ensure that unknown values will not cause a crash.</p>
+<p>Values may be added to this enum, implementations
+must ensure that unknown values won&rsquo;t cause a crash.</p>
</td> </tr> </tbody>
must ensure that unknown values will not cause a crash.</p>
</thead> <tbody><tr><td><p>&#34;RequestHeaderModifier&#34;</p></td> <td><p>RequestHeaderModifier can be used to add or remove an HTTP
-header from an HTTP request before it is sent to the upstream target.</p>
+header from an HTTP request before it&rsquo;s sent to the upstream target.</p>
</td> </tr><tr><td><p>&#34;ResponseHeaderModifier&#34;</p></td> <td><p>ResponseHeaderModifier can be used to add or remove an HTTP
-header from an HTTP response before it is sent to the client.</p>
+header from an HTTP response before it&rsquo;s sent to the client.</p>
</td> </tr><tr><td><p>&#34;URLRewrite&#34;</p></td> <td><p>URLRewrite can be used to modify a request during forwarding.</p>
RoutePolicySpec
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
RoutePolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
RoutePolicyStatus
(<code>string</code> alias)</h3> <div> <p>RoutePolicyConditionReason defines the set of reasons that explain why a
-particular RoutePolicy condition type has been raised.</p>
+particular RoutePolicy condition type is raised.</p>
</div> <table> <thead>
When the given RoutePolicy is correctly configured</p>
<td><p>RoutePolicyReasonInvalidName is used when the name is invalid</p> </td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>RoutePolicyReasonNoTargetReference is used when there is no target reference</p>
+<td><p>RoutePolicyReasonNoTargetReference is used when there&rsquo;s no target reference</p>
+</td>
+</tr><tr><td><p>&#34;OverrideNotSupported&#34;</p></td>
+<td><p>RoutePolicyReasonOverrideNotSupported is used when the override isn&rsquo;t supported</p>
</td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td> <td><p>RoutePolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p> </td>
+</tr><tr><td><p>&#34;SectionNamesNotPermitted&#34;</p></td>
+<td><p>RoutePolicyReasonSectionNamesNotPermitted is used when the section names aren&rsquo;t permitted</p>
+</td>
</tr></tbody> </table> <h3 id="alb.networking.azure.io/v1.RoutePolicyConditionType">RoutePolicyConditionType
SessionAffinity
<td> <code>targetRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference">
-Gateway API .PolicyTargetReference
+<a href="#alb.networking.azure.io/v1.CustomTargetRef">
+CustomTargetRef
</a> </em> </td>
RoutePolicyConfig
<em>(Optional)</em> <p>Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.</p>
+<p>Note: Override is currently not supported and will result in a validation error.
+Support for Override will be added in a future release.</p>
</td> </tr> <tr>
constants so that operators and tools can converge on a common
vocabulary to describe RoutePolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>"Accepted"</li>
+<li>&ldquo;Accepted&rdquo;</li>
</ul> </td> </tr>
HTTPPathModifier
</td> </tr> </tbody>
-</table>
+</table>
application-gateway Application Gateway For Containers Components https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/application-gateway-for-containers-components.md
- Title: Application Gateway for Containers components (preview)
+ Title: Application Gateway for Containers components
description: This article provides information about how Application Gateway for Containers accepts incoming requests and routes them to a backend target. Previously updated : 08/08/2023 Last updated : 02/27/2024
-# Application Gateway for Containers components (preview)
+# Application Gateway for Containers components
-This article provides detailed descriptions and requirements for components of Application Gateway for Containers. Information about how Application Gateway for Containers accepts incoming requests and routes them to a backend target is provided. For a general overview of Application Gateway for Containers, see [What is Application Gateway for Containers?](overview.md).
+This article provides detailed descriptions and requirements for components of Application Gateway for Containers. Information about how Application Gateway for Containers accepts incoming requests and routes them to a backend target is provided. For a general overview of Application Gateway for Containers, see [What is Application Gateway for Containers](overview.md).
### Core components-- Application Gateway for Containers is an Azure parent resource that deploys the control plane+
+- An Application Gateway for Containers resource is an Azure parent resource that deploys the control plane.
- The control plane is responsible for orchestrating proxy configuration based on customer intent.-- Application Gateway for Containers has two child resources; associations and frontends
- - Child resources are exclusive to only their parent Application Gateway for Containers and may not be referenced by additional Application Gateway for Containers
+- Application Gateway for Containers has two child resources; associations and frontends.
+ - Child resources are exclusive to only their parent Application Gateway for Containers and may not be referenced by another Application Gateway for Container resource.
### Application Gateway for Containers frontends-- An Application Gateway for Containers frontend resource is an Azure child resource of the Application Gateway for Containers parent resource-- An Application Gateway for Containers frontend defines the entry point client traffic should be received by a given Application Gateway for Containers
- - A frontend can't be associated to multiple Application Gateway for Containers
- - Each frontend provides a unique FQDN that can be referenced by a customer's CNAME record
- - Private IP addresses are currently unsupported
+
+- An Application Gateway for Containers frontend resource is an Azure child resource of the Application Gateway for Containers parent resource.
+- An Application Gateway for Containers frontend defines the entry point client traffic should be received by a given Application Gateway for Containers.
+ - A frontend can't be associated to multiple Application Gateway for Containers
+ - Each frontend provides a unique FQDN that can be referenced by a customer's CNAME record
+ - Private IP addresses are currently unsupported
- A single Application Gateway for Containers can support multiple frontends ### Application Gateway for Containers associations-- An Application Gateway for Containers association resource is an Azure child resource of the Application Gateway for Containers parent resource+
+- An Application Gateway for Containers association resource is an Azure child resource of the Application Gateway for Containers parent resource.
- An Application Gateway for Containers association defines a connection point into a virtual network. An association is a 1:1 mapping of an association resource to an Azure Subnet that has been delegated. - Application Gateway for Containers is designed to allow for multiple associations
- - At this time, the current number of associations is currently limited to 1
+ - At this time, the current number of associations is currently limited to 1
- During creation of an association, the underlying data plane is provisioned and connected to a subnet within the defined virtual network's subnet - Each association should assume at least 256 addresses are available in the subnet at time of provisioning.
- - A minimum /24 subnet mask for new deployment, assuming nothing has been provisioning in the subnet).
- - If n number of Application Gateway for Containers are provisioned, with the assumption each Application Gateway for Containers contains one association, and the intent is to share the same subnet, the available required addresses should be n*256.
- - All Application Gateway for Containers association resources should match the same region as the Application Gateway for Containers parent resource
+ - A minimum /24 subnet mask for each deployment (assuming no resources have previously been provisioned in the subnet).
+ - If n number of Application Gateway for Containers are provisioned, with the assumption each Application Gateway for Containers contains one association, and the intent is to share the same subnet, the available required addresses should be n*256.
+ - All Application Gateway for Containers association resources should match the same region as the Application Gateway for Containers parent resource
### Application Gateway for Containers ALB Controller+ - An Application Gateway for Containers ALB Controller is a Kubernetes deployment that orchestrates configuration and deployment of Application Gateway for Containers by watching Kubernetes both Custom Resources and Resource configurations, such as, but not limited to, Ingress, Gateway, and ApplicationLoadBalancer. It uses both ARM / Application Gateway for Containers configuration APIs to propagate configuration to the Application Gateway for Containers Azure deployment. - ALB Controller is deployed / installed via Helm - ALB Controller consists of two running pods
- - alb-controller pod is responsible for orchestrating customer intent to Application Gateway for Containers load balancing configuration
- - alb-controller-bootstrap pod is responsible for management of CRDs
+ - alb-controller pod is responsible for orchestrating customer intent to Application Gateway for Containers load balancing configuration
+ - alb-controller-bootstrap pod is responsible for management of CRDs
## Azure / general concepts ### Private IP address+ - A private IP address isn't explicitly defined as an Azure Resource Manager resource. A private IP address would refer to a specific host address within a given virtual network's subnet. ### Subnet delegation
A set of routing rules evaluates how the request for that hostname should be ini
### Modifications to the request
-Application Gateway for Containers inserts three additional headers to all requests before requests are initiated from Application Gateway for Containers to a backend target:
+Application Gateway for Containers inserts three extra headers to all requests before requests are initiated from Application Gateway for Containers to a backend target:
+ - x-forwarded-for - x-forwarded-proto - x-request-id
-**x-forwarded-for** is the original requestor's client IP address. If the request is coming through a proxy, the header value will append the address received, comma delimited. In example: 1.2.3.4,5.6.7.8; where 1.2.3.4 is the client IP address to the proxy in front of Application Gateway for Containers, and 5.6.7.8 is the address of the proxy forwarding traffic to Application Gateway for Containers.
+**x-forwarded-for** is the original requestor's client IP address. If the request is coming through a proxy, the header value appends the address received, comma delimited. In example: 1.2.3.4,5.6.7.8; where 1.2.3.4 is the client IP address to the proxy in front of Application Gateway for Containers, and 5.6.7.8 is the address of the proxy forwarding traffic to Application Gateway for Containers.
**x-forwarded-proto** returns the protocol received by Application Gateway for Containers from the client. The value is either http or https. **x-request-id** is a unique guid generated by Application Gateway for Containers for each client request and presented in the forwarded request to the backend target. The guid consists of 32 alphanumeric characters, separated by dashes (for example: d23387ab-e629-458a-9c93-6108d374bc75). This guid can be used to correlate a request received by Application Gateway for Containers and initiated to a backend target as defined in access logs.
+## Request timeouts
+
+Application Gateway for Containers enforces the following timeouts as requests are initiated and maintained between the client, AGC, and backend.
+
+| Timeout | Duration | Description |
+| - | | -- |
+| Request Timeout | 60 seconds | time for which AGC waits for the backend target response. |
+| HTTP Idle Timeout | 5 minutes | idle timeout before closing an HTTP connection. |
+| Stream Idle Timeout | 5 minutes | idle timeout before closing an individual stream carried by an HTTP connection. |
+| Upstream Connect Timeout | 5 seconds | time for establishing a connection to the backend target. |
application-gateway Application Gateway For Containers Metrics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/application-gateway-for-containers-metrics.md
Previously updated : 07/24/2023 Last updated : 02/27/2024
Use the following steps to view Application Gateway for Containers in the Azure
3. Under **Monitoring**, select **Metrics**. 4. Next to **Chart Title**, enter a title for your metrics view. 5. **Scope** and **Metric Namespace** are is automatically populated. Under **Metric**, select a metric such as: **Total Requests**. For the **Total Requests** metric, the **Aggregation** is set to **Sum**.
-6. Select **Add filter**. **Property** is set to **Frontend**. Choose the **=** (equals) **Operator**.
-7. Enter values to use for filtering under **Values**. For example:
-8. Select the values you want to actively filter from the entries you create.
+6. Select **Add filter**. **Property** is set to **Frontend**. Choose the **=** (equals) **Operator**.
+7. Enter values to use for filtering under **Values**.
+
+ For example:
+
+ - **frontend-primary:80**
+ - **ingress-frontend:443**
+ - **ingress-frontend:80**
+
+8. Select the values you want to actively filter from the entries you create.
9. Choose **Apply Splitting**, select **Frontend**, and accept default values for **Limit** and **Sort**. See the following example: **Total Requests**
Use the following steps to view Application Gateway for Containers in the Azure
![Application Gateway for Containers metrics backend healthy targets](./media/application-gateway-for-containers-metrics/backend-healthy-targets.png) - ## Next steps
-* [Using Azure Log Analytics in Power BI](/power-bi/transform-model/log-analytics/desktop-log-analytics-overview)
-* [Configure Azure Log Analytics for Power BI](/power-bi/transform-model/log-analytics/desktop-log-analytics-configure)
-* [Visualize Azure AI Search Logs and Metrics with Power BI](/azure/search/search-monitor-logs-powerbi)
+- [Using Azure Log Analytics in Power BI](/power-bi/transform-model/log-analytics/desktop-log-analytics-overview)
+- [Configure Azure Log Analytics for Power BI](/power-bi/transform-model/log-analytics/desktop-log-analytics-configure)
+- [Visualize Azure AI Search Logs and Metrics with Power BI](/azure/search/search-monitor-logs-powerbi)
application-gateway Custom Health Probe https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/custom-health-probe.md
Previously updated : 12/21/2023 Last updated : 02/27/2024
Application Gateway for Containers monitors the health of all backend targets by
In addition to using default health probe monitoring, you can also customize the health probe to suit your application's requirements. This article discusses both default and custom health probes. The order and logic of health probing is as follows:+ 1. Use definition of HealthCheckPolicy Custom Resource (CR). 2. If there's no HealthCheckPolicy CR, then use [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) 3. If there's no Readiness probe defined, use the [default health probe](#default-health-probe)
The following properties make up custom health probes:
| (http) path | The specific path of the request. If a single file should be loaded, the path might be /https://docsupdatetracker.net/index.html. | | (http -> match) statusCodes | Contains two properties, `start` and `end`, that define the range of valid HTTP status codes returned from the backend. |
-[ ![A diagram showing the Application Gateway for Containers using custom health probes to determine backend health.](./media/custom-health-probe/custom-health-probe.png) ](./media/custom-health-probe/custom-health-probe.png#lightbox)
+[![A diagram showing the Application Gateway for Containers using custom health probes to determine backend health.](./media/custom-health-probe/custom-health-probe.png)](./media/custom-health-probe/custom-health-probe.png#lightbox)
## Default health probe+ Application Gateway for Containers automatically configures a default health probe when you don't define a custom probe configuration or configure a readiness probe. The monitoring behavior works by making an HTTP GET request to the IP addresses of configured backend targets. For default probes, if the backend target is configured for HTTPS, the probe uses HTTPS to test health of the backend targets. For more implementation details, see [HealthCheckPolicyConfig](api-specification-kubernetes.md#alb.networking.azure.io/v1.HealthCheckPolicyConfig) in the API specification.
application-gateway Diagnostics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/diagnostics.md
Title: Diagnostic logs for Application Gateway for Containers (preview)
+ Title: Diagnostic logs for Application Gateway for Containers
description: Learn how to enable access logs for Application Gateway for Containers Previously updated : 1/10/2023 Last updated : 02/27/2024
-# Diagnostic logs for Application Gateway for Containers (preview)
+# Diagnostic logs for Application Gateway for Containers
Learn how to troubleshoot common problems in Application Gateway for Containers.
Activity logging is automatically enabled for every Resource Manager resource. Y
2. In **Search resources, service, and docs**, type **Application Gateways for Containers** and select your Application Gateway for Containers name. 3. Under **Monitoring**, select **Diagnostic settings**. 4. Select **Add diagnostic setting**.
- 5. Enter a **Diagnostic setting name** (ex: agfc-logs), choose the logs and metrics to save and choose a destination, such as **Archive to a storage account**. To save all logs, select **allLogs** and **AllMetrics**.
+ 5. Enter a **Diagnostic setting name** (ex: agfc-logs), choose the logs and metrics to save and choose a destination, such as **Archive to a storage account**. To save all logs, select **allLogs** and **AllMetrics**.
6. Select **Save** to save your settings. See the following example: ![Configure diagnostic logs](./media/diagnostics/enable-diagnostic-logs.png)
Each access log entry in Application Gateway for Containers contains the followi
| userAgent | User-Agent header of the request received from the client by Application Gateway for Containers | Here an example of the access log emitted in JSON format to a storage account.+ ```JSON { "category": "TrafficControllerAccessLog",
application-gateway How To Backend Mtls Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-backend-mtls-gateway-api.md
- Title: Backend MTLS with Application Gateway for Containers - Gateway API (preview)
+ Title: Backend MTLS with Application Gateway for Containers - Gateway API
description: Learn how to configure Application Gateway for Containers with support for backend MTLS authentication. Previously updated : 09/19/2023 Last updated : 02/27/2024
-# Backend MTLS with Application Gateway for Containers - Gateway API (preview)
+# Backend MTLS with Application Gateway for Containers - Gateway API
This document helps set up an example application that uses the following resources from Gateway API. Steps are provided to:+ - Create a [Gateway](https://gateway-api.sigs.k8s.io/concepts/api-overview/#gateway) resource with one HTTPS listener. - Create an [HTTPRoute](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/) resource that references a backend service. - Create a [BackendTLSPolicy](api-specification-kubernetes.md#alb.networking.azure.io/v1.BackendTLSPolicy) resource that has a client and CA certificate for the backend service referenced in the HTTPRoute.
Mutual Transport Layer Security (MTLS) is a process that relies on certificates
See the following figure:
-[ ![A diagram showing the Application Gateway for Containers backend MTLS process.](./media/how-to-backend-mtls-gateway-api/backend-mtls.png) ](./media/how-to-backend-mtls-gateway-api/backend-mtls.png#lightbox)
+[![A diagram showing the Application Gateway for Containers backend MTLS process.](./media/how-to-backend-mtls-gateway-api/backend-mtls.png)](./media/how-to-backend-mtls-gateway-api/backend-mtls.png#lightbox)
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
- Apply the following deployment.yaml file on your cluster to create a sample web application and deploy sample secrets to demonstrate backend mutual authentication (mTLS).
- ```bash
- kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/end-to-end-ssl-with-backend-mtls/deployment.yaml
- ```
+
+ Apply the following deployment.yaml file on your cluster to create a sample web application and deploy sample secrets to demonstrate backend mutual authentication (mTLS).
+
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/end-to-end-ssl-with-backend-mtls/deployment.yaml
+ ```
- This command creates the following on your cluster:
- - a namespace called `test-infra`
- - one service called `mtls-app` in the `test-infra` namespace
- - one deployment called `mtls-app` in the `test-infra` namespace
- - one config map called `mtls-app-nginx-cm` in the `test-infra` namespace
- - four secrets called `backend.com`, `frontend.com`, `gateway-client-cert`, and `ca.bundle` in the `test-infra` namespace
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - one service called `mtls-app` in the `test-infra` namespace
+ - one deployment called `mtls-app` in the `test-infra` namespace
+ - one config map called `mtls-app-nginx-cm` in the `test-infra` namespace
+ - four secrets called `backend.com`, `frontend.com`, `gateway-client-cert`, and `ca.bundle` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
[!INCLUDE [application-gateway-for-containers-frontend-naming](../../../includes/application-gateway-for-containers-frontend-naming.md)] # [Bring your own (BYO) deployment](#tab/byo)+ 1. Set the following environment variables ```bash
EOF
Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
status:
kind: HTTPRoute ```
-Once the gateway has been created, create an HTTPRoute
+Once the gateway has been created, create an HTTPRoute resource.
+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
``` Once the HTTPRoute resource has been created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.+ ```bash kubectl get httproute https-route -n test-infra -o yaml ```
application-gateway How To Header Rewrite Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-header-rewrite-gateway-api.md
Previously updated : 01/03/2024 Last updated : 02/27/2024
-# Header rewrite for Azure Application Gateway for Containers - Gateway API (preview)
+# Header rewrite for Azure Application Gateway for Containers - Gateway API
Application Gateway for Containers allows you to rewrite HTTP headers of client requests and responses from backend targets.
Application Gateway for Containers allows you to rewrite HTTP headers of client
Header rewrites take advantage of [filters](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPURLRewriteFilter) as defined by Kubernetes Gateway API. ## Background+ Header rewrites enable you to modify the request and response headers to and from your backend targets. The following figure illustrates a request with a specific user agent being rewritten to a simplified value called SearchEngine-BingBot when the request is initiated to the backend target by Application Gateway for Containers:
-[ ![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-gateway-api/header-rewrite.png) ](./media/how-to-header-rewrite-gateway-api/header-rewrite.png#lightbox)
+[![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-gateway-api/header-rewrite.png)](./media/how-to-header-rewrite-gateway-api/header-rewrite.png#lightbox)
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If you're following the ALB managed deployment strategy, ensure provisioning of the [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
- Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
- ```bash
- kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
- ```
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
+
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
- This command creates the following on your cluster:
- - a namespace called `test-infra`
- - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
[!INCLUDE [application-gateway-for-containers-frontend-naming](../../../includes/application-gateway-for-containers-frontend-naming.md)] # [Bring your own (BYO) deployment](#tab/byo)+ 1. Set the following environment variables ```bash
FRONTEND_NAME='frontend'
``` 2. Create a Gateway+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
EOF
``` Once the HTTPRoute resource is created, ensure the route is _Accepted_ and the Application Gateway for Containers resource is _Programmed_.+ ```bash kubectl get httproute header-rewrite-route -n test-infra -o yaml ```
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com
``` Via the response we should see:+ ```json { "path": "/",
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "user-agent: Mozi
``` Via the response we should see:+ ```json { "path": "/",
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "client-custom-he
``` Via the response we should see:+ ```json { "path": "/",
Via the response we should see:
} ```
-Congratulations, you have installed ALB Controller, deployed a backend application and modified header values via Gateway API on Application Gateway for Containers.
+Congratulations, you have installed ALB Controller, deployed a backend application and modified header values via Gateway API on Application Gateway for Containers.
application-gateway How To Header Rewrite Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-header-rewrite-ingress-api.md
Previously updated : 11/27/2023 Last updated : 02/27/2024
-# Header rewrite for Azure Application Gateway for Containers - Ingress API (preview)
+# Header rewrite for Azure Application Gateway for Containers - Ingress API
Application Gateway for Containers allows you to rewrite HTTP headers of client requests and responses from backend targets.
Application Gateway for Containers allows you to rewrite HTTP headers of client
Header rewrites take advantage of Application Gateway for Container's IngressExtension custom resource. ## Background+ Header rewrites enable you to modify the request and response headers to and from your backend targets. The following figure illustrates an example of a request with a specific user agent being rewritten to a simplified value called `rewritten-user-agent` when the request is initiated to the backend target by Application Gateway for Containers:
-[ ![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-ingress-api/header-rewrite.png) ](./media/how-to-header-rewrite-ingress-api/header-rewrite.png#lightbox)
+[![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-ingress-api/header-rewrite.png)](./media/how-to-header-rewrite-ingress-api/header-rewrite.png#lightbox)
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
- Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
- ```bash
- kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
- ```
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
+
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
- This command creates the following on your cluster:
- - a namespace called `test-infra`
- - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
[!INCLUDE [application-gateway-for-containers-frontend-naming](../../../includes/application-gateway-for-containers-frontend-naming.md)] # [Bring your own (BYO) deployment](#tab/byo)+ 1. Set the following environment variables ```bash
FRONTEND_NAME='frontend'
``` 2. Create an Ingress resource to listen for requests to `contoso.com`+ ```bash kubectl apply -f - <<EOF apiVersion: networking.k8s.io/v1
status:
protocol: TCP ``` - Once the Ingress is created, next we need to define an IngressExtension with the header rewrite rules.
-In this example, we set a static user-agent with a value of `rewritten-user-agent`.
+In this example, we set a static user-agent with a value of `rewritten-user-agent`.
This example also demonstrates addition of a new header called `AGC-Header-Add` with a value of `agc-value` and removes a request header called `client-custom-header`.
EOF
``` Once the HTTPRoute resource is created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.+ ```bash kubectl get IngressExtension header-rewrite -n test-infra -o yaml ```
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com
``` Via the response we should see:+ ```json { "path": "/",
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "user-agent: my-u
``` Via the response we should see:+ ```json { "path": "/",
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "client-custom-he
``` Via the response we should see:+ ```json { "path": "/",
application-gateway How To Multiple Site Hosting Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-multiple-site-hosting-gateway-api.md
Title: Multiple site hosting with Application Gateway for Containers - Gateway API (preview)
+ Title: Multiple site hosting with Application Gateway for Containers - Gateway API
description: Learn how to host multiple sites with Application Gateway for Containers using the Gateway API. Previously updated : 11/07/2023 Last updated : 02/27/2024
-# Multiple site hosting with Application Gateway for Containers - Gateway API (preview)
+# Multiple site hosting with Application Gateway for Containers - Gateway API
This document helps you set up an example application that uses the resources from Gateway API to demonstrate hosting multiple sites on the same Kubernetes Gateway resource / Application Gateway for Containers frontend. Steps are provided to: - Create a [Gateway](https://gateway-api.sigs.k8s.io/concepts/api-overview/#gateway) resource with one HTTP listener.
Application Gateway for Containers enables multi-site hosting by allowing you to
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If you follow the BYO deployment strategy, ensure you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If you follow the ALB managed deployment strategy, ensure provisioning of your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
Example output of successful gateway creation.
```yaml status: addresses:
- - type: IPAddress
+ - type: Hostname
value: xxxx.yyyy.alb.azure.com conditions: - lastTransitionTime: "2023-06-19T21:04:55Z"
application-gateway How To Multiple Site Hosting Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-multiple-site-hosting-ingress-api.md
Title: Multi-site hosting with Application Gateway for Containers - Ingress API (preview)
+ Title: Multi-site hosting with Application Gateway for Containers - Ingress API
description: Learn how to host multiple sites with Application Gateway for Containers using the Ingress API. Previously updated : 11/07/2023 Last updated : 02/27/2024
-# Multi-site hosting with Application Gateway for Containers - Ingress API (preview)
+# Multi-site hosting with Application Gateway for Containers - Ingress API
This document helps you set up an example application that uses the Ingress API to demonstrate hosting multiple sites on the same Kubernetes Ingress resource / Application Gateway for Containers frontend. Steps are provided to: - Create an [Ingress](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#ingressrule-v1-networking-k8s-io) resource with two hosts.
Application Gateway for Containers enables multi-site hosting by allowing you to
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If you follow the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If you follow the ALB managed deployment strategy, ensure provisioning of your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
application-gateway How To Path Header Query String Routing Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-path-header-query-string-routing-gateway-api.md
Title: Path, header, and query string routing with Application Gateway for Containers - Gateway API (preview)
+ Title: Path, header, and query string routing with Application Gateway for Containers - Gateway API
description: Learn how to configure Application Gateway for Containers with support with path, header, and query string routing. Previously updated : 09/20/2023 Last updated : 02/27/2024
-# Path, header, and query string routing with Application Gateway for Containers - Gateway API (preview)
+# Path, header, and query string routing with Application Gateway for Containers - Gateway API
This document helps you set up an example application that uses the resources from Gateway API to demonstrate traffic routing based on URL path, query string, and header. Steps are provided to: - Create a [Gateway](https://gateway-api.sigs.k8s.io/concepts/api-overview/#gateway) resource with one HTTPS listener.
Application Gateway for Containers enables traffic routing based on URL path, qu
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
- Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing.
- ```bash
- kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
- ```
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing.
+
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
- This command creates the following on your cluster:
- - a namespace called `test-infra`
- - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
[!INCLUDE [application-gateway-for-containers-frontend-naming](../../../includes/application-gateway-for-containers-frontend-naming.md)] # [Bring your own (BYO) deployment](#tab/byo)+ 1. Set the following environment variables ```bash
FRONTEND_NAME='frontend'
``` 2. Create a Gateway+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
- - type: IPAddress
+ - type: Hostname
value: xxxx.yyyy.alb.azure.com conditions: - lastTransitionTime: "2023-06-19T21:04:55Z"
EOF
``` Once the HTTPRoute resource has been created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.+ ```bash kubectl get httproute http-route -n test-infra -o yaml ```
fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addres
By using the curl command, we can validate three different scenarios: ### Path based routing+ In this scenario, the client request sent to http://frontend-fqdn/bar is routed to backend-v2 service. Run the following command:+ ```bash curl http://$fqdn/bar ```
curl http://$fqdn/bar
Notice the container serving the request is backend-v2. ### Query string + header + path routing+ In this scenario, the client request sent to http://frontend-fqdn/some/thing?great=example with a header key/value part of "magic: foo" is routed to backend-v2 service. Run the following command:+ ```bash curl http://$fqdn/some/thing?great=example -H "magic: foo" ```
curl http://$fqdn/some/thing?great=example -H "magic: foo"
Notice the container serving the request is backend-v2. ### Default route+ If neither of the first two scenarios are satisfied, Application Gateway for Containers routes all other requests to the backend-v1 service. Run the following command:+ ```bash curl http://$fqdn/ ``` Notice the container serving the request is backend-v1.
-Congratulations, you have installed ALB Controller, deployed a backend application and routed traffic to the application via Gateway API on Application Gateway for Containers.
+Congratulations, you have installed ALB Controller, deployed a backend application and routed traffic to the application via Gateway API on Application Gateway for Containers.
application-gateway How To Ssl Offloading Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-ssl-offloading-gateway-api.md
- Title: SSL offloading with Application Gateway for Containers - Gateway API (preview)
+ Title: SSL offloading with Application Gateway for Containers - Gateway API
description: Learn how to configure SSL offloading with Application Gateway for Containers using the Gateway API. Previously updated : 11/07/2023 Last updated : 02/27/2024
-# SSL offloading with Application Gateway for Containers - Gateway API (preview)
+# SSL offloading with Application Gateway for Containers - Gateway API
This document helps set up an example application that uses the following resources from Gateway API. Steps are provided to:+ - Create a [Gateway](https://gateway-api.sigs.k8s.io/concepts/api-overview/#gateway) resource with one HTTPS listener. - Create an [HTTPRoute](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/) that references a backend service.
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure that you provision your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTPS application
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
```bash kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/ssl-termination/deployment.yaml ```
-
+ This command creates the following on your cluster: - a namespace called `test-infra` - one service called `echo` in the `test-infra` namespace
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
# [ALB managed deployment](#tab/alb-managed) 1. Create a Gateway+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
FRONTEND_NAME='frontend'
``` 2. Create a Gateway+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
When the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
- - type: IPAddress
+ - type: Hostname
value: xxxx.yyyy.alb.azure.com conditions: - lastTransitionTime: "2023-06-19T21:04:55Z"
status:
kind: HTTPRoute ```
-Once the gateway is created, create an HTTPRoute
+Once the gateway is created, create an HTTPRoute resource.
+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
``` Once the HTTPRoute resource is created, ensure the route is _Accepted_ and the Application Gateway for Containers resource is _Programmed_.+ ```bash kubectl get httproute https-route -n test-infra -o yaml ```
application-gateway How To Ssl Offloading Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-ssl-offloading-ingress-api.md
- Title: SSL offloading with Application Gateway for Containers - Ingress API (preview)
+ Title: SSL offloading with Application Gateway for Containers - Ingress API
description: Learn how to configure SSL offloading with Application Gateway for Containers using the Ingress API. Previously updated : 11/07/2023 Last updated : 02/27/2024
-# SSL offloading with Application Gateway for Containers - Ingress API (preview)
+# SSL offloading with Application Gateway for Containers - Ingress API
This document helps set up an example application that uses the _Ingress_ resource from [Ingress API](https://kubernetes.io/docs/concepts/services-networking/ingress/):
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If you follow the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If you follow the ALB managed deployment strategy, ensure that you provision your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy a sample HTTPS application:
RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOU
FRONTEND_NAME='frontend' ```
-2. Create an Ingress
+2. Create an Ingress resource.
+ ```bash kubectl apply -f - <<EOF apiVersion: networking.k8s.io/v1
EOF
When the ingress resource is created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.+ ```bash kubectl get ingress ingress-01 -n test-infra -o yaml ``` Example output of successful Ingress creation.+ ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress
application-gateway How To Traffic Splitting Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-traffic-splitting-gateway-api.md
- Title: Traffic Splitting with Application Gateway for Containers - Gateway API (preview)
+ Title: Traffic Splitting with Application Gateway for Containers - Gateway API
description: Learn how to configure traffic splitting / weighted round robin with Application Gateway for Containers. Previously updated : 09/20/2023 Last updated : 02/27/2024
-# Traffic splitting with Application Gateway for Containers - Gateway API (preview)
+# Traffic splitting with Application Gateway for Containers - Gateway API
This document helps set up an example application that uses the following resources from Gateway API: - [Gateway](https://gateway-api.sigs.k8s.io/concepts/api-overview/#gateway) - creating a gateway with one http listener
Application Gateway for Containers enables you to set weights and shift traffic
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
EOF
Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
- - type: IPAddress
+ - type: Hostname
value: xxxx.yyyy.alb.azure.com conditions: - lastTransitionTime: "2023-06-19T21:04:55Z"
status:
``` Once the gateway has been created, create an HTTPRoute+ ```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
EOF
``` Once the HTTPRoute resource has been created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.+ ```bash kubectl get httproute traffic-split-route -n test-infra -o yaml ```
application-gateway How To Url Redirect Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-redirect-gateway-api.md
+
+ Title: URL Redirect for Azure Application Gateway for Containers - Gateway API
+description: Learn how to redirect URLs in Gateway API for Application Gateway for Containers.
+++++ Last updated : 02/27/2024+++
+# URL Redirect for Azure Application Gateway for Containers - Gateway API
+
+Application Gateway for Containers allows you to return a redirect response to the client based three aspects of a URL: protocol, hostname, and path. For each redirect, a defined HTTP status code may be returned to the client to define the nature of the redirect.
+
+## Usage details
+
+URL redirects take advantage of the [RequestRedirect rule filter](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1beta1.HTTPRequestRedirectFilter) as defined by Kubernetes Gateway API.
+
+## Redirection
+A redirect sets the response status code returned to clients to understand the purpose of the redirect. The following types of redirection are supported:
+
+- 301 (Moved permanently): Indicates that the target resource has been assigned a new permanent URI. Any future references to this resource uses one of the enclosed URIs. Use 301 status code for HTTP to HTTPS redirection.
+- 302 (Found): Indicates that the target resource is temporarily under a different URI. Since the redirection can change on occasion, the client should continue to use the effective request URI for future requests.
+
+## Redirection capabilities
+
+- Protocol redirection is commonly used to tell the client to move from an unencrypted traffic scheme to traffic, such as HTTP to HTTPS redirection.
+
+- Hostname redirection matches the fully qualified domain name (fqdn) of the request. This is commonly observed in redirecting an old domain name to a new domain name; such as `contoso.com` to `fabrikam.com`.
+
+- Path redirection has two different variants: `prefix` and `full`.
+ - `Prefix` redirection type will redirect all requests starting with a defined value. For example, a prefix of /shop would match /shop and any text after. For example, /shop, /shop/checkout, and /shop/item-a would all redirect to /shop as well.
+ - `Full` redirection type matches an exact value. For example, /shop could redirect to /store, but /shop/checkout wouldn't redirect to /store.
+
+The following figure illustrates an example of a request destined for _contoso.com/summer-promotion_ being redirected to _contoso.com/shop/category/5_. In addition, a second request initiated to contoso.com via http protocol is returned a redirect to initiate a new connection to its https variant.
+
+[![A diagram showing the Application Gateway for Containers returning a redirect URL to a client.](./media/how-to-url-redirect-gateway-api/url-redirect.png)](./media/how-to-url-redirect-gateway-api/url-redirect.png#lightbox)
+
+## Prerequisites
+
+1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+3. Deploy sample HTTP application
+
+ Apply the following deployment.yaml file on your cluster to deploy a sample TLS certificate to demonstrate redirect capabilities.
+
+ ```bash
+ kubectl apply -f kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/ssl-termination/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - one service called `echo` in the `test-infra` namespace
+ - one deployment called `echo` in the `test-infra` namespace
+ - one secret called `listener-tls-secret` in the `test-infra` namespace
+
+## Deploy the required Gateway API resources
+
+# [ALB managed deployment](#tab/alb-managed)
+
+1. Create a Gateway
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: gateway.networking.k8s.io/v1beta1
+ kind: Gateway
+ metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+ spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+ - name: https-listener
+ port: 443
+ protocol: HTTPS
+ allowedRoutes:
+ namespaces:
+ from: Same
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - kind : Secret
+ group: ""
+ name: listener-tls-secret
+ EOF
+ ```
++
+# [Bring your own (BYO) deployment](#tab/byo)
+
+1. Set the following environment variables
+
+ ```bash
+ RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+ RESOURCE_NAME='alb-test'
+
+ RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+ FRONTEND_NAME='frontend'
+ ```
+
+2. Create a Gateway
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: gateway.networking.k8s.io/v1beta1
+ kind: Gateway
+ metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+ - name: https-listener
+ port: 443
+ protocol: HTTPS
+ allowedRoutes:
+ namespaces:
+ from: Same
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - kind : Secret
+ group: ""
+ name: listener-tls-secret
+ addresses:
+ - type: alb.networking.azure.io/alb-frontend
+ value: $FRONTEND_NAME
+ EOF
+ ```
+++
+Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+
+```bash
+kubectl get gateway gateway-01 -n test-infra -o yaml
+```
+
+Example output of successful gateway creation.
+
+```yaml
+status:
+ addresses:
+ - type: Hostname
+ value: xxxx.yyyy.alb.azure.com
+ conditions:
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Valid Gateway
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ listeners:
+ - attachedRoutes: 0
+ conditions:
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Listener is accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ name: https-listener
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+```
+
+Create an HTTPRoute resource for `contoso.com` that handles traffic received via https.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: https-contoso
+ namespace: test-infra
+spec:
+ parentRefs:
+ - name: gateway-01
+ sectionName: https-listener
+ hostnames:
+ - "contoso.com"
+ rules:
+ - backendRefs:
+ - name: echo
+ port: 80
+EOF
+```
+
+When the HTTPRoute resource is created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
+
+```bash
+kubectl get httproute rewrite-example -n test-infra -o yaml
+```
+
+Verify the Application Gateway for Containers resource is successfully updated for each HTTPRoute.
+
+```yaml
+status:
+ parents:
+ - conditions:
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Route is Accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ controllerName: alb.networking.azure.io/alb-controller
+ parentRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-01
+ namespace: test-infra
+ ```
+
+Once the gateway is created, create an HTTPRoute resource for `contoso.com` with a RequestRedirect filter that redirects http traffic to https.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: http-to-https-contoso-redirect
+ namespace: test-infra
+spec:
+ parentRefs:
+ - name: gateway-01
+ sectionName: http-listener
+ hostnames:
+ - "contoso.com"
+ rules:
+ - matches:
+ filters:
+ - type: RequestRedirect
+ requestRedirect:
+ scheme: https
+ statusCode: 301
+EOF
+```
+
+When the HTTPRoute resource is created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
+
+```bash
+kubectl get httproute rewrite-example -n test-infra -o yaml
+```
+
+Verify the Application Gateway for Containers resource is successfully updated for each HTTPRoute.
+
+```yaml
+status:
+ parents:
+ - conditions:
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Route is Accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ controllerName: alb.networking.azure.io/alb-controller
+ parentRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-01
+ namespace: test-infra
+ ```
+
+Create an HTTPRoute resource for `contoso.com` that handles a redirect for the path /summer-promotion to a specific URL. By eliminating sectionName, demonstrated in the http to https HTTPRoute resources, this redirect rule applies to both HTTP and HTTPS requests.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: summer-promotion-redirect
+ namespace: test-infra
+spec:
+ parentRefs:
+ - name: gateway-01
+ sectionName: https-listener
+ hostnames:
+ - "contoso.com"
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /summer-promotion
+ filters:
+ - type: RequestRedirect
+ requestRedirect:
+ path:
+ type: ReplaceFullPath
+ replaceFullPath: /shop/category/5
+ statusCode: 302
+ - backendRefs:
+ - name: echo
+ port: 80
+EOF
+```
+
+When the HTTPRoute resource is created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
+
+```bash
+kubectl get httproute rewrite-example -n test-infra -o yaml
+```
+
+Verify the Application Gateway for Containers resource is successfully updated for each HTTPRoute.
+
+```yaml
+status:
+ parents:
+ - conditions:
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Route is Accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ controllerName: alb.networking.azure.io/alb-controller
+ parentRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-01
+ namespace: test-infra
+ ```
+
+## Test access to the application
+
+Now we're ready to send some traffic to our sample application, via the FQDN assigned to the frontend. Use the following command to get the FQDN.
+
+```bash
+fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}')
+```
+
+When you specify the server name indicator using the curl command, `http://contoso.com` should return a response from the Application Gateway for Containers with a `location` header defining a 301 redirect to `https://contoso.com`.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com/ -v
+```
+
+Via the response we should see:
+
+```text
+* Added contoso.com:80:xxx.xxx.xxx.xxx to DNS cache
+* Hostname contoso.com was found in DNS cache
+* Trying xxx.xxx.xxx.xxx:80...
+* Connected to contoso.com (xxx.xxx.xxx.xxx) port 80 (#0)
+> GET / HTTP/1.1
+> Host: contoso.com
+> User-Agent: curl/7.81.0
+> Accept: */*
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 301 Moved Permanently
+< location: https://contoso.com/
+< date: Mon, 26 Feb 2024 22:56:23 GMT
+< server: Microsoft-Azure-Application-LB/AGC
+< content-length: 0
+<
+* Connection #0 to host contoso.com left intact
+```
+
+When you specify the server name indicator using the curl command, `https://contoso.com/summer-promotion` Application Gateway for Containers should return a 302 redirect to `https://contoso.com/shop/category/5`.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:443:$fqdnIp https://contoso.com/summer-promotion -v
+```
+
+Via the response we should see:
+
+```text
+> GET /summer-promotion HTTP/2
+> Host: contoso.com
+> user-agent: curl/7.81.0
+> accept: */*
+>
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* old SSL session ID is stale, removing
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+* TLSv1.2 (OUT), TLS header, Supplemental data (23):
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+< HTTP/2 302
+< location: https://contoso.com/shop/category/5
+< date: Mon, 26 Feb 2024 22:58:43 GMT
+< server: Microsoft-Azure-Application-LB/AGC
+<
+* Connection #0 to host contoso.com left intact
+```
+
+Congratulations, you have installed ALB Controller, deployed a backend application, and used Gateway API to configure both an HTTP to HTTPS redirect and path based redirection to specific client requests.
application-gateway How To Url Redirect Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-redirect-ingress-api.md
+
+ Title: URL Redirect for Azure Application Gateway for Containers - Ingress API
+description: Learn how to redirect URLs in Ingress API for Application Gateway for Containers.
