netscaler
diff --git a/‎deployment/dual-tier/README.md‎
Lines changed: 22 additions & 17 deletions b/‎deployment/dual-tier/README.md‎
Lines changed: 22 additions & 17 deletions
@@ -17,7 +17,7 @@ Perform the following:
 
 1.  Create a Kubernetes cluster in cloud or on-premises. The Kubernetes cluster in cloud can be a managed Kubernetes (for example: GKE, EKS, or AKS) or a custom created Kubernetes deployment.
 
-1.  Deploy Citrix ADC MPX or VPX on a multi-NIC deployment mode outside the Kubernetes cluster.
+2.  Deploy Citrix ADC MPX or VPX on a multi-NIC deployment mode outside the Kubernetes cluster.
     -  For instructions to deploy Citrix ADC MPX, see [Citrix ADC documentation](https://docs.citrix.com/en-us/citrix-adc/13).
 
     -  For instructions to deploy Citrix ADC VPX, see [Deploy a Citrix ADC VPX instance](https://docs.citrix.com/en-us/citrix-adc/13/deploying-vpx.html).
@@ -26,36 +26,41 @@ Perform the following:
 
     1.  Configure an IP address from the subnet of the Kubernetes cluster as SNIP on the Citrix ADC. For information on configuring SNIPs in Citrix ADC, see [Configuring Subnet IP Addresses (SNIPs)](https://docs.citrix.com/en-us/citrix-adc/13/networking/ip-addressing/configuring-citrix-adc-owned-ip-addresses/configuring-subnet-ip-addresses-snips.html).
 
-    1.  Enable management access for the SNIP that is the same subnet of the Kubernetes cluster. The SNIP should be used as `NS_IP` variable in the [Citrix ingress controller YAML](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/deployment/dual-tier/manifest/tier-1-vpx-cic.yaml) file to enable Citrix ingress controller to configure the Tier-1 Citrix ADC.
+    2.  Enable management access for the SNIP that is the same subnet of the Kubernetes cluster. The SNIP should be used as `NS_IP` variable in the [Citrix ingress controller YAML](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/deployment/dual-tier/manifest/tier-1-vpx-cic.yaml) file to enable Citrix ingress controller to configure the Tier-1 Citrix ADC.
 
         >**Note:**
         >It is not mandatory to use SNIP as `NS_IP`. If the management IP address of the Citrix ADC is reachable from Citrix ingress controller then you can use the management IP address as `NS_IP`.
 
-    1.  In cloud deployments, enable [MAC-Based Forwarding mode](https://docs.citrix.com/en-us/citrix-adc/13/networking/interfaces/configuring-mac-based-forwarding.html) on the Tier-1 Citrix ADC VPX. As Citrix ADC VPX is deployed in multi-NIC mode, it would not have the return route to reach the POD CNI network or the Client network. Hence, you need to enable MAC-Based Forwarding mode on the Tier-1 Citrix ADC VPX to handle this scenario.
+    3.  In cloud deployments, enable [MAC-Based Forwarding mode](https://docs.citrix.com/en-us/citrix-adc/13/networking/interfaces/configuring-mac-based-forwarding.html) on the Tier-1 Citrix ADC VPX. As Citrix ADC VPX is deployed in multi-NIC mode, it would not have the return route to reach the POD CNI network or the Client network. Hence, you need to enable MAC-Based Forwarding mode on the Tier-1 Citrix ADC VPX to handle this scenario.
 
-    1.  Create a [Citrix ADC system user account](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/deploy/deploy-cic-yaml/#create-system-user-account-for-citrix-ingress-controller-in-citrix-adc) specific to Citrix ingress controller. Citrix ingress controller uses the system user account to automatically configure the Tier-1 Citrix ADC.
+    4.  The user name and password of the Citrix ADC VPX or MPX appliance used as the Ingress device. The Citrix ADC appliancemust have a system user account (non-default) with certain privileges so that the Citrix ingress controller can configure the Citrix ADC VPX or MPX appliance. For instructions to create the system user account on Citrix ADC, see [Create System User Account for Citrix ingress controller in Citrix ADC](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/deploy/cic-yaml.html#create-system-user-account-for-citrix-ingress-controller-in-citrix-adc)
 
-    1.  Configure your on-premises firewall or security groups on your cloud to allow inbound traffic to the ports required for Citrix ADC. The Setup process uses port 80 and port 443, you can modify these ports based on your requirement.
+        You can directly pass the user name and password as environment variables to the controller, or use Kubernetes secrets (recommended). If you want to use Kubernetes secrets, create a secret for the user name and password using the following command:
+        ```
+        kubectl create secret  generic nslogin --from-literal=username='cic' --from-literal=password='mypassword'
+	```
 
-1.  Deploy a sample microservice. Use the following command:
+    5.  Configure your on-premises firewall or security groups on your cloud to allow inbound traffic to the ports required for Citrix ADC. The Setup process uses port 80 and port 443, you can modify these ports based on your requirement.
+
+3.  Deploy a sample microservice. Use the following command:
 
         kubectl create -f https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/apache.yaml
 
