diff --git a/doc/user-guides/auth/auth-for-app-devs-and-platform-engineers.md b/doc/user-guides/auth/auth-for-app-devs-and-platform-engineers.md
index 8345e933f..54ae81dab 100644
--- a/doc/user-guides/auth/auth-for-app-devs-and-platform-engineers.md
+++ b/doc/user-guides/auth/auth-for-app-devs-and-platform-engineers.md
@@ -1,6 +1,6 @@
 # Enforcing authentication & authorization with Kuadrant AuthPolicy
 
-This guide walks you through the process of setting up a local Kubernetes cluster with Kuadrant where you will protect [Gateway API](https://gateway-api.sigs.k8s.io/) endpoints by declaring Kuadrant AuthPolicy custom resources.
+This tutorial walks you through the process of setting up a local Kubernetes cluster with Kuadrant where you will protect [Gateway API](https://gateway-api.sigs.k8s.io/) endpoints by declaring Kuadrant AuthPolicy custom resources.
 
 Three AuthPolicies will be declared:
 
@@ -14,7 +14,7 @@ Topology:
 ```
                             ┌─────────────────────────┐
                             │        (Gateway)        │   ┌───────────────┐
-                            │ kuadrant-ingressgateway │◄──│ (AuthPolicy)  │
+                            │         external        │◄──│ (AuthPolicy)  │
                             │                         │   │    gw-auth    │
                             │            *            │   └───────────────┘
                             └─────────────────────────┘
@@ -35,28 +35,92 @@ Topology:
             └─────────────────┘
 ```
 
-## Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
+
+### Setup environment variables
+
+Set the following environment variables used for convenience in this tutorial:
+
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+
+```
+
+### Create an Ingress Gateway
+
+Create the namespace the Gateway will be deployed in:
+
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
+```
+
+Create a gateway using toystore as the listener hostname:
+
+```sh
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+EOF
+```
+
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
+
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
+```
 
 ### Deploy the Toy Store sample application (Persona: _App developer_)
 
+
+Create the namespace for the toystore API:
+
+```bash
+kubectl create ns ${KUADRANT_DEVELOPER_NS}
+```
+Deploy the Toy store 
 ```sh
-kubectl apply -f examples/toystore/toystore.yaml
+kubectl apply -f examples/toystore/toystore.yaml -n ${KUADRANT_DEVELOPER_NS}
+```
+
+Create the Toy Store HTTPRoute
+```bash
 
 kubectl apply -f - <<EOF
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
   name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
+  labels:
+     app: toystore
 spec:
   parentRefs:
-  - name: kuadrant-ingressgateway
-    namespace: gateway-system
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
   - api.toystore.com
   rules:
-  - matches: # rule-1
+  - name: rule-1
+    matches:
     - method: GET
       path:
         type: PathPrefix
@@ -68,7 +132,8 @@ spec:
     backendRefs:
     - name: toystore
       port: 80
-  - matches: # rule-2
+  - name: rule-2
+    matches:
     - path:
         type: PathPrefix
         value: "/admin"
@@ -81,25 +146,25 @@ EOF
 Export the gateway hostname and port:
 
 ```sh
-export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
-export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+export KUADRANT_INGRESS_HOST=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.status.addresses[0].value}')
+export KUADRANT_INGRESS_PORT=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
+export KUADRANT_GATEWAY_URL=${KUADRANT_INGRESS_HOST}:${KUADRANT_INGRESS_PORT}
 ```
 
 Send requests to the application unprotected:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/cars -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/cars -i
 # HTTP/1.1 200 OK
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/dolls -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/dolls -i
 # HTTP/1.1 200 OK
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/admin -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/admin -i
 # HTTP/1.1 200 OK
 ```
 
@@ -118,6 +183,7 @@ apiVersion: kuadrant.io/v1
 kind: AuthPolicy
 metadata:
   name: toystore-authn
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
@@ -140,6 +206,7 @@ apiVersion: kuadrant.io/v1
 kind: AuthPolicy
 metadata:
   name: toystore-admins
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
@@ -189,25 +256,25 @@ EOF
 Send requests to the application protected by Kuadrant:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/cars -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/cars -i
 # HTTP/1.1 401 Unauthorized
 # www-authenticate: APIKEY realm="api-key-authn"
 # x-ext-auth-reason: credential not found
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamaregularuser' http://$GATEWAY_URL/cars -i
+curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamaregularuser' http://$KUADRANT_GATEWAY_URL/cars -i
 # HTTP/1.1 200 OK
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamaregularuser' http://$GATEWAY_URL/admin -i
+curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamaregularuser' http://$KUADRANT_GATEWAY_URL/admin -i
 # HTTP/1.1 403 Forbidden
 # x-ext-auth-reason: Unauthorized
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamanadmin' http://$GATEWAY_URL/admin -i
+curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamanadmin' http://$KUADRANT_GATEWAY_URL/admin -i
 # HTTP/1.1 200 OK
 ```
 
@@ -216,16 +283,17 @@ curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamanadmin' http://$G
 Create the policy:
 