+++++ Last updated : 02/27/2024+++
+# URL Redirect for Azure Application Gateway for Containers - Ingress API
+
+Application Gateway for Containers allows you to return a redirect response to the client based three aspects of a URL: protocol, hostname, and path. For each redirect, a defined HTTP status code may be returned to the client to define the nature of the redirect.
+
+## Usage details
+
+URL redirects take advantage of the [RequestRedirect rule filter](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1beta1.HTTPRequestRedirectFilter) as defined by Kubernetes Gateway API.
+
+## Redirection
+
+A redirect sets the response status code returned to clients to understand the purpose of the redirect. The following types of redirection are supported:
+
+- 301 (Moved permanently): Indicates that the target resource has been assigned a new permanent URI. Any future references to this resource use one of the enclosed URIs. Use 301 status code for HTTP to HTTPS redirection.
+- 302 (Found): Indicates that the target resource is temporarily under a different URI. Since the redirection can change on occasion, the client should continue to use the effective request URI for future requests.
+
+## Redirection capabilities
+
+- Protocol redirection is commonly used to tell the client to move from an unencrypted traffic scheme to traffic, such as HTTP to HTTPS redirection.
+
+- Hostname redirection matches the fully qualified domain name (fqdn) of the request. This is commonly observed in redirecting an old domain name to a new domain name; such as `contoso.com` to `fabrikam.com`.
+
+- Path redirection has two different variants: `prefix` and `full`.
+ - `Prefix` redirection type will redirect all requests starting with a defined value. For example, a prefix of /shop would match /shop and any text after. For example, /shop, /shop/checkout, and /shop/item-a would all redirect to /shop as well.
+ - `Full` redirection type matches an exact value. For example, /shop could redirect to /store, but /shop/checkout wouldn't redirect to /store.
+
+The following figure illustrates an example of a request destined for _contoso.com/summer-promotion_ being redirected to _contoso.com/shop/category/5_. In addition, a second request initiated to contoso.com via http protocol is returned a redirect to initiate a new connection to its https variant.
+
+[ ![A diagram showing the Application Gateway for Containers returning a redirect URL to a client.](./media/how-to-url-redirect-ingress-api/url-redirect.png) ](./media/how-to-url-redirect-ingress-api/url-redirect.png#lightbox)
+
+## Prerequisites
+
+1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+3. Deploy sample HTTP application
+
+ Apply the following deployment.yaml file on your cluster to deploy a sample TLS certificate to demonstrate redirect capabilities.
+
+ ```bash
+ kubectl apply -f kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/ssl-termination/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - one service called `echo` in the `test-infra` namespace
+ - one deployment called `echo` in the `test-infra` namespace
+ - one secret called `listener-tls-secret` in the `test-infra` namespace
+
+## Deploy the required IngressExtension resources
+
+1. Create an IngressExtension resource to handle HTTP to HTTPS redirect for `contoso.com`
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: alb.networking.azure.io/v1
+ kind: IngressExtension
+ metadata:
+ name: http-to-https
+ namespace: test-infra
+ spec:
+ rules:
+ - host: contoso.com
+ requestRedirect:
+ statusCode: 301
+ scheme: https
+ EOF
+ ```
+
+2. Create an IngressExtension resource to handle a path based redirect from `contoso.com/summer-promotion` to `contoso.com/shop/category/5`.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: alb.networking.azure.io/v1
+ kind: IngressExtension
+ metadata:
+ name: summer-promotion-redirect
+ namespace: test-infra
+ spec:
+ rules:
+ - host: contoso.com
+ requestRedirect:
+ statusCode: 302
+ path:
+ type: ReplaceFullPath
+ replaceFullPath: /shop/category/5
+ EOF
+ ```
+
+## Deploy the required Ingress resources
+
+# [ALB managed deployment](#tab/alb-managed)
+
+1. Create the first Ingress resource to listen for HTTPS requests.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-https
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-frontend: ingress-fe
+ spec:
+ ingressClassName: azure-alb-external
+ tls:
+ - hosts:
+ - contoso.com
+ secretName: listener-tls-secret
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: echo
+ port:
+ number: 80
+ EOF
+ ```
+
+2. Create the second Ingress resource to listen on port 80 and redirect to HTTPS.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-http
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-frontend: ingress-fe
+ alb.networking.azure.io/alb-ingress-extension: http-to-https
+ spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: echo
+ port:
+ number: 80
+ EOF
+ ```
+
+3. Create a third Ingress resource to listen on port 80 and 443 for `contoso.com/summer-promotion` and redirect to `contoso.com/shop/category/5`.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-summer-promotion-redirect
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-frontend: ingress-fe
+ alb.networking.azure.io/alb-ingress-extension: summer-promotion-redirect
+ spec:
+ ingressClassName: azure-alb-external
+ tls:
+ - hosts:
+ - contoso.com
+ secretName: listener-tls-secret
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /summer-promotion
+ pathType: Prefix
+ backend:
+ service:
+ name: ignored-for-redirect
+ port:
+ number: 80
+ EOF
+ ```
++
+# [Bring your own (BYO) deployment](#tab/byo)
+
+1. Set the following environment variables
+
+ ```bash
+ RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+ RESOURCE_NAME='alb-test'
+
+ RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+ FRONTEND_NAME='frontend'
+ ```
+
+2. Create the first Ingress resource to listen for HTTPS requests.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-https
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+ spec:
+ ingressClassName: azure-alb-external
+ tls:
+ - hosts:
+ - contoso.com
+ secretName: listener-tls-secret
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: echo
+ port:
+ number: 80
+ EOF
+ ```
+
+3. Create the second Ingress resource to listen on port 80 and redirect to HTTPS.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-http
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+ alb.networking.azure.io/alb-ingress-extension: http-to-https
+ spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: echo
+ port:
+ number: 80
+ EOF
+ ```
+
+4. Create a third Ingress resource to listen on port 80 and 443 for `contoso.com/summer-promotion` and redirect to `contoso.com/shop/category/5`.
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: ingress-summer-promotion-redirect
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+ alb.networking.azure.io/alb-ingress-extension: summer-promotion-redirect
+ spec:
+ ingressClassName: azure-alb-external
+ tls:
+ - hosts:
+ - contoso.com
+ secretName: listener-tls-secret
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /summer-promotion
+ pathType: Prefix
+ backend:
+ service:
+ name: ignored-for-redirect
+ port:
+ number: 80
+ EOF
+ ```
+++
+For each Ingress resource, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the ingress resource. For all three Ingress resources, you should see the same hostname in this example.
+
+```bash
+kubectl get ingress ingress-https -n test-infra -o yaml
+```
+
+Example output of successful Ingress creation.
+
+```yaml
+status:
+ loadBalancer:
+ ingress:
+ - hostname: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.fzyy.alb.azure.com
+ ports:
+ - port: 443
+ protocol: TCP
+```
+
+## Test access to the application
+
+Now we're ready to send some traffic to our sample application, via the FQDN assigned to the frontend. Use the following command to get the FQDN.
+
+```bash
+fqdn=$(kubectl get ingress ingress-http -n test-infra -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+```
+
+When you specify the server name indicator using the curl command, `http://contoso.com` should return a response from the Application Gateway for Containers with a `location` header defining a 301 redirect to `https://contoso.com`.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com/ -v
+```
+
+Via the response we should see:
+
+```text
+* Added contoso.com:80:xxx.xxx.xxx.xxx to DNS cache
+* Hostname contoso.com was found in DNS cache
+* Trying xxx.xxx.xxx.xxx:80...
+* Connected to contoso.com (xxx.xxx.xxx.xxx) port 80 (#0)
+> GET / HTTP/1.1
+> Host: contoso.com
+> User-Agent: curl/7.81.0
+> Accept: */*
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 301 Moved Permanently
+< location: https://contoso.com/
+< date: Mon, 26 Feb 2024 22:56:23 GMT
+< server: Microsoft-Azure-Application-LB/AGC
+< content-length: 0
+<
+* Connection #0 to host contoso.com left intact
+```
+
+When you specify the server name indicator using the curl command, `https://contoso.com/summer-promotion` Application Gateway for Containers should return a 302 redirect to `https://contoso.com/shop/category/5`.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:443:$fqdnIp https://contoso.com/summer-promotion -v
+```
+
+Via the response we should see:
+
+```text
+> GET /summer-promotion HTTP/2
+> Host: contoso.com
+> user-agent: curl/7.81.0
+> accept: */*
+>
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* old SSL session ID is stale, removing
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+* TLSv1.2 (OUT), TLS header, Supplemental data (23):
+* TLSv1.2 (IN), TLS header, Supplemental data (23):
+< HTTP/2 302
+< location: https://contoso.com/shop/category/5
+< date: Mon, 26 Feb 2024 22:58:43 GMT
+< server: Microsoft-Azure-Application-LB/AGC
+<
+* Connection #0 to host contoso.com left intact
+```
+
+Congratulations, you have installed ALB Controller, deployed a backend application, and used Ingress API to configure both an HTTP to HTTPs redirect and path based redirection to specific client requests.
application-gateway How To Url Rewrite Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-rewrite-gateway-api.md
Previously updated : 11/07/2023 Last updated : 02/27/2024
-# URL Rewrite for Azure Application Gateway for Containers - Gateway API (preview)
+# URL Rewrite for Azure Application Gateway for Containers - Gateway API
Application Gateway for Containers allows you to rewrite the URL of a client request, including the requests' hostname and/or path. When Application Gateway for Containers initiates the request to the backend target, the request contains the newly rewritten URL to initiate the request. - ## Usage details URL Rewrites take advantage of [filters](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPURLRewriteFilter) as defined by Kubernetes Gateway API. ## Background+ URL rewrite enables you to translate an incoming request to a different URL when initiated to a backend target. The following figure illustrates an example of a request destined for _contoso.com/shop_ being rewritten to _contoso.com/ecommerce_. The request is initiated to the backend target by Application Gateway for Containers:
The following figure illustrates an example of a request destined for _contoso.c
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
- Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing.
- ```bash
- kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
- ```
+
+ Apply the following deployment.yaml file on your cluster to deploy a sample TLS certificate to demonstrate redirect capabilities.
- This command creates the following on your cluster:
- - a namespace called `test-infra`
- - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ ```bash
+ kubectl apply -f kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/https-scenario/ssl-termination/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+
+ - a namespace called `test-infra`
+ - one service called `echo` in the `test-infra` namespace
+ - one deployment called `echo` in the `test-infra` namespace
+ - one secret called `listener-tls-secret` in the `test-infra` namespace
## Deploy the required Gateway API resources # [ALB managed deployment](#tab/alb-managed) 1. Create a Gateway
-```bash
-kubectl apply -f - <<EOF
-apiVersion: gateway.networking.k8s.io/v1beta1
-kind: Gateway
-metadata:
- name: gateway-01
- namespace: test-infra
- annotations:
- alb.networking.azure.io/alb-namespace: alb-test-infra
- alb.networking.azure.io/alb-name: alb-test
-spec:
- gatewayClassName: azure-alb-external
- listeners:
- - name: http-listener
- port: 80
- protocol: HTTP
- allowedRoutes:
- namespaces:
- from: Same
-EOF
-```
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: gateway.networking.k8s.io/v1beta1
+ kind: Gateway
+ metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+ spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+ EOF
+ ```
[!INCLUDE [application-gateway-for-containers-frontend-naming](../../../includes/application-gateway-for-containers-frontend-naming.md)]
EOF
1. Set the following environment variables
-```bash
-RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
-RESOURCE_NAME='alb-test'
+ ```bash
+ RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+ RESOURCE_NAME='alb-test'
-RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
-FRONTEND_NAME='test-frontend'
-```
+ RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+ FRONTEND_NAME='frontend'
+ ```
2. Create a Gateway
-```bash
-kubectl apply -f - <<EOF
-apiVersion: gateway.networking.k8s.io/v1beta1
-kind: Gateway
-metadata:
- name: gateway-01
- namespace: test-infra
- annotations:
- alb.networking.azure.io/alb-id: $RESOURCE_ID
-spec:
- gatewayClassName: azure-alb-external
- listeners:
- - name: http-listener
- port: 80
- protocol: HTTP
- allowedRoutes:
- namespaces:
- from: Same
- addresses:
- - type: alb.networking.azure.io/alb-frontend
- value: $FRONTEND_NAME
-EOF
-```
+
+ ```bash
+ kubectl apply -f - <<EOF
+ apiVersion: gateway.networking.k8s.io/v1beta1
+ kind: Gateway
+ metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+ addresses:
+ - type: alb.networking.azure.io/alb-frontend
+ value: $FRONTEND_NAME
+ EOF
+ ```
Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.+ ```bash kubectl get gateway gateway-01 -n test-infra -o yaml ``` Example output of successful gateway creation.+ ```yaml status: addresses:
- - type: IPAddress
+ - type: Hostname
value: xxxx.yyyy.alb.azure.com conditions: - lastTransitionTime: "2023-06-19T21:04:55Z"
EOF
``` When the HTTPRoute resource is created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource is _Programmed_.+ ```bash kubectl get httproute rewrite-example -n test-infra -o yaml ```
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com/shop
``` Via the response we should see:+ ```json { "path": "/ecommerce",
curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com
``` Via the response we should see:+ ```json { "path": "/",
application-gateway How To Url Rewrite Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-rewrite-ingress-api.md
Previously updated : 11/27/2023 Last updated : 02/27/2024
-# URL Rewrite for Azure Application Gateway for Containers - Ingress API (preview)
+# URL Rewrite for Azure Application Gateway for Containers - Ingress API
Application Gateway for Containers allows you to rewrite the URL of a client request, including the requests' hostname and/or path. When Application Gateway for Containers initiates the request to the backend target, the request contains the newly rewritten URL to initiate the request. - ## Usage details URL Rewrites take advantage of Application Gateway for Containers' IngressExtension custom resource. ## Background+ URL rewrite enables you to translate an incoming request to a different URL when initiated to a backend target. The following figure illustrates a request destined for _contoso.com/shop_ being rewritten to _contoso.com/ecommerce_ when the request is initiated to the backend target by Application Gateway for Containers: [ ![A diagram showing the Application Gateway for Containers rewriting a URL to the backend.](./media/how-to-url-rewrite-gateway-api/url-rewrite.png) ](./media/how-to-url-rewrite-gateway-api/url-rewrite.png#lightbox) - ## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) 2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md). 3. Deploy sample HTTP application
application-gateway Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/overview.md
Title: What is Application Gateway for Containers? (preview)
+ Title: What is Application Gateway for Containers?
description: Overview of Azure Application Load Balancer Application Gateway for Containers features, resources, architecture, and implementation. Learn how Application Gateway for Containers works and how to use Application Gateway for Containers resources in Azure.
Previously updated : 11/06/2023 Last updated : 02/27/2024
-# What is Application Gateway for Containers? (preview)
+# What is Application Gateway for Containers?
-Application Gateway for Containers is a new application (layer 7) [load balancing](/azure/architecture/guide/technology-choices/load-balancing-overview) and dynamic traffic management product for workloads running in a Kubernetes cluster. It extends Azure's Application Load Balancing portfolio and is a new offering under the Application Gateway product family.
+Application Gateway for Containers is a new application (layer 7) [load balancing](/azure/architecture/guide/technology-choices/load-balancing-overview) and dynamic traffic management product for workloads running in a Kubernetes cluster. It extends Azure's Application Load Balancing portfolio and is a new offering under the Application Gateway product family.
-Application Gateway for Containers is the evolution of the [Application Gateway Ingress Controller](../ingress-controller-overview.md) (AGIC), a [Kubernetes](/azure/aks) application that enables Azure Kubernetes Service (AKS) customers to use Azure's native Application Gateway application load-balancer. In its current form, AGIC monitors a subset of Kubernetes Resources for changes and applies them to the Application Gateway, utilizing Azure Resource Manager (ARM).
-
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+Application Gateway for Containers is the evolution of the [Application Gateway Ingress Controller](../ingress-controller-overview.md) (AGIC), a [Kubernetes](/azure/aks) application that enables Azure Kubernetes Service (AKS) customers to use Azure's native Application Gateway application load-balancer. In its current form, AGIC monitors a subset of Kubernetes Resources for changes and applies them to the Application Gateway, utilizing Azure Resource Manager (ARM).
## How does it work? Application Gateway for Containers is made up of three components:+ - Application Gateway for Containers - Frontends - Associations The following dependencies are also referenced in an Application Gateway for Containers deployment:+ - Private IP address - Subnet Delegation - User-assigned Managed Identity
For details about how Application Gateway for Containers accepts incoming reques
## Features and benefits Application Gateway for Containers offers some entirely new features at release, such as:-- Traffic splitting / Weighted round robin +
+- Traffic splitting / Weighted round robin
- Mutual authentication to the backend target - Kubernetes support for Ingress and Gateway API - Flexible [deployment strategies](#deployment-strategies) - Increased performance, offering near real-time updates to add or move pods, routes, and probes
-Application Gateway for Containers offers an elastic and scalable ingress to AKS clusters and comprises a new data plane as well as control plane with [new set of ARM APIs](#implementation-of-gateway-api), different from existing Application Gateway. These APIs are different from the current implementation of Application Gateway. Application Gateway for Containers is outside the AKS cluster data plane and is responsible for ingress. The service is managed by an ALB controller component that runs inside the AKS cluster and adheres to Kubernetes Gateway APIs.
+Application Gateway for Containers offers an elastic and scalable ingress to AKS clusters and comprises a new data plane as well as control plane with [new set of ARM APIs](#implementation-of-gateway-api), different from existing Application Gateway. These APIs are different from the current implementation of Application Gateway. Application Gateway for Containers is outside the AKS cluster data plane and is responsible for ingress. The service is managed by an ALB controller component that runs inside the AKS cluster and adheres to Kubernetes Gateway APIs.
### Load balancing features Application Gateway for Containers supports the following features for traffic management:+ - Automatic retries - Autoscaling - Availability zone resiliency
Application Gateway for Containers supports the following features for traffic m
- Query string - Methods - Ports (80/443)-- Mutual Authentication (mTLS) to backend target-- Traffic Splitting / weighted round robin-- TLS Policies
+- Mutual authentication (mTLS) to backend target
+- Traffic splitting / weighted round robin
+- TLS policies
+- URL redirect
- URL rewrite ### Deployment strategies
Application Gateway for Containers supports the following features for traffic m
There are two deployment strategies for management of Application Gateway for Containers: - **Bring your own (BYO) deployment:** In this deployment strategy, deployment and lifecycle of the Application Gateway for Containers resource, Association and Frontend resource is assumed via Azure portal, CLI, PowerShell, Terraform, etc. and referenced in configuration within Kubernetes.
- - **In Gateway API:** Every time you wish to create a new Gateway resource in Kubernetes, a Frontend resource should be provisioned in Azure prior and referenced by the Gateway resource. Deletion of the Frontend resource is responsible by the Azure administrator and isn't deleted when the Gateway resource in Kubernetes is deleted.
+ - **In Gateway API:** Every time you wish to create a new Gateway resource in Kubernetes, a Frontend resource should be provisioned in Azure prior and referenced by the Gateway resource. Deletion of the Frontend resource is responsible by the Azure administrator and isn't deleted when the Gateway resource in Kubernetes is deleted.
- **Managed by ALB Controller:** In this deployment strategy ALB Controller deployed in Kubernetes is responsible for the lifecycle of the Application Gateway for Containers resource and its sub resources. ALB Controller creates Application Gateway for Containers resource when an ApplicationLoadBalancer custom resource is defined on the cluster and its lifecycle is based on the lifecycle of the custom resource. - **In Gateway API:** Every time a Gateway resource is created referencing the ApplicationLoadBalancer resource, ALB Controller provisions a new Frontend resource and manage its lifecycle based on the lifecycle of the Gateway resource. ### Supported regions Application Gateway for Containers is currently offered in the following regions:+ - Australia East
+- Canada Central
+- Central India
- Central US - East Asia - East US - East US2
+- France Central
+- Germany West Central
+- Korea Central
- North Central US - North Europe
+- Norway East
- South Central US - Southeast Asia
+- Switzerland North
+- UAE North
- UK South - West US - West Europe ### Implementation of Gateway API
-ALB Controller implements version [v1beta1](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1) of the [Gateway API](https://gateway-api.sigs.k8s.io/)
+ALB Controller implements version [v1](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1) of the [Gateway API](https://gateway-api.sigs.k8s.io/)
| Gateway API Resource | Support | Comments | | - | - | |
ALB Controller implements version [v1beta1](https://gateway-api.sigs.k8s.io/refe
| [HTTPRoute](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRoute) | Yes | | | [ReferenceGrant](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant) | Yes | Currently supports version v1alpha1 of this API |
-> [!Note]
-> v1beta1 documentation has been removed within official Gateway API documentation, however the links to the v1 documentation are still highly relevent.
- ### Implementation of Ingress API ALB Controller implements support for [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)
For issues, raise a support request via the Azure portal on your Application Gat
For Application Gateway for Containers pricing information, see [Application Gateway pricing](https://azure.microsoft.com/pricing/details/application-gateway/).
-While in Public Preview, Application Gateway for Containers follows [Preview supplemental terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
- ## What's new To learn what's new with Application Gateway for Containers, see [Azure updates](https://azure.microsoft.com/updates/?category=networking&query=Application%20Gateway%20for%20Containers).
application-gateway Quickstart Create Application Gateway For Containers Byo Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/quickstart-create-application-gateway-for-containers-byo-deployment.md
Title: 'Quickstart: Create Application Gateway for Containers - bring your own deployment (preview)'
+ Title: 'Quickstart: Create Application Gateway for Containers - bring your own deployment'
description: In this quickstart, you learn how to provision and manage the Application Gateway for Containers Azure resources independent from Kubernetes configuration.
Previously updated : 07/24/2023 Last updated : 02/27/2024
-# Quickstart: Create Application Gateway for Containers - bring your own deployment (preview)
+# Quickstart: Create Application Gateway for Containers - bring your own deployment
-This guide assumes you're following the **bring your own** [deployment strategy](overview.md#deployment-strategies), where ALB Controller references the Application Gateway for Containers resources precreated in Azure. It's assumed that resource lifecycles are managed in Azure, independent from what is defined within Kubernetes.
+This guide assumes you're following the **bring your own** [deployment strategy](overview.md#deployment-strategies), where ALB Controller references the Application Gateway for Containers resources precreated in Azure. It's assumed that resource lifecycles are managed in Azure, independent from what is defined within Kubernetes.
## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
-Ensure you have first deployed ALB Controller into your Kubernetes cluster. You may follow the [Quickstart: Deploy Application Gateway for Containers ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) guide if you haven't already deployed the ALB Controller.
+Ensure you have first deployed ALB Controller into your Kubernetes cluster. You may follow the [Quickstart: Deploy Application Gateway for Containers ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) guide if you haven't already deployed the ALB Controller.
## Create the Application Gateway for Containers resource
az network alb frontend create -g $RESOURCE_GROUP -n $FRONTEND_NAME --alb-name $
### Delegate a subnet to association resource
-To create an association resource, you first need to reference a subnet for Application Gateway for Containers to establish connectivity to. Ensure the subnet for an Application Gateway for Containers association is at least a class C or larger (/24 or smaller CIDR prefix). For this step, you may either reuse an existing subnet and enable subnet delegation on it. or create a new VNET, subnet, and enable subnet delegation.
+To create an association resource, you first need to reference a subnet for Application Gateway for Containers to establish connectivity to. Ensure the subnet for an Application Gateway for Containers association is at least a class C or larger (/24 or smaller CIDR prefix). For this step, you may either reuse an existing subnet and enable subnet delegation on it or create a new VNET, subnet, and enable subnet delegation.
# [Reference existing VNet and Subnet](#tab/existing-vnet-subnet) To reference an existing subnet, execute the following command to set the variables for reference to the subnet in later steps.+ ```azurecli-interactive VNET_NAME='<name of the virtual network to use>' VNET_RESOURCE_GROUP='<the resource group of your VNET>'
If you would like to use a new virtual network for the Application Gateway for C
```azurecli-interactive VNET_NAME='<name of the virtual network to use>' VNET_RESOURCE_GROUP='<the resource group of your VNET>'
-VNET_ADDRESS_PREFIX='<address space of the vnet that will contain various subnets. The vnet must be able to handle at least 250 available addresses (/24 or smaller cidr prefix for the subnet)>'
+VNET_ADDRESS_PREFIX='<address space of the vnet that will contain various subnets. The vnet must be able to handle at least 250 available addresses (/24 or smaller cidr prefix for the subnet)>'
SUBNET_ADDRESS_PREFIX='<an address space under the vnet that has at least 250 available addresses (/24 or smaller cidr prefix for the subnet)>' ALB_SUBNET_NAME='subnet-alb' # subnet name can be any non-reserved subnet name (i.e. GatewaySubnet, AzureFirewallSubnet, AzureBastionSubnet would all be invalid) az network vnet create \
az network vnet create \
-Enable subnet delegation for the Application Gateway for Containers service. The delegation for Application Gateway for Containers is identified by the _Microsoft.ServiceNetworking/trafficControllers_ resource type.
+Enable subnet delegation for the Application Gateway for Containers service. The delegation for Application Gateway for Containers is identified by the _Microsoft.ServiceNetworking/trafficControllers_ resource type.
+ ```azurecli-interactive az network vnet subnet update \ --resource-group $VNET_RESOURCE_GROUP \
echo $ALB_SUBNET_ID
### Delegate permissions to managed identity
-ALB Controller will need the ability to provision new Application Gateway for Containers resources as well as join the subnet intended for the Application Gateway for Containers association resource.
+ALB Controller needs the ability to provision new Application Gateway for Containers resources and join the subnet intended for the Application Gateway for Containers association resource.
-In this example, we will delegate the _AppGW for Containers Configuration Manager_ role to the resource group and delegate the _Network Contributor_ role to the subnet used by the Application Gateway for Containers association subnet, which contains the _Microsoft.Network/virtualNetworks/subnets/join/action_ permission.
+In this example, we delegate the _AppGW for Containers Configuration Manager_ role to the resource group and delegate the _Network Contributor_ role to the subnet used by the Application Gateway for Containers association subnet, which contains the _Microsoft.Network/virtualNetworks/subnets/join/action_ permission.
-If desired, you can [create and assign a custom role](../../role-based-access-control/custom-roles-portal.md) with the _Microsoft.Network/virtualNetworks/subnets/join/action_ permission to eliminate other permissions contained in the _Network Contributor_ role. Learn more about [managing subnet permissions](../../virtual-network/virtual-network-manage-subnet.md#permissions).
+If desired, you can [create and assign a custom role](../../role-based-access-control/custom-roles-portal.md) with the _Microsoft.Network/virtualNetworks/subnets/join/action_ permission to eliminate other permissions contained in the _Network Contributor_ role. Learn more about [managing subnet permissions](../../virtual-network/virtual-network-manage-subnet.md#permissions).
```azurecli-interactive IDENTITY_RESOURCE_NAME='azure-alb-identity'
az role assignment create --assignee-object-id $principalId --assignee-principal
### Create an association resource
-Execute the following command to create the association resource and connect it to the referenced subnet. It can take 5-6 minutes for the Application Gateway for Containers association to be created.
+Execute the following command to create the association resource and connect it to the referenced subnet. It can take 5-6 minutes for the Application Gateway for Containers association to be created.
```azurecli-interactive ASSOCIATION_NAME='association-test'
az network alb association create -g $RESOURCE_GROUP -n $ASSOCIATION_NAME --alb-
Congratulations, you have installed ALB Controller on your cluster and deployed the Application Gateway for Containers resources in Azure! Try out a few of the how-to guides to deploy a sample application, demonstrating some of Application Gateway for Container's load balancing concepts.+ - [Backend MTLS](how-to-backend-mtls-gateway-api.md?tabs=byo) - [SSL/TLS Offloading](how-to-ssl-offloading-gateway-api.md?tabs=byo) - [Traffic Splitting / Weighted Round Robin](how-to-traffic-splitting-gateway-api.md?tabs=byo)
application-gateway Quickstart Create Application Gateway For Containers Managed By Alb Controller https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md
Title: 'Quickstart: Create Application Gateway for Containers managed by ALB Controller (preview)'
+ Title: 'Quickstart: Create Application Gateway for Containers managed by ALB Controller'
description: In this quickstart, you learn how to provision the Application Gateway for Containers resources via Kubernetes definition.
Previously updated : 09/25/2023 Last updated : 02/27/2024
-# Quickstart: Create Application Gateway for Containers managed by ALB Controller (preview)
+# Quickstart: Create Application Gateway for Containers managed by ALB Controller
This guide assumes you're following the **managed by ALB controller** [deployment strategy](overview.md#deployment-strategies), where all the Application Gateway for Containers resources are managed by ALB controller. Lifecycle is determined the resources defined in Kubernetes. ALB Controller creates the Application Gateway for Containers resource when an _ApplicationLoadBalancer_ custom resource is defined on the cluster. The Application Gateway for Containers lifecycle is based on the lifecycle of the custom resource. ## Prerequisites
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- Ensure you have first deployed ALB Controller into your Kubernetes cluster. See [Quickstart: Deploy Application Gateway for Containers ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) if you haven't already deployed the ALB Controller. ### Prepare your virtual network / subnet for Application Gateway for Containers
-If you don't have a subnet available with at least 250 available IP addresses and delegated to the Application Gateway for Containers resource, use the following steps to create a new subnet and enable subnet delegation. The new subnet address space can't overlap any existing subnets in the VNet.
+If you don't have a subnet available with at least 250 available IP addresses and delegated to the Application Gateway for Containers resource, use the following steps to create a new subnet and enable subnet delegation. The new subnet address space can't overlap any existing subnets in the VNet.
# [New subnet in AKS managed virtual network](#tab/new-subnet-aks-vnet) If you wish to deploy Application Gateway for Containers into the virtual network containing your AKS cluster, run the following command to find and assign the cluster's virtual network. This information is used in the next step.
kubectl get applicationloadbalancer alb-test -n alb-test-infra -o yaml -w
``` Example output of a successful provisioning of the Application Gateway for Containers resource from Kubernetes.+ ```yaml status: conditions:
application-gateway Quickstart Deploy Application Gateway For Containers Alb Controller https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/quickstart-deploy-application-gateway-for-containers-alb-controller.md
Title: 'Quickstart: Deploy Application Gateway for Containers ALB Controller (preview)'
+ Title: 'Quickstart: Deploy Application Gateway for Containers ALB Controller'
description: In this quickstart, you learn how to provision the Application Gateway for Containers ALB Controller in an AKS cluster.
Previously updated : 12/05/2023 Last updated : 02/27/2024
-# Quickstart: Deploy Application Gateway for Containers ALB Controller (preview)
+# Quickstart: Deploy Application Gateway for Containers ALB Controller
The [ALB Controller](application-gateway-for-containers-components.md#application-gateway-for-containers-alb-controller) is responsible for translating Gateway API and Ingress API configuration within Kubernetes to load balancing rules within Application Gateway for Containers. The following guide walks through the steps needed to provision an ALB Controller into a new or existing AKS cluster.
The [ALB Controller](application-gateway-for-containers-components.md#applicatio
You need to complete the following tasks prior to deploying Application Gateway for Containers on Azure and installing ALB Controller on your cluster:
-> [!IMPORTANT]
-> Application Gateway for Containers is currently in PREVIEW.<br>
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- 1. Prepare your Azure subscription and your `az-cli` client. ```azurecli-interactive
You need to complete the following tasks prior to deploying Application Gateway
> [!NOTE] > The AKS cluster needs to be in a [region where Application Gateway for Containers is available](overview.md#supported-regions) > AKS cluster should use [Azure CNI](../../aks/configure-azure-cni.md).
- > AKS cluster should have the workload identity feature enabled. [Learn how](../../aks/workload-identity-deploy-cluster.md#update-an-existing-aks-cluster) to enable workload identity on an existing AKS cluster.
+ > AKS cluster should have the workload identity feature enabled. [Learn how](../../aks/workload-identity-deploy-cluster.md#update-an-existing-aks-cluster) to enable workload identity on an existing AKS cluster.
If using an existing cluster, ensure you enable Workload Identity support on your AKS cluster. Workload identities can be enabled via the following:
-
+ ```azurecli-interactive AKS_NAME='<your cluster name>' RESOURCE_GROUP='<your resource group name>'
You need to complete the following tasks prior to deploying Application Gateway
``` If you don't have an existing cluster, use the following commands to create a new AKS cluster with Azure CNI and workload identity enabled.
-
+ ```azurecli-interactive AKS_NAME='<your cluster name>' RESOURCE_GROUP='<your resource group name>'
- LOCATION='northeurope' # The list of available regions may grow as we roll out to more preview regions
+ LOCATION='northeurope'
VM_SIZE='<the size of the vm in AKS>' # The size needs to be available in your location az group create --name $RESOURCE_GROUP --location $LOCATION
You need to complete the following tasks prior to deploying Application Gateway
> [!NOTE] > Helm is already available in Azure Cloud Shell. If you are using Azure Cloud Shell, no additional Helm installation is necessary.
- You can also use the following steps to install Helm on a local device running Windows or Linux. Ensure that you have the latest version of helm installed.
+ You can also use the following steps to install Helm on a local device running Windows or Linux. Ensure that you have the latest version of helm installed.
# [Windows](#tab/install-helm-windows) See the [instructions for installation](https://github.com/helm/helm#install) for various options of installation. Similarly, if your version of Windows has [Windows Package Manager winget](/windows/package-manager/winget/) installed, you may execute the following command:
You need to complete the following tasks prior to deploying Application Gateway
az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME helm install alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \ --namespace <helm-resource-namespace> \
- --version 0.6.3 \
+ --version 1.0.0 \
--set albController.namespace=<alb-controller-namespace> \ --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv) ```
You need to complete the following tasks prior to deploying Application Gateway
az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_NAME helm upgrade alb-controller oci://mcr.microsoft.com/application-lb/charts/alb-controller \ --namespace <helm-resource-namespace> \
- --version 0.6.3 \
+ --version 1.0.0 \
--set albController.namespace=<alb-controller-namespace> \ --set albController.podIdentity.clientID=$(az identity show -g $RESOURCE_GROUP -n azure-alb-identity --query clientId -o tsv) ```
You need to complete the following tasks prior to deploying Application Gateway
type: Accepted ```
-## Next Steps
+## Next Steps
-Now that you have successfully installed an ALB Controller on your cluster, you can provision the Application Gateway For Containers resources in Azure.
+Now that you have successfully installed an ALB Controller on your cluster, you can provision the Application Gateway For Containers resources in Azure.
The next step is to link your ALB controller to Application Gateway for Containers. How you create this link depends on your deployment strategy.
helm uninstall alb-controller
kubectl delete ns azure-alb-system kubectl delete gatewayclass azure-alb-external ```+ > [!Note] > If a different namespace was used for alb-controller installation, ensure you specify the -n parameter on the helm uninstall command to define the proper namespace to be used. For example: `helm uninstall alb-controller -n unique-namespace`
application-gateway Session Affinity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/session-affinity.md
Previously updated : 10/02/2023 Last updated : 02/27/2024
With session affinity, Application Gateway for Containers presents a cookie in t
![A diagram depicting Application Gateway for Containers session affinity.](./media/session-affinity/session-affinity.png) The following steps are depicted in the previous diagram:
-1. A client initiates a request to an Application Gateway for Containers' (AGC) frontend
+
+1. A client initiates a request to an Application Gateway for Containers' (AGC) frontend.
2. AGC selects one of the many available pods to load balance the request to. In this example, we assume Pod C is selected out of the four available pods. 3. Pod C returns a response to AGC. 4. In addition to the backend response from Pod C, AGC adds a Set-Cookie header containing a uniquely generated hash used for routing.
The following steps are depicted in the previous diagram:
| cookieDuration | Required if affinityType is application-cookie. This is the duration (lifetime) of the cookie in seconds. | In managed cookie affinity type, Application Gateway uses predefined values when the cookie is offered to the client.+ - The name of the cookie is: `AGCAffinity`. - The duration (lifetime) of the cookie is 86,400 seconds (one day). - The `cookieName` and `cookieDuration` properties and values are discarded.
application-gateway Tls Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/tls-policy.md
Previously updated : 07/24/2023 Last updated : 02/27/2024
The following table shows the list of cipher suites and minimum protocol version
| **Minimum protocol version** | TLS 1.2 | TLS 1.2 | | **Enabled protocol versions** | TLS 1.2 | TLS 1.2 | | TLS_AES_256_GCM_SHA384 | &check; | &check; |
-| TLS_AES_128_GCM_SHA256 | &check; | &check; |
+| TLS_AES_128_GCM_SHA256 | &check; | &check; |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | &check; | &check; | | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | &check; | &check; | | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | &check; | &check; | | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | &check; | &check; | | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | &check; | &cross; |
-| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | &check; | &cross; |
+| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | &check; | &cross; |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | &check; | &cross; | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | &check; | &cross; | | **Elliptical curves** | | |
EOF
TLS policy is currently not supported for Ingress resources and will automatically be configured to use the default TLS policy `2023-06`. - --
application-gateway Troubleshooting Guide https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/troubleshooting-guide.md
Title: Troubleshoot Application Gateway for Containers (preview)
+ Title: Troubleshoot Application Gateway for Containers
description: Learn how to troubleshoot common issues with Application Gateway for Containers Previously updated : 12/05/2023 Last updated : 02/27/2024
-# Troubleshooting in Application Gateway for Containers (preview)
+# Troubleshooting in Application Gateway for Containers
This article provides some guidance to help you troubleshoot common problems in Application Gateway for Containers.
Before you start troubleshooting, determine the version of ALB Controller that i
```bash kubectl get deployment -n azure-alb-system -o wide ```+ Example output: | NAME | READY | UP-TO-DATE | AVAILABLE | AGE | CONTAINERS | IMAGES | SELECTOR | | | -- | - | | - | -- | - | -- |
-| alb-controller | 2/2 | 2 | 2 | 18d | alb-controller | mcr.microsoft.com/application-lb/images/alb-controller:**0.6.3** | app=alb-controller |
-| alb-controller-bootstrap | 1/1 | 1 | 1 | 18d | alb-controller-bootstrap | mcr.microsoft.com/application-lb/images/alb-controller-bootstrap:**0.6.3** | app=alb-controller-bootstrap |
+| alb-controller | 2/2 | 2 | 2 | 18d | alb-controller | mcr.microsoft.com/application-lb/images/alb-controller:**1.0.0** | app=alb-controller |
+| alb-controller-bootstrap | 1/1 | 1 | 1 | 18d | alb-controller-bootstrap | mcr.microsoft.com/application-lb/images/alb-controller-bootstrap:**1.0.0** | app=alb-controller-bootstrap |
-In this example, the ALB controller version is **0.6.3**.
+In this example, the ALB controller version is **1.0.0**.
The ALB Controller version can be upgraded by running the `helm upgrade alb-controller` command. For more information, see [Install the ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md#install-the-alb-controller).
The ALB Controller version can be upgraded by running the `helm upgrade alb-cont
> The latest ALB Controller version can be found in the [ALB Controller release notes](alb-controller-release-notes.md#latest-release-recommended). ## Collect ALB Controller logs+ Logs can be collected from the ALB Controller by using the _kubectl logs_ command referencing the ALB Controller pod. 1. Get the running ALB Controller pod name Run the following kubectl command. Ensure you substitute your namespace if not using the default namespace of `azure-alb-system`:+ ```bash kubectl get pods -n azure-alb-system ```
-
+ You should see output similar to the following example. Pod names might differ slightly.
-
+ | NAME | READY | STATUS | RESTARTS | AGE | | - | -- | - | -- | - | | alb-controller-6648c5d5c-sdd9t | 1/1 | Running | 0 | 4d6h |
Logs can be collected from the ALB Controller by using the _kubectl logs_ comman
| alb-controller-bootstrap-6648c5d5c-hrmpc | 1/1 | Running | 0 | 4d6h | ALB controller uses an election provided by controller-runtime manager to determine an active and standby pod for high availability.
-
+ Copy the name of each alb-controller pod (not the bootstrap pod, in this case, `alb-controller-6648c5d5c-sdd9t` and `alb-controller-6648c5d5c-au234`) and run the following command to determine the active pod. # [Linux](#tab/active-pod-linux)+ ```bash kubectl logs alb-controller-6648c5d5c-sdd9t -n azure-alb-system -c alb-controller | grep "successfully acquired lease" ``` # [Windows](#tab/active-pod-windows)+ ```cli kubectl logs alb-controller-6648c5d5c-sdd9t -n azure-alb-system -c alb-controller| findstr "successfully acquired lease" ```+ You should see the following if the pod is primary: `successfully acquired lease azure-alb-system/alb-controller-leader-election`
Logs can be collected from the ALB Controller by using the _kubectl logs_ comman
2. Collect the logs Logs from ALB Controller will be returned in JSON format.
-
+ Execute the following kubectl command, replacing the name with the pod name returned in step 1:+ ```bash kubectl logs -n azure-alb-system alb-controller-6648c5d5c-sdd9t ```
-
+ Similarly, you can redirect the output of the existing command to a file by specifying the greater than (>) sign and the filename to write the logs to:+ ```bash kubectl logs -n azure-alb-system alb-controller-6648c5d5c-sdd9t > alb-controller-logs.json ```
Logs can be collected from the ALB Controller by using the _kubectl logs_ comman
### Application Gateway for Containers returns 500 status code Scenarios in which you would notice a 500-error code on Application Gateway for Containers are as follows:
-1. __Invalid backend Entries__ : A backend is defined as invalid in the following scenarios:
+
+1. **Invalid backend Entries** : A backend is defined as invalid in the following scenarios:
- It refers to an unknown or unsupported kind of resource. In this case, the HTTPRoute's status has a condition with reason set to `InvalidKind` and the message explains which kind of resource is unknown or unsupported. - It refers to a resource that doesn't exist. In this case, the HTTPRoute's status has a condition with reason set to `BackendNotFound` and the message explains that the resource doesn't exist. - It refers to a resource in another namespace when the reference isn't explicitly allowed by a ReferenceGrant (or equivalent concept). In this case, the HTTPRoute's status has a condition with reason set to `RefNotPermitted` and the message explains which cross-namespace reference isn't allowed.
