[AKS] Edits and revisions

iainfoulds · iainfoulds · commit 31c33302cc71 · 2018-08-21T12:29:19.000-07:00
diff --git a/articles/aks/ssh.md b/articles/aks/ssh.md
@@ -12,19 +12,19 @@ ms.author: iainfou
 
 # SSH to Azure Kubernetes Service (AKS) cluster nodes
 
-Occasionally, you may need to access an Azure Kubernetes Service (AKS) node for maintenance, log collection, or other troubleshooting operations. For security purposes, the AKS nodes are not exposed to the internet. This article shows you how to create an SSH connection with an AKS node.
+Throughout the lifecycle of your Azure Kubernetes Service (AKS) cluster, you may need to access an AKS node. This access could be for maintenance, log collection, or other troubleshooting operations. The AKS nodes are Linux VMs, so you can access them using SSH. For security purposes, the AKS nodes are not exposed to the internet. This article shows you how to create an SSH connection with an AKS node using their private IP addresses.
 
-## Reset the SSH keys
+## Add your public SSH key
 
-If you did not specify SSH keys when you created your AKS cluster, you first need to reset the SSH keys for the Kubernetes nodes. To reset the SSH keys for your nodes, complete the following steps:
+By default, SSH keys are generated for you when you create an AKS cluster. If you did not specify your own SSH keys when you created your AKS cluster, you first need to add your public SSH keys to the AKS nodes. To add your SSH key to an AKS node, complete the following steps:
 
 1. Get the resource group name for your AKS cluster resources using [az aks show][az-aks-show]. Provide your own core resource group and AKS cluster name:
 
     ```azurecli
     az aks show --resource-group myResourceGroup --name myAKSCluster --query nodeResourceGroup -o tsv
     ```
 
-1. List the VMs in the AKS cluster resource group using the [az vm list][az-vm-list] command. These VMs are you AKS nodes:
+1. List the VMs in the AKS cluster resource group using the [az vm list][az-vm-list] command. These VMs are your AKS nodes:
 
     ```azurecli
     az vm list --resource-group MC_myResourceGroup_myAKSCluster_eastus -o table
@@ -38,7 +38,7 @@ If you did not specify SSH keys when you created your AKS cluster, you first nee
     aks-nodepool1-79590246-0  MC_myResourceGroupAKS_myAKSClusterRBAC_eastus  eastus
     ```
 
-1. To update the SSH keys for your node, use the [az vm user update][az-vm-user-update] command. Provide the resource group name and then one of the AKS nodes obtained in the previous step. By default, the username for the AKS nodes is *azureuser*. Provide the location of your own SSH public key location, such as ~/.ssh/id_rsa.pub*, or paste the contents of your SSH public key:
+1. To add your SSH keys to the node, use the [az vm user update][az-vm-user-update] command. Provide the resource group name and then one of the AKS nodes obtained in the previous step. By default, the username for the AKS nodes is *azureuser*. Provide the location of your own SSH public key location, such as *~/.ssh/id_rsa.pub*, or paste the contents of your SSH public key:
 
     ```azurecli
     az vm user update \
@@ -50,7 +50,9 @@ If you did not specify SSH keys when you created your AKS cluster, you first nee
 
 ## Get the AKS node address
 
-The AKS nodes are not publicly exposed to the internet. To SSH to the AKS nodes, you use their internal, private IP addresses. View the private IP address of an AKS cluster node using the [az vm list-ip-addresses][az-vm-list-ip-addresses] command. Provide your own AKS cluster resource group name obtained in a previous [az-aks-show][az-aks-show] step:
+The AKS nodes are not publicly exposed to the internet. To SSH to the AKS nodes, you use their internal, private IP addresses.
+
+View the private IP address of an AKS cluster node using the [az vm list-ip-addresses][az-vm-list-ip-addresses] command. Provide your own AKS cluster resource group name obtained in a previous [az-aks-show][az-aks-show] step:
 
 ```azurecli
 az vm list-ip-addresses --resource-group MC_myAKSCluster_myAKSCluster_eastus -o table
@@ -66,15 +68,15 @@ aks-nodepool1-79590246-0  10.240.0.4
 
 ## Create the SSH connection
 
-To get an SSH connection to an AKS node, you run a helper pod on the node. This helper pod provides you with SSH access into the cluster and then additional SSH node access. To create and use this helper pod, complete the following steps:
+To create an SSH connection to an AKS node, you run a helper pod in your AKS cluster. This helper pod provides you with SSH access into the cluster and then additional SSH node access. To create and use this helper pod, complete the following steps:
 
-1. Run a `debian` container image and attach a terminal session to it. This container is used to create an SSH session with any node in the AKS cluster:
+1. Run a `debian` container image and attach a terminal session to it. This container can be used to create an SSH session with any node in the AKS cluster:
 
     ```console
     kubectl run -it --rm aks-ssh --image=debian
     ```
 
-1. The base Debian image doesn't include SSH components. Install an SSH client in the container with `apt-get` as follows:
+1. The base Debian image doesn't include SSH components. Once the terminal session is connected to the container, install an SSH client using `apt-get` as follows:
 
     ```console
     apt-get update && apt-get install openssh-client -y
@@ -89,13 +91,15 @@ To get an SSH connection to an AKS node, you run a helper pod on the node. This
     aks-ssh-554b746bcf-kbwvf   1/1       Running   0          1m
     ```
 
-1. In the first step of this article, you added your public SSH key the AKS node. Now, copy your private SSH key into the pod. This private key is then used to create the SSH into the AKS nodes. Provide your own *aks-ssh* pod name obtained in the previous step. If needed, change *~/.ssh/id_rsa* to location of your private SSH key:
+1. In the first step of this article, you added your public SSH key the AKS node. Now, copy your private SSH key into the pod. This private key is used to create the SSH into the AKS nodes.
+
+    Provide your own *aks-ssh* pod name obtained in the previous step. If needed, change *~/.ssh/id_rsa* to location of your private SSH key:
 
     ```console
     kubectl cp ~/.ssh/id_rsa aks-ssh-554b746bcf-kbwvf:/id_rsa
     ```
 
-1. Back in the terminal session to your help pod, update the permissions on the `id_rsa` private SSH key copied in the previous step so that it is user read-only:
+1. Back in the terminal session to your container, update the permissions on the copied `id_rsa` private SSH key so that it is user read-only:
 
     ```console
     chmod 0600 id_rsa
@@ -139,6 +143,6 @@ If you need additional troubleshooting data, you can [view the kubelet logs][vie
 [az-aks-show]: /cli/azure/aks#az-aks-show
 [az-vm-list]: /cli/azure/vm#az-vm-list
 [az-vm-user-update]: /cli/azure/vm/user#az-vm-user-update
-[az-vm-list-ip-addresses]: cli/azure/vm#az-vm-list-ip-addresses
+[az-vm-list-ip-addresses]: /cli/azure/vm#az-vm-list-ip-addresses
 [view-kubelet-logs]: kubelet-logs.md
 [view-master-logs]: view-master-logs.md