 ```sh
-kubectl -n gateway-system apply -f - <<EOF
+kubectl apply -f - <<EOF
 apiVersion: kuadrant.io/v1
 kind: AuthPolicy
 metadata:
   name: gw-auth
+  namespace: ${KUADRANT_GATEWAY_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
     kind: Gateway
-    name: kuadrant-ingressgateway
+    name: ${KUADRANT_GATEWAY_NAME}
   defaults:
     strategy: atomic
     rules:
@@ -257,10 +325,11 @@ apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
   name: other
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   parentRefs:
-  - name: kuadrant-ingressgateway
-    namespace: gateway-system
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
   - "*.other-apps.com"
 EOF
@@ -269,7 +338,7 @@ EOF
 Send requests to the route protected by the default policy set at the level of the gateway:
 
 ```sh
-curl -H 'Host: foo.other-apps.com' http://$GATEWAY_URL/ -i
+curl -H 'Host: foo.other-apps.com' http://$KUADRANT_GATEWAY_URL/ -i
 # HTTP/1.1 403 Forbidden
 # content-type: application/json
 # x-ext-auth-reason: Unauthorized
@@ -280,9 +349,3 @@ curl -H 'Host: foo.other-apps.com' http://$GATEWAY_URL/ -i
 #   "message": "Access denied by default by the gateway operator. If you are the administrator of the service, create a specific auth policy for the route."
 # }
 ```
-
-## Cleanup
-
-```sh
-make local-cleanup
-```
diff --git a/doc/user-guides/dns/gateway-dns.md b/doc/user-guides/dns/gateway-dns.md
index 2c1b99cd2..2bf70926d 100644
--- a/doc/user-guides/dns/gateway-dns.md
+++ b/doc/user-guides/dns/gateway-dns.md
@@ -1,77 +1,73 @@
 # Gateway DNS configuration for routes attached to a ingress gateway
 
-This user guide walks you through an example of how to configure DNS for all routes attached to an ingress gateway.
+This tutorial walks you through an example of how to configure DNS for all routes attached to an ingress gateway. 
 
-## Requisites
+## Prerequisites
 
-- [Docker](https://docker.io)
-- [Rout53 Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html)
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
+- AWS/Azure or GCP with DNS capabilities.
 
-### Setup the environment
+### Setup environment variables
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+Set the following environment variables used for convenience in this tutorial:
 
-Create a namespace:
-
-```shell
-kubectl create namespace my-gateways
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+export KUADRANT_AWS_ACCESS_KEY_ID=xxxx # AWS Key ID with access to manage the DNS Zone ID below
+export KUADRANT_AWS_SECRET_ACCESS_KEY=xxxx # AWS Secret Access Key with access to manage the DNS Zone ID below
+export KUADRANT_AWS_DNS_PUBLIC_ZONE_ID=xxxx # AWS Route 53 Zone ID for the Gateway
+export KUADRANT_ZONE_ROOT_DOMAIN=example.com # Root domain associated with the Zone ID above
 ```
 
-Export a root domain and hosted zone id:
-
-```shell
-export ROOT_DOMAIN=<ROOT_DOMAIN>
-```
+Create the namespace the Gateway will be deployed in:
 
-> **Note:** ROOT_DOMAIN should be set to your AWS hosted zone _name_.
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
 
-### Create a dns provider secret
 
+### Create a DNS provider secret 
 Create AWS provider secret. You should limit the permissions of this credential to only the zones you want us to access.
 
-```shell
-export AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY_ID> AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
-
-kubectl -n my-gateways create secret generic aws-credentials \
+```bash
+kubectl -n ${KUADRANT_GATEWAY_NS} create secret generic aws-credentials \
   --type=kuadrant.io/aws \
-  --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-  --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
+  --from-literal=AWS_ACCESS_KEY_ID=$KUADRANT_AWS_ACCESS_KEY_ID \
+  --from-literal=AWS_SECRET_ACCESS_KEY=$KUADRANT_AWS_SECRET_ACCESS_KEY
 ```
 
-### Create an ingress gateway
+### Create an Ingress Gateway
 
-Create a gateway using your ROOT_DOMAIN as part of a listener hostname:
+Create a gateway using your KUADRANT_ZONE_ROOT_DOMAIN as part of a listener hostname:
 
 ```sh
-kubectl -n my-gateways apply -f - <<EOF
+kubectl apply -f - <<EOF
 apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
 metadata:
-  name: prod-web
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
 spec:
   gatewayClassName: istio
   listeners:
-    - allowedRoutes:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
         namespaces:
           from: All
-      name: api
-      hostname: "*.$ROOT_DOMAIN"
-      port: 80
-      protocol: HTTP
+      hostname: "api.${KUADRANT_ZONE_ROOT_DOMAIN}"    
 EOF
 ```
 
-Check gateway status:
-
-```shell
-kubectl get gateway prod-web -n my-gateways
-```
-
-Response:
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
 
-```shell
-NAME       CLASS   ADDRESS        PROGRAMMED   AGE
-prod-web   istio   172.18.200.1   True         25s
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
 ```
 
 ### Enable DNS on the gateway
@@ -79,121 +75,85 @@ prod-web   istio   172.18.200.1   True         25s
 Create a Kuadrant `DNSPolicy` to configure DNS:
 
