updates per gatekeppers

Author: mlhoop

articles/azure-arc/kubernetes/TOC.yml

@@ -8,10 +8,10 @@
   items:
   - name: Cluster operations
     items:
-    - name: Connect a cluster
-      href: connect-a-cluster.md
+    - name: Connect cluster
+      href: connect-cluster.md
     - name: Use GitOps for connected clusters
-      href: use-gitops-in-connected-cluster.md
+      href: use-gitops-connected-cluster.md
     - name: Use GitOps with Helm
       href: use-gitops-with-helm.md
     - name: Azure Monitor for containers
@@ -20,5 +20,7 @@
       href: use-azure-policy.md
     - name: Deploy IoT workloads
       href: deploy-azure-iot-edge-workloads.md
+    - name: Onboarding service principal
+      href: create-onboarding-service-principal.md
     - name: Troubleshooting
       href: Troubleshooting.md

articles/azure-arc/kubernetes/connect-a-cluster.md renamed to articles/azure-arc/kubernetes/connect-cluster.md

@@ -1,17 +1,17 @@
 ---
-title: "Connect a Kubernetes cluster (Preview)"
+title: "Connect an Azure Arc-enabled Kubernetes cluster (Preview)"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
 ms.date: 05/19/2020
 ms.topic: article
 author: mlearned
 ms.author: mlearned
-description: "Connect a Kubernetes cluster with Azure Arc"
+description: "Connect an Azure Arc-enabled Kubernetes cluster with Azure Arc"
 keywords: "Kubernetes, Arc, Azure, K8s, containers"
 ---
 
-# Connect a Kubernetes cluster (Preview)
+# Connect an Azure Arc-enabled Kubernetes cluster (Preview)
 
 Connect a Kubernetes cluster to Azure Arc. 
 
@@ -42,7 +42,7 @@ Azure Arc agents require the following protocols/ports/outbound URLs to function
 | 2.  | https://eastus.dp.kubernetesconfiguration.azure.com, https://westeurope.dp.kubernetesconfiguration.azure.com | Data plane endpoint for the agent to push status and fetch configuration information                                      |
 | 3.  | https://docker.io                                                                                            | Required to pull container images                                                                                         |
 | 4.  | https://github.com, git://github.com                                                                         | Example GitOps repos are hosted on GitHub. Configuration agent requires connectivity to whichever git endpoint you specify. |
-| 5.  | https://login.microsoftonline.com                                                                            | Required to fetch and update ARM tokens                                                                                    |
+| 5.  | https://login.microsoftonline.com                                                                            | Required to fetch and update Azure Resource Manager tokens                                                                                    |
 | 6.  | https://azurearcfork8s.azurecr.io                                                                            | Required to pull container images for Azure Arc agents                                                                  |
 
 ## Register the two providers for Azure Arc enabled Kubernetes:
@@ -150,7 +150,7 @@ Helm release deployment succeeded
 List your connected clusters:
 
 ```console
-az connectedk8s list -g AzureArcTest -c AzureArcTest1 --cluster-type connectedClusters -o table
+az connectedk8s list -g AzureArcTest
 ```
 
 **Output:**
@@ -193,7 +193,7 @@ You can delete a `Microsoft.Kubernetes/connectedcluster` resource using the CLI
 
 The Azure CLI command `az connectedk8s delete` removes the `Microsoft.Kubernetes/connectedCluster` resource in Azure. The Azure CLI deletes any associated `sourcecontrolconfiguration` resources in Azure. The Azure CLI uses helm uninstall to remove the agents in the cluster.
 
-The Azure Portal deletes the `Microsoft.Kubernetes/connectedcluster` resource in Azure, and deletes any associated `sourcecontrolconfiguration` resources in Azure.
+The Azure portal deletes the `Microsoft.Kubernetes/connectedcluster` resource in Azure, and deletes any associated `sourcecontrolconfiguration` resources in Azure.
 
