Updated NPM user doc- Addressed PR comments by Nick and Hunter

Khushbu-Parekh · Khushbu-Parekh · commit 82f3ee336372 · 2022-08-19T16:13:11.000-07:00
diff --git a/articles/aks/use-network-policies.md b/articles/aks/use-network-policies.md
@@ -24,16 +24,16 @@ All pods in an AKS cluster can send and receive traffic without limitations, by
 
 Network Policy is a Kubernetes specification that defines access policies for communication between Pods. Using network policies, you define an ordered set of rules to send and receive traffic and apply them to a collection of pods that match one or more label selectors.
 
-These Network Policy rules are defined as YAML manifests. Network Policies can be included as part of a wider manifest that also creates a deployment or service.
+These Network Policy rules are defined as YAML manifests. Network policies can be included as part of a wider manifest that also creates a deployment or service.
 
 ## Network policy options in AKS
 
 Azure provides two ways to implement Network Policy. You choose a Network Policy option when you create an AKS cluster. The policy option can't be changed after the cluster is created:
 
-* Azure's own implementation, called *Azure Network Policy Manager(NPM)*.
+* Azure's own implementation, called *Azure Network Policy Manager (NPM)*.
 * *Calico Network Policies*, an open-source network and network security solution founded by [Tigera][tigera].
 
-Azure NPM for Linux uses Linux *IPTables* and Azure NPM for Windows uses *Host Network Service(HNS) ACLPolicies* to enforce the specified policies. Policies are translated into sets of allowed and disallowed IP pairs. These pairs are then programmed as IPTable/HNS ACLPolicy filter rules.
+Azure NPM for Linux uses Linux *IPTables* and Azure NPM for Windows uses *Host Network Service (HNS) ACLPolicies* to enforce the specified policies. Policies are translated into sets of allowed and disallowed IP pairs. These pairs are then programmed as IPTable/HNS ACLPolicy filter rules.
 
 ## Differences between Azure NPM and Calico Network Policy and their capabilities
 
@@ -48,7 +48,7 @@ Azure NPM for Linux uses Linux *IPTables* and Azure NPM for Windows uses *Host N
 
 ## Limitations:
 
-*Azure Network Policy Manager(NPM) does not support IPv6. Otherwise, Azure NPM fully supports the network policy spec in Linux.
+Azure Network Policy Manager(NPM) does not support IPv6. Otherwise, Azure NPM fully supports the network policy spec in Linux.
 * In Windows, Azure NPM does not support the following:
     * named ports
     * SCTP protocol
@@ -111,6 +111,7 @@ Please execute the following commands prior to creating a cluster:
  az feature register --namespace Microsoft.ContainerService --name AKSWindows2022Preview
  az feature register --namespace Microsoft.ContainerService --name WindowsNetworkPolicyPreview
  az provider register -n Microsoft.ContainerService
+```
 
 > [!NOTE]
 > At this time, Azure NPM with Windows nodes is available on Windows Server 2022 only
@@ -126,7 +127,14 @@ $WINDOWS_PASSWORD=myWindowsPassword
 $k8S_VERSION=myk8sVersion
 $LOCATION=canadaeast
 ```
-Use the following command for cluster running with **Windows Server 2022** node pools:
+
+Create a username to use as administrator credentials for your Windows Server containers on your cluster. The following command prompts you for a username. Set it to `$WINDOWS_USERNAME`(remember that the commands in this article are entered into a BASH shell).
+
+```azurecli-interactive
+echo "Please enter the username to use as administrator credentials for Windows Server containers on your cluster: " && read $WINDOWS_USERNAME
+```
+
+Use the following command for a cluster running with **Windows Server 2022** node pools:
 
 ```azurecli
 az aks create \
@@ -141,9 +149,16 @@ az aks create \
     --node-count 1
 ```
 
-> [!NOTE]
-> You can still add Linux node pools to the cluster created using the above command, by default.
->
+It takes a few minutes to create the cluster. By default, your cluster is created with only a Linux node pool. If you would like to use Windows node pools, you can add one. For example:
+
+```azurecli
+az aks nodepool add \
+    --resource-group $RESOURCE_GROUP_NAME \
+    --name $CLUSTER_NAME \
+    --os-type Windows \
+    --name npwin \
+    --node-count 1
+```
 
 [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
 
@@ -185,19 +200,14 @@ az aks nodepool add \
     --node-count 1
 ```
 