 ```shell
-kubectl -n my-gateways apply -f - <<EOF
+kubectl apply -f - <<EOF
 apiVersion: kuadrant.io/v1
 kind: DNSPolicy
 metadata:
-  name: prod-web
+  name: ${KUADRANT_GATEWAY_NAME}-dns
+  namespace: ${KUADRANT_GATEWAY_NS}
 spec:
   targetRef:
-    name: prod-web
+    name: ${KUADRANT_GATEWAY_NAME}
     group: gateway.networking.k8s.io
     kind: Gateway
+  providerRefs:  
+    - name: aws-credentials
 EOF
 ```
 
-Check policy status:
+Check that the `DNSPolicy` has been Accepted and Enforced (This mat take a few minutes):
 
-```shell
-kubectl get dnspolicy -o wide -n my-gateways
+```bash
+kubectl get dnspolicy ${KUADRANT_GATEWAY_NAME}-dns -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Enforced")].message}'
 ```
 
-Response:
+### Deploy the Toystore app
 
-```shell
-NAME       STATUS     TARGETREFKIND   TARGETREFNAME   AGE
-prod-web   Accepted   Gateway         prod-web        26s
-```
+Create the namespace for the Toystore application:
+
+```bash
 
-### Deploy a sample API to test DNS
+kubectl create ns ${KUADRANT_DEVELOPER_NS}
+```
 
-Deploy the sample API:
+Deploy the Toystore app to the developer namespace:
 
-```shell
-kubectl -n my-gateways apply -f examples/toystore/toystore.yaml
-kubectl -n my-gateways wait --for=condition=Available deployments toystore --timeout=60s
+```bash
+kubectl apply -f https://raw.githubusercontent.com/Kuadrant/Kuadrant-operator/main/examples/toystore/toystore.yaml -n ${KUADRANT_DEVELOPER_NS}
 ```
 
-Route traffic to the API from our gateway:
+### Setup Toystore application HTTPRoute
 
-```shell
-kubectl -n my-gateways apply -f - <<EOF
+```bash
+
+kubectl apply -f - <<EOF
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
   name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
+  labels:
+    deployment: toystore
+    service: toystore
 spec:
   parentRefs:
-  - name: prod-web
-    namespace: my-gateways
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
-  - "*.$ROOT_DOMAIN"
+  - "api.${KUADRANT_ZONE_ROOT_DOMAIN}"
   rules:
-  - backendRefs:
+  - matches:
+    - method: GET
+      path:
+        type: PathPrefix
+        value: "/cars"
+    backendRefs:
     - name: toystore
-      port: 80
+      port: 80  
 EOF
 ```
 
-Verify a DNSRecord resource is created:
-
-```shell
-kubectl get dnsrecords -n my-gateways
-NAME           READY
-prod-web-api   True
-```
 
 ### Verify DNS works by sending requests
 
-Verify DNS using dig:
-
-```shell
-dig foo.$ROOT_DOMAIN +short
-```
-
-Response:
-
-```shell
-172.18.200.1
-```
-
-Verify DNS using curl:
-
-```shell
-curl http://api.$ROOT_DOMAIN
-```
-
-Response:
+Verify DNS using dig you should see your IP address:
 
 ```shell
-{
-  "method": "GET",
-  "path": "/",
-  "query_string": null,
-  "body": "",
-  "headers": {
-    "HTTP_HOST": "api.$ROOT_DOMAIN",
-    "HTTP_USER_AGENT": "curl/7.85.0",
-    "HTTP_ACCEPT": "*/*",
-    "HTTP_X_FORWARDED_FOR": "10.244.0.1",
-    "HTTP_X_FORWARDED_PROTO": "http",
-    "HTTP_X_ENVOY_INTERNAL": "true",
-    "HTTP_X_REQUEST_ID": "9353dd3d-0fe5-4404-86f4-a9732a9c119c",
-    "HTTP_X_ENVOY_DECORATOR_OPERATION": "toystore.my-gateways.svc.cluster.local:80/*",
-    "HTTP_X_ENVOY_PEER_METADATA": "ChQKDkFQUF9DT05UQUlORVJTEgIaAAoaCgpDTFVTVEVSX0lEEgwaCkt1YmVybmV0ZXMKHQoMSU5TVEFOQ0VfSVBTEg0aCzEwLjI0NC4wLjIyChkKDUlTVElPX1ZFUlNJT04SCBoGMS4xNy4yCtcBCgZMQUJFTFMSzAEqyQEKIwoVaXN0aW8uaW8vZ2F0ZXdheS1uYW1lEgoaCHByb2Qtd2ViChkKDGlzdGlvLmlvL3JldhIJGgdkZWZhdWx0CjMKH3NlcnZpY2UuaXN0aW8uaW8vY2Fub25pY2FsLW5hbWUSEBoOcHJvZC13ZWItaXN0aW8KLwojc2VydmljZS5pc3Rpby5pby9jYW5vbmljYWwtcmV2aXNpb24SCBoGbGF0ZXN0CiEKF3NpZGVjYXIuaXN0aW8uaW8vaW5qZWN0EgYaBHRydWUKGgoHTUVTSF9JRBIPGg1jbHVzdGVyLmxvY2FsCigKBE5BTUUSIBoecHJvZC13ZWItaXN0aW8tYzU0NWQ4ZjY4LTdjcjg2ChoKCU5BTUVTUEFDRRINGgtteS1nYXRld2F5cwpWCgVPV05FUhJNGktrdWJlcm5ldGVzOi8vYXBpcy9hcHBzL3YxL25hbWVzcGFjZXMvbXktZ2F0ZXdheXMvZGVwbG95bWVudHMvcHJvZC13ZWItaXN0aW8KFwoRUExBVEZPUk1fTUVUQURBVEESAioACiEKDVdPUktMT0FEX05BTUUSEBoOcHJvZC13ZWItaXN0aW8=",
-    "HTTP_X_ENVOY_PEER_METADATA_ID": "router~10.244.0.22~prod-web-istio-c545d8f68-7cr86.my-gateways~my-gateways.svc.cluster.local",
-    "HTTP_X_ENVOY_ATTEMPT_COUNT": "1",
-    "HTTP_X_B3_TRACEID": "d65f580db9c6a50c471cdb534771c61a",
-    "HTTP_X_B3_SPANID": "471cdb534771c61a",
-    "HTTP_X_B3_SAMPLED": "0",
-    "HTTP_VERSION": "HTTP/1.1"
-  },
-  "uuid": "0ecb9f84-db30-4289-a3b8-e22d4021122f"
-}
+dig api.${KUADRANT_ZONE_ROOT_DOMAIN} +short
 ```
 