 To remove the agents in the cluster you need to run `az connectedk8s delete` or `helm uninstall azurearcfork8s`.
 

articles/azure-arc/kubernetes/create-onboarding-spn.md renamed to articles/azure-arc/kubernetes/create-onboarding-service-principal.md

@@ -1,24 +1,24 @@
 ---
-title: "Create an onboarding Service Principal (Preview)"
+title: "Create an Azure Arc-enabled onboarding Service Principal (Preview)"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
 ms.date: 05/19/2020
 ms.topic: article
 author: mlearned
 ms.author: mlearned
-description: "Create an onboarding Service Principal "
+description: "Create an Azure Arc-enabled onboarding Service Principal "
 keywords: "Kubernetes, Arc, Azure, containers"
 ---
 
-# Create an onboarding Service Principal (Preview)
+# Create an Azure Arc-enabled onboarding Service Principal (Preview)
 
 ## Overview
 
 When a cluster is onboarded to Azure, the agents running in your cluster must authenticate to Azure Resource Manager as part of registration. The `connectedk8s` CLI extension has automated Service Principal creation. However, there may be a few scenarios where the CLI automation does not work:
 
-1. Your organization generally restricts the creation of Service Principals
-1. The user onboarding the cluster does not have sufficient permissions to create Service Principals
+* Your organization generally restricts the creation of Service Principals
+* The user onboarding the cluster does not have sufficient permissions to create Service Principals
 
 Instead, let's create the Service Principal out of band, and then pass the principal to the CLI extension.
 

articles/azure-arc/kubernetes/deploy-azure-iot-edge-workloads.md

@@ -22,11 +22,11 @@ Azure Arc and Azure IoT Edge complement each other's capabilities quite well. Az
 
 ## Pre-requisites
 
-1. [Register an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/quickstart-linux#register-an-iot-edge-device) and [deploy the simulated temperature sensor module](https://docs.microsoft.com/azure/iot-edge/quickstart-linux#deploy-a-module). Be sure to note the device's connection string.
+* [Register an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/quickstart-linux#register-an-iot-edge-device) and [deploy the simulated temperature sensor module](https://docs.microsoft.com/azure/iot-edge/quickstart-linux#deploy-a-module). Be sure to note the device's connection string.
 
-1. We'll leverage [IoT Edge's support for Kubernetes](https://aka.ms/edgek8sdoc) to deploy it via Azure Arc's Flux operator.
+* Use [IoT Edge's support for Kubernetes](https://aka.ms/edgek8sdoc) to deploy it via Azure Arc's Flux operator.
 
-1. Download the [**values.yaml**](https://github.com/Azure/iotedge/blob/master/kubernetes/charts/edge-kubernetes/values.yaml) file for IoT Edge Helm chart and replace the **deviceConnectionString** placeholder at the end of the file with the one noted in Step 1. You can set any other supported chart installation options as required. Create a namespace for the IoT Edge workload and create add a secret in it:
+* Download the [**values.yaml**](https://github.com/Azure/iotedge/blob/master/kubernetes/charts/edge-kubernetes/values.yaml) file for IoT Edge Helm chart and replace the **deviceConnectionString** placeholder at the end of the file with the one noted in Step 1. You can set any other supported chart installation options as required. Create a namespace for the IoT Edge workload and create add a secret in it:
 
     ```
     $ kubectl create ns iotedge

articles/azure-arc/kubernetes/deploy-azure-monitor-for-containers.md

@@ -17,14 +17,14 @@ Onboard [Azure Monitor enabled containers](https://docs.microsoft.com/azure/azur
 
