acrolinx

Author: greg-lindsay

articles/application-gateway/ingress-controller-install-existing.md

@@ -30,18 +30,17 @@ This document assumes you already have the following tools and infrastructure in
 - [AKS](https://azure.microsoft.com/services/kubernetes-service/) with [Azure Container Networking Interface (CNI)](../aks/configure-azure-cni.md)
 - [Application Gateway v2](./tutorial-autoscale-ps.md) in the same virtual network as AKS
 - [AAD Pod Identity](https://github.com/Azure/aad-pod-identity) installed on your AKS cluster
-- [Cloud Shell](https://shell.azure.com/) is the Azure shell environment, which has `az` CLI, `kubectl`, and `helm` installed. These tools are required for the commands below.
+- [Cloud Shell](https://shell.azure.com/) is the Azure shell environment, which has `az` CLI, `kubectl`, and `helm` installed. These tools are required for the following commands:
 
-Please __backup your Application Gateway's configuration__ before installing AGIC:
+**Backup your Application Gateway's configuration** before installing AGIC:
   1. using [Azure portal](https://portal.azure.com/) navigate to your `Application Gateway` instance
   2. from `Export template` click `Download`
 
-The zip file you downloaded will have JSON templates, bash, and PowerShell scripts you could use to restore App
+The zip file you downloaded contains JSON templates, bash, and PowerShell scripts you could use to restore App
 Gateway should that become necessary
 
 ## Install Helm
-[Helm](../aks/kubernetes-helm.md) is a package manager for
-Kubernetes. We will leverage it to install the `application-gateway-kubernetes-ingress` package.
+[Helm](../aks/kubernetes-helm.md) is a package manager for Kubernetes. This is used to install the `application-gateway-kubernetes-ingress` package.
 Use [Cloud Shell](https://shell.azure.com/) to install Helm:
 
 1. Install [Helm](../aks/kubernetes-helm.md) and run the following to add `application-gateway-kubernetes-ingress` helm package:
@@ -98,8 +97,8 @@ the resource group of the `aks-agentpool` virtual machines. Typically that resou
     az identity show -g <resourcegroup> -n <identity-name>
     ```
 
-1. Give the identity `Contributor` access to your Application Gateway. For this you need the ID of the Application Gateway, which will
-look something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft.Network/applicationGateways/C`
+1. Give the identity `Contributor` access to your Application Gateway. For this you need the ID of the Application Gateway, which
+looks something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft.Network/applicationGateways/C`
 
     Get the list of Application Gateway IDs in your subscription with: `az network application-gateway list --query '[].id'`
 
@@ -121,7 +120,7 @@ look something like this: `/subscriptions/A/resourceGroups/B/providers/Microsoft
     ```
 
 ## Using a Service Principal
-It is also possible to provide AGIC access to ARM via a Kubernetes secret.
+It's also possible to provide AGIC access to ARM via a Kubernetes secret.
 
 1. Create an Active Directory Service Principal and encode with base64. The base64 encoding is required for the JSON
 blob to be saved to Kubernetes.
@@ -148,7 +147,7 @@ In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use
     helm repo update
     ```
 
-1. Download helm-config.yaml, which will configure AGIC:
+1. Download helm-config.yaml, which configures AGIC:
     ```bash
     wget https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/docs/examples/sample-helm-config.yaml -O helm-config.yaml
     ```
@@ -161,20 +160,20 @@ In the first few steps, we install Helm's Tiller on your Kubernetes cluster. Use
     verbosityLevel: 3
     
     ################################################################################
-    # Specify which application gateway the ingress controller will manage
+    # Specify which application gateway the ingress controller must manage
     #
     appgw:
         subscriptionId: <subscriptionId>
         resourceGroup: <resourceGroupName>
         name: <applicationGatewayName>
     
-        # Setting appgw.shared to "true" will create an AzureIngressProhibitedTarget CRD.
+        # Setting appgw.shared to "true" creates an AzureIngressProhibitedTarget CRD.
         # This prohibits AGIC from applying config for any host/path.
         # Use "kubectl get AzureIngressProhibitedTargets" to view and change this.
         shared: false
     
     ################################################################################
-    # Specify which kubernetes namespace the ingress controller will watch
+    # Specify which kubernetes namespace the ingress controller must watch
     # Default value is "default"
     # Leaving this variable out or setting it to blank or empty string would
     # result in Ingress Controller observing all acessible namespaces.
@@ -243,24 +242,24 @@ Refer to [this how-to guide](ingress-controller-expose-service-over-http-https.m
 
 
 ## Shared Application Gateway
-By default AGIC assumes full ownership of the Application Gateway it is linked to. AGIC version 0.8.0 and later can
+By default AGIC assumes full ownership of the Application Gateway it's linked to. AGIC version 0.8.0 and later can
 share a single Application Gateway with other Azure components. For instance, we could use the same Application Gateway for an app
 hosted on Virtual Machine Scale Set as well as an AKS cluster.
 