-## Cleanup
+Verify DNS using curl you should get a status 200:
 
 ```shell
-make local-cleanup
+curl http://api.$KUADRANT_ZONE_ROOT_DOMAIN/cars -i
 ```
diff --git a/doc/user-guides/full-walkthrough/secure-protect-connect.md b/doc/user-guides/full-walkthrough/secure-protect-connect.md
index f598a49b9..0935299e2 100644
--- a/doc/user-guides/full-walkthrough/secure-protect-connect.md
+++ b/doc/user-guides/full-walkthrough/secure-protect-connect.md
@@ -2,18 +2,17 @@
 
 ## Overview
 
-This guide walks you through using Kuadrant to secure, protect, and connect an API exposed by a Gateway (Kubernetes Gateway API) from the personas platform engineer and application developer. For more information on the different personas please see the [Gateway API documentation](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas)
+This tutorial walks you through using Kuadrant to secure, protect, and connect an API exposed by a Gateway (Kubernetes Gateway API) from the personas platform engineer and application developer. For more information on the different personas please see the [Gateway API documentation](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas) 
 
 ## Prerequisites
 
-- Kubernetes cluster with Kuadrant operator installed. 
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
 - [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 - AWS/Azure or GCP with DNS capabilities.
 
-
 ### Set the environment variables
 
-Set the following environment variables used for convenience in this guide:
+Set the following environment variables used for convenience in this tutorial:
 
 ```bash
 export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
@@ -471,8 +470,6 @@ while :; do curl -k --write-out '%{http_code}\n' --silent --output /dev/null -H
 ## Next Steps
 
 - [mTLS Configuration](../../install/mtls-configuration.md)
-To learn more about Kuadrant and see more how to guides, visit Kuadrant [documentation](https://docs.kuadrant.io)
-
 
 ### Optional
 
diff --git a/doc/user-guides/ratelimiting/authenticated-rl-for-app-developers.md b/doc/user-guides/ratelimiting/authenticated-rl-for-app-developers.md
index 028aa7fcb..1abc212af 100644
--- a/doc/user-guides/ratelimiting/authenticated-rl-for-app-developers.md
+++ b/doc/user-guides/ratelimiting/authenticated-rl-for-app-developers.md
@@ -1,8 +1,8 @@
 # Authenticated Rate Limiting for Application developers
 
-For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas)
+For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas) 
 
-This user guide walks you through an example of how to configure authenticated rate limiting for an application using Kuadrant.
+This tutorial walks you through an example of how to configure authenticated rate limiting for an application using Kuadrant.
 
 Authenticated rate limiting rate limits the traffic directed to an application based on attributes of the client user, who is authenticated by some authentication method. A few examples of authenticated rate limiting use cases are:
 
@@ -10,7 +10,7 @@ Authenticated rate limiting rate limits the traffic directed to an application b
 - Each user can send up to 20rpm ("request per minute").
 - Admin users (members of the 'admin' group) can send up to 100rps, while regular users (non-admins) can send up to 20rpm and no more than 5rps.
 
-In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API exposes an endpoint at `GET http://api.toystore.com/toy`, to mimic an operation of reading toy records.
+In this tutorial, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API exposes an endpoint at `GET http://api.toystore.com/toy`, to mimic an operation of reading toy records.
 
 We will define 2 users of the API, which can send requests to the API at different rates, based on their user IDs. The authentication method used is **API key**.
 
@@ -19,16 +19,72 @@ We will define 2 users of the API, which can send requests to the API at differe
 | alice   | 5rp10s ("5 requests every 10 seconds") |
 | bob     | 2rp10s ("2 requests every 10 seconds") |
 
-### Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 
-### Deploy the Toy Store API
+### Setup environment variables
+
+Set the following environment variables used for convenience in this tutorial:
+
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+
+```
+
+### Create an Ingress Gateway
+
+Create the namespace the Gateway will be deployed in:
+
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
+```
 
-Create the deployment:
+Create a gateway using toystore as the listener hostname:
 