Scenarios in which you would notice a 500-error code on Application Gateway for
2. No endpoints found for all backends: when there are no endpoints found for all the backends referenced in an HTTPRoute, a 500 error code is obtained.
+### Application Load Balancer custom resource doesn't reflect Ready status
+
+#### Symptoms
+
+ApplicationLoadBalancer custom resource status message continually says "Application Gateway for Containers resource `agc-name` is undergoing an update."
+
+The following logs are repeated by the primary alb-controller pod.
+
+```text
+{"level":"info","version":"x.x.x","Timestamp":"2024-02-26T20:31:53.760150719Z","message":"Stream opened for config updates"}
+{"level":"info","version":"x.x.x","operationID":"1ea7ffd4-b2c4-460b-bce7-4d3f855ce8d5","Timestamp":"2024-02-26T20:31:53.760313623Z","message":"Successfully sent config update request"}
+{"level":"error","version":"x.x.x","error":"rpc error: code = PermissionDenied desc = ALB Controller with object id '5b26a949-297d-40c7-b10f-5d1cf2e3259d' does not have authorization to perform action on Application Gateway for Containers resource.Please check RBAC delegations to the Application Gateway for Containers resource.","Timestamp":"2024-02-26T20:31:53.769444995Z","message":"Unable to capture config update response"}
+{"level":"info","version":"x.x.x","Timestamp":"2024-02-26T20:31:53.769504489Z","message":"Retrying to open config update stream"}
+{"level":"info","version":"x.x.x","Timestamp":"2024-02-26T20:31:54.461487406Z","message":"Stream opened up for endpoint updates"}
+{"level":"info","version":"x.x.x","operationID":"808825c2-b0a8-476b-b83a-8e7357c55750","Timestamp":"2024-02-26T20:31:54.462070039Z","message":"Successfully sent endpoint update request"}
+{"level":"error","version":"x.x.x","error":"rpc error: code = PermissionDenied desc = ALB Controller with object id '5b26a949-297d-40c7-b10f-5d1cf2e3259d' does not have authorization to perform action on Application Gateway for Containers resource.Please check RBAC delegations to the Application Gateway for Containers resource.","Timestamp":"2024-02-26T20:31:54.470728646Z","message":"Unable to capture endpoint update response"}
+{"level":"info","version":"x.x.x","Timestamp":"2024-02-26T20:31:54.47077373Z","message":"Retrying to open up endpoint update stream"}
+```
+ ### Kubernetes Gateway resource fails to get token from credential chain #### Symptoms No changes to HttpRoutes are being applied to Application Gateway for Containers.
-The following error message is returned on the Kubernetes Gateway resource and no changes to HttpRoutes
+The following error message is returned on the Kubernetes Gateway resource and no changes are reflected for any HttpRoute resources.
```YAML status:
status:
#### Solution Ensure the federated credentials of the managed identity for the ALB Controller pod to make changes to Application Gateway for Containers are configured in Azure. Instructions on how to configure federated credentials can be found in the quickstart guides:+ - [Quickstart: Deploy ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md#install-the-alb-controller)
application-gateway Ingress Controller Expose Service Over Http Https https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-expose-service-over-http-https.md
These tutorials help illustrate the usage of [Kubernetes Ingress Resources](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose an example Kubernetes service through the [Azure Application Gateway](https://azure.microsoft.com/services/application-gateway/) over HTTP or HTTPS. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Prerequisites
application-gateway Ingress Controller Expose Websocket Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-expose-websocket-server.md
As outlined in the Application Gateway v2 documentation - it [provides native support for the WebSocket and HTTP/2 protocols](features.md#websocket-and-http2-traffic). Both Application Gateway and the Kubernetes Ingress don't have a user-configurable setting to selectively enable or disable WebSocket support. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
The following Kubernetes deployment YAML shows the minimum configuration used to deploy a WebSocket server, which is the same as deploying a regular web server: ```yaml
application-gateway Ingress Controller Install Existing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-install-existing.md
AGIC monitors the Kubernetes [Ingress](https://kubernetes.io/docs/concepts/servi
resources, and creates and applies Application Gateway config based on the status of the Kubernetes cluster. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Outline
application-gateway Ingress Controller Install New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-install-new.md
The instructions below assume Application Gateway Ingress Controller (AGIC) will
installed in an environment with no pre-existing components. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Required Command Line Tools
application-gateway Ingress Controller Letsencrypt Certificate Application Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-letsencrypt-certificate-application-gateway.md
This section configures your AKS to use [LetsEncrypt.org](https://letsencrypt.org/) and automatically obtain a TLS/SSL certificate for your domain. The certificate is installed on Application Gateway, which performs SSL/TLS termination for your AKS cluster. The setup described here uses the [cert-manager](https://github.com/jetstack/cert-manager) Kubernetes add-on, which automates the creation and management of certificates. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
Use the following steps to install [cert-manager](https://docs.cert-manager.io) on your existing AKS cluster.
application-gateway Ingress Controller Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-migration.md
If you already have AGIC deployed through Helm but want to migrate to AGIC deployed as an AKS add-on, the following steps help to guide you through the migration process. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Prerequisites Before you start the migration process, there are a few things to check.
application-gateway Ingress Controller Multiple Namespace Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-multiple-namespace-support.md
As of version 0.7 [Azure Application Gateway Kubernetes IngressController](https
Version 0.7 of AGIC continues to exclusively observe the `default` namespace, unless this is explicitly changed to one or more different namespaces in the Helm configuration. See the following section. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Enable multiple namespace support
application-gateway Ingress Controller Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-overview.md
Previously updated : 07/28/2023 Last updated : 01/31/2024
The Application Gateway Ingress Controller (AGIC) is a Kubernetes application, w
The Ingress Controller runs in its own pod on the customerΓÇÖs AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to Application Gateway specific configuration and applied to the [Azure Resource Manager (ARM)](../azure-resource-manager/management/overview.md). > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Benefits of Application Gateway Ingress Controller AGIC helps eliminate the need to have another load balancer/public IP address in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster. Application Gateway talks to pods using their private IP address directly and doesn't require NodePort or KubeProxy services. This capability also brings better performance to your deployments.
application-gateway Ingress Controller Private Ip https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-private-ip.md
This feature exposes the ingress endpoint within the `Virtual Network` using a private IP. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Prerequisites Application Gateway with a [Private IP configuration](./configure-application-gateway-with-private-frontend-ip.md)
application-gateway Ingress Controller Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-troubleshoot.md
Previously updated : 08/01/2023 Last updated : 01/31/2024
and AGIC installation. Launch your shell from [shell.azure.com](https://shell.az
[![Embed launch](./media/launch-cloud-shell/launch-cloud-shell.png "Launch Azure Cloud Shell")](https://shell.azure.com) > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
## Test with a simple Kubernetes app
application-gateway Ingress Controller Update Ingress Controller https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ingress-controller-update-ingress-controller.md
The Azure Application Gateway Ingress Controller for Kubernetes (AGIC) can be up
using a Helm repository hosted on Azure Storage. > [!TIP]
-> Also see [What is Application Gateway for Containers?](for-containers/overview.md) currently in public preview.
+> Also see [What is Application Gateway for Containers](for-containers/overview.md).
Before beginning the upgrade procedure, ensure that you've added the required repository:
application-gateway Ipv6 Application Gateway Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ipv6-application-gateway-portal.md
description: Learn how to configure Application Gateway with a frontend public I
Previously updated : 02/08/2024 Last updated : 02/27/2024
application-gateway Overview V2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/overview-v2.md
The new v2 SKU includes the following enhancements:
- **Header Rewrite**: Application Gateway allows you to add, remove, or update HTTP request and response headers with v2 SKU. For more information, see [Rewrite HTTP headers with Application Gateway](./rewrite-http-headers-url.md) - **Key Vault Integration**: Application Gateway v2 supports integration with Key Vault for server certificates that are attached to HTTPS enabled listeners. For more information, see [TLS termination with Key Vault certificates](key-vault-certs.md). - **Mutual Authentication (mTLS)**: Application Gateway v2 supports authentication of client requests. For more information, see [Overview of mutual authentication with Application Gateway](mutual-authentication-overview.md).-- **Azure Kubernetes Service Ingress Controller**: The Application Gateway v2 Ingress Controller allows the Azure Application Gateway to be used as the ingress for an Azure Kubernetes Service (AKS) known as AKS Cluster. For more information, see [What is Application Gateway Ingress Controller?](ingress-controller-overview.md).
+- **Azure Kubernetes Service Ingress Controller**: The Application Gateway v2 Ingress Controller allows the Azure Application Gateway to be used as the ingress for an Azure Kubernetes Service (AKS) known as AKS Cluster. For more information, see [What is Application Gateway Ingress Controller](ingress-controller-overview.md).
- **Private link**: The v2 SKU offers private connectivity from other virtual networks in other regions and subscriptions through the use of private endpoints. - **Performance enhancements**: The v2 SKU offers up to 5X better TLS offload performance as compared to the Standard/WAF SKU. - **Faster deployment and update time** The v2 SKU provides faster deployment and update time as compared to Standard/WAF SKU. This also includes WAF configuration changes.
application-gateway Private Link Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/private-link-configure.md
A list of all Azure CLI references for Private Link Configuration on Application
## Next steps -- Learn about Azure Private Link: [What is Azure Private Link?](../private-link/private-link-overview.md)
+- Learn about Azure Private Link: [What is Azure Private Link](../private-link/private-link-overview.md).
application-gateway Private Link https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/private-link.md
Today, you can deploy your critical workloads securely behind Application Gatewa
- Public IP address - your workloads are accessible over the Internet. - Private IP address- your workloads are accessible privately via your virtual network / connected networks
-Private Link for Application Gateway allows you to connect workloads over a private connection spanning across VNets and subscriptions. When configured, a private endpoint is placed into a defined virtual network's subnet, providing a private IP address for clients looking to communicate to the gateway. For a list of other PaaS services that support Private Link functionality, see [What is Azure Private Link?](../private-link/private-link-overview.md).
+Private Link for Application Gateway allows you to connect workloads over a private connection spanning across VNets and subscriptions. When configured, a private endpoint is placed into a defined virtual network's subnet, providing a private IP address for clients looking to communicate to the gateway. For a list of other PaaS services that support Private Link functionality, see [What is Azure Private Link](../private-link/private-link-overview.md).
:::image type="content" source="media/private-link/private-link.png" alt-text="Diagram showing Application Gateway Private Link":::
Four components are required to implement Private Link with Application Gateway:
## Next steps -- [Configure Azure Application Gateway Private Link](private-link-configure.md)-- [What is Azure Private Link?](../private-link/private-link-overview.md)
+- [Configure Azure Application Gateway Private Link](private-link-configure.md).
+- [What is Azure Private Link](../private-link/private-link-overview.md).
application-gateway Tutorial Ingress Controller Add On New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ingress-controller-add-on-new.md
In this tutorial, you:
- Created new AKS cluster with the AGIC add-on enabled - Deployed a sample application by using AGIC for ingress on the AKS cluster
-To learn more about AGIC, see [What is Application Gateway Ingress Controller?](ingress-controller-overview.md) and [Disable and re-enable AGIC add-on for your AKS cluster](ingress-controller-disable-addon.md)
+To learn more about AGIC, see [What is Application Gateway Ingress Controller](ingress-controller-overview.md) and [Disable and re-enable AGIC add-on for your AKS cluster](ingress-controller-disable-addon.md).
To learn how to enable application gateway ingress controller add-on for an existing AKS cluster with an existing application gateway, advance to the next tutorial.
application-gateway Tutorial Protect Application Gateway Ddos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-protect-application-gateway-ddos.md
This article helps you create an Azure Application Gateway with a DDoS protected
:::image type="content" source="./media/tutorial-protect-application-gateway/ddos-protection-app-gateway.png" alt-text="Diagram of DDoS Protection connecting to an Application Gateway."::: > [!IMPORTANT]
-> Azure DDoS Protection incurs a cost when you use the Network Protection SKU. Overages charges only apply if more than 100 public IPs are protected in the tenant. Ensure you delete the resources in this tutorial if you aren't using the resources in the future. For information about pricing, see [Azure DDoS Protection Pricing]( https://azure.microsoft.com/pricing/details/ddos-protection/). For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md).
+> Azure DDoS Protection incurs a cost when you use the Network Protection SKU. Overages charges only apply if more than 100 public IPs are protected in the tenant. Ensure you delete the resources in this tutorial if you aren't using the resources in the future. For information about pricing, see [Azure DDoS Protection Pricing]( https://azure.microsoft.com/pricing/details/ddos-protection/). For more information about Azure DDoS protection, see [What is Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md).
In this tutorial, you learn how to:
automation Manage Office 365 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/manage-office-365.md
description: This article tells how to use Azure Automation to manage Office 365
Last updated 11/05/2020 -+ # Manage Office 365 services
You need the following to manage Office 365 subscription services in Azure Autom
* Microsoft Entra ID. See [Use Microsoft Entra ID in Azure Automation to authenticate to Azure](automation-use-azure-ad.md). * An Office 365 tenant, with an account. See [Set up your Office 365 tenant](/sharepoint/dev/spfx/set-up-your-developer-tenant).
-## Install the MSOnline and MSOnlineExt modules
+## Install Microsoft Graph PowerShell
-Use of Office 365 within Azure Automation requires Microsoft Entra ID for Windows PowerShell (`MSOnline` module). You'll also need the module [`MSOnlineExt`](https://www.powershellgallery.com/packages/MSOnlineExt/1.0.35), which simplifies Microsoft Entra management in single- and multi-tenant environments. Install the modules as described in [Use Microsoft Entra ID in Azure Automation to authenticate to Azure](automation-use-azure-ad.md).
+Use of Office 365 within Azure Automation requires the Microsoft Graph PowerShell module.
+
+```powershell
+Install-Module Microsoft.Graph -Scope CurrentUser
+```
>[!NOTE]
->To use MSOnline PowerShell, you must be a member of Microsoft Entra ID. Guest users can't use the module.
+>To use Microsoft Graph PowerShell, you must be a member of Microsoft Entra ID. Guest users can't use the module.
## Create an Azure Automation account To complete the steps in this article, you need an account in Azure Automation. See [Create an Azure Automation account](./quickstarts/create-azure-automation-account-portal.md).
-## Add MSOnline and MSOnlineExt as assets
-
-Now add the installed MSOnline and MSOnlineExt modules to enable Office 365 functionality. Refer to [Manage modules in Azure Automation](shared-resources/modules.md).
-
-1. In the Azure portal, select **Automation Accounts**.
-2. Choose your Automation account.
-3. Select **Modules Gallery** under **Shared Resources**.
-4. Search for MSOnline.
-5. Select the `MSOnline` PowerShell module and click **Import** to import the module as an asset.
-6. Repeat steps 4 and 5 to locate and import the `MSOnlineExt` module.
- ## Create a credential asset (optional) It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see [Create a credential asset](automation-use-azure-ad.md#create-a-credential-asset).
To run Office 365 subscription services, you need an Office 365 service account
## Connect to the Microsoft Entra online service >[!NOTE]
->To use the MSOnline module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.
+>To use the Microsoft Graph PowerShell module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.
-You can use the MSOnline module to connect to Microsoft Entra ID from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).
+You can connect to Microsoft Entra ID from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).
-A PowerShell example is shown below. The [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet prompts for credentials and stores them in the `Msolcred` variable. Then the [Connect-MsolService](/powershell/module/msonline/connect-msolservice) cmdlet uses the credentials to connect to the Azure directory online service. If you want to connect to a specific Azure environment, use the `AzureEnvironment` parameter.
+A PowerShell example is shown below. For more information, see [Connect-MgGraph](/powershell/module/microsoft.graph.authentication/connect-mggraph).
```powershell
-$Msolcred = Get-Credential
-Connect-MsolService -Credential $MsolCred -AzureEnvironment "AzureCloud"
+Connect-MgGraph -Scopes "Directory.Read.All"
```
-If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, `Get-MsolUser`, and see the results. If you receive errors, note that a common problem is an incorrect password.
-
->[!NOTE]
->You can also use the AzureRM module or the Az module to connect to Microsoft Entra ID from the Office 365 subscription. The main connection cmdlet is [Connect-AzureAD](/powershell/module/azuread/connect-azuread). This cmdlet supports the `AzureEnvironmentName` parameter for specific Office 365 environments.
+If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, [Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser), and see the results.
## Create a PowerShell runbook from an existing script
-You access Office 365 functionality from a PowerShell script. Here's an example of a script for a credential named `Office-Credentials` with user name of `admin@TenantOne.com`. It uses `Get-AutomationPSCredential` to import the Office 365 credential.
+You access Office 365 functionality from a PowerShell script.
```powershell $emailFromAddress = "admin@TenantOne.com" $emailToAddress = "servicedesk@TenantOne.com" $emailSMTPServer = "outlook.office365.com" $emailSubject = "Office 365 License Report"- $credObject = Get-AutomationPSCredential -Name "Office-Credentials"
-Connect-MsolService -Credential $credObject
-$O365Licenses = Get-MsolAccountSku | Out-String
+Connect-MgGraph -Scopes "Directory.Read.All"
+
+$O365Licenses = Get-MgSubscribedSku | Out-String
Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $O365Licenses -SmtpServer $emailSMTPServer -UseSSL ```
automation Hybrid Runbook Worker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/hybrid-runbook-worker.md
description: This article tells how to troubleshoot and resolve issues that aris
Last updated 09/17/2023 -+ # Troubleshoot agent-based Hybrid Runbook Worker issues in Automation
Hybrid workers send [Runbook output and messages](../automation-runbook-output-a
#### Issue
-A script running on a Windows Hybrid Runbook Worker can't connect as expected to Microsoft 365 on an Orchestrator sandbox. The script is using [Connect-MsolService](/powershell/module/msonline/connect-msolservice) for connection.
+A script running on a Windows Hybrid Runbook Worker can't connect as expected to Microsoft 365 on an Orchestrator sandbox. The script is using [Connect-MgGraph](/powershell/microsoftgraph/authentication-commands#using-connect-mggraph) for connection.
If you adjust **Orchestrator.Sandbox.exe.config** to set the proxy and the bypass list, the sandbox still doesn't connect properly. A **Powershell_ise.exe.config** file with the same proxy and bypass list settings seems to work as you expect. Service Management Automation (SMA) logs and PowerShell logs don't provide any information about proxy.ΓÇï
The connection to Active Directory Federation Services (AD FS) on the server can
#### Resolution
-You can resolve the issue for the Orchestrator sandbox by migrating your script to use the Microsoft Entra modules instead of the MSOnline module for PowerShell cmdlets. For more information, see [Migrating from Orchestrator to Azure Automation (Beta)](../automation-orchestrator-migration.md).
+You can resolve the issue for the Orchestrator sandbox by migrating your script to use the Microsoft Entra modules instead of the PowerShell cmdlets. For more information, see [Migrating from Orchestrator to Azure Automation (Beta)](../automation-orchestrator-migration.md).
-ΓÇïIf you want to continue to use the MSOnline module cmdlets, change your script to use [Invoke-Command](/powershell/module/microsoft.powershell.core/invoke-command). Specify values for the `ComputerName` and `Credential` parameters.
+ΓÇïIf you want to continue to use the module cmdlets, change your script to use [Invoke-Command](/powershell/module/microsoft.powershell.core/invoke-command). Specify values for the `ComputerName` and `Credential` parameters.
```powershell $Credential = Get-AutomationPSCredential -Name MyProxyAccessibleCredentialΓÇï Invoke-Command -ComputerName $env:COMPUTERNAME -Credential $Credential
-{ Connect-MsolService … }​
+{ Connect-MgGraph … }​
``` This code change starts an entirely new PowerShell session under the context of the specified credentials. It should enable the traffic to flow through a proxy server that's authenticating the active user.
azure-app-configuration Cli Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/cli-samples.md
The following table includes links to Azure CLI scripts for Azure App Configurat
|**Create**|| | [Create an App Configuration store](./scripts/cli-create-service.md) | Creates a resource group and an App Configuration store instance. | |**Use**||
-| [Work with key values](./scripts/cli-work-with-keys.md) | Creates, views, updates, and deletes key values. |
-| [Import key values](./scripts/cli-import.md) | Imports key values from other sources. |
-| [Export key values](./scripts/cli-export.md) | Exports key values to other targets. |
+| [Work with key-values](./scripts/cli-work-with-keys.md) | Creates, views, updates, and deletes key-values. |
+| [Import key-values](./scripts/cli-import.md) | Imports key-values from other sources. |
+| [Export key-values](./scripts/cli-export.md) | Exports key-values to other targets. |
|**Delete**|| | [Delete an App Configuration store](./scripts/cli-delete-service.md) | Deletes an App Configuration store instance. | | | |
azure-app-configuration Concept Customer Managed Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/concept-customer-managed-keys.md
Title: Use customer-managed keys to encrypt your configuration data
description: Encrypt your configuration data using customer-managed keys Previously updated : 08/30/2022 Last updated : 02/20/2024
After these resources are configured, use the following steps so that the Azure
1. Assign a managed identity to the Azure App Configuration instance. 1. Grant the identity `GET`, `WRAP`, and `UNWRAP` permissions in the target Key Vault's access policy.
-## Enable customer-managed key encryption for your Azure App Configuration instance
+## Enable customer-managed key encryption for your App Configuration store
-To begin, you'll need a properly configured Azure App Configuration instance. If you don't yet have an App Configuration instance available, follow one of these quickstarts to set one up:
--- [Create an ASP.NET Core app with Azure App Configuration](quickstart-aspnet-core-app.md)-- [Create a .NET Core app with Azure App Configuration](quickstart-dotnet-core-app.md)-- [Create a .NET Framework app with Azure App Configuration](quickstart-dotnet-app.md)-- [Create a Java Spring app with Azure App Configuration](quickstart-java-spring-app.md)-- [Create a JavaScript app with Azure App Configuration](quickstart-javascript.md)-- [Create a Python app with Azure App Configuration](quickstart-python.md)-
-> [!TIP]
-> The Azure Cloud Shell is a free interactive shell that you can use to run the command line instructions in this article. It has common Azure tools preinstalled, including the .NET Core SDK. If you are logged in to your Azure subscription, launch your [Azure Cloud Shell](https://shell.azure.com) from shell.azure.com. You can learn more about Azure Cloud Shell by [reading our documentation](../cloud-shell/overview.md).
-
-### Create and configure an Azure Key Vault
+1. [Create an App Configuration store](./quickstart-azure-app-configuration-create.md) if you don't have one.
1. Create an Azure Key Vault by using the Azure CLI. Both `vault-name` and `resource-group-name` are user-provided and must be unique. We use `contoso-vault` and `contoso-resource-group` in these examples.
azure-app-configuration Concept Feature Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/concept-feature-management.md
Previously updated : 08/17/2022 Last updated : 02/20/2024 # Feature management overview
To use feature flags effectively, you need to externalize all the feature flags
Azure App Configuration provides a centralized repository for feature flags. You can use it to define different kinds of feature flags and manipulate their states quickly and confidently. You can then use the App Configuration libraries for various programming language frameworks to easily access these feature flags from your application.
-[The feature flags in an ASP.NET Core app](./use-feature-flags-dotnet-core.md) shows how the .NET Core App Configuration provider and Feature Management libraries are used together to implement feature flags for your ASP.NET web application. For more information on feature flags in Azure App Configuration, see the following articles:
+[The feature flags in an ASP.NET Core app](./use-feature-flags-dotnet-core.md) shows how the App Configuration .NET provider and Feature Management libraries are used together to implement feature flags for your ASP.NET web application. For more information on feature flags in Azure App Configuration, see the following articles:
* [Manage feature flags](./manage-feature-flags.md) * [Use conditional feature flags](./howto-feature-filters-aspnet-core.md)
azure-app-configuration Concept Point Time Snapshot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/concept-point-time-snapshot.md
You can use the Azure portal or the Azure CLI to retrieve past key-values.
:::image type="content" source="media/restore-key-value-portal.png" alt-text="Screenshot of the Azure portal, selecting restore"::: 3. Select **Date: Select date** to select a date and time you want to revert to.
-4. Click outside of the date and time fields or press **Tab** to validate your choice. You can now see which key values have changed between your selected date and time and the current time. This step helps you understand what keys and values you're preparing to revert to.
+4. Click outside of the date and time fields or press **Tab** to validate your choice. You can now see which key-values have changed between your selected date and time and the current time. This step helps you understand what keys and values you're preparing to revert to.
:::image type="content" source="media/restore-key-value-past-values.png" alt-text="Screenshot of the Azure portal with saved key-values":::
azure-app-configuration Enable Dynamic Configuration Aspnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/enable-dynamic-configuration-aspnet-core.md
ms.devlang: csharp Previously updated : 09/30/2022 Last updated : 02/20/2024
A *sentinel key* is a key that you update after you complete the change of all o
1. Open *Program.cs*, and update the `AddAzureAppConfiguration` method you added previously during the quickstart.
- #### [.NET 6.0+](#tab/core6x)
```csharp // Load configuration from Azure App Configuration builder.Configuration.AddAzureAppConfiguration(options =>
A *sentinel key* is a key that you update after you complete the change of all o
}); ```
- #### [.NET Core 3.x](#tab/core3x)
- ```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- {
- webBuilder.ConfigureAppConfiguration(config =>
- {
- //Retrieve the Connection String from the secrets manager
- IConfiguration settings = config.Build();
- string connectionString = settings.GetConnectionString("AppConfig");
-
- // Load configuration from Azure App Configuration
- config.AddAzureAppConfiguration(options =>
- {
- options.Connect(connectionString)
- // Load all keys that start with `TestApp:` and have no label
- .Select("TestApp:*", LabelFilter.Null)
- // Configure to reload configuration if the registered sentinel key is modified
- .ConfigureRefresh(refreshOptions =>
- refreshOptions.Register("TestApp:Settings:Sentinel", refreshAll: true));
- });
- });
-
- webBuilder.UseStartup<Startup>();
- });
- ```
-
- The `Select` method is used to load all key-values whose key name starts with *TestApp:* and that have *no label*. You can call the `Select` method more than once to load configurations with different prefixes or labels. If you share one App Configuration store with multiple apps, this approach helps load configuration only relevant to your current app instead of loading everything from your store. In the `ConfigureRefresh` method, you register keys you want to monitor for changes in your App Configuration store. The `refreshAll` parameter to the `Register` method indicates that all configurations you specified by the `Select` method will be reloaded if the registered key changes.
A *sentinel key* is a key that you update after you complete the change of all o
1. Add Azure App Configuration middleware to the service collection of your app.
- #### [.NET 6.0+](#tab/core6x)
Update *Program.cs* with the following code. ```csharp
A *sentinel key* is a key that you update after you complete the change of all o
// ... ... ```
- #### [.NET Core 3.x](#tab/core3x)
- Open *Startup.cs*, and update the `ConfigureServices` method.
-
- ```csharp
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddRazorPages();
-
- // Add Azure App Configuration middleware to the container of services.
- services.AddAzureAppConfiguration();
-
- // Bind configuration "TestApp:Settings" section to the Settings object
- services.Configure<Settings>(Configuration.GetSection("TestApp:Settings"));
- }
- ```
-
- 1. Call the `UseAzureAppConfiguration` method. It enables your app to use the App Configuration middleware to update the configuration for you automatically.
- #### [.NET 6.0+](#tab/core6x)
Update *Program.cs* withe the following code. ```csharp
A *sentinel key* is a key that you update after you complete the change of all o
// ... ... ```
- #### [.NET Core 3.x](#tab/core3x)
- Update the `Configure` method in *Startup.cs*.
-
- ```csharp
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- if (env.IsDevelopment())
- {
- app.UseDeveloperExceptionPage();
- }
- else
- {
- app.UseExceptionHandler("/Error");
- app.UseHsts();
- }
-
- // Use Azure App Configuration middleware for dynamic configuration refresh.
- app.UseAzureAppConfiguration();
-
- app.UseHttpsRedirection();
- app.UseStaticFiles();
-
- app.UseRouting();
-
- app.UseAuthorization();
-
- app.UseEndpoints(endpoints =>
- {
- endpoints.MapRazorPages();
- });
- }
- ```
-
- You've set up your app to use the [options pattern in ASP.NET Core](/aspnet/core/fundamentals/configuration/options) during the quickstart. When the underlying configuration of your app is updated from App Configuration, your strongly typed `Settings` object obtained via `IOptionsSnapshot<T>` is updated automatically. Note that you shouldn't use the `IOptions<T>` if dynamic configuration update is desired because it doesn't read configuration data after the app has started. ## Request-driven configuration refresh
The configuration refresh is triggered by the incoming requests to your web app.
## Build and run the app locally
-1. To build the app by using the .NET Core CLI, run the following command in the command shell:
+1. To build the app by using the .NET CLI, run the following command in the command shell:
```console dotnet build
azure-app-configuration Enable Dynamic Configuration Dotnet Core Push Refresh https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/enable-dynamic-configuration-dotnet-core-push-refresh.md
Title: "Tutorial: Use dynamic configuration using push refresh in a .NET Core app"
+ Title: "Tutorial: Use dynamic configuration using push refresh in a .NET app"
-description: In this tutorial, you learn how to dynamically update the configuration data for .NET Core apps using push refresh
+description: In this tutorial, you learn how to dynamically update the configuration data for .NET apps using push refresh
ms.devlang: csharp Previously updated : 02/03/2022- Last updated : 02/20/2024+ #Customer intent: I want to use push refresh to dynamically update my app to use the latest configuration data in App Configuration.
-# Tutorial: Use dynamic configuration using push refresh in a .NET Core app
+# Tutorial: Use dynamic configuration using push refresh in a .NET app
-The App Configuration .NET Core client library supports updating configuration on demand without causing an application to restart. An application can be configured to detect changes in App Configuration using one or both of the following two approaches.
+The App Configuration .NET client library supports updating configuration on demand without causing an application to restart. An application can be configured to detect changes in App Configuration using one or both of the following two approaches.
1. Poll Model: This is the default behavior that uses polling to detect changes in configuration. Once the cached value of a setting expires, the next call to `TryRefreshAsync` or `RefreshAsync` sends a request to the server to check if the configuration has changed, and pulls the updated configuration if needed. 1. Push Model: This uses [App Configuration events](./concept-app-configuration-event.md) to detect changes in configuration. Once App Configuration is set up to send key value change events to Azure Event Grid, the application can use these events to optimize the total number of requests needed to keep the configuration updated. Applications can choose to subscribe to these either directly from Event Grid, or through one of the [supported event handlers](../event-grid/event-handlers.md) such as a webhook, an Azure function, or a Service Bus topic.
-This tutorial shows how you can implement dynamic configuration updates in your code using push refresh. It builds on the app introduced in the tutorial. Before you continue, finish Tutorial: [Use dynamic configuration in a .NET Core app](./enable-dynamic-configuration-dotnet-core.md) first.
+This tutorial shows how you can implement dynamic configuration updates in your code using push refresh. It builds on the app introduced in the tutorial. Before you continue, finish Tutorial: [Use dynamic configuration in a .NET app](./enable-dynamic-configuration-dotnet-core.md) first.
You can use any code editor to do the steps in this tutorial. [Visual Studio Code](https://code.visualstudio.com/) is an excellent option that's available on the Windows, macOS, and Linux platforms.
In this tutorial, you learn how to:
> [!div class="checklist"] > > * Set up a subscription to send configuration change events from App Configuration to a Service Bus topic
-> * Set up your .NET Core app to update its configuration in response to changes in App Configuration.
+> * Set up your .NET app to update its configuration in response to changes in App Configuration.
> * Consume the latest configuration in your application. ## Prerequisites
-* Tutorial: [Use dynamic configuration in a .NET Core app](./enable-dynamic-configuration-dotnet-core.md)
+* Tutorial: [Use dynamic configuration in a .NET app](./enable-dynamic-configuration-dotnet-core.md)
* NuGet package `Microsoft.Extensions.Configuration.AzureAppConfiguration` version 5.0.0 or later ## Set up Azure Service Bus topic and subscription
The `ProcessPushNotification` method resets the cache expiration to a short rand
The short random delay for cache expiration is helpful if you have many instances of your application or microservices connecting to the same App Configuration store with the push model. Without this delay, all instances of your application could send requests to your App Configuration store simultaneously as soon as they receive a change notification. This can cause the App Configuration Service to throttle your store. Cache expiration delay is set to a random number between 0 and a maximum of 30 seconds by default, but you can change the maximum value through the optional parameter `maxDelay` to the `ProcessPushNotification` method.
-The `ProcessPushNotification` method takes in a `PushNotification` object containing information about which change in App Configuration triggered the push notfication. This helps ensure all configuration changes up to the triggering event are loaded in the following configuration refresh. The `SetDirty` method does not gurarantee the change that triggers the push notification to be loaded in an immediate configuration refresh. If you are using the `SetDirty` method for the push model, we recommend using the `ProcessPushNotification` method instead.
+The `ProcessPushNotification` method takes in a `PushNotification` object containing information about which change in App Configuration triggered the push notification. This helps ensure all configuration changes up to the triggering event are loaded in the following configuration refresh. The `SetDirty` method does not guarantee the change that triggers the push notification to be loaded in an immediate configuration refresh. If you are using the `SetDirty` method for the push model, we recommend using the `ProcessPushNotification` method instead.
## Build and run the app locally
The `ProcessPushNotification` method takes in a `PushNotification` object contai
## Next steps
-In this tutorial, you enabled your .NET Core app to dynamically refresh configuration settings from App Configuration. To learn how to use an Azure managed identity to streamline the access to App Configuration, continue to the next tutorial.
+In this tutorial, you enabled your .NET app to dynamically refresh configuration settings from App Configuration. To learn how to use an Azure managed identity to streamline the access to App Configuration, continue to the next tutorial.
> [!div class="nextstepaction"] > [Managed identity integration](./howto-integrate-azure-managed-service-identity.md)
azure-app-configuration Enable Dynamic Configuration Dotnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/enable-dynamic-configuration-dotnet-core.md
ms.devlang: csharp Previously updated : 07/11/2023 Last updated : 02/20/2024 #Customer intent: I want to dynamically update my .NET app to use the latest configuration data in App Configuration.
Finish the quickstart [Create a .NET app with App Configuration](./quickstart-do
## Activity-driven configuration refresh
-Open the `Program.cs` file and update the code configurations to match the following:
-
-### [.NET 6.0+](#tab/core6x)
+Open *Program.cs* and update the file with the following code.
```csharp using Microsoft.Extensions.Configuration;
if (_refresher != null)
} ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Configuration.AzureAppConfiguration;
-using System;
-using System.Threading.Tasks;
-
-namespace TestConsole
-{
- class Program
- {
- private static IConfiguration _configuration = null;
- private static IConfigurationRefresher _refresher = null;
-
- static void Main(string[] args)
- {
- var builder = new ConfigurationBuilder();
- builder.AddAzureAppConfiguration(options =>
- {
- options.Connect(Environment.GetEnvironmentVariable("ConnectionString"))
- .ConfigureRefresh(refresh =>
- {
- refresh.Register("TestApp:Settings:Message")
- .SetCacheExpiration(TimeSpan.FromSeconds(10));
- });
-
- _refresher = options.GetRefresher();
- });
-
- _configuration = builder.Build();
- PrintMessage().Wait();
- }
-
- private static async Task PrintMessage()
- {
- Console.WriteLine(_configuration["TestApp:Settings:Message"] ?? "Hello world!");
-
- // Wait for the user to press Enter
- Console.ReadLine();
-
- await _refresher.TryRefreshAsync();
- Console.WriteLine(_configuration["TestApp:Settings:Message"] ?? "Hello world!");
- }
- }
-}
-```
-- In the `ConfigureRefresh` method, a key within your App Configuration store is registered for change monitoring. The `Register` method has an optional boolean parameter `refreshAll` that can be used to indicate whether all configuration values should be refreshed if the registered key changes. In this example, only the key *TestApp:Settings:Message* will be refreshed. The `SetCacheExpiration` method specifies the minimum time that must elapse before a new request is made to App Configuration to check for any configuration changes. In this example, you override the default expiration time of 30 seconds, specifying a time of 10 seconds instead for demonstration purposes. Calling the `ConfigureRefresh` method alone won't cause the configuration to refresh automatically. You call the `TryRefreshAsync` method from the interface `IConfigurationRefresher` to trigger a refresh. This design is to avoid phantom requests sent to App Configuration even when your application is idle. You'll want to include the `TryRefreshAsync` call where you consider your application active. For example, it can be when you process an incoming message, an order, or an iteration of a complex task. It can also be in a timer if your application is active all the time. In this example, you call `TryRefreshAsync` every time you press the Enter key. Even if the call `TryRefreshAsync` fails for any reason, your application continues to use the cached configuration. Another attempt is made when the configured cache expiration time has passed and the `TryRefreshAsync` call is triggered by your application activity again. Calling `TryRefreshAsync` is a no-op before the configured cache expiration time elapses, so its performance impact is minimal, even if it's called frequently.
In the previous code, you're manually saving an instance of `IConfigurationRefre
1. Register the required App Configuration services by invoking `AddAzureAppConfiguration` on your `IServiceCollection`.
- #### [.NET 6.0+](#tab/core6x)
Add the following code to *Program.cs*. ```csharp
In the previous code, you're manually saving an instance of `IConfigurationRefre
builder.Services.AddAzureAppConfiguration(); ```
- #### [.NET Core 3.x](#tab/core3x)
- Open *Startup.cs*, and update the `ConfigureServices` method.
-
- ```csharp
- public void ConfigureServices(IServiceCollection services)
- {
- // Add Azure App Configuration services to IServiceCollection
- services.AddAzureAppConfiguration();
-
- // Existing code
- // ... ...
- }
- ```
-
- 1. Refresh your configuration by resolving an instance of `IConfigurationRefresherProvider` from your service collection and invoking `TryRefreshAsync` on each of its refreshers. ```csharp
azure-app-configuration Howto Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-best-practices.md
Previously updated : 12/21/2023 Last updated : 02/20/2024
You can use either one or both options to group your keys.
An important thing to keep in mind is that keys are what your application code references to retrieve the values of the corresponding settings. Keys shouldn't change, or else you'll have to modify your code each time that happens.
-*Labels* are an attribute on keys. They're used to create variants of a key. For example, you can assign labels to multiple versions of a key. A version might be an iteration, an environment, or some other contextual information. Your application can request an entirely different set of key values by specifying another label. As a result, all key references remain unchanged in your code.
+*Labels* are an attribute on keys. They're used to create variants of a key. For example, you can assign labels to multiple versions of a key. A version might be an iteration, an environment, or some other contextual information. Your application can request an entirely different set of key-values by specifying another label. As a result, all key references remain unchanged in your code.
## Key-value compositions
-App Configuration treats all keys stored with it as independent entities. App Configuration doesn't attempt to infer any relationship between keys or to inherit key values based on their hierarchy. You can aggregate multiple sets of keys, however, by using labels coupled with proper configuration stacking in your application code.
+App Configuration treats all keys stored with it as independent entities. App Configuration doesn't attempt to infer any relationship between keys or to inherit key-values based on their hierarchy. You can aggregate multiple sets of keys, however, by using labels coupled with proper configuration stacking in your application code.
Let's look at an example. Suppose you have a setting named **Asset1**, whose value might vary based on the development environment. You create a key named "Asset1" with an empty label and a label named "Development". In the first label, you put the default value for **Asset1**, and you put a specific value for "Development" in the latter.
-In your code, you first retrieve the key values without any labels, and then you retrieve the same set of key values a second time with the "Development" label. When you retrieve the values the second time, the previous values of the keys are overwritten. The .NET Core configuration system allows you to "stack" multiple sets of configuration data on top of each other. If a key exists in more than one set, the last set that contains it is used. With a modern programming framework, such as .NET Core, you get this stacking capability for free if you use a native configuration provider to access App Configuration. The following code snippet shows how you can implement stacking in a .NET Core application:
+In your code, you first retrieve the key-values without any labels, and then you retrieve the same set of key-values a second time with the "Development" label. When you retrieve the values the second time, the previous values of the keys are overwritten. The .NET configuration system allows you to "stack" multiple sets of configuration data on top of each other. If a key exists in more than one set, the last set that contains it is used. With a modern programming framework, such as .NET, you get this stacking capability for free if you use a native configuration provider to access App Configuration. The following code snippet shows how you can implement stacking in a .NET application:
```csharp // Augment the ConfigurationBuilder with Azure App Configuration
azure-app-configuration Howto Integrate Azure Managed Service Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-integrate-azure-managed-service-identity.md
Previously updated : 02/06/2024 Last updated : 02/20/2024 zone_pivot_groups: appconfig-provider # Use managed identities to access App Configuration
To complete this tutorial, you must have:
:::zone target="docs" pivot="framework-dotnet"
-* [.NET SDK](https://dotnet.microsoft.com/download).
-* [Azure Cloud Shell configured](../cloud-shell/quickstart.md).
+* An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/).
+* An Azure App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md).
+* [.NET SDK 6.0 or later](https://dotnet.microsoft.com/download).
:::zone-end :::zone target="docs" pivot="framework-spring"
-* Azure subscription - [create one for free](https://azure.microsoft.com/free/)
+* An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/).
+* An Azure App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md).
* A supported [Java Development Kit (JDK)](/java/azure/jdk) with version 11. * [Apache Maven](https://maven.apache.org/download.cgi) version 3.0 or above.
To set up a managed identity in the portal, you first create an application and
The following steps describe how to assign the App Configuration Data Reader role to App Service. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
-1. In the [Azure portal](https://portal.azure.com), select the App Configuration store that you created in the [quickstart](../azure-app-configuration/quickstart-azure-functions-csharp.md).
