Merge pull request #235551 from JackStromberg/patch-114

Updating title

Author: prmerger-automator[bot]

articles/application-gateway/ingress-controller-install-existing.md

@@ -6,7 +6,7 @@ author: greg-lindsay
 ms.service: application-gateway
 ms.custom: devx-track-arm-template
 ms.topic: how-to
-ms.date: 11/4/2019
+ms.date: 04/24/2023
 ms.author: greglin
 ---
 
@@ -22,26 +22,25 @@ resources, and creates and applies Application Gateway config based on the statu
     - Option 1: [Set up aad-pod-identity](#set-up-aad-pod-identity) and create Azure Identity on ARMs
     - Option 2: [Using a Service Principal](#using-a-service-principal)
 - [Install Ingress Controller using Helm](#install-ingress-controller-as-a-helm-chart)
-- [Multi-cluster / Shared Application Gateway](#multi-cluster--shared-application-gateway): Install AGIC in an environment, where Application Gateway is
+- [Shared Application Gateway](#shared-application-gateway): Install AGIC in an environment, where Application Gateway is
 shared between one or more AKS clusters and/or other Azure components.
 
 ## Prerequisites
 This document assumes you already have the following tools and infrastructure installed:
 - [AKS](https://azure.microsoft.com/services/kubernetes-service/) with [Azure Container Networking Interface (CNI)](../aks/configure-azure-cni.md)
 - [Application Gateway v2](./tutorial-autoscale-ps.md) in the same virtual network as AKS
 - [AAD Pod Identity](https://github.com/Azure/aad-pod-identity) installed on your AKS cluster
-- [Cloud Shell](https://shell.azure.com/) is the Azure shell environment, which has `az` CLI, `kubectl`, and `helm` installed. These tools are required for the commands below.
+- [Cloud Shell](https://shell.azure.com/) is the Azure shell environment, which has `az` CLI, `kubectl`, and `helm` installed. These tools are required for the following commands:
 
-Please __backup your Application Gateway's configuration__ before installing AGIC:
+**Backup your Application Gateway's configuration** before installing AGIC:
   1. using [Azure portal](https://portal.azure.com/) navigate to your `Application Gateway` instance
   2. from `Export template` click `Download`
 
-The zip file you downloaded will have JSON templates, bash, and PowerShell scripts you could use to restore App
+The zip file you downloaded contains JSON templates, bash, and PowerShell scripts you could use to restore App
 Gateway should that become necessary
 
 ## Install Helm
-[Helm](../aks/kubernetes-helm.md) is a package manager for
-Kubernetes. We will leverage it to install the `application-gateway-kubernetes-ingress` package.
+[Helm](../aks/kubernetes-helm.md) is a package manager for Kubernetes, used to install the `application-gateway-kubernetes-ingress` package.
 Use [Cloud Shell](https://shell.azure.com/) to install Helm:
 
 1. Install [Helm](../aks/kubernetes-helm.md) and run the following to add `application-gateway-kubernetes-ingress` helm package:
@@ -84,22 +83,22 @@ Next we need to create an Azure identity and give it permissions ARM.
 Use [Cloud Shell](https://shell.azure.com/) to run all of the following commands and create an identity:
 
 1. Create an Azure identity **in the same resource group as the AKS nodes**. Picking the correct resource group is
-important. The resource group required in the command below is *not* the one referenced on the AKS portal pane. This is
+important. The resource group required in the following commands is *not* the one referenced on the AKS portal pane. This is
 the resource group of the `aks-agentpool` virtual machines. Typically that resource group starts with `MC_` and contains
  the name of your AKS. For instance: `MC_resourceGroup_aksABCD_westus`
 
     ```azurecli
     az identity create -g <agent-pool-resource-group> -n <identity-name>
     ```
 
-1. For the role assignment commands below we need to obtain `principalId` for the newly created identity:
+1. For the role assignment, commands we need to obtain `principalId` for the newly created identity:
 
     ```azurecli
     az identity show -g <resourcegroup> -n <identity-name>
     ```
 
-1. Give the identity `Contributor` access to your Application Gateway. For this you need the ID of the Application Gateway, which will
-look something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft.Network/applicationGateways/C`
+1. Give the identity `Contributor` access to your Application Gateway. For this you need the ID of the Application Gateway, which
+looks something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft.Network/applicationGateways/C`
 
     Get the list of Application Gateway IDs in your subscription with: `az network application-gateway list --query '[].id'`
 
@@ -121,7 +120,7 @@ look something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft
     ```
 
 ## Using a Service Principal
-It is also possible to provide AGIC access to ARM via a Kubernetes secret.
+It's also possible to provide AGIC access to ARM via a Kubernetes secret.
 
 1. Create an Active Directory Service Principal and encode with base64. The base64 encoding is required for the JSON
 blob to be saved to Kubernetes.
@@ -148,11 +147,11 @@ In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use
     helm repo update
     ```
 
-1. Download helm-config.yaml, which will configure AGIC:
+1. Download helm-config.yaml, which configures AGIC:
     ```bash
     wget https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/docs/examples/sample-helm-config.yaml -O helm-config.yaml
     ```
-    Or copy the YAML file below: 
+    Or copy the following YAML file: 
 
     ```yaml
     # This file contains the essential configs for the ingress controller helm chart
@@ -161,20 +160,20 @@ In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use
     verbosityLevel: 3
     
     ################################################################################
-    # Specify which application gateway the ingress controller will manage
+    # Specify which application gateway the ingress controller must manage
     #
     appgw:
         subscriptionId: <subscriptionId>
         resourceGroup: <resourceGroupName>
         name: <applicationGatewayName>
     
