restructure sections

JnHs · JnHs · commit ed8e81f301f9 · 2023-12-12T15:43:09.000-08:00
diff --git a/articles/azure-arc/kubernetes/use-azure-policy-flux-2.md b/articles/azure-arc/kubernetes/use-azure-policy-flux-2.md
@@ -1,6 +1,6 @@
 ---
 title: "Deploy applications consistently at scale using Flux v2 configurations and Azure Policy"
-ms.date: 06/02/2023
+ms.date: 12/13/2023
 ms.topic: how-to
 description: "Use Azure Policy to apply Flux v2 configurations at scale on Azure Arc-enabled Kubernetes or AKS clusters."
 ---
@@ -9,34 +9,38 @@ description: "Use Azure Policy to apply Flux v2 configurations at scale on Azure
 
 You can use Azure Policy to apply Flux v2 configurations (`Microsoft.KubernetesConfiguration/fluxConfigurations` resource type) at scale on Azure Arc-enabled Kubernetes (`Microsoft.Kubernetes/connectedClusters`) or AKS (`Microsoft.ContainerService/managedClusters`) clusters.
 
-To use Azure Policy, select a built-in policy definition and create a policy assignment. You can search for **flux** to find all of the Flux v2 policy definitions. When creating the policy assignment:
+To use Azure Policy, select a built-in policy definition and create a policy assignment. When creating the policy assignment:
 
 1. Set the scope for the assignment to all resource groups in a subscription or management group, or to specific resource groups.
 2. Set the parameters for the Flux v2 configuration that will be created.
 
 Once the assignment is created, the Azure Policy engine identifies all Azure Arc-enabled Kubernetes clusters located within the scope and applies the GitOps configuration to each cluster.
 
-To enable separation of concerns, you can create multiple policy assignments, each with a different Flux v2 configuration pointing to a different source. For example, one git repository may be used by cluster admins and other repositories may be used by application teams.
+To enable separation of concerns, you can create multiple policy assignments, each with a different Flux v2 configuration pointing to a different source. For example, one Git repository may be used by cluster admins and other repositories may be used by application teams.
 
-> [!TIP]
-> There are [built-in policy definitions](policy-reference.md) for these scenarios:
->
-> * Flux extension install (required for all scenarios): `Configure installation of Flux extension on Kubernetes cluster`
-> * Flux configuration using public Git repository (generally a test scenario): `Configure Kubernetes clusters with Flux v2 configuration using public Git repository`
-> * Flux configuration using private Git repository with SSH auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets`
-> * Flux configuration using private Git repository with HTTPS auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS secrets`
-> * Flux configuration using private Git repository with HTTPS CA cert auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate`
-> * Flux configuration using private Git repository with local K8s secret: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets`
-> * Flux configuration using private Bucket source and KeyVault secrets: `Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault`
-> * Flux configuration using private Bucket source and local K8s secret: `Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets`
+## Built-in policy definitions
+
+The following [built-in policy definitions](policy-reference.md) provide support for these scenarios:
+
+* Flux extension install (required for all scenarios): `Configure installation of Flux extension on Kubernetes cluster`
+* Flux configuration using public Git repository (generally a test scenario): `Configure Kubernetes clusters with Flux v2 configuration using public Git repository`
+* Flux configuration using private Git repository with SSH auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets`
+* Flux configuration using private Git repository with HTTPS auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS secrets`
+* Flux configuration using private Git repository with HTTPS CA cert auth: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate`
+* Flux configuration using private Git repository with local K8s secret: `Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets`
+* Flux configuration using private Bucket source and KeyVault secrets: `Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault`
+* Flux configuration using private Bucket source and local K8s secret: `Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets`
+
+To find all of the Flux v2 policy definitions, search for **flux**.
 
 ## Prerequisites
 
-Verify you have `Microsoft.Authorization/policyAssignments/write` permissions on the scope (subscription or resource group) where you'll create this policy assignment.
+* One or more Arc-enabled Kubernetes clusters and/or AKS clusters.
+* `Microsoft.Authorization/policyAssignments/write` permissions on the scope (subscription or resource group) where you'll create the policy assignments.
 