 ## Before you begin
 
-- Kubernetes versions: https://docs.microsoft.com/azure/aks/supported-kubernetes-versions
-  - Linux distros for the cluster (master & worker) nodes – Ubuntu (18.04 LTS and 16.04 LTS)
-- Minimum Contributor RBAC role permission on the Azure subscription of the Azure Arc enabled Kubernetes cluster
-- Fully Qualified Azure Resource Id of the Azure Arc enabled Kubernetes cluster
-- Kubeconfig context of the Kubernetes cluster
-- Monitoring agent requires cAdvisor on the Kubelet is running on either secure port: 10250 or unsecure port: 10255 on the all nodes to pull the perf metrics   
-   > Note:  Recommended to configure the Kubelet cAdvisor port to secure port:10250 if its not configured already.
-- Monitoring Agent requires the following outbound ports and domains to send the monitoring data to the Azure Monitor backend (If blocked by proxy/firewall)
+* Kubernetes versions: https://docs.microsoft.com/azure/aks/supported-kubernetes-versions
+* Linux distros for the cluster (master & worker) nodes – Ubuntu (18.04 LTS and 16.04 LTS)
+* Minimum Contributor RBAC role permission on the Azure subscription of the Azure Arc enabled Kubernetes cluster
+* Fully Qualified Azure Resource ID of the Azure Arc enabled Kubernetes cluster
+* Kubeconfig context of the Kubernetes cluster
+* Monitoring agent requires cAdvisor on the Kubelet is running on either secure port: 10250 or unsecure port: 10255 on the all nodes to pull the perf metrics   
+* It is Recommended to configure the Kubelet cAdvisor port to secure port:10250.
+* Monitoring Agent requires the following outbound ports and domains to send the monitoring data to the Azure Monitor backend (If blocked by proxy/firewall)
     -  *.ods.opinsights.azure.com 443
     -  *.oms.opinsights.azure.com 443
     -  *.blob.core.windows.net 443
@@ -37,32 +37,37 @@ Onboard [Azure Monitor enabled containers](https://docs.microsoft.com/azure/azur
 ### Option 1: Using PowerShell  script
 
 1. Download the Onboarding script
+
 ```console
 curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/haiku/onboarding_azuremonitor_for_containers.ps1
  ```
+
 2. Install [PowerShell core](https://docs.microsoft.com/PowerShell/scripting/install/installing-PowerShell?view=PowerShell-6) on your dev machine to execute the PowerShell onboarding script.
 
 3. Login to Azure
+
 ```console
 az login --use-device-code
 ```
 
 4. Execute below script with your cluster Azure Arc K8s Cluster ResourceId and context of the kubernetes cluster
+
 ```console
 .\onboarding_azuremonitor_for_containers.ps1 -azureArcClusterResourceId <resourcedIdOfAzureArcCluster> -kubeContext <kube-context>
 
 For Example ..
 .\onboarding_azuremonitor_for_containers.ps1 -azureArcClusterResourceId /subscriptions/57ac26cf-a9f0-4908-b300-9a4e9a0fb205/resourceGroups/AzureArcTest/providers/Microsoft.Kubernetes/connectedClusters/AzureArcTest1 -kubeContext MyK8sTestCluster
-
  ```
+
 ### Option 2: Using Bash Script
 
-> **Hint:** The script uses bash 4 features, so make sure your bash is up to date. You can check your current version with `bash --version`.
+> **Tip:** The script uses bash 4 features, so make sure your bash is up to date. You can check your current version with `bash --version`.
 
 1. Download the Onboarding script
 ```console
 curl -LO https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/haiku/onboarding_azuremonitor_for_containers.sh
  ```
+
 2. Execute below script with your cluster Azure Arc K8s Cluster ResourceId and context of the kubernetes cluster
 ```console
 bash onboarding_azuremonitor_for_containers.sh <resourcedIdOfAzureArcCluster>  <kube-context>
@@ -73,18 +78,22 @@ bash onboarding_azuremonitor_for_containers.sh /subscriptions/57ac26cf-a9f0-4908
  ```
 
 ## Configure agent data collection
+
 By default, the agent doesn't collect stdout and stderr logs of containers in kube-system namespace.
 Refer to https://docs.microsoft.com/azure/azure-monitor/insights/container-insights-agent-config to configure agent with desired data collection settings.
 