 ```sh
-kubectl apply -f examples/toystore/toystore.yaml
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+EOF
+```
+
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
+
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
+```
+
+### Deploy the Toy Store API
+
+Create the namespace for the Toystore application:
+
+```bash
+
+kubectl create ns ${KUADRANT_DEVELOPER_NS}
+```
+
+Deploy the Toystore app to the developer namespace:
+
+```bash
+kubectl apply -f examples/toystore/toystore.yaml -n ${KUADRANT_DEVELOPER_NS}
 ```
 
 Create a HTTPRoute to route traffic to the service via Istio Ingress Gateway:
@@ -41,10 +97,11 @@ apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
   name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   parentRefs:
-  - name: kuadrant-ingressgateway
-    namespace: gateway-system
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
   - api.toystore.com
   rules:
@@ -62,27 +119,27 @@ EOF
 Export the gateway hostname and port:
 
 ```sh
-export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
-export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+export KUADRANT_INGRESS_HOST=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.status.addresses[0].value}')
+export KUADRANT_INGRESS_PORT=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
+export KUADRANT_GATEWAY_URL=${KUADRANT_INGRESS_HOST}:${KUADRANT_INGRESS_PORT}
 ```
 
 Verify the route works:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 200 OK
 ```
 
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 &
-> export GATEWAY_URL=localhost:9080
+> kubectl port-forward -n ${KUADRANT_GATEWAY_NS} service/kuadrant-${KUADRANT_GATEWAY_NAME}-istio 9080:80 >/dev/null 2>&1 &
+> export KUADRANT_GATEWAY_URL=localhost:9080
 > ```
 >
 > ```sh
-> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+> curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
@@ -96,6 +153,7 @@ apiVersion: kuadrant.io/v1
 kind: AuthPolicy
 metadata:
   name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
@@ -126,7 +184,7 @@ EOF
 Verify the authentication works by sending a request to the Toy Store API without API key:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 401 Unauthorized
 # www-authenticate: APIKEY realm="api-key-users"
 # x-ext-auth-reason: "credential not found"
@@ -178,6 +236,7 @@ apiVersion: kuadrant.io/v1
 kind: RateLimitPolicy
 metadata:
   name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
@@ -206,17 +265,11 @@ Verify the rate limiting works by sending requests as Alice and Bob.
 Up to 5 successful (`200 OK`) requests every 10 seconds allowed for Alice, then `429 Too Many Requests`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
 
 Up to 2 successful (`200 OK`) requests every 10 seconds allowed for Bob, then `429 Too Many Requests`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
-```
-
-## Cleanup
-
-```sh
-make local-cleanup
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
diff --git a/doc/user-guides/ratelimiting/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/ratelimiting/authenticated-rl-with-jwt-and-k8s-authnz.md
index f08445928..8d8acc6e0 100644
--- a/doc/user-guides/ratelimiting/authenticated-rl-with-jwt-and-k8s-authnz.md
+++ b/doc/user-guides/ratelimiting/authenticated-rl-with-jwt-and-k8s-authnz.md
@@ -1,6 +1,6 @@
 # Authenticated Rate Limiting with JWTs and Kubernetes RBAC
 
-This user guide walks you through an example of how to use Kuadrant to protect an application with policies to enforce:
+This tutorial walks you through an example of how to use Kuadrant to protect an application with policies to enforce: 
 
 - authentication based OpenId Connect (OIDC) ID tokens (signed JWTs), issued by a Keycloak server;
 - alternative authentication method by Kubernetes Service Account tokens;
@@ -23,16 +23,97 @@ Privileges to execute the requested operation (read, create or delete) will be g
 
 Each user will be entitled to a maximum of 5rp10s (5 requests every 10 seconds).
 
-### Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 
-### Deploy the Toystore example API:
+### Setup environment variables
+
+Set the following environment variables used for convenience in this tutorial:
+
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+```
+
+### Create an Ingress Gateway
+
+Create the namespace the Gateway will be deployed in:
+
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
+```
+
+Create a gateway using toystore as the listener hostname:
 
 ```sh
-kubectl apply -f examples/toystore/toystore.yaml
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+EOF
+```
+
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
+
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
+```
+### Deploy the Toy Store API
+
+Create the namespace for the Toystore application:
+
+```bash
+
+kubectl create ns ${KUADRANT_DEVELOPER_NS}
+```
+
+Deploy the Toystore app to the developer namespace:
+
+```bash
+kubectl apply -f examples/toystore/toystore.yaml -n ${KUADRANT_DEVELOPER_NS}
 ```
+Create a HTTPRoute to route traffic to the service via Istio Ingress Gateway:
 