-        # Setting appgw.shared to "true" will create an AzureIngressProhibitedTarget CRD.
+        # Setting appgw.shared to "true" creates an AzureIngressProhibitedTarget CRD.
         # This prohibits AGIC from applying config for any host/path.
         # Use "kubectl get AzureIngressProhibitedTargets" to view and change this.
         shared: false
     
     ################################################################################
-    # Specify which kubernetes namespace the ingress controller will watch
+    # Specify which kubernetes namespace the ingress controller must watch
     # Default value is "default"
     # Leaving this variable out or setting it to blank or empty string would
     # result in Ingress Controller observing all acessible namespaces.
@@ -242,25 +241,25 @@ Refer to [this how-to guide](ingress-controller-expose-service-over-http-https.m
 
 
 
-## Multi-cluster / Shared Application Gateway
-By default AGIC assumes full ownership of the Application Gateway it is linked to. AGIC version 0.8.0 and later can
+## Shared Application Gateway
+By default AGIC assumes full ownership of the Application Gateway it's linked to. AGIC version 0.8.0 and later can
 share a single Application Gateway with other Azure components. For instance, we could use the same Application Gateway for an app
-hosted on Virtual Machine Scale Set as well as an AKS cluster.
+hosted on Virtual Machine Scale Set and an AKS cluster.
 
-Please __backup your Application Gateway's configuration__ before enabling this setting:
+**Backup your Application Gateway's configuration** before enabling this setting:
   1. using [Azure portal](https://portal.azure.com/) navigate to your `Application Gateway` instance
   2. from `Export template` click `Download`
 
-The zip file you downloaded will have JSON templates, bash, and PowerShell scripts you could use to restore Application Gateway
+The zip file you downloaded contains JSON templates, bash, and PowerShell scripts you could use to restore Application Gateway
 
 ### Example Scenario
 Let's look at an imaginary Application Gateway, which manages traffic for two web sites:
   - `dev.contoso.com` - hosted on a new AKS, using Application Gateway and AGIC
   - `prod.contoso.com` - hosted on an [Azure Virtual Machine Scale Set](https://azure.microsoft.com/services/virtual-machine-scale-sets/)
 
-With default settings, AGIC assumes 100% ownership of the Application Gateway it is pointed to. AGIC overwrites all of App
+With default settings, AGIC assumes 100% ownership of the Application Gateway it's pointed to. AGIC overwrites all of App
 Gateway's configuration. If we were to manually create a listener for `prod.contoso.com` (on Application Gateway), without
-defining it in the Kubernetes Ingress, AGIC will delete the `prod.contoso.com` config within seconds.
+defining it in the Kubernetes Ingress, AGIC deletes the `prod.contoso.com` config within seconds.
 
 To install AGIC and also serve `prod.contoso.com` from our Virtual Machine Scale Set machines, we must constrain AGIC to configuring
 `dev.contoso.com` only. This is facilitated by instantiating the following
@@ -284,7 +283,7 @@ related to that hostname.
 
 ### Enable with new AGIC installation
 To limit AGIC (version 0.8.0 and later) to a subset of the Application Gateway configuration modify the `helm-config.yaml` template.
-Under the `appgw:` section, add `shared` key and set it to to `true`.
+Under the `appgw:` section, add `shared` key and set it to `true`.
 
 ```yaml
 appgw:
@@ -307,19 +306,18 @@ Apply the Helm changes:
           ingress-azure application-gateway-kubernetes-ingress/ingress-azure
       ```
 
-As a result your AKS will have a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
+As a result your AKS has a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
 ```bash
 kubectl get AzureIngressProhibitedTargets prohibit-all-targets -o yaml
 ```
 
 The object `prohibit-all-targets`, as the name implies, prohibits AGIC from changing config for *any* host and path.
-Helm install with `appgw.shared=true` will deploy AGIC, but won't make any changes to Application Gateway.
+Helm install with `appgw.shared=true` deploys AGIC, but doesn't make any changes to Application Gateway.
 
 
 ### Broaden permissions
-Since Helm with `appgw.shared=true` and the default `prohibit-all-targets` blocks AGIC from applying any config.
+Since Helm with `appgw.shared=true` and the default `prohibit-all-targets` blocks AGIC from applying a config, broaden AGIC permissions:
 
-Broaden AGIC permissions with:
 1. Create a new `AzureIngressProhibitedTarget` with your specific setup:
     ```bash
     cat <<EOF | kubectl apply -f -
@@ -346,7 +344,7 @@ are going to reuse the existing Application Gateway and manually configure a lis
 `staging.contoso.com`. But manually tweaking Application Gateway config (via
 [portal](https://portal.azure.com), [ARM APIs](/rest/api/resources/) or
 [Terraform](https://www.terraform.io/)) would conflict with AGIC's assumptions of full ownership. Shortly after we apply
-changes, AGIC will overwrite or delete them.
+changes, AGIC overwrites or deletes them.
 
 We can prohibit AGIC from making changes to a subset of configuration.
 
@@ -368,5 +366,5 @@ We can prohibit AGIC from making changes to a subset of configuration.
     ```
 
 3. Modify Application Gateway config via portal - add listeners, routing rules, backends etc. The new object we created
-(`manually-configured-staging-environment`) will prohibit AGIC from overwriting Application Gateway configuration related to
+(`manually-configured-staging-environment`) prohibits AGIC from overwriting Application Gateway configuration related to
 `staging.contoso.com`.