 ## Configure scraping of Prometheus metrics
+
 Azure Monitor for containers scrapes the Prometheus metrics and ingest to the Azure Monitor backend.
 Refer to https://docs.microsoft.com/azure/azure-monitor/insights/container-insights-prometheus-integration for the instructions on how to configure Prometheus scraping.
 
 ## User interface
+
 Navigate to  https://aka.ms/azmon-containers-azurearc to view the Onboarded Cluster
 
 ## Disable Monitoring
-If you would like to disable monitoring due to some reason, you can just simply delete the azure monitor for containers HELM chart to stop collecting and ingesting  monitoring  data to Azure Monitor for containers backend
+
+If you would like to disable monitoring due to some reason, you can just simply delete the Azure Monitor for containers HELM chart to stop collecting and ingesting  monitoring  data to Azure Monitor for containers backend
 
 ```console
 helm del azmon-containers-release-1

articles/azure-arc/kubernetes/index.yml

@@ -29,10 +29,10 @@ landingContent:
             url: ./overview.md 
       - linkListType: how-to-guide
         links:
-          - text: Connect a cluster
-            url: ./connect-a-cluster.md
+          - text: Connect cluster
+            url: ./connect-cluster.md
           - text: Use GitOps in a connected cluster
-            url: ./use-gitops-in-connected-cluster.md
+            url: ./use-gitops-connected-cluster.md
           - text: Use GitOps with Helm
             url: ./use-gitops-with-helm.md
           - text: Use Azure monitor for containers
@@ -41,5 +41,7 @@ landingContent:
             url: ./use-azure-policy.md
           - text: Deploy Azure IoT edge workloads
             url: ./deploy-azure-iot-edge-workloads.md
+          - text: Onboarding service principal
+            url: ./create-onboarding-service-principal.md
 
 

articles/azure-arc/kubernetes/overview.md

@@ -1,5 +1,5 @@
 ---
-title: "Overview"
+title: "Azure Arc-enabled Kubernetes overview"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
@@ -11,9 +11,9 @@ description: ""
 keywords: "Kubernetes, Arc, Azure, containers"
 ---
 
-# What is Azure Arc enabled Kubernetes (Preview)
+# What is Azure Arc-enabled Kubernetes (Preview)
 
-You can attach and configure Kubernetes clusters inside or outside of Azure with Azure Arc enabled Kubernetes (Preview). When a Kubernetes cluster is attached to Azure Arc, it will appear in the Azure Portal, have an Azure Resource Manager Id, and a Managed Identity. Clusters are attached to standard Azure subscriptions, live in a resource group, and can receive tags just like any other Azure resource. 
+You can attach and configure Kubernetes clusters inside or outside of Azure with Azure Arc enabled Kubernetes (Preview). When a Kubernetes cluster is attached to Azure Arc, it will appear in the Azure Portal, have an Azure Resource Manager ID, and a Managed Identity. Clusters are attached to standard Azure subscriptions, live in a resource group, and can receive tags just like any other Azure resource. 
 
 
 Connecting a Kubernetes cluster to Azure requires a cluster administrator to deploy agents. These agents run in a Kubernetes namespace named `azure-arc` and are standard Kubernetes deployments. The agents are responsible for connectivity to Azure, collecting Azure Arc logs and metrics, and watching for configuration requests.  

articles/azure-arc/kubernetes/use-gitops-in-connected-cluster.md

@@ -1,23 +1,23 @@
 ---
-title: "Use GitOps for cluster configuration (Preview)"
+title: "Use GitOps for an Azure Arc-enabled cluster configuration (Preview)"
 services: azure-arc
 ms.service: azure-arc
 #ms.subservice: azure-arc-kubernetes coming soon
 ms.date: 05/19/2020
 ms.topic: article
 author: mlearned
 ms.author: mlearned
-description: ""
+description: "Use GitOps for an Azure Arc-enabled cluster configuration (Preview)"
 keywords: "GitOps, Kubernetes, K8s, Azure, Arc, Azure Kubernetes Service, containers"
 ---
 
-# Use GitOps for cluster configuration (Preview)
+# Use GitOps for an Azure Arc-enabled  configuration (Preview)
 