 Please __backup your Application Gateway's configuration__ before enabling this setting:
   1. using [Azure portal](https://portal.azure.com/) navigate to your `Application Gateway` instance
   2. from `Export template` click `Download`
 
-The zip file you downloaded will have JSON templates, bash, and PowerShell scripts you could use to restore Application Gateway
+The zip file you downloaded contains JSON templates, bash, and PowerShell scripts you could use to restore Application Gateway
 
 ### Example Scenario
 Let's look at an imaginary Application Gateway, which manages traffic for two web sites:
   - `dev.contoso.com` - hosted on a new AKS, using Application Gateway and AGIC
   - `prod.contoso.com` - hosted on an [Azure Virtual Machine Scale Set](https://azure.microsoft.com/services/virtual-machine-scale-sets/)
 
-With default settings, AGIC assumes 100% ownership of the Application Gateway it is pointed to. AGIC overwrites all of App
+With default settings, AGIC assumes 100% ownership of the Application Gateway it's pointed to. AGIC overwrites all of App
 Gateway's configuration. If we were to manually create a listener for `prod.contoso.com` (on Application Gateway), without
-defining it in the Kubernetes Ingress, AGIC will delete the `prod.contoso.com` config within seconds.
+defining it in the Kubernetes Ingress, AGIC deletes the `prod.contoso.com` config within seconds.
 
 To install AGIC and also serve `prod.contoso.com` from our Virtual Machine Scale Set machines, we must constrain AGIC to configuring
 `dev.contoso.com` only. This is facilitated by instantiating the following
@@ -284,7 +283,7 @@ related to that hostname.
 
 ### Enable with new AGIC installation
 To limit AGIC (version 0.8.0 and later) to a subset of the Application Gateway configuration modify the `helm-config.yaml` template.
-Under the `appgw:` section, add `shared` key and set it to to `true`.
+Under the `appgw:` section, add `shared` key and set it to `true`.
 
 ```yaml
 appgw:
@@ -307,17 +306,17 @@ Apply the Helm changes:
           ingress-azure application-gateway-kubernetes-ingress/ingress-azure
       ```
 
-As a result your AKS will have a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
+As a result your AKS has a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
 ```bash
 kubectl get AzureIngressProhibitedTargets prohibit-all-targets -o yaml
 ```
 
 The object `prohibit-all-targets`, as the name implies, prohibits AGIC from changing config for *any* host and path.
-Helm install with `appgw.shared=true` will deploy AGIC, but won't make any changes to Application Gateway.
+Helm install with `appgw.shared=true` deploys AGIC, but won't make any changes to Application Gateway.
 
 
 ### Broaden permissions
-Since Helm with `appgw.shared=true` and the default `prohibit-all-targets` blocks AGIC from applying any config.
+Since Helm with `appgw.shared=true` and the default `prohibit-all-targets` blocks AGIC from applying a config.
 
 Broaden AGIC permissions with:
 1. Create a new `AzureIngressProhibitedTarget` with your specific setup:
@@ -346,7 +345,7 @@ are going to reuse the existing Application Gateway and manually configure a lis
 `staging.contoso.com`. But manually tweaking Application Gateway config (via
 [portal](https://portal.azure.com), [ARM APIs](/rest/api/resources/) or
 [Terraform](https://www.terraform.io/)) would conflict with AGIC's assumptions of full ownership. Shortly after we apply
-changes, AGIC will overwrite or delete them.
+changes, AGIC overwrites or deletes them.
 
 We can prohibit AGIC from making changes to a subset of configuration.
 
@@ -368,5 +367,5 @@ We can prohibit AGIC from making changes to a subset of configuration.
     ```
 
 3. Modify Application Gateway config via portal - add listeners, routing rules, backends etc. The new object we created
-(`manually-configured-staging-environment`) will prohibit AGIC from overwriting Application Gateway configuration related to
+(`manually-configured-staging-environment`) prohibits AGIC from overwriting Application Gateway configuration related to
 `staging.contoso.com`.