+```sh
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: toystore
+  namespace: ${KUADRANT_DEVELOPER_NS}
+spec:
+  parentRefs:
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
+  hostnames:
+  - api.toystore.com
+  rules:
+  - matches:
+    - path:
+        type: Exact
+        value: "/toy"
+      method: GET
+    backendRefs:
+    - name: toystore
+      port: 80
+EOF
+```
 #### API lifecycle
 
 ![Lifecycle](http://www.plantuml.com/plantuml/png/hP7DIWD1383l-nHXJ_PGtFuSIsaH1F5WGRtjPJgJjg6pcPB9WFNf7LrXV_Ickp0Gyf5yIJPHZMXgV17Fn1SZfW671vEylk2RRZqTkK5MiFb1wL4I4hkx88m2iwee1AqQFdg4ShLVprQt-tNDszq3K8J45mcQ0NGrj_yqVpNFgmgU7aim0sPKQzxMUaQRXFGAqPwmGJW40JqXv1urHpMA3eZ1C9JbDkbf5ppPQrdMV9CY2XmC-GWQmEGaif8rYfFEPLdDu9K_aq7e7TstLPyUcot-RERnI0fVVjxOSuGBIaCnKk21sWBkW-p9EUJMgnCTIot_Prs3kJFceEiu-VM2uLmKlIl2TFrZVQCu8yD9kg1Dvf8RP9SQ_m40)
@@ -42,13 +123,13 @@ kubectl apply -f examples/toystore/toystore.yaml
 Export the gateway hostname and port:
 
 ```sh
-export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
-export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+export KUADRANT_INGRESS_HOST=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.status.addresses[0].value}')
+export KUADRANT_INGRESS_PORT=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
+export KUADRANT_GATEWAY_URL=${KUADRANT_INGRESS_HOST}:${KUADRANT_INGRESS_PORT}
 ```
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 200 OK
 ```
 
@@ -57,18 +138,18 @@ It should return `200 OK`.
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 &
-> export GATEWAY_URL=localhost:9080
+> kubectl port-forward -n ${KUADRANT_GATEWAY_NS} service/${KUADRANT_GATEWAY_NS}-istio 9080:80 >/dev/null 2>&1 &
+> export KUADRANT_GATEWAY_URL=localhost:9080
 > ```
 >
 > ```sh
-> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+> curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
 ### Deploy Keycloak
 
-Create the namesapce:
+Create the  for Keycloak:
 
 ```sh
 kubectl create namespace keycloak
@@ -92,6 +173,7 @@ apiVersion: kuadrant.io/v1
 kind: AuthPolicy
 metadata:
   name: toystore-protection
+  namespace: ${KUADRANT_DEVELOPER_NS}
 spec:
   targetRef:
     group: gateway.networking.k8s.io
@@ -128,7 +210,7 @@ EOF
 #### Try the API missing authentication
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 401 Unauthorized
 # www-authenticate: Bearer realm="keycloak-users"
 # www-authenticate: Bearer realm="k8s-service-accounts"
@@ -140,13 +222,13 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
 Obtain an access token with the Keycloak server:
 
 ```sh
-ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' -d 'scope=openid' | jq -r .access_token)
+KUADRANT_ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' -d 'scope=openid' | jq -r .KUADRANT_ACCESS_TOKEN)
 ```
 
 Send a request to the API as the Keycloak-authenticated user while still missing permissions:
 
 ```sh
-curl -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H "Authorization: Bearer $KUADRANT_ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 403 Forbidden
 ```
 
@@ -164,13 +246,13 @@ EOF
 Obtain an access token for the `client-app-1` service account:
 
 ```sh
-SA_TOKEN=$(kubectl create token client-app-1)
+KUADRANT_SA_TOKEN=$(kubectl create token client-app-1)
 ```
 
 Send a request to the API as the service account while still missing permissions:
 
 ```sh
-curl -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H "Authorization: Bearer $KUADRANT_SA_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 403 Forbidden
 ```
 
@@ -217,7 +299,7 @@ roleRef:
   name: toystore-reader
 subjects:
 - kind: User
-  name: $(jq -R -r 'split(".") | .[1] | @base64d | fromjson | .sub' <<< "$ACCESS_TOKEN")
+  name: $(jq -R -r 'split(".") | .[1] | @base64d | fromjson | .sub' <<< "$KUADRANT_ACCESS_TOKEN")
 - kind: ServiceAccount
   name: client-app-1
   namespace: default
@@ -232,7 +314,7 @@ roleRef:
   name: toystore-writer
 subjects:
 - kind: User
-  name: $(jq -R -r 'split(".") | .[1] | @base64d | fromjson | .sub' <<< "$ACCESS_TOKEN")
+  name: $(jq -R -r 'split(".") | .[1] | @base64d | fromjson | .sub' <<< "$KUADRANT_ACCESS_TOKEN")
 EOF
 ```
 
@@ -253,24 +335,24 @@ in the Authorino docs.
 Send requests to the API as the Keycloak-authenticated user:
 