+1. In the [Azure portal](https://portal.azure.com), select your App Configuration store.
1. Select **Access control (IAM)**.
The following steps describe how to assign the App Configuration Data Reader rol
1. To access values stored in App Configuration, update the `Builder` configuration to use the `AddAzureAppConfiguration()` method.
- ### [.NET 6.0+](#tab/core6x)
- ```csharp var builder = WebApplication.CreateBuilder(args);
The following steps describe how to assign the App Configuration Data Reader rol
new ManagedIdentityCredential())); ```
- ### [.NET Core 3.x](#tab/core3x)
-
- ```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
- {
- var settings = config.Build();
- config.AddAzureAppConfiguration(options =>
- options.Connect(new Uri(settings["AppConfig:Endpoint"]), new ManagedIdentityCredential()));
- })
- .UseStartup<Startup>());
- ```
-
-
- > [!NOTE] > If you want to use a **user-assigned managed identity**, be sure to specify the `clientId` when creating the [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential). >```csharp
azure-app-configuration Howto Labels Aspnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-labels-aspnet-core.md
ms.devlang: csharp
Previously updated : 07/11/2023 Last updated : 02/20/2024
using Microsoft.Extensions.Configuration.AzureAppConfiguration;
Load configuration values with the label corresponding to the current environment by passing the environment name into the `Select` method:
-### [ASP.NET Core 6.0+](#tab/core6x)
- ```csharp var builder = WebApplication.CreateBuilder(args);
builder.Configuration.AddAzureAppConfiguration(options =>
}); ```
-### [ASP.NET Core 3.x](#tab/core3x)
-
-```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
- {
- var settings = config.Build();
- config.AddAzureAppConfiguration(options =>
- options
- .Connect(settings.GetConnectionString("AppConfig"))
- // Load configuration values with no label
- .Select(KeyFilter.Any, LabelFilter.Null)
- // Override with any configuration values specific to current hosting env
- .Select(KeyFilter.Any, hostingContext.HostingEnvironment.EnvironmentName)
- );
- })
- .UseStartup<Startup>());
-```
--- > [!IMPORTANT] > The preceding code snippet uses the Secret Manager tool to load App Configuration connection string. For information storing the connection string using the Secret Manager, see [Quickstart for Azure App Configuration with ASP.NET Core](quickstart-aspnet-core-app.md).
azure-app-configuration Howto Move Resource Between Regions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-move-resource-between-regions.md
Follow these steps to export your configuration to the target store using the Az
az appconfig kv export -n SourceConfigurationStore -d appconfig --dest-name TargetConfigurationStore --key * --label * --preserve-labels ```
-1. To verify that your configurations have been successfully transferred from your source to your target store, list all of the key values in your target store.
+1. To verify that your configurations have been successfully transferred from your source to your target store, list all of the key-values in your target store.
```azurecli az appconfig kv list -n TargetAppConfiguration --all
azure-app-configuration Integrate Ci Cd Pipeline https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/integrate-ci-cd-pipeline.md
Previously updated : 08/30/2022 Last updated : 02/20/2024 # Customer intent: I want to use Azure App Configuration data in my CI/CD pipeline.
If you build locally, download and install the [Azure CLI](/cli/azure/install-az
-1. To build the app by using the .NET Core CLI, run the following command in the command shell:
+1. To build the app by using the .NET CLI, run the following command in the command shell:
```console dotnet build
azure-app-configuration Integrate Kubernetes Deployment Helm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/integrate-kubernetes-deployment-helm.md
Use helm upgrade's **-f** argument to pass in the two configuration files you've
helm upgrade --install -f myConfig.yaml -f mySecrets.yaml "example" ./mychart ```
-You can also use the **--set** argument for helm upgrade to pass literal key values. Using the **--set** argument is a good way to avoid persisting sensitive data to disk.
+You can also use the **--set** argument for helm upgrade to pass literal key-values. Using the **--set** argument is a good way to avoid persisting sensitive data to disk.
```powershell $secrets = az appconfig kv list -n myAppConfiguration --key "secrets.*" --resolve-keyvault --query "[*].{name:key, value:value}" | ConvertFrom-Json
azure-app-configuration Manage Feature Flags https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/manage-feature-flags.md
Previously updated : 10/18/2023 Last updated : 02/20/2024
# Tutorial: Manage feature flags in Azure App Configuration
-You can store all feature flags in Azure App Configuration and administer them from a single place. App Configuration has a portal UI named **Feature Manager** that's designed specifically for feature flags. App Configuration also natively supports the .NET Core feature-flag data schema.
+You can create feature flags in Azure App Configuration and manage them from the **Feature Manager** in the Azure portal.
In this tutorial, you learn how to: > [!div class="checklist"] > * Define and manage feature flags in App Configuration.
-> * Access feature flags from your application.
## Create feature flags
azure-app-configuration Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/overview.md
The easiest way to add an App Configuration store to your application is through
|Programming language and framework | How to connect | Quickstart | |--|||
-| .NET Core | App Configuration [provider](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration) for .NET Core | .NET Core [quickstart](./quickstart-dotnet-core-app.md) |
-| ASP.NET Core | App Configuration [provider](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration) for .NET Core | ASP.NET Core [quickstart](./quickstart-aspnet-core-app.md) |
+| .NET | App Configuration [provider](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration) for .NET | .NET [quickstart](./quickstart-dotnet-core-app.md) |
+| ASP.NET Core | App Configuration [provider](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration) for .NET | ASP.NET Core [quickstart](./quickstart-aspnet-core-app.md) |
| .NET Framework and ASP.NET | App Configuration [builder](https://go.microsoft.com/fwlink/?linkid=2074663) for .NET | .NET Framework [quickstart](./quickstart-dotnet-app.md) | | Java Spring | App Configuration [provider](https://go.microsoft.com/fwlink/?linkid=2180917) for Spring Cloud | Java Spring [quickstart](./quickstart-java-spring-app.md) | | JavaScript/Node.js | App Configuration [provider](https://github.com/Azure/AppConfiguration-JavaScriptProvider) for JavaScript | Javascript/Node.js [quickstart](./quickstart-javascript-provider.md)|
-| Python | App Configuration [provider](https://pypi.org/project/azure-appconfiguration-provider/) for Python | Python [quickstart](./quickstart-python-provider.md)) |
+| Python | App Configuration [provider](https://pypi.org/project/azure-appconfiguration-provider/) for Python | Python [quickstart](./quickstart-python-provider.md) |
| Other | App Configuration [REST API](/rest/api/appconfiguration/) | None | ## Next steps
azure-app-configuration Pull Key Value Devops Pipeline https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/pull-key-value-devops-pipeline.md
The following parameters are used by the Azure App Configuration task:
- **Azure subscription**: A drop-down containing your available Azure service connections. To update and refresh your list of available Azure service connections, press the **Refresh Azure subscription** button to the right of the textbox. - **App Configuration Endpoint**: A drop-down that loads your available configuration stores endpoints under the selected subscription. To update and refresh your list of available configuration stores endpoints, press the **Refresh App Configuration Endpoint** button to the right of the textbox. - **Selection Mode**: Specifies how the key-values read from a configuration store are selected. The 'Default' selection mode allows the use of key and label filters. The 'Snapshot' selection mode allows key-values to be selected from a snapshot. Default value is **Default**.-- **Key Filter**: The filter can be used to select what key-values are requested from Azure App Configuration. A value of * will select all key-values. For more information on, see [Query key values](concept-key-value.md#query-key-values).
+- **Key Filter**: The filter can be used to select what key-values are requested from Azure App Configuration. A value of * will select all key-values. For more information on, see [Query key-values](concept-key-value.md#query-key-values).
- **Label**: Specifies which label should be used when selecting key-values from the App Configuration store. If no label is provided, then key-values with the no label will be retrieved. The following characters are not allowed: , *. - **Snapshot Name**: Specifies snapshot from which key-values should be retrieved in Azure App Configuration. - **Trim Key Prefix**: Specifies one or more prefixes that should be trimmed from App Configuration keys before setting them as variables. Multiple prefixes can be separated by a new-line character.
azure-app-configuration Quickstart Aspnet Core App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-aspnet-core-app.md
ms.devlang: csharp Previously updated : 03/27/2023 Last updated : 02/20/2024 #Customer intent: As an ASP.NET Core developer, I want to learn how to manage all my app settings in one place.
In this quickstart, you'll use Azure App Configuration to externalize storage an
- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/). - An App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md#create-an-app-configuration-store).-- [.NET Core SDK](https://dotnet.microsoft.com/download)
+- [.NET SDK 6.0 or later](https://dotnet.microsoft.com/download)
> [!TIP]
-> The Azure Cloud Shell is a free, interactive shell that you can use to run the command line instructions in this article. It has common Azure tools preinstalled, including the .NET Core SDK. If you're logged in to your Azure subscription, launch your [Azure Cloud Shell](https://shell.azure.com) from shell.azure.com. You can learn more about Azure Cloud Shell by [reading our documentation](../cloud-shell/overview.md)
+> The Azure Cloud Shell is a free, interactive shell that you can use to run the command line instructions in this article. It has common Azure tools preinstalled, including the .NET SDK. If you're logged in to your Azure subscription, launch your [Azure Cloud Shell](https://shell.azure.com) from shell.azure.com. You can learn more about Azure Cloud Shell by [reading our documentation](../cloud-shell/overview.md)
## Add key-values
Add the following key-values to the App Configuration store and leave **Label**
## Create an ASP.NET Core web app
-Use the [.NET Core command-line interface (CLI)](/dotnet/core/tools) to create a new ASP.NET Core web app project. The [Azure Cloud Shell](https://shell.azure.com) provides these tools for you. They're also available across the Windows, macOS, and Linux platforms.
+Use the [.NET command-line interface (CLI)](/dotnet/core/tools) to create a new ASP.NET Core web app project. The [Azure Cloud Shell](https://shell.azure.com) provides these tools for you. They're also available across the Windows, macOS, and Linux platforms.
Run the following command to create an ASP.NET Core web app in a new *TestAppConfig* folder:
-#### [.NET 6.x](#tab/core6x)
- ```dotnetcli dotnet new webapp --output TestAppConfig --framework net6.0 ```
-#### [.NET Core 3.x](#tab/core3x)
-
-```dotnetcli
-dotnet new webapp --output TestAppConfig --framework netcoreapp3.1
-```
--- ## Connect to the App Configuration store 1. Navigate into the project's directory *TestAppConfig*, and run the following command to add a [Microsoft.Azure.AppConfiguration.AspNetCore](https://www.nuget.org/packages/Microsoft.Azure.AppConfiguration.AspNetCore) NuGet package reference:
dotnet new webapp --output TestAppConfig --framework netcoreapp3.1
1. Open *Program.cs* and add Azure App Configuration as an extra configuration source by calling the `AddAzureAppConfiguration` method.
- #### [.NET 6.x](#tab/core6x)
- ```csharp var builder = WebApplication.CreateBuilder(args);
dotnet new webapp --output TestAppConfig --framework netcoreapp3.1
// ... ... ```
- #### [.NET Core 3.x](#tab/core3x)
-
- Update the `CreateHostBuilder` method.
-
- ```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- {
- webBuilder.ConfigureAppConfiguration(config =>
- {
- // Retrieve the connection string
- IConfiguration settings = config.Build();
- string connectionString = settings.GetConnectionString("AppConfig");
-
- // Load configuration from Azure App Configuration
- config.AddAzureAppConfiguration(connectionString);
- });
-
- webBuilder.UseStartup<Startup>();
- });
- ```
-
-
- This code will connect to your App Configuration store using a connection string and load *all* key-values that have *no labels*. For more information on the App Configuration provider, see the [App Configuration provider API reference](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration). ## Read from the App Configuration store
In this example, you'll update a web page to display its content using the setti
1. Bind the `TestApp:Settings` section in configuration to the `Settings` object.
- #### [.NET 6.x](#tab/core6x)
- Update *Program.cs* with the following code and add the `TestAppConfig` namespace at the beginning of the file. ```csharp
In this example, you'll update a web page to display its content using the setti
// ... ... ```
- #### [.NET Core 3.x](#tab/core3x)
-
- Open *Startup.cs* and update the `ConfigureServices` method.
-
- ```csharp
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddRazorPages();
-
- // Bind configuration "TestApp:Settings" section to the Settings object
- services.Configure<Settings>(Configuration.GetSection("TestApp:Settings"));
- }
- ```
-
-
- 1. Open *Index.cshtml.cs* in the *Pages* directory, and update the `IndexModel` class with the following code. Add the `using Microsoft.Extensions.Options` namespace at the beginning of the file, if it's not already there. ```csharp
In this example, you'll update a web page to display its content using the setti
## Build and run the app locally
-1. To build the app using the .NET Core CLI, navigate to the root directory of your project. Run the following command in the command shell:
+1. To build the app using the .NET CLI, navigate to the root directory of your project. Run the following command in the command shell:
```dotnetcli dotnet build
azure-app-configuration Quickstart Azure Kubernetes Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-azure-kubernetes-service.md
ms.devlang: csharp Previously updated : 02/16/2024 Last updated : 02/20/2024 #Customer intent: As an Azure Kubernetes Service user, I want to manage all my app settings in one place using Azure App Configuration.
A ConfigMap can be consumed as environment variables or a mounted file. In this
* An App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md#create-an-app-configuration-store). * An Azure Container Registry. [Create a registry](/azure/aks/tutorial-kubernetes-prepare-acr#create-an-azure-container-registry). * An Azure Kubernetes Service (AKS) cluster that is granted permission to pull images from your Azure Container Registry. [Create an AKS cluster](/azure/aks/tutorial-kubernetes-deploy-cluster#create-a-kubernetes-cluster).
-* [.NET Core SDK](https://dotnet.microsoft.com/download)
+* [.NET SDK 6.0 or later](https://dotnet.microsoft.com/download)
* [Azure CLI](/cli/azure/install-azure-cli) * [Docker Desktop](https://www.docker.com/products/docker-desktop/) * [helm](https://helm.sh/docs/intro/install/)
In this section, you will create a simple ASP.NET Core web application running i
### Create an application
-1. Use the .NET Core command-line interface (CLI) and run the following command to create a new ASP.NET Core web app project in a new *MyWebApp* directory:
+1. Use the .NET command-line interface (CLI) and run the following command to create a new ASP.NET Core web app project in a new *MyWebApp* directory:
```dotnetcli dotnet new webapp --output MyWebApp --framework net6.0
In this section, you will create a simple ASP.NET Core web application running i
Now that you have an application running in AKS, you'll deploy the App Configuration Kubernetes Provider to your AKS cluster running as a Kubernetes controller. The provider retrieves data from your App Configuration store and creates a ConfigMap, which is consumable as a JSON file mounted in a data volume.
-### Setup the Azure App Configuration store
+### Set up the Azure App Configuration store
Add following key-values to the App Configuration store and leave **Label** and **Content Type** with their default values. For more information about how to add key-values to a store using the Azure portal or the CLI, go to [Create a key-value](./quickstart-azure-app-configuration-create.md#create-a-key-value).
Add following key-values to the App Configuration store and leave **Label** and
|Settings:FontColor|*Green*| |Settings:Message|*Hello from Azure App Configuration*|
-### Setup the App Configuration Kubernetes Provider
+### Set up the App Configuration Kubernetes Provider
1. Run the following command to get access credentials for your AKS cluster. Replace the value of the `name` and `resource-group` parameters with your AKS instance: ```console
azure-app-configuration Quickstart Dotnet Core App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-dotnet-core-app.md
ms.devlang: csharp Previously updated : 07/11/2023 Last updated : 02/20/2024 #Customer intent: As a .NET developer, I want to manage all my app settings in one place.
In this quickstart, you incorporate Azure App Configuration into a .NET console
- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/). - An App Configuration store. [Create a store](./quickstart-azure-app-configuration-create.md#create-an-app-configuration-store).-- [.NET SDK](https://dotnet.microsoft.com/download) - also available in the [Azure Cloud Shell](https://shell.azure.com).
+- [.NET SDK 6.0 or later](https://dotnet.microsoft.com/download) - also available in the [Azure Cloud Shell](https://shell.azure.com).
## Add a key-value
You use the [.NET command-line interface (CLI)](/dotnet/core/tools/) to create a
4. Use App Configuration by calling the `builder.AddAzureAppConfiguration()` method in the `Program.cs` file.
- ### [.NET 6.0+](#tab/core6x)
- ```csharp var builder = new ConfigurationBuilder(); builder.AddAzureAppConfiguration(Environment.GetEnvironmentVariable("ConnectionString"));
You use the [.NET command-line interface (CLI)](/dotnet/core/tools/) to create a
Console.WriteLine(config["TestApp:Settings:Message"] ?? "Hello world!"); ```
- ### [.NET Core 3.x](#tab/core3x)
-
- ```csharp
- static void Main(string[] args)
- {
- var builder = new ConfigurationBuilder();
- builder.AddAzureAppConfiguration(Environment.GetEnvironmentVariable("ConnectionString"));
-
- var config = builder.Build();
- Console.WriteLine(config["TestApp:Settings:Message"] ?? "Hello world!");
- }
- ```
-
-
- ## Build and run the app locally 1. Set an environment variable named **ConnectionString**, and set it to the access key to your App Configuration store. At the command line, run the following command:
azure-app-configuration Quickstart Feature Flag Aspnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-feature-flag-aspnet-core.md
ms.devlang: csharp Previously updated : 02/16/2024 Last updated : 02/20/2024 #Customer intent: As an ASP.NET Core developer, I want to use feature flags to control feature availability quickly and confidently.
Add a feature flag called *Beta* to the App Configuration store and leave **Labe
1. Open *Program.cs*, and add a call to the `UseFeatureFlags` method inside the `AddAzureAppConfiguration` call.
- #### [.NET 6.x](#tab/core6x)
```csharp // Load configuration from Azure App Configuration builder.Configuration.AddAzureAppConfiguration(options =>
Add a feature flag called *Beta* to the App Configuration store and leave **Labe
}); ```
- #### [.NET Core 3.x](#tab/core3x)
- ```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- {
- webBuilder.ConfigureAppConfiguration(config =>
- {
- //Retrieve the Connection String from the secrets manager
- IConfiguration settings = config.Build();
- string connectionString = settings.GetConnectionString("AppConfig");
-
- // Load configuration from Azure App Configuration
- config.AddAzureAppConfiguration(options =>
- {
- options.Connect(connectionString)
- // Load all keys that start with `TestApp:` and have no label
- .Select("TestApp:*", LabelFilter.Null)
- // Configure to reload configuration if the registered sentinel key is modified
- .ConfigureRefresh(refreshOptions =>
- refreshOptions.Register("TestApp:Settings:Sentinel", refreshAll: true));
-
- // Load all feature flags with no label
- options.UseFeatureFlags();
- });
- });
-
- webBuilder.UseStartup<Startup>();
- });
- ```
-
- > [!TIP] > When no parameter is passed to the `UseFeatureFlags` method, it loads *all* feature flags with *no label* in your App Configuration store. The default refresh expiration of feature flags is 30 seconds. You can customize this behavior via the `FeatureFlagOptions` parameter. For example, the following code snippet loads only feature flags that start with *TestApp:* in their *key name* and have the label *dev*. The code also changes the refresh expiration time to 5 minutes. Note that this refresh expiration time is separate from that for regular key-values. >
Add a feature flag called *Beta* to the App Configuration store and leave **Labe
1. Add feature management to the service collection of your app by calling `AddFeatureManagement`.
- #### [.NET 6.x](#tab/core6x)
Update *Program.cs* with the following code. ```csharp
Add a feature flag called *Beta* to the App Configuration store and leave **Labe
// ... ... ```
- #### [.NET Core 3.x](#tab/core3x)
- Open *Startup.cs*, and update the `ConfigureServices` method.
-
- ```csharp
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddRazorPages();
-
- // Add Azure App Configuration middleware to the container of services.
- services.AddAzureAppConfiguration();
-
- // Add feature management to the container of services.
- services.AddFeatureManagement();
-
- // Bind configuration "TestApp:Settings" section to the Settings object
- services.Configure<Settings>(Configuration.GetSection("TestApp:Settings"));
- }
- ```
-
- Add `using Microsoft.FeatureManagement;` at the top of the file if it's not present. > [!NOTE]
azure-app-configuration Cli Work With Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-work-with-keys.md
Title: Azure CLI Script Sample - Work with key-values in App Configuration Store
-description: Use Azure CLI script to create, view, update and delete key values from App Configuration store
+description: Use Azure CLI script to create, view, update and delete key-values from App Configuration store
azure-app-configuration Use Feature Flags Dotnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/use-feature-flags-dotnet-core.md
Title: Tutorial for using feature flags in a .NET app | Microsoft Docs
-description: In this tutorial, you learn how to implement feature flags in .NET Core apps.
+description: In this tutorial, you learn how to implement feature flags in .NET apps.
ms.devlang: csharp Previously updated : 07/11/2023 Last updated : 02/20/2024
-#Customer intent: I want to control feature availability in my app by using the .NET Core Feature Manager library.
+#Customer intent: I want to control feature availability in my app by using the .NET Feature Manager library.
# Tutorial: Use feature flags in an ASP.NET Core app
The .NET Feature Management libraries provide idiomatic support for implementing
The Feature Management libraries also manage feature flag lifecycles behind the scenes. For example, the libraries refresh and cache flag states, or guarantee a flag state to be immutable during a request call. In addition, the ASP.NET Core library offers out-of-the-box integrations, including MVC controller actions, views, routes, and middleware.
-The [Add feature flags to an ASP.NET Core app Quickstart](./quickstart-feature-flag-aspnet-core.md) shows a simple example of how to use feature flags in an ASP.NET Core application. This tutorial shows additional setup options and capabilities of the Feature Management libraries. You can use the sample app created in the quickstart to try out the sample code shown in this tutorial.
- For the ASP.NET Core feature management API reference documentation, see [Microsoft.FeatureManagement Namespace](/dotnet/api/microsoft.featuremanagement). In this tutorial, you will learn how to:
In this tutorial, you will learn how to:
> * Add feature flags in key parts of your application to control feature availability. > * Integrate with App Configuration when you're using it to manage feature flags.
+## Prerequisites
+
+The [Add feature flags to an ASP.NET Core app Quickstart](./quickstart-feature-flag-aspnet-core.md) shows a simple example of how to use feature flags in an ASP.NET Core application. This tutorial shows additional setup options and capabilities of the Feature Management libraries. You can use the sample app created in the quickstart to try out the sample code shown in this tutorial.
+ ## Set up feature management To access the .NET feature manager, your app must have references to the `Microsoft.Azure.AppConfiguration.AspNetCore` and `Microsoft.FeatureManagement.AspNetCore` NuGet packages. The .NET feature manager is configured from the framework's native configuration system. As a result, you can define your application's feature flag settings by using any configuration source that .NET supports, including the local `appsettings.json` file or environment variables.
-By default, the feature manager retrieves feature flag configuration from the `"FeatureManagement"` section of the .NET Core configuration data. To use the default configuration location, call the [AddFeatureManagement](/dotnet/api/microsoft.featuremanagement.servicecollectionextensions.addfeaturemanagement) method of the **IServiceCollection** passed into the **ConfigureServices** method of the **Startup** class.
-
-### [.NET 6.0+](#tab/core6x)
+By default, the feature manager retrieves feature flag configuration from the `"FeatureManagement"` section of the .NET configuration data. To use the default configuration location, call the [AddFeatureManagement](/dotnet/api/microsoft.featuremanagement.servicecollectionextensions.addfeaturemanagement) method of the **IServiceCollection** passed into the **ConfigureServices** method of the **Startup** class.
```csharp using Microsoft.FeatureManagement;
using Microsoft.FeatureManagement;
builder.Services.AddFeatureManagement(); ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-using Microsoft.FeatureManagement;
-
-public class Startup
-{
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddFeatureManagement();
- }
-}
-```
--- You can specify that feature management configuration should be retrieved from a different configuration section by calling [Configuration.GetSection](/dotnet/api/microsoft.web.administration.configuration.getsection) and passing in the name of the desired section. The following example tells the feature manager to read from a different section called `"MyFeatureFlags"` instead:
-### [.NET 6.0+](#tab/core6x)
```csharp using Microsoft.FeatureManagement;
using Microsoft.FeatureManagement;
builder.Services.AddFeatureManagement(Configuration.GetSection("MyFeatureFlags")); ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-using Microsoft.FeatureManagement;
-
-public class Startup
-{
- public void ConfigureServices(IServiceCollection services)
- {
- ...
- services.AddFeatureManagement(Configuration.GetSection("MyFeatureFlags"));
- }
-}
-```
--- If you use filters in your feature flags, you must include the [Microsoft.FeatureManagement.FeatureFilters](/dotnet/api/microsoft.featuremanagement.featurefilters) namespace and add a call to [AddFeatureFilter](/dotnet/api/microsoft.featuremanagement.ifeaturemanagementbuilder.addfeaturefilter) specifying the type name of the filter you want to use as the generic type of the method. For more information on using feature filters to dynamically enable and disable functionality, see [Enable staged rollout of features for targeted audiences](./howto-targetingfilter-aspnet-core.md). The following example shows how to use a built-in feature filter called `PercentageFilter`:
-### [.NET 6.0+](#tab/core6x)
```csharp using Microsoft.FeatureManagement;
builder.Services.AddFeatureManagement()
.AddFeatureFilter<PercentageFilter>(); ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-using Microsoft.FeatureManagement;
-using Microsoft.FeatureManagement.FeatureFilters;
-
-public class Startup
-{
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddFeatureManagement()
- .AddFeatureFilter<PercentageFilter>();
- }
-}
-```
---
-Rather than hard coding your feature flags into your application, we recommend that you keep feature flags outside the application and manage them separately. Doing so allows you to modify flag states at any time and have those changes take effect in the application right away. The Azure App Configuration service provides a dedicated portal UI for managing all of your feature flags. The Azure App Configuration service also delivers the feature flags to your application directly through its .NET Core client libraries.
+Rather than hard coding your feature flags into your application, we recommend that you keep feature flags outside the application and manage them separately. Doing so allows you to modify flag states at any time and have those changes take effect in the application right away. The Azure App Configuration service provides a dedicated portal UI for managing all of your feature flags. The Azure App Configuration service also delivers the feature flags to your application directly through its .NET client libraries.
The easiest way to connect your ASP.NET Core application to App Configuration is through the configuration provider included in the `Microsoft.Azure.AppConfiguration.AspNetCore` NuGet package. After including a reference to the package, follow these steps to use this NuGet package. 1. Open *Program.cs* file and add the following code.-
- ### [.NET 6.0+](#tab/core6x)
```csharp using Microsoft.Extensions.Configuration.AzureAppConfiguration;
The easiest way to connect your ASP.NET Core application to App Configuration is
.UseFeatureFlags()); ```
- ### [.NET Core 3.x](#tab/core3x)
-
- ```csharp
- using Microsoft.Extensions.Configuration.AzureAppConfiguration;
-
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- webBuilder.ConfigureAppConfiguration(config =>
- {
- var settings = config.Build();
- config.AddAzureAppConfiguration(options =>
- options.Connect(settings["ConnectionStrings:AppConfig"]).UseFeatureFlags());
- }).UseStartup<Startup>());
- ```
-
- 2. Update the middleware and service configurations for your app using the following code.
- ### [.NET 6.0+](#tab/core6x)
- Inside the `program.cs` class, register the Azure App Configuration services and middleware on the `builder` and `app` objects: ```csharp
The easiest way to connect your ASP.NET Core application to App Configuration is
app.UseAzureAppConfiguration(); ```-
- ### [.NET Core 3.x](#tab/core3x)
-
- Open `Startup.cs` and update the `Configure` and `ConfigureServices` method to add the built-in middleware called `UseAzureAppConfiguration`. This middleware allows the feature flag values to be refreshed at a recurring interval while the ASP.NET Core web app continues to receive requests.
-
- ```csharp
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- app.UseAzureAppConfiguration();
- }
- ```
-
- ```csharp
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddAzureAppConfiguration();
- }
- ```
-
-
In a typical scenario, you will update your feature flag values periodically as you deploy and enable and different features of your application. By default, the feature flag values are cached for a period of 30 seconds, so a refresh operation triggered when the middleware receives a request would not update the value until the cached value expires. The following code shows how to change the cache expiration time or polling interval to 5 minutes by setting the [CacheExpirationInterval](/dotnet/api/microsoft.extensions.configuration.azureappconfiguration.featuremanagement.featureflagoptions.cacheexpirationinterval) in the call to **UseFeatureFlags**.
-### [.NET 6.0+](#tab/core6x)
- ```csharp config.AddAzureAppConfiguration(options => options.Connect(
config.AddAzureAppConfiguration(options =>
})); ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-config.AddAzureAppConfiguration(options =>
- options.Connect(settings["ConnectionStrings:AppConfig"]).UseFeatureFlags(featureFlagOptions => {
- featureFlagOptions.CacheExpirationInterval = TimeSpan.FromMinutes(5);
- }));
-```
--- ## Feature flag declaration Each feature flag declaration has two parts: a name, and a list of one or more filters that are used to evaluate if a feature's state is *on* (that is, when its value is `True`). A filter defines a criterion for when a feature should be turned on.
By convention, the `FeatureManagement` section of this JSON document is used for
## Use dependency injection to access IFeatureManager For some operations, such as manually checking feature flag values, you need to get an instance of [IFeatureManager](/dotnet/api/microsoft.featuremanagement.ifeaturemanager). In ASP.NET Core MVC, you can access the feature manager `IFeatureManager` through dependency injection. In the following example, an argument of type `IFeatureManager` is added to the signature of the constructor for a controller. The runtime automatically resolves the reference and provides an implementation of the interface when calling the constructor. If you're using an application template in which the controller already has one or more dependency injection arguments in the constructor, such as `ILogger`, you can just add `IFeatureManager` as an additional argument:-
-### [.NET 6.0+](#tab/core6x)
```csharp using Microsoft.FeatureManagement;
public class HomeController : Controller
} ```
-### [.NET Core 3.x](#tab/core3x)
-
-```csharp
-using Microsoft.FeatureManagement;
-
-public class HomeController : Controller
-{
- private readonly IFeatureManager _featureManager;
-
- public HomeController(ILogger<HomeController> logger, IFeatureManager featureManager)
- {
- _featureManager = featureManager;
- }
-}
-```
--- ## Feature flag references Define feature flags as string variables in order to reference them from code:
azure-app-configuration Use Key Vault References Dotnet Core https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/use-key-vault-references-dotnet-core.md
ms.devlang: csharp Previously updated : 07/11/2023 Last updated : 02/20/2024 #Customer intent: I want to update my ASP.NET Core application to reference values stored in Key Vault through App Configuration.
In this tutorial, you learn how to:
## Prerequisites
-Before you start this tutorial, install the [.NET SDK](https://dotnet.microsoft.com/download).
+Before you start this tutorial, install the [.NET SDK 6.0 or later](https://dotnet.microsoft.com/download).
[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
To add a secret to the vault, you need to take just a few additional steps. In t
1. Update the `CreateWebHostBuilder` method to use App Configuration by calling the `config.AddAzureAppConfiguration` method. Include the `ConfigureKeyVault` option, and pass the correct credential to your Key Vault using the `SetCredential` method. If you have multiple Key Vaults, the same credential will be used for all of them. If your Key Vaults require different credentials, you can set them using `Register` or `SetSecretResolver` methods from the [`AzureAppConfigurationKeyVaultOptions`](/dotnet/api/microsoft.extensions.configuration.azureappconfiguration.azureappconfigurationkeyvaultoptions) class.
- #### [.NET 6.0+](#tab/core6x)
- ```csharp var builder = WebApplication.CreateBuilder(args);
To add a secret to the vault, you need to take just a few additional steps. In t
}); ```
- #### [.NET Core 3.x](#tab/core3x)
-
- ```csharp
- public static IHostBuilder CreateHostBuilder(string[] args) =>
- Host.CreateDefaultBuilder(args)
- .ConfigureWebHostDefaults(webBuilder =>
- webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
- {
- var settings = config.Build();
-
- config.AddAzureAppConfiguration(options =>
- {
- options.Connect(settings["ConnectionStrings:AppConfig"])
- .ConfigureKeyVault(kv =>
- {
- kv.SetCredential(new DefaultAzureCredential());
- });
- });
- })
- .UseStartup<Startup>());
- ```
-
- 1. When you initialized the connection to App Configuration, you set up the connection to Key Vault by calling the `ConfigureKeyVault` method. After the initialization, you can access the values of Key Vault references in the same way you access the values of regular App Configuration keys. To see this process in action, open *Index.cshtml* in the **Views** > **Home** folder. Replace its contents with the following code:
azure-maps Quick Ios App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/quick-ios-app.md
In this quickstart, you created your Azure Maps account and created a demo appli
[Add a polygon layer to the map in the iOS SDK]: add-polygon-layer-map-ios.md [Add a polygon layer]: add-polygon-layer-map-ios.md [Add a symbol layer]: add-symbol-layer-ios.md
-[Azure Active Directory authentication]: azure-maps-authentication.md#azure-ad-authentication
[Azure Maps account]: quick-demo-map-app.md#create-an-azure-maps-account [Azure portal]: https://portal.azure.com [Change map styles in iOS maps]: set-map-style-ios-sdk.md [Creating an Xcode Project for an App]: https://developer.apple.com/documentation/xcode/creating-an-xcode-project-for-an-app [free account]: https://azure.microsoft.com/free/ [manage authentication in Azure Maps]: how-to-manage-authentication.md
-[Microsoft Entra ID]: /entra/fundamentals/whatis
+[Microsoft Entra authentication]: azure-maps-authentication.md#microsoft-entra-authentication
[Shared Key authentication]: azure-maps-authentication.md#shared-key-authentication [subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account [ΓÇÄXcode]: https://apps.apple.com/cz/app/xcode/id497799835?mt=12
azure-monitor Convert Classic Resource https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/convert-classic-resource.md
The structure of a Log Analytics workspace is described in [Log Analytics worksp
| traces | AppTraces | Detailed logs (traces) emitted through application code/logging frameworks recorded via `TrackTrace()`. | > [!CAUTION]
-> Don't take a production dependency on the Log Analytics tables until you see new telemetry records show up directly in Log Analytics. It might take up to 24 hours after the migration process started for records to appear.
+> Wait for new telemetry in Log Analytics before relying on it. After starting the migration, telemetry first goes to Classic Application Insights. Aim to switch to Log Analytics within 24 hours, avoiding data loss or double writing. Once done, Log Analytics solely captures new telemetry.
### Table schemas
azure-monitor Container Insights Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-troubleshoot.md
To diagnose the problem if you can't view status information or no results are r
`kubectl get ds ama-logs --namespace=kube-system`
- The output should resemble the following example, which indicates that it was deployed properly:
+ The number of pods should be equal to the number of Linux nodes on the cluster. The output should resemble the following example, which indicates that it was deployed properly:
``` User@aksuser:~$ kubectl get ds ama-logs --namespace=kube-system
- NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
- ama-logs 2 2 2 2 2 beta.kubernetes.io/os=linux 1d
+ NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
+ ama-logs 2 2 2 2 2 <none> 1d
``` 1. If you have Windows Server nodes, check the status of the agent by running the following command:
- `kubectl get ds omsagent-win --namespace=kube-system`
+ `kubectl get ds ama-logs-windows --namespace=kube-system`
- The output should resemble the following example, which indicates that it was deployed properly:
+ The number of pods should be equal to the number of Windows nodes on the cluster. The output should resemble the following example, which indicates that it was deployed properly:
``` User@aksuser:~$ kubectl get ds ama-logs-windows --namespace=kube-system
- NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
- ama-logs-windows 2 2 2 2 2 beta.kubernetes.io/os=windows 1d
+ NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
+ ama-logs-windows 2 2 2 2 2 <none> 1d
```
-1. Check the deployment status with agent version **06072018** or later by using the following command:
+1. Check the deployment status by using the following command:
- `kubectl get deployment ama-logs-rs -n=kube-system`
+ `kubectl get deployment ama-logs-rs --namespace=kube-system`
The output should resemble the following example, which indicates that it was deployed properly: ```
- User@aksuser:~$ kubectl get deployment omsagent-rs -n=kube-system
- NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
- ama-logs 1 1 1 1 3h
+ User@aksuser:~$ kubectl get deployment ama-logs-rs --namespace=kube-system
+ NAME READY UP-TO-DATE AVAILABLE AGE
+ ama-logs-rs 1/1 1 1 24d
``` 1. Check the status of the pod to verify that it's running by using the command `kubectl get pods --namespace=kube-system`.
- The output should resemble the following example with a status of `Running` for the omsagent:
+ The output should resemble the following example with a status of `Running` for ama-logs:
``` User@aksuser:~$ kubectl get pods --namespace=kube-system
To diagnose the problem if you can't view status information or no results are r
azure-vote-front-3826909965-30n62 1/1 Running 0 22d ama-logs-484hw 1/1 Running 0 1d ama-logs-fkq7g 1/1 Running 0 1d
- ama-logs-windows-6drwq 1/1 Running 0 1d
+ ama-logs-windows-6drwq 1/1 Running 0 1d
``` 1. If the pods are in a running state, but there is no data in Log Analytics or data appears to only send during a certain part of the day, it might be an indication that the daily cap has been met. When this limit is met each day, data stops ingesting into the Log Analytics Workspace and resets at the reset time. For more information, see [Log Analytics Daily Cap](../../azure-monitor/logs/daily-cap.md#determine-your-daily-cap).
azure-monitor Kubernetes Monitoring Enable https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/kubernetes-monitoring-enable.md
The number of pods should be equal to the number of Linux nodes on the cluster.
```output User@aksuser:~$ kubectl get ds ama-logs --namespace=kube-system
-NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
-ama-logs 2 2 2 2 2 beta.kubernetes.io/os=linux 1d
+NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
+ama-logs 2 2 2 2 2 <none> 1d
``` **Verify that Windows nodes were deployed properly** ```
-kubectl get ds ama-metrics-win-node --namespace=kube-system
+kubectl get ds ama-logs-windows --namespace=kube-system
``` The number of pods should be equal to the number of Windows nodes on the cluster. The output should resemble the following example: ```output User@aksuser:~$ kubectl get ds ama-logs-windows --namespace=kube-system
-NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
-ama-logs-windows 2 2 2 2 2 beta.kubernetes.io/os=windows 1d
+NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
+ama-logs-windows 2 2 2 2 2 <none> 1d
``` **Verify deployment of the Container insights solution** ```
-kubectl get deployment ama-logs-rs -n=kube-system
+kubectl get deployment ama-logs-rs --namespace=kube-system
``` The output should resemble the following example: ```output
-User@aksuser:~$ kubectl get deployment ama-logs-rs -n=kube-system
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-ama-logs-rs 1 1 1 1 3h
+User@aksuser:~$ kubectl get deployment ama-logs-rs --namespace=kube-system
+NAME READY UP-TO-DATE AVAILABLE AGE
+ama-logs-rs 1/1 1 1 24d
``` **View configuration with CLI**
azure-monitor Data Sources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/data-sources.md
Title: Sources of data in Azure Monitor
-description: Describes the data available to monitor the health and performance of your Azure resources and the applications running on them.
+ Title: Sources of monitoring data for Azure Monitor and their data collection methods
+description: Describes the different types of data that can be collected in Azure Monitor and the method of data collection for each.
Previously updated : 11/17/2022 Last updated : 02/23/2024
-# Sources of monitoring data for Azure Monitor
+# Sources of monitoring data for Azure Monitor and their data collection methods
-Azure Monitor is based on a [common monitoring data platform](data-platform.md) that includes
-- [Metrics](essentials/data-platform-metrics.md)-- [Logs](logs/data-platform-logs.md)-- [Traces](app/asp-net-trace-logs.md) -- [Changes](change/change-analysis.md)
+Azure Monitor is based on a [common monitoring data platform](data-platform.md) that allows different types of data from multiple types of resources to be analyzed together using a common set of tools. This article describes common sources of monitoring data collected by Azure Monitor and their data collection methods. Use this article as a starting point to understand the option for collecting different types of data being generated in your environment.
-This platform allows data from multiple resources to be analyzed together using a common set of tools in Azure Monitor. Monitoring data may also be sent to other locations to support certain scenarios, and some resources may write to other locations before they can be collected into Logs or Metrics.
-
-This article describes common sources of monitoring data collected by Azure Monitor in addition to the monitoring data created by Azure resources. Links are provided to detailed information on configuration required to collect this data to different locations.
-
-Some of these data sources use the [new data ingestion pipeline](essentials/data-collection.md) in Azure Monitor. This article will be updated as other data sources transition to this new data collection method.
-
-> [!NOTE]
-> Access to data in the Log Analytics Workspaces is governed as outline [here](logs/manage-access.md).
->
-
-## Application tiers
-
-Sources of monitoring data from Azure applications can be organized into tiers, the highest tiers being your application itself and the lower tiers being components of Azure platform. The method of accessing data from each tier varies. The application tiers are summarized in the table below, and the sources of monitoring data in each tier are presented in the following sections.
:::image type="content" source="media/overview/overview-simple-20230707-opt.svg" alt-text="Diagram that shows an overview of Azure Monitor with data sources on the left sending data to a central data platform and features of Azure Monitor on the right that use the collected data." border="false" lightbox="media/overview/overview-blowout-20230707-opt.svg":::
-### Azure
-
-The following table briefly describes the application tiers that are specific to Azure. Following the link for further details on each in the sections below.