-## Create a policy assignment
+## Create a policy assignment to install the Flux exension
 
-In order for a policy to apply Flux v2 configurations to a cluster, the Flux extension must be installed on each cluster. You can ensure this by assigning the **Configure installation of Flux extension on Kubernetes cluster** policy definition to the desired scope.
+In order for a policy to apply Flux v2 configurations to a cluster, the Flux extension must first be installed on the cluster. To ensure that the extension is installed to each of your clusters, assign the **Configure installation of Flux extension on Kubernetes cluster** policy definition to the desired scope.
 
 1. In the Azure portal, navigate to **Policy**.
 1. In the **Authoring** section of the sidebar, select **Definitions**.
@@ -48,12 +52,14 @@ In order for a policy to apply Flux v2 configurations to a cluster, the Flux ext
 1. Ensure **Policy enforcement** is set to **Enabled**.
 1. Select **Review + create**, then select **Create**.
 
-Next, return to the **Definitions** list to apply the configuration policy definition to the same scope.
+## Create a policy assignment to apply Flux configurations
+
+Next, return to the **Definitions** list (in the **Authoring** section of **Policy**) to apply the configuration policy definition to the same scope.
 
 1. In the "Kubernetes" category, select the **Configure Kubernetes clusters with Flux v2 configuration using public Git repository**
-built-in policy definition.
+built-in policy definition, or another policy definition from the list above.
 1. Select **Assign**.
-1. Set the **Scope** to the same scope that you selected when assigning the first policy, including any exceptions.
+1. Set the **Scope** to the same scope that you selected when assigning the first policy, including any exclusions.
 1. Give the policy assignment an easily identifiable **Assignment name** and **Description**.
 1. Ensure **Policy enforcement** is set to **Enabled**.
 1. Select **Next**, then select **Next** again to open the **Parameters** tab.
@@ -63,23 +69,27 @@ built-in policy definition.
 1. Select **Next** to open the **Remediation** task.
 1. Enable **Create a remediation task**.
 1. Verify that **Create a Managed Identity** is checked, and that the identity will have **Contributor** permissions.
-    * For more information, see [Quickstart: Create a policy assignment to identify non-compliant resources](../../governance/policy/assign-policy-portal.md) and [Remediate non-compliant resources with Azure Policy](../../governance/policy/how-to/remediate-resources.md).
+
+    For more information, see [Quickstart: Create a policy assignment to identify non-compliant resources](../../governance/policy/assign-policy-portal.md) and [Remediate non-compliant resources with Azure Policy](../../governance/policy/how-to/remediate-resources.md).
+
 1. Select **Review + create**, then select **Create**.
 
 After creating the policy assignments, the configuration is applied to new Azure Arc-enabled Kubernetes or AKS clusters created within the scope of policy assignment.
 
 For existing clusters, you may need to manually run a remediation task. This task typically takes 10 to 20 minutes for the policy assignment to take effect.
 
-## Verify a policy assignment
+## Verify the policy assignment
 
 1. In the Azure portal, navigate to one of your Azure Arc-enabled Kubernetes or AKS clusters.
 1. In the **Settings** section of the sidebar, select **GitOps**.
-    * In the configurations list, you should see the configuration created by the policy assignment.
+
+   In the configurations list, you should see the configuration created by the policy assignment.
+
 1. In the **Kubernetes resources** section of the sidebar, select **Namespaces** and **Workloads**.
-    * You should see the namespace and artifacts that were created by the Flux configuration.
-    * You should see the objects described by the manifests in the Git repo deployed on the cluster.
 
-## Customizing a policy
+   You should see the namespace and artifacts that were created by the Flux configuration. You should also see the objects described by the manifests in the Git repo deployed on the cluster.
+
+## Customize a policy
 
 The built-in policies cover the main scenarios for using GitOps with Flux v2 in your Kubernetes clusters. However, due to limitations on the number of parameters allowed in Azure Policy assignments (max of 20), not all parameters are present in the built-in policies. Also, to fit within the 20-parameter limit, only a single Kustomization can be created with the built-in policies.  
 