-When the cluster is ready, configure `kubectl` to connect to your Kubernetes cluster by using the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them:
-
-```azurecli-interactive
-az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME
-```
 ## Verify Network Policy Setup
 
-It takes a few minutes to create the cluster. When the cluster is ready, configure `kubectl` to connect to your Kubernetes cluster by using the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them:
+When the cluster is ready, configure `kubectl` to connect to your Kubernetes cluster by using the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them:
 
 ```azurecli-interactive
 az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME
 ```
-To begin verification of network policy, we will create a sample application and set traffic rules.
+To begin verification of Network Policy, we will create a sample application and set traffic rules.
 
 Firstly, let's create a namespace called *demo* to run the example pods:
 
@@ -208,7 +218,7 @@ kubectl create namespace demo
 We will now create two pods in the cluster named *client* and *server*.
 
 >[!NOTE]
-> If you want to schedule the *client* or *server* on a particular node, add the following bit before the *--comand* argument in the pod creation [kubectl run][kubectl-run] command:
+> If you want to schedule the *client* or *server* on a particular node, add the following bit before the *--command* argument in the pod creation [kubectl run][kubectl-run] command:
 
 > ```console
 >--overrides='{"spec": { "nodeSelector": {"kubernetes.io/os": "linux|windows"}}}'
@@ -219,7 +229,7 @@ Create a *server* pod. This pod will serve on TCP port 80:
 kubectl run server -n demo --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 --labels="app=server" --port=80 --command -- /agnhost serve-hostname --tcp --http=false --port "80"
 ```
 
-Create a *client* pod:
+Create a *client* pod. The below command will run bash on the client pod:
 
 ```console
 kubectl run -it client -n demo --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 --command -- bash
@@ -246,7 +256,7 @@ In the client's shell, verify connectivity with the server by executing the foll
 
 ### Test Connectivity with Network Policy
 
-Create a file named demo-pods-policy.yaml and paste the following YAML manifest to add network policies:
+Create a file named demo-policy.yaml and paste the following YAML manifest to add network policies:
 
 ```yaml
 apiVersion: networking.k8s.io/v1
@@ -270,7 +280,7 @@ spec:
 Specify the name of your YAML manifest and apply it using [kubectl apply][kubectl-apply]:
 
 ```console
-kubectl apply –f demo-pods.yaml
+kubectl apply –f demo-policy.yaml
 ```
 
 Now, in the client's shell, verify connectivity with the server by executing the following `/agnhost` command:
@@ -279,21 +289,21 @@ Now, in the client's shell, verify connectivity with the server by executing the
 /agnhost connect <server-ip>:80 --timeout=3s --protocol=tcp
 ```
 
-Connectivity will be blocked since the server is labeled with app=server, but the client is not labeled. The connect command above will yield this output: 
+Connectivity with traffic will be blocked since the server is labeled with app=server, but the client is not labeled. The connect command above will yield this output: 
 
 ```output
 TIMEOUT
 ```
 
-Run the following command to label the *client* and retry verifying connectivity with the server. The output should return noting, in case of success.
+Run the following command to label the *client* and verify connectivity with the server (output should return nothing).
 
 ```console
 kubectl label pod client -n demo app=client
 ```
 
