Updated navigation flow.

README.md

@@ -22,17 +22,18 @@ The end goal is to take you from having a kubernetes setup that is unsecure by d
 
 ## Lab Guides - Day 1
 
-  1. [Governance and Security Setup](governance-security/README.md)
-  2. [Cluster Pre-Provisioning](cluster-pre-provisioning/README.md)
-  3. [Cluster Provisioning](cluster-provisioning/README.md)
-  4. [Post-Provisioning Infra-centric](post-provisioning-infra/README.md)
+  1. [Customer Scenario](customer-scenario/README.md)
+  2. [Governance and Security Setup](governance-security/README.md)
+  3. [Cluster Pre-Provisioning](cluster-pre-provisioning/README.md)
+  4. [Cluster Provisioning](cluster-provisioning/README.md)
+  5. [Post-Provisioning Infra-centric](post-provisioning-infra/README.md)
 
 ## Lab Guides - Day 2
 
   1. [Post-Provisioning App-Centric](post-provisioning-app/README.md)
   2. [Cost Governance](cost-governance/README.md)
-  3. [Service Mesh - Do I need it?](service-mesh/README.md)
-  4. [Deploy Sample App](deploy-app/README.md)
+  3. [Deploy Sample App](deploy-app/README.md)
+  4. [Service Mesh - Do I need it?](service-mesh/README.md)
   5. [Validate Scenarios](validate-scenarios/README.md)
   6. [Thought Leadership & Next Steps](thought-leadership/README.md)
 

cluster-config/np-allow-consolidated.yaml

@@ -73,7 +73,7 @@ spec:
       - port: 443
       to:
         - ipBlock:
-            cidr: 52.249.207.65/32
+            cidr: 0.0.0.0/0
     - to:
       - namespaceSelector:
           matchLabels:
@@ -130,5 +130,5 @@ spec:
       - port: 443
       to:
         - ipBlock:
-            cidr: 52.249.207.65/32
+            cidr: 0.0.0.0/0
 

cluster-pre-provisioning/README.md

@@ -12,7 +12,7 @@ The variables are pretty straight forward, but please note there are a few words
 PREFIX="contosofin"
 RG="${PREFIX}-rg"
 LOC="eastus"
-NAME="${PREFIX}20191021"
+NAME="${PREFIX}20191108"
 VNET_NAME="${PREFIX}vnet"
 AKSSUBNET_NAME="${PREFIX}akssubnet"
 SVCSUBNET_NAME="${PREFIX}svcsubnet"
@@ -88,7 +88,7 @@ az network vnet subnet create \
 
 This section walks through setting up Azure Firewall inbound and outbound rules. The main purpose of the firewall here is to help organizations to setup ingress and egress traffic rules so the AKS Cluster is not just open to the world and cannot reach out to everythign on the Internet at the same time.
 
-**NOTE: Completely locking down inbound and outboudn rules for AKS is not supported and will result in a broken cluster.**
+**NOTE: Completely locking down inbound and outbound rules for AKS is not supported and will result in a broken cluster.**
 
 **NOTE: There are no inbound rules required for AKS to run. The only time an inbound rule is required is to expose a workload/service.**
 

customer-scenario/README.md

@@ -54,7 +54,7 @@ ContosoFinancial is a mature Azure customer with the majority of their existing
 
 ## Next Steps
 
-[Return to Governance and Security Setup](/governance-security/README.md)
+[Governance and Security](/governance-security/README.md)
 
 ## Key Links
 

governance-security/README.md

@@ -1,10 +1,8 @@
 # Governance + Security
 
-This section walks us through the different aspects of governance and security that need to be thought about prior to implementing any solution. To help guide the way, we have created a customer scenario based on an organization called Contoso Financials. The scenario describes the customer, along with some background, and wraps up with a list of the requirements that need to be met.
+This section walks us through the different aspects of governance and security that need to be thought about prior to implementing any solution. To help guide the way, we will be leveraging the [customer scenario](/customer-scenario/README.md) based on Contoso Financials. The scenario describes the customer, along with some background, and wraps up with a list of the requirements that need to be met.
 
-Click [here](SCENARIO.md) to read the customer scenario.
-
-Now that you have read the customer scenario and understand what needs to get implemented, let's get started. The majority of what is talked about in the rest of this section is technology agnostic with the implementation varying from customer to customer. For the purposes of this workshop we will be focusing on how to implement the solution using Microsoft Azure along with some Open Source Software (OSS) solutions.
+Now that we know the customer scenario and understand what needs to get implemented, let's get started. The majority of what is talked about in the rest of this section is technology agnostic with the implementation varying from customer to customer. For the purposes of this workshop we will be focusing on how to implement the solution using Microsoft Azure along with some Open Source Software (OSS) solutions.
 
 ## Security Control Lifecycle in the Cloud