-1.  Deploy Citrix ADC CPX as Tier-2 ingress. Use the following command:
+4.  Deploy Citrix ADC CPX as Tier-2 ingress. Use the following command:
 
         kubectl create -f https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/tier-2-cpx.yaml
 
-1.  Create an ingress object for the Tier-2 Citrix ADC CPX. Use the following command:
+5.  Create an ingress object for the Tier-2 Citrix ADC CPX. Use the following command:
 
         kubectl create -f https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/ingress-tier-2-cpx.yaml
 
-1.  Deploy the Citrix ingress controller for Tier-1 Citrix ADC. Perform the following:
+6.  Deploy the Citrix ingress controller for Tier-1 Citrix ADC. Perform the following:
 
     1.  Download the Citrix ingress controller manifest file. Use the following command:
 
             wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/tier-1-vpx-cic.yaml
 
-    1.  Edit the Citrix ingress controller manifest file and enter the values for the following environmental variables:
+    2.  Edit the Citrix ingress controller manifest file and enter the values for the following environmental variables:
 
         | Environment Variable | Mandatory or Optional | Description |
         | ---------------------- | ---------------------- | ----------- |
@@ -67,36 +72,36 @@ Perform the following:
         | ingress-classes | Optional | If multiple ingress load balancers are used to load balance different ingress resources. You can use this environment variable to specify Citrix ingress controller to configure Citrix ADC associated with specific ingress class. For information on Ingress classes, see [Ingress class support](../configure/ingress-classes.md)|
         | NS_VIP | Optional | Citrix ingress controller uses the IP address provided in this environment variable to configure a virtual IP address to the Citrix ADC that receives Ingress traffic. **Note:** NS_VIP acts as a fallback when the [frontend-ip](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/configure/annotations.md) annotation is not provided in Ingress yaml. Not supported for Type Loadbalancer service. |
 
-    1.  Deploy the updated Citrix ingress controller manifest file. Use the following command:
+    3.  Deploy the updated Citrix ingress controller manifest file. Use the following command:
 
             kubectl create -f tier-1-vpx-cic.yaml
 
-1.  Create an ingress object for the Tier-1 Citrix ADC. Use the following command:
+7.  Create an ingress object for the Tier-1 Citrix ADC. Use the following command:
 
         kubectl create -f https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/ingress-tier-1-vpx.yaml
 
-1.  Update DNS server details in the cloud or on-premises to point your website to the VIP of the Tier-1 Citrix ADC.
+8.  Update DNS server details in the cloud or on-premises to point your website to the VIP of the Tier-1 Citrix ADC.
 
     For example: `citrix-ingress.com 192.10.2.16`
 
     Where `192.10.2.16` is the VIP of the Tier-1 Citrix ADC and `citrix-ingress.com` is the microservice running in your Kubernetes cluster.
 
-1.  Access the URL of the microservice to verify the deployment.
+9.  Access the URL of the microservice to verify the deployment.
 
 ## Set up dual-tier deployment using one step deployment manifest file
 
 For easy deployment, the Citrix ingress controller [repo](https://github.com/citrix/citrix-k8s-ingress-controller) includes an all-in-one deployment manifest. You can download the file and update it with values for the following environmental variables and deploy the manifest file.
 
 >**Note:**
->Ensure that you have completed step 1–2 in the [Setup process](#setup-process).
+>Ensure that you have completed step 1 and 2 in the [Setup process](#setup-process).
 
 Perform the following:
 
 1.  Download the all-in-one deployment manifest file. Use the following command:
 
         wget https://raw.githubusercontent.com/citrix/citrix-k8s-ingress-controller/master/deployment/dual-tier/manifest/all-in-one-dual-tier-demo.yaml
 
-1.  Edit the all-in-one deployment manifest file and enter the values for the following environmental variables:
+2.  Edit the all-in-one deployment manifest file and enter the values for the following environmental variables:
 
     | Environment Variable | Mandatory or Optional | Description |
     | ---------------------- | ---------------------- | ----------- |
@@ -108,6 +113,6 @@ Perform the following:
     | ingress-classes | Optional | If multiple ingress load balancers are used to load balance different ingress resources. You can use this environment variable to specify Citrix ingress controller to configure Citrix ADC associated with specific ingress class. For information on Ingress classes, see [Ingress class support](../configure/ingress-classes.md)|
     | NS_VIP | Optional | Citrix ingress controller uses the IP address provided in this environment variable to configure a virtual IP address to the Citrix ADC that receives Ingress traffic. **Note:** NS_VIP acts as a fallback when the [frontend-ip](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/configure/annotations.md) annotation is not provided in Ingress yaml. Not Supported for Type Loadbalancer service.  |
 
-1.  Deploy the updated all-in-one deployment manifest file. Use the following command:
+3.  Deploy the updated all-in-one deployment manifest file. Use the following command:
 
         kubectl create -f all-in-one-dual-tier-demo.yaml