-
-| Tier | Description | Collection method |
-|:|:|:|
-| [Azure Tenant](#azure-tenant) | Data about the operation of tenant-level Azure services, such as Microsoft Entra ID. | View Microsoft Entra data in portal or configure collection to Azure Monitor using a tenant diagnostic setting. |
-| [Azure subscription](#azure-subscription) | Data related to the health and management of cross-resource services in your Azure subscription such as Resource Manager and Service Health. | View in portal or configure collection to Azure Monitor using a log profile. |
-| [Azure resources](#azure-resources) | Data about the operation and performance of each Azure resource. | Metrics collected automatically, view in Metrics Explorer.<br>Configure diagnostic settings to collect logs in Azure Monitor.<br>Monitoring solutions and Insights available for more detailed monitoring for specific resource types. |
-
-### Azure, other cloud, or on-premises
-The following table briefly describes the application tiers that may be in Azure, another cloud, or on-premises. Following the link for further details on each in the sections below.
-
-| Tier | Description | Collection method |
-|:|:|:|
-| [Operating system (guest)](#operating-system-guest) | Data about the operating system on compute resources. | Install Azure Monitor agent on virtual machines, scale sets and Arc-enabled servers to collect logs and metrics into Azure Monitor. |
-| [Application Code](#application-code) | Data about the performance and functionality of the actual application and code, including performance traces, application logs, and user telemetry. | Instrument your code to collect data into Application Insights. |
-| [Custom sources](#custom-sources) | Data from external services or other components or devices. | Collect log or metrics data into Azure Monitor from any REST client. |
-
-## Azure tenant
-Telemetry related to your Azure tenant is collected from tenant-wide services such as Microsoft Entra ID.
---
-<a name='azure-active-directory-audit-logs'></a>
-
-### Microsoft Entra audit logs
-[Microsoft Entra ID reporting](../active-directory/reports-monitoring/overview-reports.md) contains the history of sign-in activity and audit trail of changes made within a particular tenant.
-
-| Destination | Description | Reference |
-|:|:|:|
-| Azure Monitor Logs | Configure Microsoft Entra logs to be collected in Azure Monitor to analyze them with other monitoring data. | [Integrate Microsoft Entra logs with Azure Monitor logs](../active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md) |
-| Azure Storage | Export Microsoft Entra logs to Azure Storage for archiving. | [Tutorial: Archive Microsoft Entra logs to an Azure storage account](../active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account.md) |
-| Event Hubs | Stream Microsoft Entra logs to other locations using Event Hubs. | [Tutorial: Stream Microsoft Entra logs to an Azure event hub](../active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md). |
-
-## Azure subscription
-Telemetry related to the health and operation of your Azure subscription.
--
-### Azure Activity log
-The [Azure Activity log](essentials/platform-logs-overview.md) includes service health records along with records on any configuration changes made to the resources in your Azure subscription. The Activity log is available to all Azure resources and represents their _external_ view.
-
-| Destination | Description | Reference |
-|:|:|:|
-| Activity log | The Activity log is collected into its own data store that you can view from the Azure Monitor menu or use to create Activity log alerts. |[Query the Activity log with the Azure portal](essentials/activity-log.md#view-the-activity-log) |
-| Azure Monitor Logs | Configure Azure Monitor Logs to collect the Activity log to analyze it with other monitoring data. | [Collect and analyze Azure activity logs in Log Analytics workspace in Azure Monitor](essentials/activity-log.md) |
-| Azure Storage | Export the Activity log to Azure Storage for archiving. | [Archive Activity log](essentials/resource-logs.md#send-to-azure-storage) |
-| Event Hubs | Stream the Activity log to other locations using Event Hubs | [Stream Activity log to Event Hubs](essentials/resource-logs.md#send-to-azure-event-hubs). |
-
-### Azure Service Health
-[Azure Service Health](../service-health/service-health-overview.md) provides information about the health of the Azure services in your subscription that your application and resources rely on.
-
-| Destination | Description | Reference |
-|:|:|:|
-| Activity log<br>Azure Monitor Logs | Service Health records are stored in the Azure Activity log, so you can view them in the Azure portal or perform any other activities you can perform with the Activity log. | [View service health notifications by using the Azure portal](../service-health/service-notifications.md) |
-
-### Azure Monitor Change Analysis
-
-[Change Analysis](./change/change-analysis.md) provides insights into your Azure application changes, increases observability, and reduces mean time to repair.
-
-| Destination | Description | Reference |
-| -- | -- | |
-| Azure Resource Manager control plane changes | Change Analysis provides a historical record of how the Azure resources that host your application have changed over time, using Azure Resource Graph | [Resources | Get Changes](../governance/resource-graph/how-to/get-resource-changes.md) |
-| Resource configurations and settings changes | Change Analysis securely queries and computes IP Configuration rules, TLS settings, and extension versions to provide more change details in the app. | [Azure Resource Manager configuration changes](./change/change-analysis.md#azure-resource-manager-resource-properties-changes) |
-| Web app in-guest changes | Every 30 minutes, Change Analysis captures the deployment and configuration state of an application. | [Diagnose and solve problems tool for Web App](./change/change-analysis-visualizations.md#diagnose-and-solve-problems-tool-for-web-app) |
+> [!IMPORTANT]
+> There is a cost for collecting and retaining most types of data in Azure Monitor. To minimize your cost, ensure that you don't collect any more data than you require and that your environment is configured to optimize your costs. See [Cost optimization in Azure Monitor](best-practices-cost.md) for a summary of recommendations.
## Azure resources
-Metrics and resource logs provide information about the _internal_ operation of Azure resources. These are available for most Azure services, and monitoring solutions and insights collect additional data for particular services.
+Most resources in Azure generate the monitoring data described in the following table. Some services will also have additional data that can be collected by enabling other features of Azure Monitor (described in other sections in this article). Regardless of the services that you're monitoring though, you should start by understanding and configuring collection of this data.
+Create diagnostic settings for each of the following data types can be sent to a Log Analytics workspace, archived to a storage account, or streamed to an event hub to send it to services outside of Azure. See [Create diagnostic settings in Azure Monitor](essentials/create-diagnostic-settings.md).
-
-### Platform metrics
-Most Azure services will send [platform metrics](essentials/data-platform-metrics.md) that reflect their performance and operation directly to the metrics database. The specific [metrics will vary for each type of resource](essentials/metrics-supported.md).
-
-| Destination | Description | Reference |
+| Data type | Description | Data collection method |
|:|:|:|
-| Azure Monitor Metrics | Platform metrics will write to the Azure Monitor metrics database with no configuration. Access platform metrics from Metrics Explorer. | [Analyze metrics with Azure Monitor metrics explorer](essentials/analyze-metrics.md) <br>[Supported metrics with Azure Monitor](essentials/metrics-supported.md) |
-| Azure Monitor Logs | Copy platform metrics to Logs for trending and other analysis using Log Analytics. | [Azure diagnostics direct to Log Analytics](essentials/resource-logs.md#send-to-log-analytics-workspace) |
-| Azure Monitor Change Analysis | Change Analysis detects various types of changes, from the infrastructure layer through application deployment. | [Use Change Analysis in Azure Monitor](./change/change-analysis.md) |
-| Event Hubs | Stream metrics to other locations using Event Hubs. |[Stream Azure monitoring data to an event hub for consumption by an external tool](essentials/stream-monitoring-data-event-hubs.md) |
+| Activity log | The Activity log provides insight into subscription-level events for Azure services including service health records and configuration changes. | Collected automatically. View in the Azure portal or create a diagnostic setting to send it to other destinations. Can be collected in Log Analytics workspace at no charge. See [Azure Monitor activity log](essentials/activity-log.md). |
+| Platform metrics | Platform metrics are numerical values that are automatically collected at regular intervals for different aspects of a resource. The specific metrics will vary for each type of resource. | Collected automatically and stored in [Azure Monitor Metrics](./essentials/data-platform-metrics.md). View in metrics explorer or create a diagnostic setting to send it to other destinations. See [Azure Monitor Metrics overview](essentials/data-platform-metrics.md) and [Supported metrics with Azure Monitor](/azure/azure-monitor/reference/supported-metrics/metrics-index) for a list of metrics for different services. |
+| Resource logs | Provide insight into operations that were performed within an Azure resource. The content of resource logs varies by the Azure service and resource type. | You must create a diagnostic setting to collect resources logs. See [Azure resource logs](essentials/resource-logs.md) and [Supported services, schemas, and categories for Azure resource logs](essentials/resource-logs-schema.md) for details on each service. |
-### Resource logs
-[Resource logs](essentials/platform-logs-overview.md) provide insights into the _internal_ operation of an Azure resource. Resource logs are created automatically, but you must create a diagnostic setting to specify a destination for them to be collected for each resource.
-The configuration requirements and content of resource logs vary by resource type, and not all services yet create them. See [Supported services, schemas, and categories for Azure resource logs](essentials/resource-logs-schema.md) for details on each service and links to detailed configuration procedures. If the service isn't listed in this article, then that service doesn't currently create resource logs.
+## Microsoft Entra ID
+Activity logs in Microsoft Entra ID are similar to the activity logs in Azure Monitor and can also use a diagnostic setting to be sent to a Log Analytics workspace, archived to a storage account, or streamed to an event hub to send it to services outside of Azure. See [Configure Microsoft Entra diagnostic settings for activity logs](/entra/identity/monitoring-health/howto-configure-diagnostic-settings).
-| Destination | Description | Reference |
+| Data type | Description | Data collection method |
|:|:|:|
-| Azure Monitor Logs | Send resource logs to Azure Monitor Logs for analysis with other collected log data. | [Collect Azure resource logs in Log Analytics workspace in Azure Monitor](essentials/resource-logs.md#send-to-log-analytics-workspace) |
-| Storage | Send resource logs to Azure Storage for archiving. | [Archive Azure resource logs](essentials/resource-logs.md#send-to-azure-storage) |
-| Event Hubs | Stream resource logs to other locations using Event Hubs. |[Stream Azure resource logs to an event hub](essentials/resource-logs.md#send-to-azure-event-hubs) |
-
-## Operating system (guest)
-Compute resources in Azure, in other clouds, and on-premises have a guest operating system to monitor. With the installation of an agent, you can gather telemetry from the guest into Azure Monitor to analyze it with the same monitoring tools as the Azure services themselves.
-
+| Activity logs | Enable you to assess many aspects of your Microsoft Entra ID environment, including history of sign-in activity, audit trail of changes made within a particular tenant, and activities performed by the provisioning service. | Collected automatically. View in the Azure portal or create a diagnostic setting to send it to other destinations. |
+## Virtual machines
+Azure virtual machines create the same activity logs and platform metrics as other Azure resources. In addition to this host data though, you need to monitor the guest operating system and the workloads running on it, which requires the [Azure Monitor agent](./agents/agents-overview.md) or [SCOM Managed Instance](./vm/scom-managed-instance-overview.md). The following table includes the most common data to collect from VMs. See [Monitor virtual machines with Azure Monitor: Collect data](./vm/monitor-virtual-machine-data-collection.md) for a more complete description of the different kinds of data you can collect from virtual machines.
-### Azure Monitor agent
-[Install the Azure Monitor agent](agents/azure-monitor-agent-manage.md) for comprehensive monitoring and management of your Windows or Linux virtual machines, scale sets and Arc-enabled servers. The Azure Monitor agent replaces the Log Analytics agent and Azure diagnostic extension.
-
-| Destination | Description | Reference |
+| Data type | Description | Data collection method |
|:|:|:|
-| Azure Monitor Logs | The Azure Monitor agent allows you to collect logs from data sources that you configure using [data collection rules](agents/data-collection-rule-azure-monitor-agent.md) or from monitoring solutions that provide additional insights into applications running on the machine. These can be sent to one or more Log Analytics workspaces. | [Data sources and destinations](agents/azure-monitor-agent-overview.md#data-sources-and-destinations) |
-| Azure Monitor Metrics (preview) | The Azure Monitor agent allows you to collect performance counters and send them to Azure Monitor metrics database | [Data sources and destinations](agents/azure-monitor-agent-overview.md#data-sources-and-destinations) |
--
-### Log Analytics agent
-[Install the Log Analytics agent](agents/log-analytics-agent.md) for comprehensive monitoring and management of your Windows or Linux virtual machines. The virtual machine can be running in Azure, another cloud, or on-premises. The Log Analytics agent is still supported but has been replaced by the Azure Monitor agent.
-
-| Destination | Description | Reference |
+| Windows Events | Logs for the client operating system and different applications on Windows VMs. | Deploy the Azure Monitor agent (AMA) and create a data collection rule (DCR) to send data to Log Analytics workspace. See [Collect events and performance counters from virtual machines with Azure Monitor Agent](./agents/data-collection-rule-azure-monitor-agent.md). |
+| Syslog | Logs for the client operating system and different applications on Linux VMs. | Deploy the Azure Monitor agent (AMA) and create a data collection rule (DCR) to send data to Log Analytics workspace. See [Collect Syslog events with Azure Monitor Agent](./agents/data-collection-syslog.md). To use the VM as a Syslog forwarder, see [Tutorial: Forward Syslog data to a Log Analytics workspace with Microsoft Sentinel by using Azure Monitor Agent](../sentinel/forward-syslog-monitor-agent.md) |
+| Client Performance data | Performance counter values for the operating system and applications running on the virtual machine. | Deploy the Azure Monitor agent (AMA) and create a data collection rule (DCR) to send data to Azure Monitor Metrics and/or Log Analytics workspace. See [Collect events and performance counters from virtual machines with Azure Monitor Agent](./agents/data-collection-rule-azure-monitor-agent.md).<br><br>Enable VM insights to send predefined aggregated performance data to Log Analytics workspace. See [Enable VM Insights overview](./vm/vminsights-enable-overview.md) for installation options. |
+| Processes and dependencies | Details about processes running on the machine and their dependencies on other machines and external services. Enables the [map feature in VM insights](vm/vminsights-maps.md). | Enable VM insights on the machine with the *processes and dependencies* option. See [Enable VM Insights overview](./vm/vminsights-enable-overview.md) for installation options. |
+| Text logs | Application logs written to a text file. | Deploy the Azure Monitor agent (AMA) and create a data collection rule (DCR) to send data to Log Analytics workspace. See [Collect logs from a text or JSON file with Azure Monitor Agent](./agents/data-collection-text-log.md). |
+| IIS logs | Logs created by Internet Information Service (IIS)\. | Deploy the Azure Monitor agent (AMA) and create a data collection rule (DCR) to send data to Log Analytics workspace. See [Collect IIS logs with Azure Monitor Agent](./agents/data-collection-iis.md). |
+| SNMP traps | Widely deployed management protocol for monitoring and configuring Linux devices and appliances. | See [Collect SNMP trap data with Azure Monitor Agent](./agents/data-collection-snmp-data.md). |
+| Management pack data | If you have an existing investment in SCOM, you can migrate to the cloud while retaining your investment in existing management packs using [SCOM MI](./vm/scom-managed-instance-overview.md). | SCOM MI stores data collected by management packs in an instance of SQL MI. See [Configure Log Analytics for Azure Monitor SCOM Managed Instance](/system-center/scom/configure-log-analytics-for-scom-managed-instance) to send this data to a Log Analytics workspace. |
+
+## Kubernetes cluster
+Azure Kubernetes Service (AKS) clusters create the same activity logs and platform metrics as other Azure resources. In addition to this host data though, they generate a common set of cluster logs and metrics that you can collect from your AKS clusters and Arc-enabled Kubernetes clusters.
+
+| Data type | Description | Data collection method |
|:|:|:|
-| Azure Monitor Logs | The Log Analytics agent connects to Azure Monitor either directly or through System Center Operations Manager and allows you to collect data from data sources that you configure or from monitoring solutions that provide additional insights into applications running on the virtual machine. | [Agent data sources in Azure Monitor](agents/agent-data-sources.md)<br>[Connect Operations Manager to Azure Monitor](agents/om-agents.md) |
+| Cluster Metrics | Usage and performance data for the cluster, nodes, deployments, and workloads. | Enable managed Prometheus for the cluster to send cluster metrics to an [Azure Monitor workspace](./essentials/azure-monitor-workspace-overview.md). See [Enable Prometheus and Grafana](./containers/kubernetes-monitoring-enable.md#enable-prometheus-and-grafana) for onboarding and [Default Prometheus metrics configuration in Azure Monitor](containers/prometheus-metrics-scrape-default.md) for a list of metrics that are collected by default. |
+| Logs | Standard Kubernetes logs including events for the cluster, nodes, deployments, and workloads. | Enable Container insights for the cluster to send container logs to a Log Analytics workspace. See [Enable Container insights](./containers/kubernetes-monitoring-enable.md#enable-container-insights) for onboarding and [Configure data collection in Container insights using data collection rule](./containers/container-insights-data-collection-dcr.md) to configure which logs will be collected. |
-### Azure diagnostic extension
-Enabling the Azure diagnostics extension for Azure Virtual machines allows you to collect logs and metrics from the guest operating system of Azure compute resources including Azure Cloud Service (classic) Web and Worker Roles, Virtual Machines, Virtual Machine Scale Sets, and Service Fabric.
-| Destination | Description | Reference |
-|:|:|:|
-| Storage | Azure diagnostics extension always writes to an Azure Storage account. | [Install and configure Azure diagnostics extension (WAD)](agents/diagnostics-extension-windows-install.md)<br>[Use Linux Diagnostic Extension to monitor metrics and logs](../virtual-machines/extensions/diagnostics-linux.md) |
-| Azure Monitor Metrics (preview) | When you configure the Diagnostics Extension to collect performance counters, they are written to the Azure Monitor metrics database. | [Send Guest OS metrics to the Azure Monitor metric store using a Resource Manager template for a Windows virtual machine](essentials/collect-custom-metrics-guestos-resource-manager-vm.md) |
-| Event Hubs | Configure the Diagnostics Extension to stream the data to other locations using Event Hubs. | [Streaming Azure Diagnostics data by using Event Hubs](agents/diagnostics-extension-stream-event-hubs.md)<br>[Use Linux Diagnostic Extension to monitor metrics and logs](../virtual-machines/extensions/diagnostics-linux.md) |
-| Application Insights Logs | Collect logs and performance counters from the compute resource supporting your application to be analyzed with other application data. | [Send Cloud Service, Virtual Machine, or Service Fabric diagnostic data to Application Insights](agents/diagnostics-extension-to-application-insights.md) |
+## Application
+Application monitoring in Azure Monitor is done with [Application Insights](/azure/application-insights/), which collects data from applications running on various platforms in Azure, another cloud, or on-premises. When you enable Application Insights for an application, it collects metrics and logs related to the performance and operation of the application and stores it in the same Azure Monitor data platform used by other data sources.
+See [Application Insights overview](./app/app-insights-overview.md) for further details about the data that Application insights collected and links to articles on onboarding your application.
-### VM insights
-[VM insights](vm/vminsights-overview.md) provides a customized monitoring experience for virtual machines providing features beyond core Azure Monitor functionality. It requires a Dependency Agent on Windows and Linux virtual machines that integrates with the Log Analytics agent to collect discovered data about processes running on the virtual machine and external process dependencies.
-| Destination | Description | Reference |
+| Data type | Description | Data collection method |
|:|:|:|
-| Azure Monitor Logs | Stores data about processes and dependencies on the agent. | [Using VM insights Map to understand application components](vm/vminsights-maps.md) |
---
-## Application Code
-Detailed application monitoring in Azure Monitor is done with [Application Insights](/azure/application-insights/), which collects data from applications running on various platforms. The application can be running in Azure, another cloud, or on-premises.
---
+| Logs | Operational data about your application including page views, application requests, exceptions, and traces. Also includes dependency information between application components to support Application Map and telemetry correlation. | Application logs are stored in a Log Analytics workspace that you select as part of the onboarding process. |
+| Metrics | Numeric data measuring the performance of your application and user requests measured over intervals of time. | Metric data is stored in both Azure Monitor Metrics and the Log Analytics workspace. |
+| Traces | Traces are a series of related events tracking end-to-end requests through the components of your application. | Traces are stored in the Log Analytics workspace for the app. |
-### Application data
-When you enable Application Insights for an application by installing an instrumentation package, it collects metrics and logs related to the performance and operation of the application. Application Insights stores the data it collects in the same Azure Monitor data platform used by other data sources. It includes extensive tools for analyzing this data, but you can also analyze it with data from other sources using tools such as Metrics Explorer, Log Analytics, and Change Analysis.
-
-| Destination | Description | Reference |
-|:|:|:|
-| Azure Monitor Logs | Operational data about your application including page views, application requests, exceptions, and traces. | [Analyze log data in Azure Monitor](logs/log-query-overview.md) |
-| | Dependency information between application components to support Application Map and telemetry correlation. | [Telemetry correlation in Application Insights](app/distributed-trace-data.md) <br> [Application Map](app/app-map.md) |
-| | Results of availability tests that test the availability and responsiveness of your application from different locations on the public Internet. | [Monitor availability and responsiveness of any web site](/previous-versions/azure/azure-monitor/app/monitor-web-app-availability) |
-| Azure Monitor Metrics | Application Insights collects metrics describing the performance and operation of the application in addition to custom metrics that you define in your application into the Azure Monitor metrics database. | [Log-based and pre-aggregated metrics in Application Insights](app/pre-aggregated-metrics-log-metrics.md)<br>[Application Insights API for custom events and metrics](app/api-custom-events-metrics.md) |
-| Azure Monitor Change Analysis | Change Analysis detects and provides insights on various types of changes in your application. | [Use Change Analysis in Azure Monitor](./change/change-analysis.md) |
-| Azure Storage | Send application data to Azure Storage for archiving. | [Export telemetry from Application Insights](/previous-versions/azure/azure-monitor/app/export-telemetry) |
-| | Details of availability tests are stored in Azure Storage. Use Application Insights in the Azure portal to download for local analysis. Results of availability tests are stored in Azure Monitor Logs. | [Monitor availability and responsiveness of any web site](/previous-versions/azure/azure-monitor/app/monitor-web-app-availability) |
-| | Profiler trace data is stored in Azure Storage. Use Application Insights in the Azure portal to download for local analysis. | [Profile production applications in Azure with Application Insights](app/profiler-overview.md)
-| | Debug snapshot data that is captured for a subset of exceptions is stored in Azure Storage. Use Application Insights in the Azure portal to download for local analysis. | [How snapshots work](app/snapshot-debugger.md#how-snapshots-work) |
-
-## Insights
-[Insights](insights/insights-overview.md) collect data to provide additional insights into the operation of a particular service or application. They may address resources in different application tiers and even multiple tiers.
--
-### Container insights
-[Container insights](containers/container-insights-overview.md) provides a customized monitoring experience for [Azure Kubernetes Service (AKS)](../aks/index.yml). It collects additional data about these resources described in the following table.
-
-| Destination | Description | Reference |
-|:|:|:|
-| Azure Monitor Logs | Stores monitoring data for AKS including inventory, logs, and events. Metric data is also stored in Logs in order to leverage its analysis functionality in the portal. | [Understand AKS cluster performance with Container insights](containers/container-insights-analyze.md) |
-| Azure Monitor Metrics | Metric data is stored in the metric database to drive visualization and alerts. | [View container metrics in metrics explorer](containers/container-insights-analyze.md#view-container-metrics-in-metrics-explorer) |
-| Azure Kubernetes Service | Provides direct access to your Azure Kubernetes Service (AKS) container logs (stdout/stderror), events, and pod metrics in the portal. | [How to view Kubernetes logs, events, and pod metrics in real-time](containers/container-insights-livedata-overview.md) |
-
-### VM insights
-[VM insights](vm/vminsights-overview.md) provides a customized experience for monitoring virtual machines. A description of the data collected by VM insights is included in the [Operating System (guest)](#operating-system-guest) section above.
## Custom sources
-In addition to the standard tiers of an application, you may need to monitor other resources that have telemetry that can't be collected with the other data sources. For these resources, write this data to either Metrics or Logs using an Azure Monitor API.
---
+For any monitoring data that you can't collect with the other methods described in this article, you can use the APIs in the following table to send data to Azure Monitor.
-| Destination | Method | Description | Reference |
-|:|:|:|:|
-| Azure Monitor Logs | Logs ingestion API | Collect log data from any REST client and store in Log Analytics workspace using a data collection rule. | [Logs ingestion API in Azure Monitor](logs/logs-ingestion-api-overview.md) |
-| | Data Collector API | Collect log data from any REST client and store in Log Analytics workspace. | [Send log data to Azure Monitor with the HTTP Data Collector API (preview)](logs/data-collector-api.md) |
-| Azure Monitor Metrics | Custom Metrics API | Collect metric data from any REST client and store in Azure Monitor metrics database. | [Send custom metrics for an Azure resource to the Azure Monitor metric store by using a REST API](essentials/metrics-store-custom-rest-api.md) |
--
-## Other services
-Other services in Azure write data to the Azure Monitor data platform. This allows you to analyze data collected by these services with data collected by Azure Monitor and apply the same analysis and visualization tools.
+| Data type | Description | Data collection method |
+|:|:|:|
+| Logs | Collect log data from any REST client and store in Log Analytics workspace. | Create a data collection rule to define destination workspace and any data transformations. See [Logs ingestion API in Azure Monitor](logs/logs-ingestion-api-overview.md). |
+| Metrics | Collect custom metrics for Azure resources from any REST client. | See [Send custom metrics for an Azure resource to the Azure Monitor metric store by using a REST API](essentials/metrics-store-custom-rest-api.md). |
-| Service | Destination | Description | Reference |
-|:|:|:|:|
-| [Microsoft Defender for Cloud](../security-center/index.yml) | Azure Monitor Logs | Microsoft Defender for Cloud stores the security data it collects in a Log Analytics workspace, which allows it to be analyzed with other log data collected by Azure Monitor. | [Data collection in Microsoft Defender for Cloud](../security-center/security-center-enable-data-collection.md) |
-| [Microsoft Sentinel](../sentinel/index.yml) | Azure Monitor Logs | Microsoft Sentinel stores the data it collects from different data sources in a Log Analytics workspace, which allows it to be analyzed with other log data collected by Azure Monitor. | [Connect data sources](../sentinel/quickstart-onboard.md) |
## Next steps
azure-monitor Stream Monitoring Data Event Hubs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/stream-monitoring-data-event-hubs.md
Before you configure streaming for any data source, you need to [create an Event
* Outbound port 5671 and 5672 must typically be opened on the computer or virtual network consuming data from the event hub. ## Monitoring data available
-[Sources of monitoring data for Azure Monitor](../data-sources.md) describes the data tiers for Azure applications and the kinds of data available for each. The following table provides a description of how different types of data can be streamed to an event hub. Follow the links provided for further detail.
-
-| Tier | Data | Method |
-|:|:|:|
-| [Azure tenant](../data-sources.md#azure-tenant) | Microsoft Entra audit logs | Configure a tenant diagnostic setting on your Microsoft Entra tenant. For more information, see [Tutorial: Stream Microsoft Entra logs to an Azure event hub](../../active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md). |
-| [Azure subscription](../data-sources.md#azure-subscription) | Azure activity log | [Create a diagnostic setting](./create-diagnostic-settings.md) to export activity log events to event hubs. For more information, see [Stream Azure platform logs to Azure event hubs](../essentials/resource-logs.md#send-to-azure-event-hubs). |
-| [Azure resources](../data-sources.md#azure-resources) | Platform metrics<br> Resource logs | [Create a diagnostic setting](./create-diagnostic-settings.md) to export resource logs and metrics to event hubs. For more information, see [Stream Azure platform logs to Azure event hubs](../essentials/resource-logs.md#send-to-azure-event-hubs). |
-| [Operating system (guest)](../data-sources.md#operating-system-guest) | Azure virtual machines | Install the [Azure Diagnostics extension](../agents/diagnostics-extension-overview.md) on Windows and Linux virtual machines in Azure. For more information, see [Streaming Azure Diagnostics data in the hot path by using event hubs](../agents/diagnostics-extension-stream-event-hubs.md) for details on Windows VMs. See [Use Linux Diagnostic extension to monitor metrics and logs](../../virtual-machines/extensions/diagnostics-linux.md#protected-settings) for details on Linux VMs. |
-| [Application code](../data-sources.md#application-code) | Application Insights | Use diagnostic settings to stream to event hubs. This tier is only available with workspace-based Application Insights resources. For help with setting up workspace-based Application Insights resources, see [Workspace-based Application Insights resources](../app/create-workspace-resource.md#workspace-based-application-insights-resources) and [Migrate to workspace-based Application Insights resources](../app/convert-classic-resource.md#migrate-to-workspace-based-application-insights-resources).|
+[Sources of monitoring data for Azure Monitor and their data collection methods](../data-sources.md) describes the different kinds of data collected by Azure Monitor and the methods used to collect them. See that article for that data that can be streamed to an event hub and links to configuration details.
+ ## Stream diagnostics data
azure-netapp-files Application Volume Group Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/application-volume-group-considerations.md
This article describes the requirements and considerations you need to be aware
* You must create a proximity placement group (PPG) and anchor it to your SAP HANA compute resources. Application volume group for SAP HANA needs this setup to search for an Azure NetApp Files resource that is close to the SAP HANA servers. For more information, see [Best practices about Proximity Placement Groups](#best-practices-about-proximity-placement-groups) and [Create a Proximity Placement Group using the Azure portal](../virtual-machines/windows/proximity-placement-groups-portal.md). >[!NOTE]
- >Do not delete the PPG. Deleting a PPG will remove the pinning and can cause subsequent volume groups to be created in sub-optimal locations which could lead to increased latency.
+ >Do not delete the PPG. Deleting a PPG removes the pinning and can cause subsequent volume groups to be created in sub-optimal locations which could lead to increased latency.
* You must complete your sizing and SAP HANA system architecture, including the following areas: * SAP ID (SID)
This article describes the requirements and considerations you need to be aware
It is recommended that you lay out the VNet and delegated subnet at design time.
- Application volume group for SAP HANA will create multiple IP addresses, up to six IP addresses for larger-sized estates. Ensure that the delegated subnet has sufficient free IP addresses. Consider using a delegated subnet with a minimum of 59 IP addresses with a subnet size of /26. See [Considerations about delegating a subnet to Azure NetApp Files](azure-netapp-files-delegate-subnet.md#considerations).
+ Application volume group for SAP HANA create multiple IP addresses, up to six IP addresses for larger-sized estates. Ensure that the delegated subnet has sufficient free IP addresses. Consider using a delegated subnet with a minimum of 59 IP addresses with a subnet size of /26. See [Considerations about delegating a subnet to Azure NetApp Files](azure-netapp-files-delegate-subnet.md#considerations).
+
+* Application volume group for SAP HANA only supports [Basic network features](azure-netapp-files-network-topologies.md). You should not edit network features for volumes in an application volume group.
>[!IMPORTANT] >The use of application volume group for SAP HANA for applications other than SAP HANA is not supported. Reach out to your Azure NetApp Files specialist for guidance on using Azure NetApp Files multi-volume layouts with other database applications.
azure-netapp-files Azure Netapp Files Network Topologies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-network-topologies.md
Azure NetApp Files volumes are designed to be contained in a special purpose sub
### Supported regions
-<a name="regions-standard-network-features"></a>Azure NetApp Files *Standard network features* are supported for the following regions:
+<a name="regions-standard-network-features"></a>The option to set Standard network features on new volumes and to modify network features for existing volumes is available in the following regions:
* Australia Central * Australia Central 2
Azure NetApp Files volumes are designed to be contained in a special purpose sub
* West US 2 * West US 3
-<a name="regions-edit-network-features"></a>The option to *[edit network features for existing volumes](configure-network-features.md#edit-network-features-option-for-existing-volumes)* is supported for the following regions:
-
-* Australia Central
-* Australia Central 2
-* Australia East
-* Australia Southeast
-* Brazil South
-* Brazil Southeast
-* Canada Central
-* Canada East
-* Central India
-* Central US
-* East Asia
-* East US*
-* East US 2
-* France Central
-* Germany North
-* Germany West Central
-* Japan East
-* Japan West
-* Korea Central
-* Korea South
-* North Central US
-* North Europe
-* Norway East
-* Norway West
-* Qatar Central
-* South Africa North
-* South Central US*
-* South India
-* Southeast Asia
-* Sweden Central
-* Switzerland North
-* Switzerland West
-* UAE Central
-* UAE North
-* UK South
-* UK West
-* US Gov Arizona
-* US Gov Texas
-* US Gov Virginia
-* West Europe
-* West US
-* West US 2*
-* West US 3
-
-\* Not all volume in this region are available for conversion. All volumes will be available for conversion in the future.
- ## Considerations You should understand a few considerations when you plan for Azure NetApp Files network.
azure-netapp-files Configure Network Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/configure-network-features.md
The **Network Features** functionality enables you to indicate whether you want
This article helps you understand the options and shows you how to configure network features.
-The **Network Features** functionality isn't available in Azure Government regions. See [supported regions](azure-netapp-files-network-topologies.md#supported-regions) for a full list.
+See [supported regions](azure-netapp-files-network-topologies.md#supported-regions) for a full list.
## Options for network features
Two settings are available for network features:
* When you change the network features option of existing volumes from Basic to Standard network features, access to existing Basic networking volumes might be lost if your UDR or NSG implementations prevent the Basic networking volumes from connecting to DNS and domain controllers. You might also lose the ability to update information, such as the site name, in the Active Directory connector if all volumes canΓÇÖt communicate with DNS and domain controllers. For guidance about UDRs and NSGs, see [Configure network features for an Azure NetApp Files volume](azure-netapp-files-network-topologies.md#udrs-and-nsgs). >[!NOTE]
-> The networking features of the DP volume will not be affected by changing the source volume from basic to standard network features.
+> The networking features of the DP volume are not affected by changing the source volume from Basic to Standard network features.
## <a name="set-the-network-features-option"></a>Set network features option during volume creation
This section shows you how to set the network features option when you create a
You can edit the network features option of existing volumes from *Basic* to *Standard* network features. The change you make applies to all volumes in the same *network sibling set* (or *siblings*). Siblings are determined by their network IP address relationship. They share the same NIC for mounting the volume to the client or connecting to the SMB share of the volume. At the creation of a volume, its siblings are determined by a placement algorithm that aims for reusing the IP address where possible.
+The edit network features option is available in [all regions that support Standard network features](azure-netapp-files-network-topologies.md#supported-regions).
+ >[!IMPORTANT] >It's not recommended that you use the edit network features option with Terraform-managed volumes due to risks. You must follow separate instructions if you use Terraform-managed volumes. For more information see, [Update Terraform-managed Azure NetApp Files volume from Basic to Standard](#update-terraform-managed-azure-netapp-files-volume-from-basic-to-standard).
-See [regions supported for this feature](azure-netapp-files-network-topologies.md#regions-edit-network-features).
+>[!IMPORTANT]
+>You should not use the edit network features option for an [application volume group for SAP HANA](application-volume-group-introduction.md). Application volume group for SAP HANA only supports Basic network features.
> [!NOTE] > You need to submit a waitlist request for accessing the feature through the **[Azure NetApp Files standard networking features (edit volumes) Request Form](https://aka.ms/anfeditnetworkfeaturespreview)**. The feature can take approximately one week to be enabled after you submit the waitlist request. You can check the status of feature registration by using the following command:
azure-netapp-files Create Active Directory Connections https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/create-active-directory-connections.md
Several features of Azure NetApp Files require that you have an Active Directory
This feature is used for installing SQL Server in certain scenarios where a non-administrator AD DS domain account must temporarily be granted elevated security privilege. >[!NOTE]
- > Using the Security privilege users feature relies on the [SMB Continuous Availability Shares feature](azure-netapp-files-create-volumes-smb.md#continuous-availability). SMB Continuous Availability is **not** supported on custom applications. It is only supported for workloads using Citrix App Laying, [FSLogix user profile containers](../virtual-desktop/create-fslogix-profile-container.md), and Microsoft SQL Server (not Linux SQL Server).
+ > Using the Security privilege users feature relies on the [SMB Continuous Availability Shares feature](azure-netapp-files-create-volumes-smb.md#continuous-availability). SMB Continuous Availability is **not** supported on custom applications. It is only supported for workloads using Citrix App Layering, [FSLogix user profile containers](../virtual-desktop/create-fslogix-profile-container.md), and Microsoft SQL Server (not Linux SQL Server).
> [!IMPORTANT] > Using the **Security privilege users** feature requires that you submit a waitlist request through the **[Azure NetApp Files SMB Continuous Availability Shares Public Preview waitlist submission page](https://aka.ms/anfsmbcasharespreviewsignup)**. Wait for an official confirmation email from the Azure NetApp Files team before using this feature.
azure-netapp-files Whats New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/whats-new.md
Azure NetApp Files is updated regularly. This article provides a summary about t
## February 2024
+* [Volume and protocol enhancement](understand-volume-languages.md): extended language support for file and path names
+
+ Azure NetApp Files uses a default volume language of C.UTF-8, which provides POSIX compliant UTF-8 encoding for character sets. The C.UTF-8 language natively supports characters with a size of 0-3 bytes, which includes a majority of the worldΓÇÖs languages on the Basic Multilingual Plane (BMP) (including Japanese, German, and most of Hebrew and Cyrillic).
+
+ Azure NetApp Files now supports characters outside of the BMP using surrogate pair logic, where multiple character byte sets are combined to form new characters. Emoji symbols, for example, fall into this category and are now supported in Azure NetApp Files.
+
+ To learn more about languages and special character handling in Azure NetApp Files volumes, see [Understand volume languages in Azure NetApp Files](understand-volume-languages.md).
+
+ To learn more about file path lengths in relation to language and character handling in Azure NetApp Files volumes, see [Understand path lengths in Azure NetApp Files](understand-path-lengths.md).
+
* [Customer-managed keys enhancement:](configure-customer-managed-keys.md) automated managed system identity (MSI) support
Azure NetApp Files is updated regularly. This article provides a summary about t
## January 2024
-* [Standard network features - Edit volumes available in US Gov regions](azure-netapp-files-network-topologies.md#regions-edit-network-features) (Preview)
+* [Standard network features - Edit volumes available in US Gov regions](azure-netapp-files-network-topologies.md#supported-regions) (Preview)
Azure NetApp Files now supports the capability to edit network features of existing volumes in US Gov Arizona, US Gov Texas, and US Gov Texas. This capability provides an enhanced, more standard, Microsoft Azure Virtual Network experience through various security and connectivity features that are available on Virtual Networks to Azure services. This feature is in preview in commercial and US Gov regions.
Azure NetApp Files is updated regularly. This article provides a summary about t
* Connectivity over Active/Active VPN gateway setup * [ExpressRoute FastPath](../expressroute/about-fastpath.md) connectivity to Azure NetApp Files
- This feature is now in public preview, currently available in [16 Azure regions](azure-netapp-files-network-topologies.md#regions-edit-network-features). It will roll out to other regions. Stay tuned for further information as more regions become available.
+ This feature is now in public preview, currently available in [16 Azure regions](azure-netapp-files-network-topologies.md#supported-regions). It will roll out to other regions. Stay tuned for further information as more regions become available.
* [Azure Application Consistent Snapshot tool (AzAcSnap) 8 (GA)](azacsnap-introduction.md)
azure-resource-manager Deployment Stacks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deployment-stacks.md
Title: Create & deploy deployment stacks in Bicep
description: Describes how to create deployment stacks in Bicep. Previously updated : 01/03/2024 Last updated : 02/23/2024 # Deployment stacks (Preview)
Deployment stacks provide the following benefits:
- Efficient environment cleanup by employing delete flags during deployment stack updates. - Utilizing standard templates such as Bicep, ARM templates, or Template specs for your deployment stacks.
+### Known limitations
+
+- Implicitly created resources aren't managed by the stack. Therefore, no deny assignments or cleanup is possible.
+- Deny assignments don't support tags.
+- Deployment stacks cannot delete Key vault secrets. If you're removing key vault secrets from a template, make sure to also execute the deployment stack update/delete command with detach mode.
+ ### Known issues - Deleting resource groups currently bypasses deny assignments. When creating a deployment stack in the resource group scope, the Bicep file doesn't contain the definition for the resource group. Despite the deny assignment setting, it's possible to delete the resource group and its contained stack. However, if a [lock](../management/lock-resources.md) is active on any resource within the group, the delete operation will fail.-- Implicitly created resources aren't managed by the stack. Therefore, no deny assignments or cleanup is possible. - [What-if](./deploy-what-if.md) isn't available in the preview.-- Management group scoped deployment stacks can only deploy the template to subscription.-- When using the Azure CLI create command to modify an existing stack, the deployment process continues regardless of whether you choose _n_ for a prompt. To halt the procedure, use _[CTRL] + C_.-- If you create or modify a deployment stack in the Azure portal, deny settings will be overwritten (support for deny settings in the Azure portal is currently in progress).-- Management group deployment stacks are not yet available in the Azure portal.
+- A management group-scoped stack is restricted from deploying to another management group. It can only deploy to the management group of the stack itself or to a child subscription.
## Create deployment stacks
azure-resource-manager Move Support Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/move-support-resources.md
Before starting your move operation, review the [checklist](./move-resource-grou
> | b2cdirectories | **Yes** | **Yes** | No | > | b2ctenants | No | No | No |
+## Microsoft.AzureArcData
+
+> [!div class="mx-tableFixed"]
+> | Resource type | Resource group | Subscription | Region move |
+> | - | -- | - | -- |
+> | SqlServerInstances | No | No | No |
+ ## Microsoft.AzureData > [!div class="mx-tableFixed"]
azure-vmware Azure Vmware Solution Platform Updates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/azure-vmware-solution-platform-updates.md
Last updated 12/21/2023
Microsoft regularly applies important updates to the Azure VMware Solution for new features and software lifecycle management. You should receive a notification through Azure Service Health that includes the timeline of the maintenance. For more information, see [Host maintenance and lifecycle management](concepts-private-clouds-clusters.md#host-maintenance-and-lifecycle-management).
+## February 2024
+
+All new Azure VMware Solution private clouds are being deployed with VMware NSX version 4.1.1.
+ ## November 2023 **VMware vSphere 8.0**
-VMware vSphere 8.0 is targeted for rollout to Azure VMware Solution starting at the end of January 2024.
