Add pointers to byoca steps

kgremban · kgremban · commit 3046169bb1f4 · 2024-11-01T16:34:00.000-07:00
diff --git a/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md b/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md
@@ -147,16 +147,24 @@ Use these steps if you chose the **Test settings** option on the **Dependency ma
       >[!TIP]
       >The `init` command only needs to be run once per cluster. If you're reusing a cluster that already had Azure IoT Operations version 0.8.0 deployed on it, you can skip this step.
 
+      If you followed the optional prerequisite to set up your own certificate authority issuer, add the `--user-trust` flag to the `init` command.
+
       This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
 
    1. Deploy Azure IoT Operations. Copy and run the provided [az iot ops create](/cli/azure/iot/ops#az-iot-ops-create) command.
 
-      If you followed the optional prerequisites to prepare your cluster for observability, add the following optional parameters to the `create` command:
+      * If you followed the optional prerequisites to prepare your cluster for observability, add the following parameters to the `create` command:
 
-      | Optional parameter | Value | Description |
-      | --------- | ----- | ----------- |
-      | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | Provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.enpoint=4317**. |
-      | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | Provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
+        | Parameter | Value | Description |
+        | --------- | ----- | ----------- |
+        | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | Provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.enpoint=4317**. |
+        | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | Provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
+  
+      * If you followed the optional prerequisites to set up your own certificate authority issuer, add the `--trust-settings` parameters to the `create` command:
+
+        ```bash
+        --trust-settings configMapName=<CONFIGMAP_NAME> configMapKey=<CONFIGMAP_KEY_WITH_PUBLICKEY_VALUE> issuerKind=<CLUSTERISSUER_OR_ISSUER> issuerName=<ISSUER_NAME>
+        ```
 
       This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
 
diff --git a/articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md b/articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md
@@ -222,7 +222,8 @@ az iot ops verify-host
 
 At this point, when you have an Azure Arc-enabled Kubernetes cluster but before you deploy Azure IoT Operations to it, you might want to configure your cluster for advanced scenarios.
 
-If you want to enable observability features on the cluster, follow the steps in [Deploy observability resources and set up logs](../configure-observability-monitoring/howto-configure-observability.md) before continuing to deploy.
+* If you want to enable observability features on the cluster, follow the steps in [Deploy observability resources and set up logs](../configure-observability-monitoring/howto-configure-observability.md).
+* If you want to configure your own certificate issuer on the cluster, follow the steps in [Certificate management > Bring your own issuer](../secure-iot-ops/concept-default-root-ca.md#bring-your-own-issuer).
 
 ## Next steps
 
diff --git a/articles/iot-operations/secure-iot-ops/concept-default-root-ca.md b/articles/iot-operations/secure-iot-ops/concept-default-root-ca.md
@@ -87,6 +87,7 @@ To help you get started, Azure IoT Operations Preview is deployed with a default
 ## Bring your own issuer
 
 For production deployments, we recommend that you set up Azure IoT Operations with an enterprise PKI to manage certificates and that you bring your own issuer which works with your enterprise PKI instead of using the default self-signed issuer to issue TLS certificates for internal communication.
+
 To set up Azure IoT Operations with your own issuer, use the following steps before deploying an instance to your cluster:
 
 1. Follow the steps in [Prepare your cluster](../deploy-iot-ops/howto-prepare-cluster.md) to set up your cluster.
@@ -116,7 +117,7 @@ To set up Azure IoT Operations with your own issuer, use the following steps bef
 1. Set up trust bundle in the Azure IoT Operations namespace.
 
    1. To set up trust bundle, create a ConfigMap in the Azure IoT Operations namespace. Place the public key portion of your CA certificate into the config map with a key name of your choice.
-   1. Get the public key portion of your CA certificate. The steps to acquire the public key depend on the issuer you have chosen.
+   1. Get the public key portion of your CA certificate. The steps to acquire the public key depend on the issuer you choose.
    1. Create the ConfigMap. For example:
 
       ```bash
@@ -133,5 +134,5 @@ To set up Azure IoT Operations with your own issuer, use the following steps bef
    2.  Add the `--trust-settings` parameter with the necessary information while deploying Azure IoT Operations. For example:
 
       ```bash
-      az iot ops create --subscription <SUBSCRIPTION_ID> -g <RESOURCE_GROUP> --cluster <CLUSTER_NAME> --custom-location <CUSTOME_LOCATION> -n <iNSTANCE_NAME> --sr-resource-id <SCHEMAREGISTRY_RESOURCE_ID> --trust-settings configMapName=<CONFIGMAP_NAME> configMapKey=<CONFIGMAP_KEY_WITH_PUBLICKEY_VALUE> issuerKind=<CLUSTERISSUER_OR_ISSUER> issuerName=<ISSUER_NAME>
+      az iot ops create --subscription <SUBSCRIPTION_ID> -g <RESOURCE_GROUP> --cluster <CLUSTER_NAME> --custom-location <CUSTOM_LOCATION> -n <INSTANCE_NAME> --sr-resource-id <SCHEMAREGISTRY_RESOURCE_ID> --trust-settings configMapName=<CONFIGMAP_NAME> configMapKey=<CONFIGMAP_KEY_WITH_PUBLICKEY_VALUE> issuerKind=<CLUSTERISSUER_OR_ISSUER> issuerName=<ISSUER_NAME>
       ```
