Apply pencil edits for blocking issues from PR review

Court72 · web-flow · commit 0c40b0aa2f8f · 2023-04-24T14:54:17.000-06:00
diff --git a/articles/aks/limit-egress-traffic.md b/articles/aks/limit-egress-traffic.md
@@ -161,7 +161,7 @@ Azure automatically routes traffic between Azure subnets, virtual networks, and
     az network route-table route create -g $RG --name $FWROUTE_NAME_INTERNET --route-table-name $FWROUTE_TABLE_NAME --address-prefix $FWPUBLIC_IP/32 --next-hop-type Internet
     ```
 
-For information on how to override Azure's default system routes or add aditional routes to a subnet's route table, see the [virtual network route table documentation](../virtual-network/virtual-networks-udr-overview.md#user-defined).
+For information on how to override Azure's default system routes or add additional routes to a subnet's route table, see the [virtual network route table documentation](../virtual-network/virtual-networks-udr-overview.md#user-defined).
 
 ### Add firewall rules
 
@@ -241,7 +241,7 @@ az aks create -g $RG -n $AKSNAME -l $LOC \
 
 ### Create user-assigned identities
 
-If you don't have user-assigned identites, follow the steps in this section. If you already have user-assigned identities, skip to [Create an AKS cluster with user-assigned identities](#create-an-aks-cluster-with-user-assigned-identities).
+If you don't have user-assigned identities, follow the steps in this section. If you already have user-assigned identities, skip to [Create an AKS cluster with user-assigned identities](#create-an-aks-cluster-with-user-assigned-identities).
 
 1. Create a control plane managed identity using the [`az identity create`][az-identity-create] command.
 
@@ -564,7 +564,7 @@ You can now start exposing services and deploying applications to this cluster.
 >
 > When you use Azure Firewall to restrict egress traffic and create a UDR to force all egress traffic, make sure you create an appropriate DNAT rule in Azure Firewall to correctly allow ingress traffic. Using Azure Firewall with a UDR breaks the ingress setup due to asymmetric routing. The issue occurs if the AKS subnet has a default route that goes to the firewall's private IP address, but you're using a public load balancer - ingress or Kubernetes service of type `loadBalancer`. In this case, the incoming load balancer traffic is received via its public IP address, but the return path goes through the firewall's private IP address. Because the firewall is stateful, it drops the returning packet because the firewall isn't aware of an established session. To learn how to integrate Azure Firewall with your ingress or service load balancer, see [Integrate Azure Firewall with Azure Standard Load Balancer](../firewall/integrate-lb.md).
 
-To configure inbound connectivity, you need to write a DNAT rule to the Azure Firewall. To test connectivity to your cluster, a rule is defined for the firewall frontend public IP address to route to the internal IP exposed by the internal service.The destination address can be customized. The translated address must be the IP address of the internal load balancer. The translated port must be the exposed port for your Kubernetes service. You also need to specify the internal IP address assigned to the load balancer created by the Kubernetes service.
+To configure inbound connectivity, you need to write a DNAT rule to the Azure Firewall. To test connectivity to your cluster, a rule is defined for the firewall frontend public IP address to route to the internal IP exposed by the internal service. The destination address can be customized. The translated address must be the IP address of the internal load balancer. The translated port must be the exposed port for your Kubernetes service. You also need to specify the internal IP address assigned to the load balancer created by the Kubernetes service.
 
 1. Get the internal IP address assigned to the load balancer using the `kubectl get services` command.
 
diff --git a/articles/aks/outbound-rules-control-egress.md b/articles/aks/outbound-rules-control-egress.md
@@ -161,8 +161,8 @@ If you choose to block/not allow these FQDNs, the nodes will only receive OS upd
 
 There are two options to provide access to Azure Monitor for containers:
 
-1. Allow the Azure Monitor [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags).
-2. Provide access to the required FQDN/application rules.
+- Allow the Azure Monitor [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags).
+- Provide access to the required FQDN/application rules.
 
 #### Required network rules
 