+VMware vSphere 8.0 is targeted for rollout to Azure VMware Solution by Q2 2024.
**AV64 SKU**
azure-vmware Configure Dns Azure Vmware Solution https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/configure-dns-azure-vmware-solution.md
description: Learn how to configure DNS forwarder for Azure VMware Solution usin
Previously updated : 12/05/2023
-#Customer intent: As an Azure service administrator, I want to <define conditional forwarding rules for a desired domain name to a desired set of private DNS servers via the NSX-T Data Center DNS Service.>
Last updated : 2/27/2024
+#Customer intent: As an Azure service administrator, I want to <define conditional forwarding rules for a desired domain name to a desired set of private DNS servers via the NSX-T Data Center DNS Service.
# Configure a DNS forwarder in the Azure portal
This capability uses the DNS Forwarder Service in NSX-T Data Center. A DNS servi
>[!TIP] >If desired, you can also use the conditional forwarding rules for workload segments by configuring virtual machines on those segments to use the NSX-T Data Center DNS Service IP address as their DNS server. - ## Architecture The diagram shows that the NSX-T Data Center DNS Service can forward DNS queries to DNS systems hosted in Azure and on-premises environments. :::image type="content" source="media/networking/dns/dns-forwarder-diagram.png" alt-text="Diagram showing that the NSX-T DNS Service can forward DNS queries to DNS systems hosted in Azure and on-premises environments." border="false"::: - ## Configure DNS forwarder 1. In your Azure VMware Solution private cloud, under **Workload Networking**, select **DNS** > **DNS zones**. Then select **Add**.
The diagram shows that the NSX-T Data Center DNS Service can forward DNS queries
>[!TIP] >For private clouds created on or after July 1, 2021, you can ignore the message about a default DNS zone as one is created for you during private cloud creation. - >[!IMPORTANT] >While certain operations in your private cloud may be performed from NSX-T Manager, for private clouds created on or after July 1, 2021, you _must_ edit the DNS service from the Simplified Networking experience in the Azure portal for any configuration changes made to the default Tier-1 Gateway.
The diagram shows that the NSX-T Data Center DNS Service can forward DNS queries
1. In your Azure VMware Solution private cloud, under **Workload Networking**, select **DNS** > **DNS zones** > Check **TNT##-DNS-FORWARDER-ZONE**. Then select **Edit**. ![AVS-DNS](https://user-images.githubusercontent.com/7501186/226980095-b0576824-e1b7-46dc-b726-58670e4e3096.png)- 2. Change DNS server entries to valid reachable IP addresses. Then select **OK**
The diagram shows that the NSX-T Data Center DNS Service can forward DNS queries
After you configure the DNS forwarder, you have some options available to verify name resolution operations.
-### NSX-T Manager
+### VMware NSX-T Manager
NSX-T Manager provides the DNS Forwarder Service statistics at the global service level and on a per zone basis.
NSX-T Manager provides the DNS Forwarder Service statistics at the global servic
:::image type="content" source="media/networking/dns/nsxt-manager-dns-services-statistics.png" alt-text="Screenshot showing the DNS Forwarder statistics."::: - ### PowerCLI The NSX-T Policy API lets you run nslookup commands from the NSX-T Data Center DNS Forwarder Service. The required cmdlets are part of the `VMware.VimAutomation.Nsxt` module in PowerCLI. The following example demonstrates output from version 12.3.0 of that module.
azure-vmware Configure Site To Site Vpn Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/configure-site-to-site-vpn-gateway.md
description: Learn how to establish a VPN (IPsec IKEv1 and IKEv2) site-to-site t
Previously updated : 12/15/2023 Last updated : 2/27/2024 # Configure a site-to-site VPN in vWAN for Azure VMware Solution
You must have a public-facing IP address terminating on an on-premises VPN devic
## Create a virtual hub
-A virtual hub is a virtual network that is created and used by Virtual WAN. It's the core of your Virtual WAN network in a region. It can contain gateways for site-to-site and ExpressRoute.
+A virtual hub is a virtual network that is created and used by Azure Virtual WAN. It's the core of your Virtual WAN network in a region. It can contain gateways for site-to-site and ExpressRoute.
>[!TIP] >You can also [create a gateway in an existing hub](../virtual-wan/virtual-wan-expressroute-portal.md#existinghub). - [!INCLUDE [Create a hub](../../includes/virtual-wan-hub-basics.md)] ## Create a VPN gateway [!INCLUDE [Create a gateway](../../includes/virtual-wan-tutorial-s2s-gateway-include.md)] - ## Create a site-to-site VPN 1. In the Azure portal, select the virtual WAN you created earlier.
A virtual hub is a virtual network that is created and used by Virtual WAN. It's
>[!NOTE] >If you edit the address space after creating the site (for example, add an additional address space) it can take 8-10 minutes to update the effective routes while the components are recreated. - 1. Select **Links** to add information about the physical links at the branch. If you have a Virtual WAN partner CPE device, check with them to see if this information gets exchanged with Azure as a part of the branch information upload set up from their systems. Specifying link and provider names allow you to distinguish between any number of gateways that can eventually be created as part of the hub. [BGP](../vpn-gateway/vpn-gateway-bgp-overview.md) and autonomous system number (ASN) must be unique inside your organization. BGP ensures that both Azure VMware Solution and the on-premises servers advertise their routes across the tunnel. If disabled, the subnets that need to be advertised must be manually maintained. If subnets are missed, HCX fails to form the service mesh.
A virtual hub is a virtual network that is created and used by Virtual WAN. It's
* **Connected**: Connectivity established between Azure VPN gateway and on-premises VPN site. * **Disconnected**: Typically seen if disconnected for any reason (on-premises or in Azure) -- 1. Download the VPN configuration file and apply it to the on-premises endpoint. 1. On the VPN (Site to site) page, near the top, select **Download VPN Config**. Azure creates a storage account in the resource group 'microsoft-network-\[location\]', where location is the location of the WAN. After you apply the configuration to your VPN devices, you can delete this storage account.
A virtual hub is a virtual network that is created and used by Virtual WAN. It's
For more information about the configuration file, see [About the VPN device configuration file](../virtual-wan/virtual-wan-site-to-site-portal.md#config-file). + 1. Patch the Azure VMware Solution ExpressRoute in the Virtual WAN hub. + >[!IMPORTANT] >You must first have a private cloud created before you can patch the platform.
->[!IMPORTANT]
+ >[!IMPORTANT]
>You must also have an ExpressRoute Gateway configured as part of your Virtual WAN Hub. + [!INCLUDE [request-authorization-key](includes/request-authorization-key.md)] + 1. Link Azure VMware Solution and the VPN gateway together in the Virtual WAN hub. You use the authorization key and ExpressRoute ID (peer circuit URI) from the previous step. 1. Select your ExpressRoute gateway and then select **Redeem authorization key**.
azure-vmware Protect Azure Vmware Solution With Application Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/protect-azure-vmware-solution-with-application-gateway.md
The diagram shows how Application Gateway is used to protect Azure IaaS virtual
:::image type="content" source="media/application-gateway/app-gateway-protects.png" alt-text="Diagram showing how Application Gateway protects Azure IaaS virtual machines (VMs), Azure Virtual Machine Scale Sets, or on-premises servers."lightbox="media/application-gateway/app-gateway-protects.png" border="false"::: > [!IMPORTANT]
-> Azure Application Gateway is currently the only supported method to expose web apps running on Azure VMware Solution VMs.
+> Azure Application Gateway is the preferred method to expose web apps running on Azure VMware Solution VMs.
The diagram shows the testing scenario used to validate the Application Gateway with Azure VMware Solution web applications.
azure-web-pubsub Concept Client Protocols https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-web-pubsub/concept-client-protocols.md
The Web PubSub service provides two types of endpoints for clients to connect to
Clients connect to the service with a JSON Web Token (JWT). The token can be in either the query string, as `/client/?hub={hub}&access_token={token}`, or the `Authorization` header, as `Authorization: Bearer {token}`.
-Here is a general authorization workflow:
+Here's a general authorization workflow:
1. The client negotiates with your application server. The application server contains the authorization middleware, which handles the client request and signs a JWT for the client to connect to the service. 1. The application server returns the JWT and the service URL to the client.
-1. The client tries to connect to the Web PubSub service by using the URL and the JWT that's returned from the application server.
+1. The client tries to connect to the Web PubSub service by using the URL and the JWT token returned from the application server.
+
+### Supported claims
+You could also configure properties for the client connection when generating the access token by specifying special claims inside the JWT token:
+
+| Description | Claim type | Claim value | Notes |
+| | | | |
+| The `userId` for the client connection | `sub` | the userId | Only one `sub` claim is allowed. |
+| The lifetime of the token | `exp` | the expiration time | The `exp` (expiration time) claim identifies the expiration time on or after which the token MUST NOT be accepted for processing. |
+| The [permissions](#permissions) the client connection initially has | `role` | the role value defined in [permissions](#permissions) | Specify multiple `role` claims if the client has multiple permissions. |
+| The initial groups that the client connection joins once it connects to Azure Web PubSub | `group` | the group to join | Specify multiple `group` claims if the client joins multiple groups. |
+
+You could also add custom claims into the access token, and these values are preserved as the `claims` property in [connect upstream request body](./reference-cloud-events.md#system-connect-event).
+
+[Server SDKs](./howto-generate-client-access-url.md#generate-from-service-sdk) provides APIs to generate the access token for the clients.
<a name="simple_client"></a>
var client2 = new WebSocket('wss://test.webpubsub.azure.com/client/hubs/hub1', '
## The PubSub WebSocket client
-A **PubSub WebSocket client**, is the WebSocket client using subprotocols defined by the Azure Web PubSub service:
+A **PubSub WebSocket client** is the WebSocket client using subprotocols defined by the Azure Web PubSub service:
* `json.webpubsub.azure.v1` * `protobuf.webpubsub.azure.v1`
The **PubSub WebSocket Client** supports `ackId` property for `joinGroup`, `leav
#### Behavior when No `ackId` specified
-If `ackId` is not specified, it's fire-and-forget. Even there're errors when brokering messages, you have no way to get notified.
+If `ackId` isn't specified, it's fire-and-forget. Even there are errors when brokering messages, you have no way to get notified.
#### Behavior when `ackId` specified ##### Idempotent publish
-`ackId` is a uint64 number and should be unique within a client with the same connection id. Web PubSub Service records the `ackId` and messages with the same `ackId` will be treated as the same message. The service refuses to broker the same message more than once, which is useful in retry to avoid duplicated messages. For example, if a client sends a message with `ackId=5` and fails to receive an ack response with `ackId=5`, then the client retries and sends the same message again. In some cases, the message is already brokered and the ack response is lost for some reason, the service will reject the retry and response an ack response with `Duplicate` reason.
+`ackId` is a uint64 number and should be unique within a client with the same connection ID. Web PubSub Service records the `ackId` and messages with the same `ackId` are treated as the same message. The service refuses to broker the same message more than once, which is useful in retry to avoid duplicated messages. For example, if a client sends a message with `ackId=5` and fails to receive an ack response with `ackId=5`, then the client retries and sends the same message again. In some cases, the message is already brokered and the ack response is lost for some reason. The service rejects the retry and response an ack response with `Duplicate` reason.
#### Ack Response
Format:
* The `ackId` associates the request.
-* `success` is a bool and indicate whether the request is successfully processed by the service. If it is `false`, clients need to check the `error`.
+* `success` is a bool and indicate whether the request is successfully processed by the service. If it's `false`, clients need to check the `error`.
* `error` only exists when `success` is `false` and clients should have different logic for different `name`. You should suppose there might be more type of `name` in future. - `Forbidden`: The client doesn't have the permission to the request. The client needs to be added relevant roles.
The permission of a client can be granted in several ways:
#### 1. Assign the role to the client when generating the access token
-Client can connect to the service using a JWT token, the token payload can carry information such as the `role` of the client. When signing the JWT token to the client, you can grant permissions to the client by giving the client specific roles.
+Client can connect to the service using a JWT token. The token payload can carry information such as the `role` of the client. When signing the JWT token to the client, you can grant permissions to the client by giving the client specific roles.
For example, let's sign a JWT token that has the permission to send messages to `group1` and `group2`:
backup Azure Kubernetes Service Cluster Backup Concept https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/azure-kubernetes-service-cluster-backup-concept.md
- ignite-2023 Previously updated : 12/25/2023 Last updated : 02/27/2024
Also, as part of the backup and restore operations, the following roles are assi
| Reader | Backup vault | AKS cluster | Allows the Backup vault to perform _List_ and _Read_ operations on AKS cluster. | | Reader | Backup vault | Snapshot resource group | Allows the Backup vault to perform _List_ and _Read_ operations on snapshot resource group. | | Contributor | AKS cluster | Snapshot resource group | Allows AKS cluster to store persistent volume snapshots in the resource group. |
-| Storage Account Contributor | Extension Identity | Storage account | Allows Backup Extension to store cluster resource backups in the blob container. |
+| Storage Blob Data Contributor | Extension Identity | Storage account | Allows Backup Extension to store cluster resource backups in the blob container. |
| Data Operator for Managed Disk | Backup vault | Snapshot Resource Group | Allows Backup Vault service to move incremental snapshot data to the Vault. | | Disk Snapshot Contributor | Backup vault | Snapshot Resource Group | Allows Backup Vault to access Disks snapshots and perform Vaulting operation. | | Storage Blob Data Reader | Backup vault | Storage Account | Allow Backup Vault to access Blob Container with backup data stored to move to Vault. |
backup Azure Kubernetes Service Cluster Backup Using Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/azure-kubernetes-service-cluster-backup-using-cli.md
Title: Back up Azure Kubernetes Service (AKS) using Azure CLI
description: This article explains how to back up Azure Kubernetes Service (AKS) using Azure CLI. Previously updated : 06/20/2023 Last updated : 02/27/2024 - devx-track-azurecli - ignite-2023
Once the vault and policy creation are complete, you need to perform the followi
```
- As part of extension installation, a user identity is created in the AKS cluster's Node Pool Resource Group. For the extension to access the storage account, you need to provide this identity the **Storage Account Contributor** role. To assign the required role, run the following command:
+ As part of extension installation, a user identity is created in the AKS cluster's Node Pool Resource Group. For the extension to access the storage account, you need to provide this identity the **Storage Blob Data Contributor** role. To assign the required role, run the following command:
```azurecli
- az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name $akscluster --resource-group $aksclusterresourcegroup --cluster-type managedClusters --query aksAssignedIdentity.principalId --output tsv) --role 'Storage Account Contributor' --scope /subscriptions/$subscriptionId/resourceGroups/$storageaccountresourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccount
+ az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name $akscluster --resource-group $aksclusterresourcegroup --cluster-type managedClusters --query aksAssignedIdentity.principalId --output tsv) --role 'Storage Blob Data Contributor' --scope /subscriptions/$subscriptionId/resourceGroups/$storageaccountresourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccount
```
backup Azure Kubernetes Service Cluster Manage Backups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/azure-kubernetes-service-cluster-manage-backups.md
- devx-track-azurecli - ignite-2023 Previously updated : 02/09/2024 Last updated : 02/27/2024
To stop the Backup Extension install operation, use the following command:
To provide *Storage Account Contributor Permission* to the Extension Identity on storage account, run the following command: ```azurecli-interactive
- az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name <aksclustername> --resource-group <aksclusterrg> --cluster-type managedClusters --query identity.principalId --output tsv) --role 'Storage Account Contributor' --scope /subscriptions/<subscriptionid>/resourceGroups/<storageaccountrg>/providers/Microsoft.Storage/storageAccounts/<storageaccountname>
+ az role assignment create --assignee-object-id $(az k8s-extension show --name azure-aks-backup --cluster-name <aksclustername> --resource-group <aksclusterrg> --cluster-type managedClusters --query identity.principalId --output tsv) --role 'Storage Blob Data Contributor' --scope /subscriptions/<subscriptionid>/resourceGroups/<storageaccountrg>/providers/Microsoft.Storage/storageAccounts/<storageaccountname>
```
backup Backup Azure System State https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-system-state.md
Title: Back up Windows system state to Azure
+ Title: Back up Windows system state to Azure by using Azure Backup
description: Learn how to back up the system state of Windows Server computers to Azure. Previously updated : 01/20/2023 Last updated : 02/27/2024 -+ # Back up Windows system state to Azure
When you create a Recovery Services vault, ensure that you configure the storage
To set the storage redundancy for the vault, follow these steps:
-1. From the **Recovery Services vaults** pane, select the new vault.
+1. From the **Recovery Services vaults** blade, select the new vault.
- ![Screenshot shows how to select the new vault from the list of Recovery Services vault.](./media/backup-try-azure-backup-in-10-mins/rs-vault-list.png)
+ ![Screenshot shows how to select the new vault from the list of Recovery Services vault.](./media/backup-try-azure-backup-in-10-mins/recovery-services-vault-list.png)
- When you select the vault, the **Recovery Services vault** pane narrows, and the Settings pane (*which has the name of the vault at the top*) and the vault details pane open.
+ When you select the vault, the **Recovery Services vault** blade narrows, and the Settings blade (*which has the name of the vault at the top*) and the vault details blade open.
![Screenshot show how to view the storage configuration for new vault.](./media/backup-try-azure-backup-in-10-mins/set-storage-configuration-2.png)
-2. On the new vault's **Settings** pane, use the vertical slide to scroll down to the Manage section, and select **Backup Infrastructure**.
+2. On the new vault's **Settings** blade, use the vertical slide to scroll down to the Manage section, and select **Backup Infrastructure**.
-3. On the **Backup Infrastructure** pane, select **Backup Configuration** to open the **Backup Configuration** pane.
+3. On the **Backup Infrastructure** blade, select **Backup Configuration** to open the **Backup Configuration** blade.
![Screenshot shows how to set the storage configuration for new vault.](./media/backup-try-azure-backup-in-10-mins/set-storage-configuration.png)
Now that you've created a vault, configure it for backing up Windows System Stat
To configure the vault, follow these steps:
-1. On the Recovery Services vault pane (for the vault you just created), in the Getting Started section, select **Backup**, then on the **Getting Started with Backup** pane, select **Backup goal**.
+1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, select **Backup**, then on the **Getting Started with Backup** blade, select **Backup goal**.
![Screenshot shows how to open the backup settings.](./media/backup-try-azure-backup-in-10-mins/open-backup-settings.png)
- The **Backup Goal** pane opens.
+ The **Backup Goal** blade opens.
- ![Screenshot shows how to open the backup goal pane.](./media/backup-try-azure-backup-in-10-mins/backup-goal-blade.png)
+ ![Screenshot shows how to open the backup goal blade.](./media/backup-try-azure-backup-in-10-mins/backup-goal-blade.png)
2. From the **Where is your workload running?** drop-down menu, select **On-premises**.
To configure the vault, follow these steps:
![Screenshot shows how to configure files and folders.](./media/backup-azure-system-state/backup-goal-system-state.png)
- After you select **OK**, a checkmark appears next to **Backup goal**, and the **Prepare infrastructure** pane opens.
+ After you select **OK**, a checkmark appears next to **Backup goal**, and the **Prepare infrastructure** blade opens.
![Screenshot shows how to prepare infrastructure.](./media/backup-try-azure-backup-in-10-mins/backup-goal-configed.png)
-4. On the **Prepare infrastructure** pane, select **Download Agent for Windows Server or Windows Client**.
+4. On the **Prepare infrastructure** blade, select **Download Agent for Windows Server or Windows Client**.
![Screenshot shows how to start downloading the agent for Windows client.](./media/backup-try-azure-backup-in-10-mins/choose-agent-for-server-client.png)
To configure the vault, follow these steps:
You don't need to install the agent yet. You can install the agent after you've downloaded the vault credentials.
-6. On the **Prepare infrastructure** pane, select **Download**.
+6. On the **Prepare infrastructure** blade, select **Download**.
![Screenshot shows how to download vault credentials.](./media/backup-try-azure-backup-in-10-mins/download-vault-credentials.png)
To schedule the backup job, follow these steps:
![Screenshot shows how to schedule a Windows Server backup.](./media/backup-try-azure-backup-in-10-mins/schedule-first-backup.png)
-3. On the **Getting started** page of the Schedule Backup Wizard, select **Next**.
+3. On the **Getting started** blade of the Schedule Backup Wizard, select **Next**.
-4. On the **Select Items to Backup** page, select **Add Items**.
+4. On the **Select Items to Backup** blade, select **Add Items**.
5. Select **System State** and then select **OK**. 6. Select **Next**.
-7. Select the required Backup frequency and the retention policy for your System State backups in the subsequent pages.
+7. Select the required Backup frequency and the retention policy for your System State backups in the subsequent blades.
-8. On the Confirmation page, review the information, and then select **Finish**.
+8. On the Confirmation blade, review the information, and then select **Finish**.
9. After the wizard finishes creating the backup schedule, select **Close**.
To back up Windows Server System State for the first time, follow these steps:
![Screenshot shows how to start backup of Windows Server.](./media/backup-try-azure-backup-in-10-mins/backup-now.png)
-3. Select **System State** on the **Select Backup Item** screen that appears and select **Next**.
+3. Select **System State** on the **Select Backup Item** blade that appears and select **Next**.
-4. On the Confirmation page, review the settings that the Back Up Now Wizard will use to back up the machine. Then select **Back Up**.
+4. On the Confirmation blade, review the settings that the Back Up Now Wizard will use to back up the machine. Then select **Back Up**.
5. Select **Close** to close the wizard. If you close the wizard before the backup process finishes, the wizard continues to run in the background. > [!NOTE]
backup Backup Mabs Sql Azure Stack https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-sql-azure-stack.md
Title: Back up SQL Server workloads on Azure Stack
+ Title: Back up SQL Server workloads on Azure Stack by using Azure Backup
description: In this article, learn how to configure Microsoft Azure Backup Server (MABS) to protect SQL Server databases on Azure Stack. Previously updated : 01/18/2023 Last updated : 02/27/2024 -+ # Back up SQL Server on Azure Stack
This article describes how to configure Microsoft Azure Backup Server (MABS) to
## SQL Server databases protection workflow
-The management of SQL Server database backup to Azure and recovery from Azure involves:
+Management of the SQL Server database backup to Azure and recovery from Azure involves:
1. Create a backup policy to protect SQL Server databases 2. Create on-demand backup copies
The management of SQL Server database backup to Azure and recovery from Azure in
* MABS supports multi-site cluster configurations for an instance of SQL Server. * When you protect databases that use the Always On feature, MABS has the following limitations: * MABS will honor the backup policy for availability groups that's set in SQL Server based on the backup preferences, as follows:
- * Prefer secondary - Backups should occur on a secondary replica except when the primary replica is the only replica online. If there are multiple secondary replicas available, then the node with the highest backup priority will be selected for backup. IF only the primary replica is available, then the backup should occur on the primary replica.
+ * Prefer secondary - Backups should occur on a secondary replica except when the primary replica is the only replica online. If there are multiple secondary replicas available, then the node with the highest backup priority will be selected for backup. If only the primary replica is available, then the backup should occur on the primary replica.
* Secondary only - Backup shouldn't be performed on the primary replica. If the primary replica is the only one online, the backup shouldn't occur. * Primary - Backups should always occur on the primary replica. * Any Replica - Backups can happen on any of the availability replicas in the availability group. The node to be backed up from will be based on the backup priorities for each of the nodes.
- * Note the following:
- * Backups can happen from any readable replica - that is, primary, synchronous secondary, asynchronous secondary.
- * If any replica is excluded from backup, for example **Exclude Replica** is enabled or is marked as not readable, then that replica won't be selected for backup under any of the options.
- * If multiple replicas are available and readable, then the node with the highest backup priority will be selected for backup.
- * If the backup fails on the selected node, then the backup operation fails.
- * Recovery to the original location isn't supported.
+ * >[!Note]
+ >- Backups can happen from any readable replica - that is, primary, synchronous secondary, asynchronous secondary.
+ >- If any replica is excluded from backup, for example **Exclude Replica** is enabled or is marked as not readable, then that replica won't be selected for backup under any of the options.
+ >- If multiple replicas are available and readable, then the node with the highest backup priority will be selected for backup.
+ >- If the backup fails on the selected node, then the backup operation fails.
+ >- Recovery to the original location isn't supported.
* SQL Server 2014 or above backup issues: * SQL server 2014 added a new feature to create a [database for on-premises SQL Server on Microsoft Azure Blob storage](/sql/relational-databases/databases/sql-server-data-files-in-microsoft-azure). MABS can't be used to protect this configuration. * There are some known issues with "Prefer secondary" backup preference for the SQL Always On option. MABS always takes a backup from secondary. If no secondary can be found, then the backup fails.
The management of SQL Server database backup to Azure and recovery from Azure in
To create a backup policy to protect SQL Server databases to Azure, follow these steps:
-1. On the Azure Backup Server UI, select the **Protection** workspace.
+1. On the **Azure Backup Server**, select the **Protection** workspace.
-2. On the tool ribbon, select **New** to create a new protection group.
+2. On the tool menu, select **New** to create a new protection group.
![Screenshot shows how to initiate creating Protection Group.](./media/backup-azure-backup-sql/protection-group.png) Azure Backup Server starts the Protection Group wizard, which leads you through creating a **Protection Group**. Select **Next**.
-3. On the **Select Protection Group Type** screen, select **Servers**.
+3. On the **Select Protection Group Type** blade, select **Servers**.
![Screenshot shows how to select Protection Group Type - Servers.](./media/backup-azure-backup-sql/pg-servers.png)
-4. On the **Select Group Members** screen, the Available members list displays the various data sources. Select **+** to expand a folder and reveal the subfolders. Select the checkbox to select an item.
+4. On the **Select Group Members** blade, the Available members list displays the various data sources. Select **+** to expand a folder and reveal the subfolders. Select the checkbox to select an item.
![Screenshot shows how to select a SQL database.](./media/backup-azure-backup-sql/pg-databases.png) All selected items appear in the Selected members list. After selecting the servers or databases you want to protect, select **Next**.
-5. On the **Select Data Protection Method** screen, provide a name for the protection group and select the **I want online Protection** checkbox.
+5. On the **Select Data Protection Method** blade, provide a name for the protection group and select the **I want online Protection** checkbox.
![Screenshot shows the Data Protection Method - short-term disk & Online Azure.](./media/backup-azure-backup-sql/pg-name.png)
-6. On the **Specify Short-Term Goals** screen, include the necessary inputs to create backup points to disk, and select **Next**.
+6. On the **Specify Short-Term Goals** blade, include the necessary inputs to create backup points to disk, and select **Next**.
In the example, **Retention range** is **5 days**, **Synchronization frequency** is once every **15 minutes**, which is the backup frequency. **Express Full Backup** is set to **8:00 P.M**.
To create a backup policy to protect SQL Server databases to Azure, follow these
> [!NOTE] > In the example shown, at 8:00 PM every day a backup point is created by transferring the modified data from the previous dayΓÇÖs 8:00 PM backup point. This process is called **Express Full Backup**. Transaction logs are synchronized every 15 minutes. If you need to recover the database at 9:00 PM, the point is created from the logs from the last express full backup point (8PM in this case).
-7. On the **Review disk allocation** screen, verify the overall storage space available, and the potential disk space. Select **Next**.
+7. On the **Review disk allocation** blade, verify the overall storage space available, and the potential disk space. Select **Next**.
8. On the **Choose Replica Creation Method**, choose how to create your first recovery point. You can transfer the initial backup manually (off network) to avoid bandwidth congestion or over the network. If you choose to wait to transfer the first backup, you can specify the time for the initial transfer. Select **Next**.
To create a backup policy to protect SQL Server databases to Azure, follow these
![Screenshot shows hot to backup schedule and retention.](./media/backup-azure-backup-sql/pg-schedule.png)
- In this example, backups are taken once a day at 12:00 PM and 8 PM (bottom part of the screen)
+ In this example, backups are taken once a day at 12:00 PM and 8 PM.
> [!NOTE] > ItΓÇÖs a good practice to have a few short-term recovery points on disk, for quick recovery. These recovery points are used for operational recovery. Azure serves as a good offsite location with higher SLAs and guaranteed availability.
To create a backup policy to protect SQL Server databases to Azure, follow these
In this example:
- * Backups are taken once a day at 12:00 PM and 8 PM (bottom part of the screen) and are retained for 180 days.
+ * Backups are taken once a day at 12:00 PM and 8 PM and are retained for 180 days.
* The backup on Saturday at 12:00 P.M. is retained for 104 weeks * The backup on Last Saturday at 12:00 P.M. is retained for 60 months * The backup on Last Saturday of March at 12:00 P.M. is retained for 10 years 13. Select **Next** and select the appropriate option for transferring the initial backup copy to Azure. You can choose **Automatically over the network**
-14. Once you review the policy details in the **Summary** screen, select **Create group** to complete the workflow. You can select **Close** and monitor the job progress in Monitoring workspace.
+14. Once you review the policy details in the **Summary** blade, select **Create group** to complete the workflow. You can select **Close** and monitor the job progress in Monitoring workspace.
![Screenshot shows the in-progress job state of the Protection Group creation.](./media/backup-azure-backup-sql/pg-summary.png)
To recover a protected entity (SQL Server database) from Azure, follow these ste
In this example, MABS recovers the database to another SQL Server instance, or to a standalone network folder.
-4. On the **Specify Recovery options** screen, you can select the recovery options like Network bandwidth usage throttling to throttle the bandwidth used by recovery. Select **Next**.
+4. On the **Specify Recovery options** blade, you can select the recovery options like Network bandwidth usage throttling to throttle the bandwidth used by recovery. Select **Next**.
-5. On the **Summary** screen, you see all the recovery configurations provided so far. Select **Recover**.
+5. On the **Summary** blade, you see all the recovery configurations provided so far. Select **Recover**.
The Recovery status shows the database being recovered. You can select **Close** to close the wizard and view the progress in the **Monitoring** workspace.
bastion Bastion Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/bastion/bastion-faq.md
description: Learn about frequently asked questions for Azure Bastion.
Previously updated : 01/18/2024 Last updated : 02/27/2024 # Azure Bastion FAQ
-## <a name="host"></a>Bastion FAQs
+## <a name="host"></a>Bastion service and deployment FAQs
### <a name="browsers"></a>Which browsers are supported?
Azure Bastion doesn't move or store customer data out of the region it's deploye
### <a name="vwan"></a>Does Azure Bastion support Virtual WAN?
-Yes, you can use Azure Bastion for Virtual WAN deployments. However, deploying Azure Bastion within a Virtual WAN hub isn't supported. You can deploy Azure Bastion in a spoke VNet and use the [IP-based connection](connect-ip-address.md) feature to connect to virtual machines deployed across a different VNet via the Virtual WAN hub. If the Azure Virtual WAN hub will be integrated with Azure Firewall as a [Secured Virtual Hub](../firewall-manager/secured-virtual-hub.md), the AzureBastionSubnet must reside within a Virtual Network where the default 0.0.0.0/0 route propagation is disabled at the VNet connection level.
+Yes, you can use Azure Bastion for Virtual WAN deployments. However, deploying Azure Bastion within a Virtual WAN hub isn't supported. You can deploy Azure Bastion in a spoke virtual network and use the [IP-based connection](connect-ip-address.md) feature to connect to virtual machines deployed across a different virtual network via the Virtual WAN hub. If the Azure Virtual WAN hub will be integrated with Azure Firewall as a [Secured Virtual Hub](../firewall-manager/secured-virtual-hub.md), the AzureBastionSubnet must reside within a Virtual Network where the default 0.0.0.0/0 route propagation is disabled at the virtual network connection level.
-### <a name="vwan"></a>Does Azure Bastion support Virtual WAN?
-
-### <a name="forcedtunnel"></a>Can I use Azure Bastion if I am force-tunneling Internet traffic back to On-Premises?
+### <a name="forcedtunnel"></a>Can I use Azure Bastion if I'm force-tunneling Internet traffic back to my on-premises location?
-No, if you are advertising a default route (0.0.0.0/0) over ExpressRoute or VPN, and this route is being injected in to your Virtual Networks, this will break the Azure Bastion service.
+No, if you're advertising a default route (0.0.0.0/0) over ExpressRoute or VPN, and this route is being injected in to your Virtual Networks, this will break the Azure Bastion service.
Azure Bastion needs to be able to communicate with certain internal endpoints to successfully connect to target resources. Therefore, you *can* use Azure Bastion with Azure Private DNS Zones as long as the zone name you select doesn't overlap with the naming of these internal endpoints. Before you deploy your Azure Bastion resource, make sure that the host virtual network isn't linked to a private DNS zone with the following exact names:
Azure Bastion needs to be able to communicate with certain internal endpoints to
* vault.azure.net * azure.com
-You may use a private DNS zone ending with one of the names listed above (ex: privatelink.blob.core.windows.net).
+You can use a private DNS zone ending with one of the names in the previous list (ex: privatelink.blob.core.windows.net).
Azure Bastion isn't supported with Azure Private DNS Zones in national clouds.
+### My privatelink.azure.com can't resolve to management.privatelink.azure.com
+
+This might be due to the private DNS zone for privatelink.azure.com linked to the Bastion virtual network causing management.azure.com CNAMEs to resolve to management.privatelink.azure.com behind the scenes. Create a CNAME record in their privatelink.azure.com zone for management.privatelink.azure.com to arm-frontdoor-prod.trafficmanager.net to enable successful DNS resolution.
+ ### <a name="dns"></a>Does Azure Bastion support Private Link?
-No, Azure Bastion doesn't currently support private link.
+No, Azure Bastion doesn't currently support Azure Private Link.
### Why do I get a "Failed to add subnet" error when using "Deploy Bastion" in the portal?
At this time, for most address spaces, you must add a subnet named **AzureBastio
### <a name="subnet"></a>Can I have an Azure Bastion subnet of size /27 or smaller (/28, /29, etc.)?
-For Azure Bastion resources deployed on or after November 2, 2021, the minimum AzureBastionSubnet size is /26 or larger (/25, /24, etc.). All Azure Bastion resources deployed in subnets of size /27 prior to this date are unaffected by this change and will continue to work. However, we highly recommend increasing the size of any existing AzureBastionSubnet to /26 in case you choose to take advantage of [host scaling](./configure-host-scaling.md) in the future.
+For Azure Bastion resources deployed on or after November 2, 2021, the minimum AzureBastionSubnet size is /26 or larger (/25, /24, etc.). All Azure Bastion resources deployed in subnets of size /27 before this date are unaffected by this change and will continue to work. However, we highly recommend increasing the size of any existing AzureBastionSubnet to /26 in case you choose to take advantage of [host scaling](./configure-host-scaling.md) in the future.
### <a name="subnet"></a> Can I deploy multiple Azure resources in my Azure Bastion subnet?
No. Downgrading a SKU isn't supported. For more information about SKUs, see the
No, Bastion connectivity to Azure Virtual Desktop isn't supported.
-### <a name="session"></a>Why do I get "Your session has expired" error message before the Bastion session starts?
-
-A session should be initiated only from the Azure portal. Sign in to the Azure portal and begin your session again. If you go to the URL directly from another browser session or tab, this error is expected. It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal.
- ### <a name="udr"></a>How do I handle deployment failures?
-Review any error messages and [raise a support request in the Azure portal](../azure-portal/supportability/how-to-create-azure-support-request.md) as needed. Deployment failures may result from [Azure subscription limits, quotas, and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md). Specifically, customers may encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.
+Review any error messages and [raise a support request in the Azure portal](../azure-portal/supportability/how-to-create-azure-support-request.md) as needed. Deployment failures can result from [Azure subscription limits, quotas, and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md). Specifically, customers might encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.
### <a name="dr"></a>How do I incorporate Azure Bastion in my Disaster Recovery plan?
-Azure Bastion is deployed within VNets or peered VNets, and is associated to an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site VNet. In the event of an Azure region failure, perform a failover operation for your VMs to the DR region. Then, use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.
+Azure Bastion is deployed within virtual networks or peered virtual networks, and is associated to an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site virtual network. If there is an Azure region failure, perform a failover operation for your VMs to the DR region. Then, use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.
+
+### <a name="move-virtual-network"></a>Does Bastion support moving a VNet to another resource group?
+
+No. If you move your virtual network to another resource group (even if it's in the same subscription), you'll need to first delete Bastion from virtual network, and then proceed to move the virtual network to the new resource group. Once the virtual network is in the new resource group, you can deploy Bastion to the virtual network.
### <a name="zone-redundant"></a>Does Bastion support zone redundancies?
-Currently, by default, new Bastion deployments don't support zone redundancies. Previously deployed bastions may or may not be zone-redundant. The exceptions are Bastion deployments in Korea Central and Southeast Asia, which do support zone redundancies.
+Currently, by default, new Bastion deployments don't support zone redundancies. Previously deployed bastions might or might not be zone-redundant. The exceptions are Bastion deployments in Korea Central and Southeast Asia, which do support zone redundancies.
### <a name="azure-ad-guests"></a>Does Bastion support Microsoft Entra guest accounts?
Yes, [Microsoft Entra guest accounts](../active-directory/external-identities/wh
No, custom domains aren't supported with Bastion shareable links. Users receive a certificate error upon trying to add specific domains in the CN/SAN of the Bastion host certificate.
-## <a name="vm"></a>VM features and connection FAQs
+## <a name="vm"></a>VM connection and available features FAQs
### <a name="roles"></a>Are any roles required to access a virtual machine?
In order to make a connection, the following roles are required:
Additionally, the user must have the rights (if required) to connect to the VM. For example, if the user is connecting to a Windows VM via RDP and isn't a member of the local Administrators group, they must be a member of the Remote Desktop Users group.
+### <a name="session"></a>Why do I get "Your session has expired" error message before the Bastion session starts?
+
+If you go to the URL directly from another browser session or tab, this error is expected. It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal. Sign in to the Azure portal and begin your session again.
+ ### <a name="publicip"></a>Do I need a public IP on my virtual machine to connect via Azure Bastion? No. When you connect to a VM using Azure Bastion, you don't need a public IP on the Azure virtual machine that you're connecting to. The Bastion service opens the RDP/SSH session/connection to your virtual machine over the private IP of your virtual machine, within your virtual network.
This feature doesn't work with AADJ VM extension-joined machines using Microsoft
### <a name="rdscal-compatibility"></a>Is Bastion compatible with VMs set up as RDS session hosts?
-Bastion does not support connecting to a VM that is set up as an RDS session host.
+Bastion doesn't support connecting to a VM that is set up as an RDS session host.
### <a name="keyboard"></a>Which keyboard layouts are supported during the Bastion remote session?
Currently, 1920x1080 (1080p) is the maximum supported resolution.
### <a name="timezone"></a>Does Azure Bastion support timezone configuration or timezone redirection for target VMs?
-Azure Bastion currently doesn't support timezone redirection and isn't timezone configurable. Timezone settings for a VM can be manually updated after successfully connecting to the Guest OS.
+Azure Bastion currently doesn't support timezone redirection and isn't timezone configurable. Timezone settings for a VM can be manually updated after successfully connecting to the Guest OS.
### <a name="disconnect"></a>Will an existing session disconnect during maintenance on the Bastion host?
-Yes, existing sessions on the target Bastion resource will disconnect during maintenance on the Bastion resource.
+Yes, existing sessions on the target Bastion resource will disconnect during maintenance on the Bastion resource.
+
+### I'm connecting to a VM using a JIT policy, do I need additional permissions?
+
+If user is connecting to a VM using a JIT policy, there are no additional permissions needed. For more information on connecting to a VM using a JIT policy, see [Enable just-in-time access on VMs](../defender-for-cloud/just-in-time-access-usage.md).
## <a name="peering"></a>VNet peering FAQs
Yes. By default, a user sees the Bastion host that is deployed in the same virtu
### If my peered VNets are deployed in different subscriptions, will connectivity via Bastion work?
-Yes, connectivity via Bastion will continue to work for peered VNets across different subscription for a single Tenant. Subscriptions across two different Tenants aren't supported. To see Bastion in the **Connect** drop down menu, the user must select the subs they have access to in **Subscription > global subscription**.
+Yes, connectivity via Bastion will continue to work for peered virtual networks across different subscription for a single Tenant. Subscriptions across two different Tenants aren't supported. To see Bastion in the **Connect** drop down menu, the user must select the subs they have access to in **Subscription > global subscription**.
:::image type="content" source="./media/bastion-faq/global-subscriptions.png" alt-text="Global subscriptions filter." lightbox="./media/bastion-faq/global-subscriptions.png"::: ### I have access to the peered VNet, but I can't see the VM deployed there.
-Make sure the user has **read** access to both the VM, and the peered VNet. Additionally, check under IAM that the user has **read** access to following resources:
+Make sure the user has **read** access to both the VM, and the peered virtual network. Additionally, check under IAM that the user has **read** access to following resources:
* Reader role on the virtual machine. * Reader role on the NIC with private IP of the virtual machine.
Make sure the user has **read** access to both the VM, and the peered VNet. Addi
|Microsoft.Network/virtualNetworks/subnets/virtualMachines/read|Gets references to all the virtual machines in a virtual network subnet|Action| |Microsoft.Network/virtualNetworks/virtualMachines/read|Gets references to all the virtual machines in a virtual network|Action|
-### I am connecting to a VM using a JIT policy, do I need additional permissions?
-
-If user is connecting to a VM using a JIT policy, there is no additional permissions needed. For more information on connecting to a VM using a JIT policy, see [Enable just-in-time access on VMs](../defender-for-cloud/just-in-time-access-usage.md)
-
-### My privatelink.azure.com can't resolve to management.privatelink.azure.com
-
-This may be due to the Private DNS zone for privatelink.azure.com linked to the Bastion virtual network causing management.azure.com CNAMEs to resolve to management.privatelink.azure.com behind the scenes. Create a CNAME record in their privatelink.azure.com zone for management.privatelink.azure.com to arm-frontdoor-prod.trafficmanager.net to enable successful DNS resolution.