 ## Clean up resources
 
-In this article, we created a namespace, two pods and applied a Network Policy. To clean up these resources, use the [kubectl delete][kubectl-delete] command and specify the resource name:
+In this article, we created a namespace and two pods and applied a Network Policy. To clean up these resources, use the [kubectl delete][kubectl-delete] command and specify the resource name:
 
 ```console
 kubectl delete namespace demo
diff --git a/articles/virtual-network/kubernetes-network-policies.md b/articles/virtual-network/kubernetes-network-policies.md
@@ -74,9 +74,9 @@ See a [configuration for these alerts](#setup-alerts-for-alertmanager) below.
 2. Alert when the median time to apply changes for a create event was more than 100 milliseconds.
 
 ##### Visualizations and Debugging via our Grafana Dashboard or Azure Monitor Workbook
-1. See how many iptables rules your policies create (having a massive amount of iptables rules may increase latency slightly).
+1. See how many IPTables rules your policies create (having a massive amount of IPTables rules may increase latency slightly).
 2. Correlate cluster counts (e.g. ACLs) to execution times.
-3. Get the human-friendly name of an ipset in a given iptables rule (e.g. "azure-npm-487392" represents "podlabel-role:database").
+3. Get the human-friendly name of an ipset in a given IPTables rule (e.g. "azure-npm-487392" represents "podlabel-role:database").
  
 ### All supported metrics
 The following is the list of supported metrics. Any `quantile` label has possible values `0.5`, `0.9`, and `0.99`. Any `had_error` label has possible values `false` and `true`, representing whether the operation succeeded or failed.
@@ -97,16 +97,16 @@ The following is the list of supported metrics. Any `quantile` label has possibl
 
 There are also "exec_time_count" and "exec_time_sum" metrics for each "exec_time" Summary metric.
 
-The metrics can be scraped through Azure Monitor for Containers or through Prometheus.
+The metrics can be scraped through Azure Monitor for containers or through Prometheus.
 
 ### Setup for Azure Monitor
-The first step is to enable Azure Monitor for containers for your Kubernetes cluster. Steps can be found in [Azure Monitor for containers Overview](../azure-monitor/containers/container-insights-overview.md). Once you have Azure Monitor for containers enabled, configure the [Azure Monitor for containers ConfigMap](https://aka.ms/container-azm-ms-agentconfig) to enable NPM integration and collection of Prometheus NPM metrics. Azure monitor for containers ConfigMap has an ```integrations``` section with settings to collect NPM metrics. These settings are disabled by default in the ConfigMap. Enabling the basic setting ```collect_basic_metrics = true```, will collect basic NPM metrics. Enabling advanced setting ```collect_advanced_metrics = true``` will collect advanced metrics in addition to basic metrics. 
+The first step is to enable Azure Monitor for containers for your Kubernetes cluster. Steps can be found in [Azure Monitor for containers Overview](../azure-monitor/containers/container-insights-overview.md). Once you have Azure Monitor for containers enabled, configure the [Azure Monitor for containers ConfigMap](https://aka.ms/container-azm-ms-agentconfig) to enable NPM integration and collection of Prometheus NPM metrics. Azure Monitor for containers ConfigMap has an ```integrations``` section with settings to collect NPM metrics. These settings are disabled by default in the ConfigMap. Enabling the basic setting ```collect_basic_metrics = true```, will collect basic NPM metrics. Enabling advanced setting ```collect_advanced_metrics = true``` will collect advanced metrics in addition to basic metrics. 
 
 After editing the ConfigMap, save it locally and apply the ConfigMap to your cluster as follows.
 
 `kubectl apply -f container-azm-ms-agentconfig.yaml`
 
-Below is a snippet from the [Azure monitor for containers ConfigMap](https://aka.ms/container-azm-ms-agentconfig), which shows the NPM integration enabled with advanced metrics collection.
+Below is a snippet from the [Azure Monitor for containers ConfigMap](https://aka.ms/container-azm-ms-agentconfig), which shows the NPM integration enabled with advanced metrics collection.
 ```
 integrations: |-
     [integrations.azure_network_policy_manager]
@@ -115,7 +115,7 @@ integrations: |-
 ```
 Advanced metrics are optional, and turning them on will automatically turn on basic metrics collection. Advanced metrics currently include only `npm_ipset_counts`
 
-Learn more about [Azure monitor for containers collection settings in config map](../azure-monitor/containers/container-insights-agent-config.md)
+Learn more about [Azure Monitor for containers collection settings in config map](../azure-monitor/containers/container-insights-agent-config.md)
 
 ### Visualization Options for Azure Monitor
 Once NPM metrics collection is enabled, you can view the metrics in the Azure portal using Container Insights or in Grafana.