 ```sh
-curl -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H "Authorization: Bearer $KUADRANT_ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 200 OK
 ```
 
 ```sh
-curl -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' -X POST http://$GATEWAY_URL/admin/toy -i
+curl -H "Authorization: Bearer $KUADRANT_ACCESS_TOKEN" -H 'Host: api.toystore.com' -X POST http://$KUADRANT_GATEWAY_URL/admin/toy -i
 # HTTP/1.1 200 OK
 ```
 
 Send requests to the API as the Kubernetes service account:
 
 ```sh
-curl -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H "Authorization: Bearer $KUADRANT_SA_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 200 OK
 ```
 
 ```sh
-curl -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' -X POST http://$GATEWAY_URL/admin/toy -i
+curl -H "Authorization: Bearer $KUADRANT_SA_TOKEN" -H 'Host: api.toystore.com' -X POST http://$KUADRANT_GATEWAY_URL/admin/toy -i
 # HTTP/1.1 403 Forbidden
 ```
 
@@ -310,17 +392,11 @@ Each user should be entitled to a maximum of 5 requests every 10 seconds.
 Send requests as the Keycloak-authenticated user:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $KUADRANT_ACCESS_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
 
 Send requests as the Kubernetes service account:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
-```
-
-## Cleanup
-
-```sh
-make local-cleanup
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $KUADRANT_SA_TOKEN" -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
diff --git a/doc/user-guides/ratelimiting/gateway-rl-for-cluster-operators.md b/doc/user-guides/ratelimiting/gateway-rl-for-cluster-operators.md
index f0c551758..b6845f02e 100644
--- a/doc/user-guides/ratelimiting/gateway-rl-for-cluster-operators.md
+++ b/doc/user-guides/ratelimiting/gateway-rl-for-cluster-operators.md
@@ -1,12 +1,13 @@
 # Gateway Rate Limiting for Cluster Operators
 
-For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas)
+For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas) 
 
-This user guide walks you through an example of how to configure rate limiting for all routes attached to a specific ingress gateway.
+This tutorial walks you through an example of how to configure rate limiting for all routes attached to a specific ingress gateway.
 
-### Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 
 ### Deploy the Toystore example API:
 
@@ -167,9 +168,3 @@ Unlimited successful (`200 OK`) through the `internal` ingress gateway (`*.local
 ```sh
 while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.local' http://localhost:9082 | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
-
-## Cleanup
-
-```sh
-make local-cleanup
-```
diff --git a/doc/user-guides/ratelimiting/multi-auth-rlp-diff-section.md b/doc/user-guides/ratelimiting/multi-auth-rlp-diff-section.md
index feffc70fc..41b62907d 100644
--- a/doc/user-guides/ratelimiting/multi-auth-rlp-diff-section.md
+++ b/doc/user-guides/ratelimiting/multi-auth-rlp-diff-section.md
@@ -1,10 +1,12 @@
 # Gateway Rate Limiting
 
-This user guide walks you through an example of how to configure multiple rate limit polices for different listeners in an ingress gateway.
+This tutorial walks you through an example of how to configure multiple rate limit polices for different listeners in an ingress gateway. 
 
-### Setup the environment
+## Prerequisites
+
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
 
 ### Deploy the sample API:
 
@@ -134,9 +136,3 @@ Unlimited successful (`200 OK`) through the `internal` ingress gateway (`*.local
 ```sh
 while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.local' http://localhost:9081 | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
-
-## Cleanup
-
-```sh
-make local-cleanup
-```
diff --git a/doc/user-guides/ratelimiting/multi-auth-rlp-same-section.md b/doc/user-guides/ratelimiting/multi-auth-rlp-same-section.md
index e53712cd1..e2aaba4d0 100644
--- a/doc/user-guides/ratelimiting/multi-auth-rlp-same-section.md
+++ b/doc/user-guides/ratelimiting/multi-auth-rlp-same-section.md
@@ -1,6 +1,6 @@
 # Multi authenticated Rate Limiting for an Application
 
-This user guide walks you through an example of how to configure multiple authenticated rate limiting for an application using Kuadrant.
+This tutorial walks you through an example of how to configure multiple authenticated rate limiting for an application using Kuadrant. 
 
 Authenticated rate limiting, rate limits the traffic directed to an application based on attributes of the client user, who is authenticated by some authentication method. A few examples of authenticated rate limiting use cases are:
 
@@ -8,7 +8,7 @@ Authenticated rate limiting, rate limits the traffic directed to an application
 - Each user can send up to 20rpm ("request per minute").
 - Admin users (members of the 'admin' group) can send up to 100rps, while regular users (non-admins) can send up to 20rpm and no more than 5rps.
 
-In this guide, we will rate limit a sample REST API called **Toy Store**, an echo service that echoes back to the user whatever attributes it gets in the request. The API exposes an endpoint at `GET http://api.toystore.com/toy`, to mimic an operation of reading toy records.
+In this tutorial, we will rate limit a sample REST API called **Toy Store**, an echo service that echoes back to the user whatever attributes it gets in the request. The API exposes an endpoint at `GET http://api.toystore.com/toy`, to mimic an operation of reading toy records.
 
 We will define 2 users of the API, which can send requests to the API at different rates, based on their user IDs. The authentication method used is **API key**.
 
@@ -17,9 +17,57 @@ We will define 2 users of the API, which can send requests to the API at differe
 | alice   | 5rp10s ("5 requests every 10 seconds") |
 | bob     | 2rp10s ("2 requests every 10 seconds") |
 
-### Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
+
+### Setup environment variables
+
+Set the following environment variables used for convenience in this tutorial:
+
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+```
+
+### Create an Ingress Gateway
+
+Create the namespace the Gateway will be deployed in:
+
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
+```
+
+Create a gateway using toystore as the listener hostname:
+
+```sh
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+EOF
+```
+
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
+
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
+```
 
 ### Deploy the Toy Store API
 
@@ -39,12 +87,13 @@ metadata:
   name: toystore
 spec:
   parentRefs:
-  - name: kuadrant-ingressgateway
-    namespace: gateway-system
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
   - api.toystore.com
   rules:
-  - matches:
+  - name: rule-1
+    matches:
     - path:
         type: Exact
         value: "/toy"
@@ -62,27 +111,27 @@ EOF
 ### Export the gateway hostname and port:
 