 ## Overview
 
 This architecture uses a GitOps workflow to configure the cluster and deploy applications. The configuration is described declaratively in .yaml files and stored in Git. An agent watches the Git repo for changes and applies them.  The same agent also periodically assures that the cluster state matches the state declared in the Git repo and returns the cluster to the desired state if any unmanaged changes have occurred.
 
-The connection between your cluster and one or more Git repositories is tracked in Azure Resource Manager (ARM) as a `sourceControlConfiguration` extension resource. The `sourceControlConfiguration` resource properties represent where and how Kubernetes resources should flow from Git to your cluster. The `sourceControlConfiguration` data is stored encrypted at rest in a CosmosDb database to ensure data confidentiality.
+The connection between your cluster and one or more Git repositories is tracked in Azure Resource Manager as a `sourceControlConfiguration` extension resource. The `sourceControlConfiguration` resource properties represent where and how Kubernetes resources should flow from Git to your cluster. The `sourceControlConfiguration` data is stored encrypted at rest in a CosmosDb database to ensure data confidentiality.
 
 The Azure Arc enabled Kubernetes `config-agent` running in your cluster is responsible for watching for new or updated `sourceControlConfiguration` resources and orchestrates adding, updating, or removing the Git repo links automatically.
 
@@ -140,9 +140,10 @@ Options supported in  --operator-params
 | 8.  | --git-user  | Username for git commit. |
 | 9.  | --git-email  | Email to use for git commit. |
 
-Note: If '--git-user' or '--git-email' are not set (which means that you don't want Flux to write to the repo), then --git-readonly will automatically be set (if you have not already set it).
+* If '--git-user' or '--git-email' are not set (which means that you don't want Flux to write to the repo), then --git-readonly will automatically be set (if you have not already set it).
+
+* If enableHelmOperator is true, then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters combined.  If you fail to adhere to this limit then you will get this error:
 
-Note: If enableHelmOperator is true, then operatorInstanceName + operatorNamespace strings cannot exceed 47 characters combined.  If you fail to adhere to this limit then you will get this error:
 ```console
 {"OperatorMessage":"Error: {failed to install chart from path [helm-operator] for release [<operatorInstanceName>-helm-<operatorNamespace>]: err [release name \"<operatorInstanceName>-helm-<operatorNamespace>\" exceeds max length of 53]} occurred while doing the operation : {Installing the operator} on the config","ClusterState":"Installing the operator"}
 ```
@@ -187,7 +188,7 @@ Command group 'k8sconfiguration' is in preview. It may be changed/removed in a f
 
 When the `sourceControlConfiguration` is created, a few things happen under the hood:
 
-1. The Azure Arc `config-agent` monitors Azure Resource Manager (ARM) for new or updated configurations (`Microsoft.KubernetesConfiguration/sourceControlConfiguration`)
+1. The Azure Arc `config-agent` monitors Azure Resource Manager for new or updated configurations (`Microsoft.KubernetesConfiguration/sourceControlConfiguration`)
 1. `config-agent` notices the new `Pending` configuration
 1. `config-agent` reads the configuration properties and prepares to deploy a managed instance of `flux`
     1. `config-agent` creates the destination namespace
@@ -206,7 +207,7 @@ While the provisioning process happens, the `sourceControlConfiguration` will mo
 
 If you are using a private git repo, then you need to perform one more task to close the loop: you need to add the public key that was generated by `flux` as a **Deploy key** in the repo.
 
-**Get the public key using az cli**
+**Get the public key using Azure CLI**
 
 ```console
 $ az k8sconfiguration show --resource-group <resource group name> --cluster-name <connected cluster name> --name <configuration name> --query 'repositoryPublicKey'