--- ## Next steps For more information, see [What is Azure Bastion](bastion-overview.md).
chaos-studio Chaos Studio Configure Customer Managed Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/chaos-studio/chaos-studio-configure-customer-managed-keys.md
Title: Configure customer-managed keys [preview] for experiment encryption
+ Title: Configure customer-managed keys (preview) for experiment encryption
-description: Learn how to configure customer-managed keys (preview) for your Azure Chaos Studio experiment resource using Azure Blob Storage
+description: Learn how to configure customer-managed keys (preview) for your Azure Chaos Studio experiment resource by using Azure Blob Storage.
Last updated 10/06/2023
-# Configure customer-managed keys [preview] for Azure Chaos Studio using Azure Blob Storage
-
-Azure Chaos Studio automatically encrypts all data stored in your experiment resource with keys that Microsoft provides (service-managed keys). As an optional feature, you can add a second layer of security by also providing your own (customer-managed) encryption key(s). Customer-managed keys offer greater flexibility for controlling access and key-rotation policies.
-
-When you use customer-managed encryption keys, you need to specify a user-assigned managed identity (UMI) to retrieve the key. The UMI you create needs to match the UMI that you use for the Chaos Studio experiment.
-
-When configured, Azure Chaos Studio uses Azure Storage, which uses the customer-managed key to encrypt all of your experiment execution and result data within your own Storage account.
+# Configure customer-managed keys (preview) for Azure Chaos Studio by using Azure Blob Storage
+
+Azure Chaos Studio automatically encrypts all data stored in your experiment resource with service-managed keys that Microsoft provides. As an optional feature, you can add a second layer of security by also providing your own customer-managed encryption keys. Customer-managed keys (CMKs) offer greater flexibility for controlling access and key-rotation policies.
+
+When you use CMKs, you need to specify a user-assigned managed identity (UMI) to retrieve the key. The UMI you create must match the UMI that you use for the Chaos Studio experiment.
+
+When configured, Chaos Studio uses Azure Storage, which uses the CMK to encrypt all your experiment execution and result data within your own storage account.
## Prerequisites
-
+ - An Azure account with an active subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-
-- An existing user-assigned managed identity. For more information about creating a user-assigned managed identity, see [Manage user-assigned managed identities](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity).
+- An existing UMI. For more information about how to create a UMI, see [Manage user-assigned managed identities](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity).
+- A public-access-enabled storage account.
-- A public-access enabled Azure storage account
-
## Limitations
-
-- Azure Chaos Studio experiments can't automatically rotate the customer-managed key to use the latest version of the encryption key. You would do key rotation directly in your chosen Azure Storage account. --- You will need to use our **2023-10-27-preview REST API** to create and use CMK-enabled experiments ONLY. There is **no** support for CMK-enabled experiments in our GA-stable REST API until H1 2024. -- Azure Chaos Studio currently **only supports creating Chaos Studio Customer-Managed-Key experiments via the Command Line using our 2023-10-27-preview REST API**. As a result, you **cannot** create a Chaos Studio experiment with CMK enabled via the Azure portal. We plan to add this functionality in H1 of 2024.
+- Azure Chaos Studio experiments can't automatically rotate the CMK to use the latest version of the encryption key. You do key rotation directly in your chosen storage account.
+- You need to use our *2023-10-27-preview REST API* to create and use CMK-enabled experiments only. There's *no* support for CMK-enabled experiments in our general availability-stable REST API until H1 2024.
+- Chaos Studio currently *only supports creating Chaos Studio CMK experiments via the command line by using our 2023-10-27-preview REST API*. As a result, you *can't* create a Chaos Studio experiment with CMK enabled via the Azure portal. We plan to add this functionality in H1 of 2024.
+- The storage account must have *public access from all networks* enabled for Chaos Studio experiments to be able to use it. If you have a hard requirement from your organization, reach out to your CSA for potential solutions.
-- The storage account must have **public access from all networks** enabled for Azure Chaos Studio experiments to be able to use it. If you have a hard requirement from your organization, reach out to your CSA for potential solutions.
+## Configure your storage account
-## Configure your Azure storage account
-
-When creating and/or updating your storage account to use for a CMK experiment, you need to navigate to the encryption tab and set the Encryption type to Customer-managed keys (CMK) and fill out all required information.
+When you create or update your storage account to use it for a CMK experiment, you need to go to the **Encryption** tab and set **Encryption type** to **Customer-managed keys (CMK)** and fill out all the required information.
> [!NOTE]
-> The User-assigned managed identity that you use should match the one you use for the corresponding Chaos Studio CMK-enabled experiment.
-
-## Use customer-managed keys with Azure Chaos Studio
-
-You can only configure customer-managed encryption keys when you create a new Azure Chaos Studio experiment resource. When you specify the encryption key details, you also have to select a user-assigned managed identity to retrieve the key from Azure Key Vault.
+> The UMI that you use should match the one you use for the corresponding Chaos Studio CMK-enabled experiment.
+
+## Use customer-managed keys with Chaos Studio
+
+You can only configure customer-managed encryption keys when you create a new Chaos Studio experiment resource. When you specify the encryption key details, you also have to select a UMI to retrieve the key from Azure Key Vault.
> [!NOTE]
-> The UMI should be the SAME user-assigned managed identity you use with your Chaos Studio experiment resource, otherwise the Chaos Studio CMK experiment fails to Create/Update.
-
+> The UMI should be the *same* UMI you use with your Chaos Studio experiment resource. Otherwise, the Chaos Studio CMK experiment fails to create or update.
-# [Azure CLI](#tab/azure-cli)
+## Azure CLI
-
-The following code sample shows an example PUT command for creating or updating a Chaos Studio experiment resource to enable customer-managed keys:
+The following code sample shows an example `PUT` command for creating or updating a Chaos Studio experiment resource to enable CMKs.
> [!NOTE]
->The two parameters specific to CMK experiments are under the "CustomerDataStorage" block, in which we ask for the Subscription ID of the Azure Blob Storage Account you want to use to storage your experiment data and the name of the Blob Storage container to use or create.
-
+>The two parameters specific to CMK experiments are under the `CustomerDataStorage` block, in which we ask for the subscription ID of the Azure Blob Storage account that you want to use to store your experiment data and the name of the Blob Storage container to use or create.
+ ```HTTP PUT https://management.azure.com/subscriptions/<yourSubscriptionID>/resourceGroups/exampleRG/providers/Microsoft.Chaos/experiments/exampleExperiment?api-version=2023-10-27-preview
PUT https://management.azure.com/subscriptions/<yourSubscriptionID>/resourceGrou
} ``` ## Disable CMK on a Chaos Studio experiment
-
-If you run the same PUT command from the previous example on an existing CMK-enabled experiment resource, but leave the fields in "customerDataStorage" empty, CMK is disabled on an experiment.
-## Re-enable CMK on a Chaos Studio experiment
-
-If you run the same PUT command from the previous example on an existing experiment resource using the 2023-10-27-preview REST API and populate the fields in "customerDataStorage", CMK is re-enabled on an experiment.
+If you run the same `PUT` command from the previous example on an existing CMK-enabled experiment resource, but you leave the fields in `customerDataStorage` empty, CMK is disabled on an experiment.
+
+## Reenable CMK on a Chaos Studio experiment
+
+If you run the same `PUT` command from the previous example on an existing experiment resource by using the 2023-10-27-preview REST API and populate the fields in `customerDataStorage`, CMK is reenabled on an experiment.
## Change the user-assigned managed identity for retrieving the encryption key
-
-You can change the managed identity for customer-managed keys for an existing Chaos Studio experiment at any time. The outcome would be identical to updating the User-assigned Managed identity for any Chaos Studio experiment.
+
+You can change the managed identity for CMKs for an existing Chaos Studio experiment at any time. The outcome would be identical to updating the UMI for any Chaos Studio experiment.
> [!NOTE]
->If the User-Assigned Managed Identity does NOT have the correct permissions to retrieve the CMK from your key vault and write to the Blob Storage, the PUT command to update the UMI fails.
+>If the UMI does *not* have the correct permissions to retrieve the CMK from your key vault and write to Blob Storage, the `PUT` command to update the UMI fails.
### List whether an experiment is CMK-enabled or not
-
-Using the "Get Experiment" command from the 2023-10-27-preview REST API, the response shows you whether the "CustomerDataStorage" properties have been populated or not, which is how you can tell whether an experiment has CMK enabled or not.
-
-## Update the customer-managed encryption key being used by your Azure Storage Account
-
-You can change the key that you're using at any time, since Azure Chaos Studio is using your own Azure Storage account for encryption using your CMK.
+When you use the `Get Experiment` command from the 2023-10-27-preview REST API, the response shows you whether the `CustomerDataStorage` properties were populated or not. In this way, you can tell whether an experiment is CMK enabled or not.
+
+## Update the customer-managed encryption key being used by your storage account
+
+You can change the key that you're using at any time because Chaos Studio is using your own storage account for encryption by using your CMK.
-
## Frequently asked questions
-
+
+Here are some answers to common questions.
+ ### Is there an extra charge to enable customer-managed keys?
-
-While there's no charge associated directly from Azure Chaos Studio, the use of Azure Blob Storage and Azure Key Vault could carry some additional cost subject to those services' individual pricing.
-
-### Are customer-managed keys supported for existing Azure Chaos Studio experiments?
-
-This feature is currently only available for Azure Chaos Studio experiments created using our **2023-10-27-preview** REST API.
+
+There's no charge associated directly from Chaos Studio. The use of Blob Storage and Key Vault might carry extra cost subject to those services' individual pricing.
+
+### Are customer-managed keys supported for existing Chaos Studio experiments?
+
+This feature is currently only available for Chaos Studio experiments created by using our 2023-10-27-preview REST API.
chaos-studio Chaos Studio Private Link Agent Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/chaos-studio/chaos-studio-private-link-agent-service.md
Title: Set up Private Link for a Chaos Studio agent-based experiment [Preview]
-description: Understand the steps to set up a chaos experiment using private link for agent-based experiments
+ Title: Set up Private Link for a Chaos Studio agent-based experiment (preview)
+description: Understand the steps to set up a chaos experiment by using Azure Private Link for agent-based experiments.
-# How-to: Configure Private Link for Agent-Based experiments [Preview]
+# Configure Private Link for agent-based experiments (preview)
-This guide explains the steps needed to configure Private Link for a Chaos Studio **Agent-based** Experiment [Preview]. The current user experience is based on the private endpoints support enabled as part of public preview of the private endpoints feature. Expect this experience to evolve with time as the feature is enhanced to GA quality, as it is currently in **preview**.
+This article explains the steps needed to configure Azure Private Link for an Azure Chaos Studio agent-based experiment (preview). The current user experience is based on the private endpoints support that's enabled as part of the public preview of the private endpoints feature. Expect this experience to evolve with time as the feature is enhanced to general availability (GA) quality. It's currently in preview.
## Prerequisites
-1. An Azure account with an active subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-2. First define your agent-based experiment by following the steps found [here](chaos-studio-tutorial-agent-based-portal.md).
+- An Azure account with an active subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+- Define your agent-based experiment by following the steps in [Create a chaos experiment that uses an agent-based fault with the Azure portal](chaos-studio-tutorial-agent-based-portal.md).
> [!NOTE]
-> If the target resource was created using the portal, then the chaos agent VM extension will be austomatically installed on the host VM. If the target is enabled using the CLI, then follow the Chaos Studio documentation to install the VM extension first on the virtual machine. Until you complete the private endpoint setup, the VM extension will be reporting an unhealthy state. This is expected.
+> If the target resource was created by using the Azure portal, the Chaos Agent virtual machine (VM) extension is automatically installed on the host VM. If the target is enabled by using the Azure CLI, follow the Chaos Studio documentation to install the VM extension first on the VM. Until you finish the private endpoint setup, the VM extension reports an unhealthy state. This behavior is expected.
<br/> ## Limitations -- You'll need to use our **2023-10-27-preview REST API** to create and use private link for agent-based experiments ONLY. There's **no** support for private link for agent-based experiments in our GA-stable REST API until H1 2024.
+- You need to use our *2023-10-27-preview REST API* to create and use Private Link for agent-based experiments only. There's *no* support for Private Link for agent-based experiments in our GA-stable REST API until H1 2024.
+- The entire end-to-end experience for this flow requires some use of the CLI. The current end-to-end experience can't be done from the Azure portal.
+- The **Chaos Studio Private Accesses (CSPA)** resource type has a strict 1:1 mapping of Chaos Target:CSPA Resource (abstraction for private endpoint). We allow only *five CSPA resources to be created per subscription* to maintain the expected experience for all our customers.
-- The entire end-to-end for this flow requires some use of the CLI. The current end-to-end experience cannot be done from the Azure portal currently.
+## Create a Chaos Studio Private Access resource
-- The **Chaos Studio Private Accesses (CSPA)** resource type has a **strict 1:1 mapping of Chaos Target:CSPA Resource (abstraction for private endpoint).**.** We only allow **5 CSPA resources to be created per Subscription** to maintain the expected experience for all of our customers.
-
-## Step 1: Create a Chaos Studio Private Access (CSPA) resource
+To use private endpoints for agent-based chaos experiments, you need to create a new resource type called Chaos Studio Private Accesses. CSPA is the resource against which the private endpoints are created.
-To use Private endpoints for agent-based chaos experiments, you need to create a new resource type called **Chaos Studio Private Accesses**. CSPA is the resource against which the private endpoints are created.
-
-> [!NOTE]
-> Currently this resource can **only be created from the CLI**. See the example code for how to do this:
+Currently, this resource can *only be created from the CLI*. See the following example code for how to create this resource type:
```AzCLI az rest --verbose --skip-authorization-header --header "Authorization=Bearer $accessToken" --uri-parameters api-version=2023-10-27-preview --method PUT --uri "https://centraluseuap.management.azure.com/subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Chaos/privateAccesses/<CSPAResourceName>?api-version=2023-10-27-preview" --body '
az rest --verbose --skip-authorization-header --header "Authorization=Bearer $ac
| Name |Required | Type | Description | |-|-|-|-|
-|subscriptionID|True|String|GUID that represents an Azure subscription ID|
-|resourceGroupName|True|String|String that represents an Azure resource group|
-|CSPAResourceName|True|String|String that represents the name you want to give your Chaos Studio Private Access Resource|
-|resourceLocation|True|String|Location you want the resource to be hosted (must be a support region by Chaos Studio)|
-
+|subscriptionID|True|String|GUID that represents an Azure subscription ID.|
+|resourceGroupName|True|String|String that represents an Azure resource group.|
+|CSPAResourceName|True|String|String that represents the name you want to give your Chaos Studio Private Access resource.|
+|resourceLocation|True|String|Location where you want the resource to be hosted (must be a support region by Chaos Studio).|
-## Step 2: Create your Virtual Network, Subnet, and Private Endpoint
+## Create your virtual network, subnet, and private endpoint
-[Set up your desired Virtual Network, Subnet, and Endpoint](../private-link/create-private-endpoint-portal.md) for the experiment if you haven't already.
+[Set up your desired virtual network, subnet, and endpoint](../private-link/create-private-endpoint-portal.md) for the experiment if you haven't already.
-Make sure you attach it to the same VM's VNET. Screenshots provide examples of creating the VNET, Subnet and Private Endpoint. It's important to note that you need to set the "Resource Type" to "Microsoft.Chaos/privateAccesses" as seen in the screenshot.
+Make sure you attach it to the same VM's virtual network. Screenshots provide examples of creating the virtual network, subnet, and private endpoint. You need to set **Resource type** to **Microsoft.Chaos/privateAccesses** as seen in the screenshot.
-[![Screenshot of resource tab of private endpoint creation.](images/resource-private-endpoint.png)](images/resource-private-endpoint.png#lightbox)
+[![Screenshot that shows the Resource tab of private endpoint creation.](images/resource-private-endpoint.png)](images/resource-private-endpoint.png#lightbox)
-[![Screenshot of VNET tab of private endpoint creation.](images/resource-vnet-cspa.png)](images/resource-vnet-cspa.png#lightbox)
+[![Screenshot that shows the Virtual Network tab of private endpoint creation.](images/resource-vnet-cspa.png)](images/resource-vnet-cspa.png#lightbox)
+## Map the agent host VM to the CSPA resource
-## Step 3: Map the agent host VM to the CSPA resource
-
-Find the Target "Resource ID" by making a GetTarget call:
+Find the target `Resource ID` by making a `GetTarget` call:
```AzCLI GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{parentProviderNamespace}/{parentResourceType}/{parentResourceName}/providers/Microsoft.Chaos/targets/{targetName}?api-version=2023-10-27-preview
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{
<br/>
-The GET command returns a large response. Note this response. We use this response and modify it before running a "PUT Target" command to map the two resources.
+The `GET` command returns a large response. Note this response. We use this response and modify it before running a `PUT Target` command to map the two resources.
<br/>
-Invoke a "PUT Target" command using this response. You need to append **TWO ADDITIONAL FIELDS** to the body of the PUT command before running it.
+Invoke a `PUT Target` command by using this response. You need to append *two more fields* to the body of the `PUT` command before you run it.
-These extra fields are shown below:
+These extra fields are shown here:
``` "privateAccessId": "subscriptions/<subID>/...
These extra fields are shown below:
}, ```
-Here's an example block for what the "PUT Target" command should look like and the fields that you would need to fill out:
+Here's an example block for what the `PUT Target` command should look like and the fields that you would need to fill out:
> [!NOTE]
-> The body should be copied from the previous GET command. You'll need to manually append the "privateAccessID" and "allowPublicAccess" fields.
+> Copy the body from the previous `GET` command. You need to manually append the `privateAccessID` and `allowPublicAccess` fields.
```AzCLI
az rest --verbose --skip-authorization-header --header "Authorization=Bearer $ac
``` > [!NOTE]
-> The PrivateAccessID should exactly match the "resourceID" used to create the CSPA resource in Step 1.
+> The `PrivateAccessID` value should exactly match the `resourceID` value that you used to create the CSPA resource in the earlier section **Create a Chaos Studio Private Access resource**.
-## Step 4: Restart the Azure Chaos Agent service in the VM
+## Restart the Azure Chaos Agent service in the VM
-After making all the required changes to the host, restart the Azure Chaos Agent Service in the VM
+After you make all the required changes to the host, restart the Azure Chaos Agent service in the VM.
### Windows
-[![Screenshot of restarting Windows VM.](images/restart-windows-vm.png)](images/restart-windows-vm.png#lightbox)
+[![Screenshot that shows restarting the Windows VM.](images/restart-windows-vm.png)](images/restart-windows-vm.png#lightbox)
### Linux
For Linux, run the following command from the CLI:
Systemctl restart azure-chaos-agent ```
-[![Screenshot of restarting Linux VM.](images/restart-linux-vm.png)](images/restart-linux-vm.png#lightbox)
-
-## Step 5: Run your Agent-based experiment using private endpoints
+[![Screenshot that shows restarting the Linux VM.](images/restart-linux-vm.png)](images/restart-linux-vm.png#lightbox)
-After the restart, the Chaos agent should be able to communicate with the Agent Communication data plane service and the agent registration to the data plane should be successful. After successful registration, the agent will be able to heartbeat its status and you can go ahead and run the chaos agent-based experiments using private endpoints!
+## Run your agent-based experiment by using private endpoints
+After the restart, Azure Chaos Agent should be able to communicate with the Agent Communication data plane service, and the agent registration to the data plane should be successful. After successful registration, the agent can indicate its status with a heartbeat. Then you can proceed to run the Azure Chaos Agent-based experiments by using private endpoints.
communication-services Calling Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/voice-video-calling/calling-sdk-features.md
The Azure Communication Services Calling SDK support up to the following video r
| **Receiving video** | 1080P | 1080P | 1080P | 1080P | | **Sending video** | 720P | 720P | 720P | 1080P |
-The resolution can vary depending on the number of participants on a call, the amount of bandwidth available to the client, and other overall call parameters. Read
+The resolution can vary depending on the number of participants on a call, the amount of bandwidth available to the client, and other overall call parameters.
## Number of participants on a call support - Up to 350 users can join a group call, Room or Teams + ACS call. The maximum number of users that can join through WebJS calling SDK or Teams web client is capped at 100 participants, the remaining calling end point will need to join using Android, iOS, or Windows calling SDK or related Teams desktop or mobile client apps.
communication-services Get Started Live Stream https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/voice-video-calling/get-started-live-stream.md
- Title: Quickstart - Add live stream to your app-
-description: In this quickstart, you learn how to add live stream calling capabilities to your app using Azure Communication Services.
---- Previously updated : 06/30/2022------
-# Live stream quick start
-
-Live streaming empower Contoso to engage thousands of online attendees by adding interactive live audio and video streaming functionality into their web and mobile applications that their audiences love, no matter where they are.
-
-Interactive Live Streaming is the ability to broadcast media content to thousands of online attendees while enable some attendees to share their live audio and video, interact via chat, and engage with metadata content such as reactions, polls, quizzes, ads, etc.
-
-## Prerequisites
--- [Rooms](../rooms/get-started-rooms.md) meeting is needed for role-based streaming.-- The quick start examples here are available with the preview version [1.11.0-alpha.20230124.1](https://www.npmjs.com/package/@azure/communication-calling/v/1.11.0-alpha.20230124.1) of the calling Web SDK. Make sure to use that or higher version when trying this quick start.-
-## Live streaming with Rooms
-Room participants can be assigned one of the following roles: **Presenter**, **Attendee** and **Consumer**. By default, a user is assigned an **Consumer** role, if no other role is assigned.
-
-Participants with `Consumer` role receive only the live stream. They're not able to speak or share video or screen. Developers shouldn't show the unmute, share video, and screen option to end users/consumers. Live stream supports both open and closed Rooms. In Open Rooms, the default role is `Consumer`.
-On the other hand, Participants with other roles receive both real-time and live stream. Developers can choose either stream to play.
-Check [participant roles and permissions](../../concepts/rooms/room-concept.md#predefined-participant-roles-and-permissions) to know more about the roles capabilities.
-
-### Place a Rooms call (start live streaming)
-Live streaming start when the Rooms call starts.
-
-```js
-const context = { roomId: '<RoomId>' }
-
-const call = callAgent.join(context);
-```
-
-### Receive live stream
-Contoso can use the `Features.LiveStream` to get the live stream and play it.
-
-```typescript
-call.feature(Features.LiveStream).on('liveStreamsUpdated', e => {
- // Subscribe to new live video streams that were added.
- e.added.forEach(liveVideoStream => {
- subscribeToLiveVideoStream(liveVideoStream)
- });
- // Unsubscribe from live video streams that were removed.
- e.removed.forEach(liveVideoStream => {
- console.log('Live video stream was removed.');
- }
-);
-
-const subscribeToLiveVideoStream = async (liveVideoStream) => {
- // Create a video stream renderer for the live video stream.
- let videoStreamRenderer = new VideoStreamRenderer(liveVideoStream);
- let view;
- const renderVideo = async () => {
- try {
- // Create a renderer view for the live video stream.
- view = await videoStreamRenderer.createView();
- // Attach the renderer view to the UI.
- liveVideoContainer.hidden = false;
- liveVideoContainer.appendChild(view.target);
- } catch (e) {
- console.warn(`Failed to createView, reason=${e.message}, code=${e.code}`);
- }
- }
-
- // Live video stream is available during initialization.
- await renderVideo();
-};
-
-```
-
-### Count participants in both real-time and streaming media lane
-Web SDK already exposes `Call.totalParticipantCount` (available in beta release) which includes all participants count (Presenter, Attendee, Consumer, Participants in the lobby etc.). We've added a new API `Call.feature(Features.LiveStream).participantCount` under the `LiveStream` feature to have the count of streaming participants. `Call.feature(Features.LiveStream).participantCount` represents the number of participants receiving the streaming media only.
-
-```typescript
-call.feature(Features.LiveStream).on('participantCountChanged', e => {
- // Get current streaming participant count.
- Call.feature(Features.LiveStream).participantCount;
-);
-```
-
-`call.feature(Features.LiveStream).participantCount` represents the total count of participants in streaming media lane. Contoso can find out the count of participants in real-time media lane by subtracting from the total participants. So, number of real-time media participants = `call.totalParticipantCount` - `call.feature(Features.LiveStream).participantCount`.
-
-## Next steps
-For more information, see the following articles:
--- Check out our [calling hero sample](../../samples/calling-hero-sample.md)-- Get started with the [UI Library](../../concepts/ui-library/ui-library-overview.md)-- Learn about [Calling SDK capabilities](./getting-started-with-calling.md?pivots=platform-web)-- Learn more about [how calling works](../../concepts/voice-video-calling/about-call-types.md)
container-registry Container Registry Artifact Streaming https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-artifact-streaming.md
Title: "Artifact streaming in Azure Container Registry (Preview)" description: "Artifact streaming is a feature in Azure Container Registry to enhance and supercharge managing, scaling, and deploying artifacts through containerized platforms." - -
+zone_pivot_groups: container-registry-zones
Previously updated : 12/14/2023
-# Customer intent: As a developer, I want artifact streaming capabilities so that I can efficiently deliver and serve containerized applications to end-users in real-time.
Last updated : 02/26/2024
+ai-usage: ai-assisted
+
+#customer intent: As a developer, I want artifact streaming capabilities so that I can efficiently deliver and serve containerized applications to end-users in real-time.
# Artifact streaming in Azure Container Registry (Preview)
Artifact streaming is a feature in Azure Container Registry that allows you to s
Here are few scenarios to use artifact streaming:
-**Deploying containerized applications to multiple regions**: With artifact streaming, you can store container images within a single registry and manage and stream container images to AKS clusters in multiple regions. artifact streaming deploys container applications to multiple regions without consuming time and resources.
+**Deploying containerized applications to multiple regions**: With artifact streaming, you can store container images within a single registry and manage and stream container images to AKS clusters in multiple regions. Artifact streaming deploys container applications to multiple regions without consuming time and resources.
-**Reducing image pull latency**: Artifact streaming can reduce time to pod readiness by over 15%, depending on the size of the image, and it works best for images < 30GB. This feature reduces image pull latency and fast container startup, which is beneficial for software developers and system architects.
+**Reducing image pull latency**: Artifact streaming can reduce time to pod readiness by over 15%, depending on the size of the image, and it works best for images < 30 GB. This feature reduces image pull latency and fast container startup, which is beneficial for software developers and system architects.
**Effective scaling of containerized applications**: Artifact streaming provides the opportunity to design, build, and deploy containerized applications at a high scale.
Here are some brief aspects of artifact streaming:
* Customers with new and existing registries can start artifact streaming for specific repositories or tags.
-* Once artifact streaming is started, the original and the streaming artifact will be stored in the customerΓÇÖs ACR.
+* Customers are able to store both the original and the streaming artifact in the ACR by starting artifact streaming.
-* If the user decides to turn off artifact streaming for repositories or artifacts, the streaming and the original artifact will still be present.
+* Customers have access to the original and the streaming artifact even after turning off artifact streaming for repositories or artifacts.
-* If a customer deletes a repository or artifact with artifact streaming and Soft Delete enabled, then both the original and artifact streaming versions will be deleted. However, only the original version will be available on the soft delete blade.
+* Customers with artifact streaming and Soft Delete enabled, deletes a repository or artifact then both the original and artifact streaming versions are deleted. However, only the original version is available on the soft delete portal.
## Availability and pricing information
-Artifact streaming is only available in the **Premium** SKU [service tiers](container-registry-skus.md). Please note that artifact streaming may increase the overall registry storage consumption and customers may be subjected to additional storage charges as outlined in our [pricing](https://azure.microsoft.com/pricing/details/container-registry/) if the consumption exceeds the included 500 GiB Premium SKU threshold.
+Artifact streaming is only available in the **Premium** [service tiers](container-registry-skus.md) (also known as SKUs). Artifact streaming has potential to increase the overall registry storage consumption. Customers are subjected to more storage charges as outlined in our [pricing](https://azure.microsoft.com/pricing/details/container-registry/) if the consumption exceeds the included 500 GiB Premium SKU threshold.
## Preview limitations Artifact streaming is currently in preview. The following limitations apply: * Only images with Linux AMD64 architecture are supported in the preview release.
-* The preview release doesn't support Windows-based container images, and ARM64 images.
-* The preview release partially support multi-architecture images, only the AMD64 architecture is supported.
+* The preview release doesn't support Windows-based container images and ARM64 images.
+* The preview release partially support multi-architecture images only the AMD64 architecture is supported.
* For creating Ubuntu based node pool in AKS, choose Ubuntu version 20.04 or higher. * For Kubernetes, use Kubernetes version 1.26 or higher or Kubernetes version > 1.25.
-* Only premium SKU registries support generating streaming artifacts in the preview release. The non-premium SKU registries do not offer this functionality during the preview.
+* Only premium SKU registries support generating streaming artifacts in the preview release. The nonpremium SKU registries don't offer this functionality during the preview.
* The CMK (Customer-Managed Keys) registries are NOT supported in the preview release. * Kubernetes regcred is currently NOT supported. ## Prerequisites
-* You can use the [Azure Cloud Shell][Azure Cloud Shell] or a local installation of the Azure CLI to run the command examples in this article. If you'd like to use it locally, version 2.54.0 or later is required. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][Install Azure CLI].
+* You can use the [Azure Cloud Shell][Azure Cloud Shell] or a local installation of the Azure CLI to run the command examples in this article. If you'd like to use it locally, version 2.54.0 or later is required. Run `az --version` for finding the version. If you need to install or upgrade, see [Install Azure CLI][Install Azure CLI].
* Sign in to the [Azure portal](https://ms.portal.azure.com/). + ## Start artifact streaming Start artifact streaming with a series with Azure CLI commands and Azure portal for pushing, importing, and generating streaming artifacts for container images in an Azure Container Registry (ACR). These instructions outline the process for creating a *Premium* [SKU](container-registry-skus.md) ACR, importing an image, generating a streaming artifact, and managing the artifact streaming operation. Make sure to replace the placeholders with your actual values where necessary.
+<!-- markdownlint-disable MD044 -->
+<!-- markdownlint-enable MD044 -->
+ ### Push/Import the image and generate the streaming artifact - Azure CLI Artifact streaming is available in the **Premium** container registry service tier. To start Artifact streaming, update a registry using the Azure CLI (version 2.54.0 or above). To install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
Start artifact streaming, by following these general steps:
5. Cancel the artifact streaming creation (if needed)
- Cancel the streaming artifact creation if the conversion is not finished yet. It will stop the operation.
+ Cancel the streaming artifact creation if the conversion isn't finished yet. It stops the operation.
For example, run the [az acr artifact-streaming operation cancel][az-acr-artifact-streaming-operation-cancel] command to cancel the conversion operation for the `jupyter/all-spark-notebook:latest` image in the `mystreamingtest` ACR.
Start artifact streaming, by following these general steps:
az acr artifact-streaming operation cancel --repository jupyter/all-spark-notebook --id c015067a-7463-4a5a-9168-3b17dbe42ca3 ```
-6. Start auto-conversion on the repository
+6. Start autoconversion on the repository
- Start auto-conversion in the repository for newly pushed or imported images. When started, new images pushed into that repository will trigger the generation of streaming artifacts.
+ Start autoconversion in the repository for newly pushed or imported images. When started, new images pushed into that repository trigger the generation of streaming artifacts.
>[!NOTE] > Auto-conversion does not apply to existing images. Existing images can be manually converted.
- For example, run the [az acr artifact-streaming update][az-acr-artifact-streaming-update] command to start auto-conversion for the `jupyter/all-spark-notebook` repository in the `mystreamingtest` ACR.
+ For example, run the [az acr artifact-streaming update][az-acr-artifact-streaming-update] command to start autoconversion for the `jupyter/all-spark-notebook` repository in the `mystreamingtest` ACR.
```azurecli-interactive az acr artifact-streaming update --repository jupyter/all-spark-notebook --enable-streaming true
Start artifact streaming, by following these general steps:
az acr artifact-streaming operation show --image jupyter/all-spark-notebook:newtag ``` +++ >[!NOTE] > Artifact streaming can work across regions, regardless of whether geo-replication is started or not. > Artifact streaming can work through a private endpoint and attach to it.
+<!-- markdownlint-disable MD044 -->
+<!-- markdownlint-enable MD044 -->
+ ### Push/Import the image and generate the streaming artifact - Azure portal Artifact streaming is available in the *premium* [SKU](container-registry-skus.md) Azure Container Registry. To start artifact streaming, update a registry using the Azure portal.
Follow the steps to create artifact streaming in the [Azure portal](https://port
> [!div class="mx-imgBorder"] > [![A screenshot of Azure portal with the streaming artifact highlighted.](./media/container-registry-artifact-streaming/02-artifact-streaming-generated-inline.png)](./media/container-registry-artifact-streaming/02-artifact-streaming-generated-expanded.png#lightbox)
-6. You can also delete the artifact streaming from the repository blade.
+6. You can also delete the artifact streaming from the repository.
> [!div class="mx-imgBorder"] > [![A screenshot of Azure portal with the delete artifact streaming button highlighted.](./media/container-registry-artifact-streaming/04-delete-artifact-streaming-inline.png)](./media/container-registry-artifact-streaming/04-delete-artifact-streaming-expanded.png#lightbox)
-7. You can also enable auto-conversion on the repository blade. Active means auto-conversion is enabled on the repository. Inactive means auto-conversion is disabled on the repository.
+7. You can also enable autoconversion by accessing the repository on portal. Active means autoconversion is enabled on the repository. Inactive means autoconversion is disabled on the repository.
> [!div class="mx-imgBorder"] > [![A screenshot of Azure portal with the start artifact streaming button highlighted.](./media/container-registry-artifact-streaming/03-start-artifact-streaming-inline.png)](./media/container-registry-artifact-streaming/03-start-artifact-streaming-expanded.png#lightbox)
Follow the steps to create artifact streaming in the [Azure portal](https://port
> [!NOTE] > The state of artifact streaming in a repository (inactive or active) determines whether newly pushed compatible images will be automatically converted. By default, all repositories are in an inactive state for artifact streaming. This means that when new compatible images are pushed to the repository, artifact streaming will not be triggered, and the images will not be automatically converted. If you want to start automatic conversion of newly pushed images, you need to set the repository's artifact streaming to the active state. Once the repository is in the active state, any new compatible container images that are pushed to the repository will trigger artifact streaming. This will start the automatic conversion of those images. +++ ## Next steps > [!div class="nextstepaction"]
-> [Troubleshoot artifact streaming](troubleshoot-artifact-streaming.md)
+> [Troubleshoot Artifact streaming](troubleshoot-artifact-streaming.md)
<!-- LINKS - External --> [Install Azure CLI]: /cli/azure/install-azure-cli
container-registry Troubleshoot Artifact Streaming https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/troubleshoot-artifact-streaming.md
Title: "Troubleshoot artifact streaming"
-description: "Troubleshoot artifact streaming in Azure Container Registry to diagnose and resolve with managing, scaling, and deploying artifacts through containerized platforms."
+ Title: "Troubleshoot Artifact streaming"
+description: "Troubleshoot Artifact streaming in Azure Container Registry to diagnose and resolve with managing, scaling, and deploying artifacts through containerized platforms."
Last updated 10/31/2023
-# Troubleshoot artifact streaming
+# Troubleshoot Artifact streaming
The troubleshooting steps in this article can help you resolve common issues that you might encounter when using artifact streaming in Azure Container Registry (ACR). These steps and recommendations can help diagnose and resolve issues related to artifact streaming as well as provide insights into the underlying processes and logs for debugging purposes.
The troubleshooting steps in this article can help you resolve common issues tha
* Conversion operation failed due to an unknown error. * Troubleshooting Failed AKS Pod Deployments. * Pod conditions indicate "UpgradeIfStreamableDisabled."
-* Using Digest Instead of Tag for Streaming Artifact
+* Digest usage instead of Tag for Streaming Artifact.
## Causes
The troubleshooting steps in this article can help you resolve common issues tha
| Error Code | Error Message | Troubleshooting Info | | | - | | | UNKNOWN_ERROR | Conversion operation failed due to an unknown error. | Caused by an internal error. A retry helps here. If retry is unsuccessful, contact support. |
-| RESOURCE_NOT_FOUND | Conversion operation failed because target resource isn't found. | If the target image isn't found in the registry. Verify typos in the image digest, if the image is deleted, or missing in the target region (replication consistency is not immediate for example) |
-| UNSUPPORTED_PLATFORM | Conversion is not currently supported for image platform. | Only linux/amd64 images are initially supported. |
-| NO_SUPPORTED_PLATFORM_FOUND | Conversion is not currently supported for any of the image platforms in the index. | Only linux/amd64 images are initially supported. No image with this platform is found in the target index. |
-| UNSUPPORTED_MEDIATYPE | Conversion is not supported for the image MediaType. | Conversion can only target images with media type: application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.list.v2+json |
+| RESOURCE_NOT_FOUND | Conversion operation failed because target resource isn't found. | If the target image isn't found in the registry, verify typos in the image digest. If the image is deleted, or missing in the target region (replication consistency isn't immediate for example) |
+| UNSUPPORTED_PLATFORM | Conversion isn't currently supported for image platform. | Only linux/amd64 images are initially supported. |
+| NO_SUPPORTED_PLATFORM_FOUND | Conversion isn't currently supported for any of the image platforms in the index. | Only linux/amd64 images are initially supported. No image with this platform is found in the target index. |
+| UNSUPPORTED_MEDIATYPE | Conversion isn't supported for the image MediaType. | Conversion can only target images with media type: application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.docker.distribution.manifest.v2+json, or application/vnd.docker.distribution.manifest.list.v2+json |
| UNSUPPORTED_ARTIFACT_TYPE | Conversion isn't supported for the image ArtifactType. | Streaming Artifacts (Artifact type: application/vnd.azure.artifact.streaming.v1) can't be converted again. | | IMAGE_NOT_RUNNABLE | Conversion isn't supported for nonrunnable images. | Only linux/amd64 runnable images are initially supported. | ## Troubleshooting Failed AKS Pod Deployments
-If AKS pod deployment fails with an error related to image pulling, like the following example
+If AKS pod deployment fails with an error related to image pulling, like the following example.
```bash Failed to pull image "mystreamingtest.azurecr.io/jupyter/all-spark-notebook:latest":
failed to resolve reference "mystreamingtest.azurecr.io/jupyter/all-spark-notebo
unexpected status from HEAD request to http://localhost:8578/v2/jupyter/all-spark-notebook/manifests/latest?ns=mystreamingtest.azurecr.io:503 Service Unavailable ```
-To troubleshoot this issue, you should check the following:
+To troubleshoot this issue, you should check the following guidelines:
-1. Verify if the AKS has permissions to access the container registry `mystreamingtest.azurecr.io`
+1. Verify if the AKS has permissions to access the container registry `mystreamingtest.azurecr.io`.
1. Ensure that the container registry `mystreamingtest.azurecr.io` is accessible and properly attached to AKS. ## Checking for "UpgradeIfStreamableDisabled" Pod Condition:
copilot Build Infrastructure Deploy Workloads https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/copilot/build-infrastructure-deploy-workloads.md
Title: Build infrastructure and deploy workloads using Microsoft Copilot for Azure (preview) description: Learn how Microsoft Copilot for Azure (preview) can help you build custom infrastructure for your workloads and provide templates and scripts to help you deploy. Previously updated : 01/18/2024 Last updated : 02/26/2024
Throughout a conversation, Microsoft Copilot for Azure (preview) asks you questi
To get help building infrastructure and deploying workloads, start on the [More virtual machines and related solutions](https://portal.azure.com/#view/Microsoft_Azure_SolutionCenter/SolutionGroup.ReactView/groupid/defaultLandingVmBrowse) page in the Azure portal. You can reach this page from **Virtual machines** by selecting the arrow next to **Create**, then selecting **More VMs and related solutions**. Once you're there, start the conversation by letting Microsoft Copilot for Azure (preview) know what you want to build and deploy.
cosmos-db Change Feed Modes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/change-feed-modes.md
The response object is an array of items that represent each change. The array l
},ΓÇ» "metadata": { "lsn": <A number that represents the batch ID. Many items can have the same lsn.>,
- "changeType": <The type of change, either 'create', 'replace', or 'delete'.>,
+ "operationType": <The type of change, either 'create', 'replace', or 'delete'.>,
"previousImageLSN" : <A number that represents the batch ID of the change prior to this one.>, "timeToLiveExpired" : <For delete changes, it will be 'true' if it was deleted due to a TTL expiration and 'false' if it wasn't.>, "crts": <A number that represents the Conflict Resolved Timestamp. It has the same format as _ts.>
cosmos-db Query Metrics Performance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query-metrics-performance.md
# Get SQL query execution metrics and analyze query performance using .NET SDK [!INCLUDE[NoSQL](../includes/appliesto-nosql.md)]
-This article presents how to profile SQL query performance on Azure Cosmos DB using [ServerSideCumulativeMetrics](/dotnet/api/microsoft.azure.cosmos.serversidecumulativemetrics) retrieved from the .NET SDK. `ServerSideCumulativeMetrics` is a strongly typed object with information about the backend query execution. It contains cumulative metrics that are aggregated across all physical partitions for the request, and a list of metrics for each physical partition. These metrics are documented in more detail in the [Tune Query Performance](./query-metrics.md#query-execution-metrics) article.
+This article presents how to profile SQL query performance on Azure Cosmos DB using [ServerSideCumulativeMetrics](/dotnet/api/microsoft.azure.cosmos.serversidecumulativemetrics) retrieved from the .NET SDK. `ServerSideCumulativeMetrics` is a strongly typed object with information about the backend query execution. It contains cumulative metrics that are aggregated across all physical partitions for the request, a list of metrics for each physical partition, and the total request charge. These metrics are documented in more detail in the [Tune Query Performance](./query-metrics.md#query-execution-metrics) article.
## Get query metrics
DoSomeLogging(totalTripsExecutionTime);
### Partitioned Metrics
-`ServerSideCumulativeMetrics` contains a `PartitionedMetrics` property that is a list of per-partition metrics for the round trip. If multiple physical partitions are reached in a single round trip, then metrics for each of them appear in the list. Partitioned metrics are represented as [ServerSidePartitionedMetrics](/dotnet/api/microsoft.azure.cosmos.serversidepartitionedmetrics) with a unique identifier for each physical partition.
+`ServerSideCumulativeMetrics` contains a `PartitionedMetrics` property that is a list of per-partition metrics for the round trip. If multiple physical partitions are reached in a single round trip, then metrics for each of them appear in the list. Partitioned metrics are represented as [ServerSidePartitionedMetrics](/dotnet/api/microsoft.azure.cosmos.serversidepartitionedmetrics) with a unique identifier for each physical partition and request charge for that partition.
```csharp // Retrieve the ServerSideCumulativeMetrics object from the FeedResponse
foreach(var partitionGroup in groupedPartitionMetrics)
## Get the query request charge
-You can capture the request units consumed by each query to investigate expensive queries or queries that consume high throughput. You can get the request charge by using the `RequestCharge` property in `FeedResponse`. To learn more about how to get the request charge using the Azure portal and different SDKs, see [find the request unit charge](find-request-unit-charge.md) article.
+You can capture the request units consumed by each query to investigate expensive queries or queries that consume high throughput. You can get the total request charge using the `TotalRequestCharge` property in `ServerSideCumulativeMetrics` or you can look at the request charge from each partition using the `RequestCharge` property for each `ServerSidePartitionedMetrics` returned.
+
+The total request charge is also available using the `RequestCharge` property in `FeedResponse`. To learn more about how to get the request charge using the Azure portal and different SDKs, see [find the request unit charge](find-request-unit-charge.md) article.
```csharp QueryDefinition query = new QueryDefinition("SELECT TOP 5 * FROM c");
cosmos-db Abs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/abs.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the absolute (positive) value of the specified numeric expression.
## Syntax
-```sql
+```nosql
ABS(<numeric_expr>) ```
Returns a numeric expression.
The following example shows the results of using this function on three different numbers. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/absolute-value/result.json":::
cosmos-db Acos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/acos.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the trigonometric arccosine of the specified numeric value. The arccosin
## Syntax
-```sql
+```nosql
ACOS(<numeric_expr>) ```
Returns a numeric expression.
The following example calculates the arccosine of the specified values using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/arccosine/result.json":::
cosmos-db Array Concat https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/array-concat.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns an array that is the result of concatenating two or more array values.
## Syntax
-```sql
+```nosql
ARRAY_CONCAT(<array_expr_1>, <array_expr_2> [, <array_expr_N>]) ```
Returns an array expression.
The following example shows how to concatenate two arrays. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/array-concat/result.json":::
cosmos-db Array Contains https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/array-contains.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean indicating whether the array contains the specified value. You
## Syntax
-```sql
+```nosql
ARRAY_CONTAINS(<array_expr>, <expr> [, <bool_expr>]) ```
Returns a boolean value.
The following example illustrates how to check for specific values or objects in an array using this function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/array-contains/result.json":::
cosmos-db Array Length https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/array-length.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of elements in the specified array expression.
## Syntax
-```sql
+```nosql
ARRAY_LENGTH(<array_expr>) ```
Returns a numeric expression.
The following example illustrates how to get the length of an array using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/array-length/result.json":::
cosmos-db Array Slice https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/array-slice.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a subset of an array expression using the index and length specified.
## Syntax
-```sql
+```nosql
ARRAY_SLICE(<array_expr>, <numeric_expr_1> [, <numeric_expr_2>]) ```
Returns an array expression.
The following example shows how to get different slices of an array using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/array-slice/result.json":::
cosmos-db Asin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/asin.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the trigonometric arcsine of the specified numeric value. The arcsine is
## Syntax
-```sql
+```nosql
ASIN(<numeric_expr>) ```
Returns a numeric expression.
The following example calculates the arcsine of the specified angle using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/asin/result.json":::
cosmos-db Atan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/atan.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the trigonometric arctangent of the specified numeric value. The arcsine
## Syntax
-```sql
+```nosql
ATAN(<numeric_expr>) ```
Returns a numeric expression.
The following example calculates the arctangent of the specified angle using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/atan/result.json":::
cosmos-db Atn2 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/atn2.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the principal value of the arctangent of `y/x`, expressed in radians.
## Syntax
-```sql
+```nosql
ATN2(<numeric_expr>, <numeric_expr>) ```
Returns a numeric expression.
The following example calculates the arctangent for the specified `x` and `y` components. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/atn2/result.json":::
cosmos-db Average https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/average.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the average of the values in the expression.
## Syntax
-```sql
+```nosql
AVG(<numeric_expr>) ```
For this example, consider a container with multiple items that each contain a `
In this example, the function is used to average the values of a specific field into a single aggregated value. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/average/result.json":::
cosmos-db Bitwise Operators https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/bitwise-operators.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The following table shows the explanations and examples of bitwise operations in
For example, the following query uses each of the bitwise operators and renders a result.
-```sql
+```nosql
SELECT (100 >> 2) AS rightShift, (100 << 2) AS leftShift,
cosmos-db Ceiling https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/ceiling.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the smallest integer value greater than or equal to the specified numeri
## Syntax
-```sql
+```nosql
CEILING(<numeric_expr>) ```
Returns a numeric expression.
The following example shows positive numeric, negative, and zero values evaluated with this function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/ceiling/result.json":::
cosmos-db Choose https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/choose.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the expression at the specified index of a list, or Undefined if the ind
## Syntax
-```sql
+```nosql
CHOOSE(<numeric_expr>, <expr_1> [, <expr_N>]) ```
Returns an expression, which could be of any type.
The following example uses a static list to demonstrate various return values at different indexes. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/choose/result.json"::: This example uses a static list to demonstrate various return values at different indexes. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/choose-indexes/result.json":::
This final example uses an existing item in a container with three relevant fiel
This example selects an expression from existing paths in the item. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/choose-fields/result.json":::
cosmos-db Computed Properties https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/computed-properties.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Here's an example computed property definition to convert the `name` property to
This property could then be projected in a query:
-```sql
+```nosql
SELECT c.cp_lowerName FROM
Here's an example computed property definition to calculate a 20 percent price d
This property could then be filtered on to ensure that only products where the discount would be less than $50 are returned:
-```sql
+```nosql
SELECT c.price - c.cp_20PercentDiscount as discountedPrice, c.name
Here's an example computed property definition that finds the primary category f
You can then group by `cp_primaryCategory` to get the count of items in each primary category:
-```sql
+```nosql
SELECT COUNT(1), c.cp_primaryCategory
Here's an example computed property definition that gets the month out of the `_
Before you can ORDER BY `cp_monthUpdated`, you must add it to your indexing policy. After your indexing policy is updated, you can order by the computed property.
-```sql
+```nosql
SELECT * FROM
cosmos-db Concat https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/concat.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a string that is the result of concatenating two or more string values.
## Syntax
-```sql
+```nosql
CONCAT(<string_expr_1>, <string_expr_2> [, <string_expr_N>]) ```
Returns a string expression.
This first example returns the concatenated string of two string expressions. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/concat/result.json":::
This next example uses an existing item in a container with various relevant fie
This example uses the function to select two expressions from the item. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/concat-fields/result.json":::
cosmos-db Constants https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/constants.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
A constant, also known as a literal or a scalar value, is a symbol that represen
## Syntax
-```sql
+```nosql
<constant> ::= <undefined_constant> | <null_constant>
cosmos-db Contains https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/contains.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean indicating whether the first string expression contains the se
## Syntax
-```sql
+```nosql
CONTAINS(<string_expr_1>, <string_expr_2> [, <bool_expr>]) ```
Returns a boolean expression.
The following example checks if various static substrings exist in a string. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/contains/result.json":::
cosmos-db Cos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/cos.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the trigonometric cosine of the specified angle in radians.
## Syntax
-```sql
+```nosql
COS(<numeric_expr>) ```
Returns a numeric expression.
The following example calculates the cosine of the specified angle using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/cos/result.json":::
cosmos-db Cot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/cot.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the trigonometric cotangent of the specified angle in radians.
## Syntax
-```sql
+```nosql
COT(<numeric_expr>) ```
Returns a numeric expression.
The following example calculates the cotangent of the specified angle using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/cot/result.json":::
cosmos-db Count https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/count.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the count of the values in the expression.
## Syntax
-```sql
+```nosql
COUNT(<scalar_expr>) ```
Returns a numeric scalar value.
This first example passes in either a scalar value or a numeric expression to the `COUNT` function. The expression is evaluated first to a scalar, making the result of both uses of the function the same value. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/count-expression/result.json":::
cosmos-db Datetimeadd https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimeadd.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a date and time string value that is the result of adding a specified nu
## Syntax
-```sql
+```nosql
DateTimeAdd(<date_time_part>, <numeric_expr> ,<date_time>) ```
Returns a UTC date and time string in the ISO 8601 format `YYYY-MM-DDThh:mm:ss.f
The following example adds various values (one year, one month, one day, one hour) to the date **July 3, 2020** at **midnight (00:00 UTC)**. The example also subtracts various values (two years, two months, two days, two hours) from the same date. Finally, this example uses an expression to modify the seconds of the same date. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimeadd/result.json":::
cosmos-db Datetimebin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimebin.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a date and time string value that is the result of binning (or rounding)
## Syntax
-```sql
+```nosql
DateTimeBin(<date_time> , <date_time_part> [, <bin_size>] [, <bin_start_date_time>]) ```
Returns a UTC date and time string in the ISO 8601 format `YYYY-MM-DDThh:mm:ss.f
The following example bins the date **January 8, 2021** at **18:35 UTC** by various values. The example also changes the bin size, and the bin start date and time. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimebin/result.json":::
cosmos-db Datetimediff https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimediff.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the difference, as a signed integer, of the specified date and time part
## Syntax
-```sql
+```nosql
DateTimeDiff(<date_time_part>, <start_date_time>, <end_date_time>) ```
Returns a numeric value that is a signed integer.
The following examples compare **February 4, 2019 16:00 UTC** and **March 5, 2018 05:00 UTC** using various date and time parts. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimediff/result.json":::
cosmos-db Datetimefromparts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimefromparts.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a date and time string value constructed from input numeric values for v
## Syntax
-```sql
+```nosql
DateTimeFromParts(<numeric_year>, <numeric_month>, <numeric_day> [, <numeric_hour>] [, <numeric_minute>] [, <numeric_second>] [, <numeric_second_fraction>]) ```
Returns a UTC date and time string in the ISO 8601 format `YYYY-MM-DDThh:mm:ss.f
The following example uses various combinations of the arguments to create date and time strings. This example uses the date and time **April 20, 2017 13:15 UTC**. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimefromparts/result.json":::
cosmos-db Datetimepart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimepart.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the value of the specified date and time part for the provided date and
## Syntax
-```sql
+```nosql
DateTimePart(<date_time> , <date_time_part>) ```
Returns a numeric value that is a positive integer.
The following example returns various parts of the date and time **May 29, 2016 08:30 UTC**. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimepart/result.json":::
cosmos-db Datetimetoticks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimetoticks.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Converts the specified DateTime to ticks. A single tick represents `100` nanosec
## Syntax
-```sql
+```nosql
DateTimeToTicks(<date_time>) ```
Returns a signed numeric value, the current number of `100`-nanosecond ticks tha
The following example measures the ticks since the date and time **May 19, 2015 12:00 UTC**. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimetoticks/result.json":::
cosmos-db Datetimetotimestamp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/datetimetotimestamp.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Converts the specified date and time to a numeric timestamp. The timestamp is a
## Syntax
-```sql
+```nosql
DateTimeToTimestamp(<date_time>) ```
Returns a signed numeric value, the current number of milliseconds that have ela
The following example converts the date and time **May 19, 2015 12:00 UTC** to a timestamp. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/datetimetotimestamp/result.json":::
cosmos-db Degrees https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/degrees.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the corresponding angle in degrees for an angle specified in radians.
## Syntax
-```sql
+```nosql
DEGREES(<numeric_expr>) ```
Returns a numeric expression.
The following example returns the degrees for various radian values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/degrees/result.json":::
cosmos-db Documentid https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/documentid.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Extracts the integer identifier corresponding to a specific item within a physic
## Syntax
-```sql
+```nosql
DOCUMENTID(<root_specifier>) ```
This example illustrates using this function to extract and return the integer i
:::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/documentid/seed.novalidate.json" highlight="3"::: :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/documentid/result.novalidate.json":::
This function can also be used as a filter.
:::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/documentid-filter/seed.novalidate.json" highlight="3"::: :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/documentid-filter/result.novalidate.json":::
cosmos-db Endswith https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/endswith.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating whether the first string expression ends with
## Syntax
-```sql
+```nosql
ENDSWITH(<string_expr_1>, <string_expr_2> [, <bool_expr>]) ```
Returns a boolean expression.
The following example checks if the string `abc` ends with `b` or `bC`. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/endswith/result.json":::
cosmos-db Equality Comparison Operators https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/equality-comparison-operators.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
If the result of the scalar expression is ``undefined``, the item isn't included
For example, the following query's comparison between a number and string value produces ``undefined``. Therefore, the filter doesn't include any results.
-```sql
+```nosql
SELECT * FROM
cosmos-db Exp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/exp.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the exponential value of the specified numeric expression.
## Syntax
-```sql
+```nosql
EXP(<numeric_expr>) ```
Returns a numeric expression.
The following example returns the exponential value for various numeric inputs. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/exp/result.json":::
cosmos-db Floor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/floor.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the largest integer less than or equal to the specified numeric expressi
## Syntax
-```sql
+```nosql
FLOOR(<numeric_expr>) ```
Returns a numeric expression.
The following example shows positive numeric, negative, and zero values evaluated with this function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/floor/result.json":::
cosmos-db From https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/from.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The ``FROM`` clause enforces the following rules per query:
## Syntax
-```sql
+```nosql
FROM <from_specification> <from_specification> ::=
A container expression may be container-scoped or item-scoped:
In this first example, the ``FROM`` clause is used to specify the current container as a source, give it a unique name, and then alias it. The alias is then used to project specific fields in the query results. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/from/result.json"::: In this next example, the ``FROM`` clause can also reduce the source to a smaller subset. To enumerate only a subtree in each item, the subroot can become the source. An array or object subroot can be used as a source. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/from-field/result.json":::
cosmos-db Geospatial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/geospatial.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
cosmos-db Getcurrentdatetime https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrentdatetime.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the current UTC (Coordinated Universal Time) date and time as an ISO 860
## Syntax
-```sql
+```nosql
GetCurrentDateTime() ```
Returns the current UTC date and time string value in the **round-trip** (ISO 86
The following example shows how to get the current UTC date and time string. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrentdatetime/result.novalidate.json":::
cosmos-db Getcurrentdatetimestatic https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrentdatetimestatic.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the current UTC (Coordinated Universal Time) date and time as an ISO 860
## Syntax
-```sql
+```nosql
GetCurrentDateTimeStatic() ```
This example uses a container with a partition key path of `/pk`. There are thre
This function returns the same static date and time for items within the same partition. For comparison, the nonstatic function gets a new date and time value for each item matched by the query. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrentdatetimestatic/result.novalidate.json":::
cosmos-db Getcurrentticks https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrentticks.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of 100-nanosecond ticks that have elapsed since `00:00:00 Thu
## Syntax
-```sql
+```nosql
GetCurrentTicks() ```
Returns a signed numeric value that represents the current number of 100-nanosec
The following example returns the current time measured in ticks: :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrentticks/result.novalidate.json":::
cosmos-db Getcurrentticksstatic https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrentticksstatic.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of 100-nanosecond ticks that have elapsed since `00:00:00 Thu
## Syntax
-```sql
+```nosql
GetCurrentTicksStatic() ```
This example uses a container with a partition key path of `/pk`. There are thre
This function returns the same static nanosecond ticks for items within the same partition. For comparison, the nonstatic function gets a new nanosecond ticks value for each item matched by the query. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrentticksstatic/result.novalidate.json":::
cosmos-db Getcurrenttimestamp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrenttimestamp.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of milliseconds that have elapsed since `00:00:00 Thursday, 1
## Syntax
-```sql
+```nosql
GetCurrentTimestamp() ```
Returns a signed numeric value that represents the current number of millisecond
The following example shows how to get the current timestamp. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrenttimestamp/result.novalidate.json":::
cosmos-db Getcurrenttimestampstatic https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/getcurrenttimestampstatic.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of milliseconds that have elapsed since `00:00:00 Thursday, 1
## Syntax
-```sql
+```nosql
GetCurrentTimestampStatic() ```
This example uses a container with a partition key path of `/pk`. There are thre
This function returns the same static timestamp for items within the same partition. For comparison, the nonstatic function gets a new timestamp value for each item matched by the query. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/getcurrenttimestampstatic/result.novalidate.json":::
cosmos-db Group By https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/group-by.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The ``GROUP BY`` clause divides the query's results according to the values of o
## Syntax
-```sql
+```nosql
<group_by_clause> ::= GROUP BY <scalar_expression_list> <scalar_expression_list> ::=
For the examples in this section, this reference set of items is used. Each item
In this first example, the ``GROUP BY`` clause is used to create groups of items using the value of a specified property. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/group-by/result.json"::: In this next example, an aggregate system function ([``COUNT``](count.md)) is used with the groupings to provide a total number of items per group. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/group-by-aggregate/result.json"::: In this final example, the items are grouped using multiple properties. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/group-by-multiple/result.json":::
cosmos-db How To Enable Use Copilot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/how-to-enable-use-copilot.md
- ignite-2023 Previously updated : 11/10/2023
+ms.devlang: nosql
Last updated : 02/27/2024 # CustomerIntent: As a developer, I want to use Copilot so that I can write queries faster and easier.
cosmos-db Iif https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/iif.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Evaluates a boolean expression and returns the result of one of two expressions
## Syntax
-```sql
+```nosql
IIF(<bool_expr>, <true_expr>, <not_true_expr>) ```
Returns an expression, which could be of any type.
This first example evaluates a static boolean expression and returns one of two potential expressions. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/iif/result.json":::
This example evaluates one of two potential expressions on multiple items in a c
The query uses fields in the original items. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/iif-fields/result.json":::
cosmos-db Index Of https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/index-of.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the starting index of the first occurrence of a substring expression wit
## Syntax
-```sql
+```nosql
INDEX_OF(<string_expr_1>, <string_expr_2> [, <numeric_expr>]) ```
Returns a numeric expression.
The following example returns the index of various substrings inside the larger string **"AdventureWorks"**. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/index-of/result.json":::
cosmos-db Intadd https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intadd.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Adds the value of the right-hand operand to the left-hand operand. For more info
## Syntax
-```sql
+```nosql
IntAdd(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intadd/result.json":::
cosmos-db Intbitand https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitand.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Compares the bits on both the left-hand and right-hand operators using `AND` and
## Syntax
-```sql
+```nosql
IntBitAnd(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitand/result.novalidate.json":::
cosmos-db Intbitleftshift https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitleftshift.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Shifts the left-hand operator left by the number of bits defined by its right-ha
## Syntax
-```sql
+```nosql
IntBitLeftShift(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitleftshift/result.novalidate.json":::
cosmos-db Intbitnot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitnot.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the bitwise complement of the operand. For example, every `1` bit indivi
## Syntax
-```sql
+```nosql
IntBitNot(<int_expr>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitnot/result.novalidate.json":::
cosmos-db Intbitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitor.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Compares the bits on both the left-hand and right-hand operators using inclusive
## Syntax
-```sql
+```nosql
IntBitOr(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitor/result.novalidate.json":::
cosmos-db Intbitrightshift https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitrightshift.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Shifts the left-hand operator right by the number of bits defined by its right-h
## Syntax
-```sql
+```nosql
IntBitRightShift(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitrightshift/result.novalidate.json":::
cosmos-db Intbitxor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intbitxor.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Compares the bits on both the left-hand and right-hand operators using exclusive
## Syntax
-```sql
+```nosql
IntBitXor(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intbitxor/result.novalidate.json":::
cosmos-db Intdiv https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intdiv.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Divides the left-hand operator by the right-hand operator. For more information,
## Syntax
-```sql
+```nosql
IntDiv(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intdiv/result.json":::
cosmos-db Intmod https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intmod.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the remainder from dividing the left-hand operator by the right-hand ope
## Syntax
-```sql
+```nosql
IntMod(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intmod/result.json":::
cosmos-db Intmul https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intmul.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Multiples the values of the left and right operators. For more information, see
## Syntax
-```sql
+```nosql
IntMul(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intmul/result.json":::
cosmos-db Intsub https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/intsub.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Subtracts the value of the right-hand operand from the left-hand operand. For mo
## Syntax
-```sql
+```nosql
IntSub(<int_expr_1>, <int_expr_2>) ```
Returns a 64-bit integer.
This example tests the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/intsub/result.json":::
cosmos-db Is Array https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-array.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is an
## Syntax
-```sql
+```nosql
IS_ARRAY(<expr>) ```
Returns a boolean expression.
The following example checks objects of various types using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-array/result.json":::
cosmos-db Is Bool https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-bool.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is a
## Syntax
-```sql
+```nosql
IS_BOOL(<expr>) ```
Returns a boolean expression.
The following example checks objects of various types using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-bool/result.json":::
cosmos-db Is Defined https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-defined.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean indicating if the property has been assigned a value.
## Syntax
-```sql
+```nosql
IS_DEFINED(<expr>) ```
Returns a boolean expression.
The following example checks for the presence of a property within the specified JSON document. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-defined/result.json":::
cosmos-db Is Finite Number https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-finite-number.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean indicating if a number is a finite number (not infinite).
## Syntax
-```sql
+```nosql
IS_FINITE_NUMBER(<numeric_expr>) ```
Returns a boolean.
This example demonstrates the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-finite-number/result.json":::
cosmos-db Is Integer https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-integer.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean indicating if a number is a 64-bit signed integer. 64-bit sign
## Syntax
-```sql
+```nosql
IS_INTEGER(<numeric_expr>) ```
Returns a boolean.
This example demonstrates the function with various static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-integer/result.json":::
cosmos-db Is Null https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-null.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is `n
## Syntax
-```sql
+```nosql
IS_NULL(<expr>) ```
Returns a boolean expression.
The following example checks objects of various types using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-null/result.json":::
cosmos-db Is Number https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-number.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is a
## Syntax
-```sql
+```nosql
IS_NUMBER(<expr>) ```
Returns a boolean expression.
The following example various values to see if they're a number. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-number/result.json":::
cosmos-db Is Object https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-object.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is a
## Syntax
-```sql
+```nosql
IS_OBJECT(<expr>) ```
Returns a boolean expression.
The following example various values to see if they're an object. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-object/result.json":::
cosmos-db Is Primitive https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-primitive.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is a
## Syntax
-```sql
+```nosql
IS_PRIMITIVE(<expr>) ```
Returns a boolean expression.
The following example various values to see if they're a primitive. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-primitive/result.json":::
cosmos-db Is String https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/is-string.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a boolean value indicating if the type of the specified expression is a
## Syntax
-```sql
+```nosql
IS_STRING(<expr>) ```
Returns a boolean expression.
The following example various values to see if they're a string. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/is-string/result.json":::
cosmos-db Join https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/join.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Let's look at an example of a self-join within an item. Consider a container wit
What if you need to find the **color group** of this product? Typically, you would need to write a query that has a filter checking every potential index in the `tags` array for a value with a prefix of `color-group-`.
-```sql
+```nosql
SELECT * FROM
This technique can become untenable quickly. The complexity or length of the que
In a traditional relational database, the tags would be separated into a separate table and a cross-table join is performed with a filter applied to the results. In the API for NoSQL, we can perform a self-join operation within the item using the `JOIN` keyword.
-```sql
+```nosql
SELECT p.id, p.sku,
This query returns a simple array with an item for each value in the tags array.
Let's break down the query. The query now has two aliases: `p` for each product item in the result set, and `t` for the self-joined `tags` array. The `*` keyword is only valid to project all fields if it can infer the input set, but now there are two input sets (`p` and `t`). Because of this constraint, we must explicitly define our returned fields as `id` and `sku` from the product along with `slug` from the tags. To make this query easier to read and understand, we can drop the `id` field and use an alias for the tag's `name` field to rename it to `tag`.
-```sql
+```nosql
SELECT p.sku, t.name AS tag
JOIN
Finally, we can use a filter to find the tag `color-group-purple`. Because we used the `JOIN` keyword, our filter is flexible enough to handle any variable number of tags.
-```sql
+```nosql
SELECT p.sku, t.name AS tag
A join operation on our sample sleeping bag products and tags creates the follow
Here's the SQL query and JSON result set for a join that includes multiple items in the container.
-```sql
+```nosql
SELECT p.sku, t.name AS tag
WHERE
Just like with the single item, you can apply a filter here to find only items that match a specific tag. For example, this query finds all items with a tag named `bag-shape-mummy` to meet the initial requirement mentioned earlier in this section.
-```sql
+```nosql
SELECT p.sku, t.name AS tag
WHERE
You can also change the filter to get a different result set. For example, this query finds all items that have a tag named `bag-insulation-synthetic-fill`.
-```sql
+```nosql
SELECT p.sku, t.name AS tag
cosmos-db Keywords https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/keywords.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The ``BETWEEN`` keyword evaluates to a boolean indicating whether the target val
You can use the ``BETWEEN`` keyword with a ``WHERE`` clause to express queries that filters results against ranges of string or numerical values. For example, the following query returns all items in which the price is between ``17.25`` and ``25.50``, again inclusive.
-```sql
+```nosql
SELECT VALUE p.price FROM
WHERE
You can also use the ``BETWEEN`` keyword in the ``SELECT`` clause, as in the following example.
-```sql
+```nosql
SELECT (p.price BETWEEN 0 AND 10) AS booleanLessThanTen, p.price
The ``DISTINCT`` keyword eliminates duplicates in the projected query results.
In this example, the query projects values for each product category. If two categories are equivalent, only a single occurrence returns in the results.
-```sql
+```nosql
SELECT DISTINCT VALUE p.category FROM
FROM
You can also project values even if the target field doesn't exist. In this case, the field doesn't exist in one of the items, so the query returns an empty object for that specific unique value.
-```sql
+```nosql
SELECT DISTINCT p.category FROM
You can use the following wildcard characters with LIKE:
The ``%`` character matches any string of zero or more characters. For example, by placing a ``%`` at the beginning and end of the pattern, the following query returns all items where the specified field contains the phrase as a substring:
-```sql
+```nosql
SELECT VALUE p.name FROM
WHERE
If you only used a ``%`` character at the end of the pattern, you'd only return items with a description that started with `fruit`:
-```sql
+```nosql
SELECT VALUE p.name FROM
WHERE
Similarly, the wildcard at the start of the pattern indicates that you want to match values with the specified value as a prefix:
-```sql
+```nosql
SELECT VALUE p.name FROM
WHERE
The ``NOT`` keyword inverses the result of the ``LIKE`` keyword's expression evaluation. This example returns all items that do **not** match the ``LIKE`` expression.
-```sql
+```nosql
SELECT VALUE p.name FROM
WHERE
You can search for patterns that include one or more wildcard characters using the ``ESCAPE`` clause. For example, if you wanted to search for descriptions that contained the string ``20%``, you wouldn't want to interpret the ``%`` as a wildcard character. This example interprets the ``^`` as the escape character so you can escape a specific instance of ``%``.
-```sql
+```nosql
SELECT VALUE p.name FROM
You can enclose wildcard characters in brackets to treat them as literal charact
Use the ``IN`` keyword to check whether a specified value matches any value in a list. For example, the following query returns all items where the category matches at least one of the values in a list.
-```sql
+```nosql
SELECT * FROM
The ``TOP`` keyword returns the first ``N`` number of query results in an undefi
You can use ``TOP`` with a constant value, as in the following example, or with a variable value using parameterized queries.
-```sql
+```nosql
SELECT TOP 10 * FROM
cosmos-db Left https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/left.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the left part of a string up to the specified number of characters.
## Syntax
-```sql
+```nosql
LEFT(<string_expr>, <numeric_expr>) ```
Returns a string expression.
The following example returns the left part of the string `Microsoft` for various length values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/left/result.json":::
cosmos-db Length https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/length.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the number of characters in the specified string expression.
## Syntax
-```sql
+```nosql
LENGTH(<string_expr>) ```
Returns a numeric expression.
The following example returns the length of a static string. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/length/result.json":::
cosmos-db Linq To Sql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/linq-to-sql.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The syntax is `input.Select(x => f(x))`, where `f` is a scalar expression. The `
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE f.parents[0].familyName FROM Families f ```
The syntax is `input.Select(x => f(x))`, where `f` is a scalar expression. The `
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE f.children[0].grade + c FROM Families f ```
The syntax is `input.Select(x => f(x))`, where `f` is a scalar expression. The `
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE { "name":f.children[0].familyName, "grade": f.children[0].grade + 3
The syntax is `input.SelectMany(x => f(x))`, where `f` is a scalar expression th
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE child FROM child IN Families.children ```
The syntax is `input.Where(x => f(x))`, where `f` is a scalar expression, which
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f WHERE f.parents[0].familyName = "Wakefield"
The syntax is `input.Where(x => f(x))`, where `f` is a scalar expression, which
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f WHERE f.parents[0].familyName = "Wakefield"
The syntax is `input(.|.SelectMany())(.Select()|.Where())*`. A concatenated quer
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f WHERE f.parents[0].familyName = "Wakefield"
The syntax is `input(.|.SelectMany())(.Select()|.Where())*`. A concatenated quer
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE f.parents[0].familyName FROM Families f WHERE f.children[0].grade > 3
The syntax is `input(.|.SelectMany())(.Select()|.Where())*`. A concatenated quer
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f WHERE ({grade: f.children[0].grade}.grade > 3)
The syntax is `input(.|.SelectMany())(.Select()|.Where())*`. A concatenated quer
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM p IN Families.parents WHERE p.familyName = "Wakefield"
A nested query applies the inner query to each element of the outer container. O
- **NoSQL**
- ```sql
+ ```nosql
SELECT VALUE p.familyName FROM Families f JOIN p IN f.parents
A nested query applies the inner query to each element of the outer container. O
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f JOIN c IN f.children
A nested query applies the inner query to each element of the outer container. O
- **NoSQL**
- ```sql
+ ```nosql
SELECT * FROM Families f JOIN c IN f.children
cosmos-db Log https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/log.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the natural logarithm of the specified numeric expression.
## Syntax
-```sql
+```nosql
LOG(<numeric_expr> [, <numeric_base>]) ```
Returns a numeric expression.
The following example returns the logarithm value of various values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/log-base/result.json":::
cosmos-db Log10 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/log10.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the base-10 logarithm of the specified numeric expression.
## Syntax
-```sql
+```nosql
LOG10(<numeric_expr>) ```
Returns a numeric expression.
The following example returns the logarithm value of various values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/log10/result.json":::
cosmos-db Logical Operators https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/logical-operators.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
cosmos-db Lower https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/lower.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a string expression after converting uppercase character data to lowerca
## Syntax
-```sql
+```nosql
LOWER(<string_expr>) ```
Returns a string expression.
The following example shows how to use the function to modify various strings. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/lower/result.json":::
cosmos-db Ltrim https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/ltrim.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a string expression after it removes leading whitespace or specified cha
## Syntax
-```sql
+```nosql
LTRIM(<string_expr_1> [, <string_expr_2>]) ```
Returns a string expression.
The following example shows how to use this function with various parameters inside a query. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/ltrim/result.json":::
cosmos-db Max https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/max.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the maximum of the values in the expression.
## Syntax
-```sql
+```nosql
MAX(<scalar_expr>) ```
This example uses a container with multiple items that each have a `/price` nume
For this example, the `MAX` function is used in a query that includes the numeric field that was mentioned. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/max/result.json":::
cosmos-db Min https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/min.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the minimum of the values in the expression.
## Syntax
-```sql
+```nosql
MIN(<scalar_expr>) ```
This example uses a container with multiple items that each have a `/price` nume
For this example, the `MIN` function is used in a query that includes the numeric field that was mentioned. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/min/result.json":::
cosmos-db Numberbin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/numberbin.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Rounds the numeric expression's value down to a multiple of specified bin size.
## Syntax
-```sql
+```nosql
NumberBin(<numeric_expr> [, <bin_size>]) ```
Returns a numeric value.
This first example bins a single static number with various bin sizes. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/numberbin/result.novalidate.json":::
This next example uses a field from an existing item.
This query rounds the previous field using the function. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/numberbin-field/result.novalidate.json":::
cosmos-db Object Array https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/object-array.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Here's an item that's used in examples throughout this article.
You can construct arrays using static values, as shown in the following example.
-```sql
+```nosql
SELECT [p.priceInUSD, p.priceInCAD] AS priceData FROM products p
FROM products p
You can also use the [``ARRAY`` expression](subquery.md#array-expression) to construct an array from a [subquery's](subquery.md) results. This query gets all the distinct categories.
-```sql
+```nosql
SELECT p.id, ARRAY (SELECT DISTINCT VALUE c.name FROM c IN p.categories) AS categoryNames
The API for NoSQL provides support for iterating over JSON arrays, with the [``I
As an example, the next query performs iteration over ``tags`` for each item in the container. The output splits the array value and flattens the results into a single array.
-```sql
+```nosql
SELECT * FROM
FROM
You can filter further on each individual entry of the array, as shown in the following example:
-```sql
+```nosql
SELECT VALUE p.name FROM
The results are:
You can also aggregate over the result of an array iteration. For example, the following query counts the number of tags:
-```sql
+```nosql
SELECT VALUE COUNT(1) FROM
cosmos-db Objecttoarray https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/objecttoarray.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Converts each field/value pair in a JSON object into an element and then returns
## Syntax
-```sql
+```nosql
ObjectToArray(<object_expr> [, <string_expr_1>, <string_expr_2>]) ```
An array of elements with two fields, either `k` and `v` or custom-named fields.
This example demonstrates converting a static object to an array of field/value pairs using the default `k` and `v` identifiers. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/objecttoarray/result.json"::: In this example, the field name is updated to use the `name` identifier. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/objecttoarray-key/result.json"::: In this example, the value name is updated to use the `value` identifier and the field name uses the `key` identifier. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/objecttoarray-key-value/result.json":::
This final example uses an item within an existing container that stores data us
In this example, the function is used to break up the object into an array item for each field/value pair. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/objecttoarray-field/result.json":::
cosmos-db Offset Limit https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/offset-limit.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
When ``OFFSET LIMIT`` is used with an ``ORDER BY`` clause, the result set is pro
## Syntax
-```sql
+```nosql
OFFSET <offset_amount> LIMIT <limit_amount> ```
For the example in this section, this reference set of items is used. Each item
This example includes a query using the ``OFFSET LIMIT`` clause to return a subset of the matching items by skipping **one** item and taking the next **three**. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/offset-limit/result.json":::
cosmos-db Order By https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/order-by.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The optional ``ORDER BY`` clause specifies the sorting order for results returne
## Syntax
-```sql
+```nosql
ORDER BY <sort_specification> <sort_specification> ::= <sort_expression> [, <sort_expression>] <sort_expression> ::= {<scalar_expression> [ASC | DESC]} [ ,...n ]
For the examples in this section, this reference set of items is used. Each item
In this first example, the ``ORDER BY`` clause is used to sort a field by the default sort order, ascending. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/order-by/result.json"::: In this next example, the sort order is explicitly specified to be descending. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/order-by-desc/result.json"::: In this final example, the items are sorted using two fields, in a specific order using explicitly specified ordering. A query that sorts using two or more fields requires a [composite index](../../index-policy.md#composite-indexes). ## Remarks
cosmos-db Pagination https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/pagination.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
You can't use continuation tokens for queries with [GROUP BY](group-by.md) or [D
Here's an example of a query with ``DISTINCT`` that could use a continuation token:
-```sql
+```nosql
SELECT DISTINCT VALUE e.name FROM
cosmos-db Parameterized Queries https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/parameterized-queries.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Azure Cosmos DB for NoSQL supports queries with parameters expressed by the fami
For example, you can write a query that takes ``lastName`` and ``address.state`` as parameters, and execute it for various values of ``lastName`` and ``address.state`` based on user input.
-```sql
+```nosql
SELECT * FROM
You can then send this request to Azure Cosmos DB for NoSQL as a parameterized J
This next example sets the ``TOP`` argument with a parameterized query:
-```sql
+```nosql
{ "query": "SELECT TOP @pageSize * FROM products", "parameters": [
cosmos-db Pi https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/pi.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the constant value of Pi. For more information, see [Pi](https://wikiped
## Syntax
-```sql
+```nosql
PI() ```
Returns a numeric expression.
The following example returns the constant value of Pi. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/pi/result.json":::
cosmos-db Power https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/power.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the value of the specified expression multipled by itself the given numb
## Syntax
-```sql
+```nosql
POWER(<numeric_expr_1>, <numeric_expr_2>) ```
Returns a numeric expression.
The following example demonstrates raising a number to various powers. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/power/result.json":::
cosmos-db Radians https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/radians.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the corresponding angle in radians for an angle specified in degrees.
## Syntax
-```sql
+```nosql
RADIANS(<numeric_expr>) ```
Returns a numeric expression.
The following example returns the radians for various degree values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/radians/result.json":::
cosmos-db Rand https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/rand.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a randomly generated numeric value from zero to one.
## Syntax
-```sql
+```nosql
RAND() ```
Returns a numeric expression.
The following example returns randomly generated numeric values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/rand/result.novalidate.json":::
cosmos-db Regexmatch https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/regexmatch.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
This function provides regular expression capabilities. Regular expressions are
## Syntax
-```sql
+```nosql
RegexMatch(<string_expr_1>, <string_expr_2>, [, <string_expr_3>]) ```
Returns a boolean expression.
The following example illustrates regular expression matches using a few different modifiers. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/regexmatch/result.json":::
The next example assumes that you have a container with items including a `name`
This example uses a regular expression match as a filter to return a subset of items. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/regexmatch-field/result.json":::
cosmos-db Replace https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/replace.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Replaces all occurrences of a specified string value with another string value.
## Syntax
-```sql
+```nosql
REPLACE(<string_expr_1>, <string_expr_2>, <string_expr_3>) ```
Returns a string expression.
The following example shows how to use this function to replace static values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/replace/result.json":::
cosmos-db Replicate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/replicate.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Repeats a string value a specified number of times.
## Syntax
-```sql
+```nosql
REPLICATE(<string_expr>, <numeric_expr>) ```
Returns a string expression.
The following example shows how to use this function to build a repeating string. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/replicate/result.json":::
cosmos-db Reverse https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/reverse.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the reverse order of a string value.
## Syntax
-```sql
+```nosql
REVERSE(<string_expr>) ```
Returns a string expression.
The following example shows how to use this function to reverse multiple strings. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/reverse/result.json":::
cosmos-db Right https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/right.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns the right part of a string up to the specified number of characters.
## Syntax
-```sql
+```nosql
RIGHT(<string_expr>, <numeric_expr>) ```
Returns a string expression.
The following example returns the right part of the string `Microsoft` for various length values. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/right/result.json":::
cosmos-db Round https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/round.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a numeric value, rounded to the closest integer value.
## Syntax
-```sql
+```nosql
ROUND(<numeric_expr>) ```
Returns a numeric expression.
The following example rounds positive and negative numbers to the nearest integer. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/round/result.json":::
cosmos-db Rtrim https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/rtrim.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Returns a string expression after it removes trailing whitespace or specified ch
## Syntax
-```sql
+```nosql
RTRIM(<string_expr_1> [, <string_expr_2>]) ```
Returns a string expression.
The following example shows how to use this function with various parameters inside a query. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/rtrim/result.json":::
cosmos-db Scalar Expressions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/scalar-expressions.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
The [``SELECT`` clause](select.md) supports scalar expressions. A scalar express
## Syntax
-```sql
+```nosql
<scalar_expression> ::= <constant> | input_alias
The [``SELECT`` clause](select.md) supports scalar expressions. A scalar express
The most common example of a scalar expression is a math equation.
-```sql
+```nosql
SELECT VALUE ((2 + 11 % 7) - 2) / 2 ```
SELECT VALUE
In this next example, the result of the scalar expression is a boolean:
-```sql
+```nosql
SELECT ("Redmond" = "WA") AS isCitySameAsState, ("WA" = "WA") AS isStateSameAsState
cosmos-db Select https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/nosql/query/select.md
Previously updated : 09/21/2023
+ms.devlang: nosql
Last updated : 02/27/2024
Every query consists of a ``SELECT`` clause and optionally [``FROM``](from.md) a
## Syntax
-```sql
+```nosql
SELECT <select_specification> <select_specification> ::=
SELECT <select_specification>
This first example selects two static string values and returns an array with a single object containing both values. Since the values are unnamed, a sequential generated number is used to name the equivalent json field. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/select/result.json"::: In this next example, JSON projection is used to fine tune the exact structure and field names for the resulting JSON object. Here, a JSON object is created with fields named ``department`` and ``team``. The outside JSON object is still unnamed, so a generated number (``$1``) is used to name this field. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/select-json/result.json"::: This example illustrates flattening the result set from the previous example to simplify parsing. The ``VALUE`` keyword is used here to prevent the wrapping of the results into another JSON object. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/select-value-json/result.json"::: In this example, the ``VALUE`` keyword is used with a static string to create an array of strings as the result. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/select-value/result.json":::
In this final example, assume that there's a container with two items with vario
This final example query uses a combination of a ``SELECT`` clause, the ``VALUE`` keyword, a ``FROM`` clause, and JSON projection to perform a common query with the results transformed to a JSON object for the client to parse. :::code language="json" source="~/cosmos-db-nosql-query-samples/scripts/select-fields/result.json":::
cosmos-db Setintersect