 ```sh
-export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
-export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+export KUADRANT_INGRESS_HOST=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.status.addresses[0].value}')
+export KUADRANT_INGRESS_PORT=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
+export KUADRANT_GATEWAY_URL=${KUADRANT_INGRESS_HOST}:${KUADRANT_INGRESS_PORT}
 ```
 
 ### Verify the route works:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 200 OK
 ```
 
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 &
-> export GATEWAY_URL=localhost:9080
+> kubectl port-forward -n ${KUADRANT_GATEWAY_NS} service/${KUADRANT_GATEWAY_NAME}-istio 9080:80 >/dev/null 2>&1 &
+> export KUADRANT_GATEWAY_URL=localhost:9080
 > ```
 >
 > ```sh
-> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+> curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
@@ -126,7 +175,7 @@ EOF
 ### Verify the authentication works by sending a request to the Toy Store API without API key:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 # HTTP/1.1 401 Unauthorized
 # www-authenticate: APIKEY realm="api-key-users"
 # x-ext-auth-reason: "credential not found"
@@ -229,17 +278,11 @@ Verify the rate limiting works by sending requests as Alice and Bob.
 Up to 5 successful (`200 OK`) requests every 10 seconds allowed for Alice, then `429 Too Many Requests`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
 
 Up to 2 successful (`200 OK`) requests every 10 seconds allowed for Bob, then `429 Too Many Requests`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
-```
-
-## Cleanup
-
-```sh
-make local-cleanup
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
diff --git a/doc/user-guides/ratelimiting/simple-rl-for-app-developers.md b/doc/user-guides/ratelimiting/simple-rl-for-app-developers.md
index ce61a9c77..c57f5d86d 100644
--- a/doc/user-guides/ratelimiting/simple-rl-for-app-developers.md
+++ b/doc/user-guides/ratelimiting/simple-rl-for-app-developers.md
@@ -1,16 +1,64 @@
 # Simple Rate Limiting for Application developers
 
-For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas)
+For more info on the different personas see [Gateway API](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#key-roles-and-personas) 
 
-This user guide walks you through an example of how to configure rate limiting for an endpoint of an application using Kuadrant.
+This tutorial walks you through an example of how to configure rate limiting for an endpoint of an application using Kuadrant.
 
-In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic operations of reading and writing toy records.
+In this tutorial, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic operations of reading and writing toy records.
 
 We will rate limit the `POST /toys` endpoint to a maximum of 5rp10s ("5 requests every 10 seconds").
 
-### Setup the environment
+## Prerequisites
 
-Follow this [setup doc](https://github.com/Kuadrant/kuadrant-operator/blob/main/doc/install/install-make.md) to set up your environment before continuing with this doc.
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
+
+### Setup environment variables
+
+Set the following environment variables used for convenience in this tutorial:
+
+```bash
+export KUADRANT_GATEWAY_NS=api-gateway # Namespace for the example Gateway
+export KUADRANT_GATEWAY_NAME=external # Name for the example Gateway
+export KUADRANT_DEVELOPER_NS=toystore # Namespace for an example toystore app
+```
+
+### Create an Ingress Gateway
+
+Create the namespace the Gateway will be deployed in:
+
+```bash
+kubectl create ns ${KUADRANT_GATEWAY_NS}
+```
+
+Create a gateway using toystore as the listener hostname:
+
+```sh
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: ${KUADRANT_GATEWAY_NAME}
+  namespace: ${KUADRANT_GATEWAY_NS}
+  labels:
+    kuadrant.io/gateway: "true"
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+EOF
+```
+
+Check the status of the `Gateway` ensuring the gateway is Accepted and Programmed:
+
+```bash
+kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}{"\n"}'
+```
 
 ### Deploy the Toy Store API
 
@@ -32,12 +80,13 @@ metadata:
   name: toystore
 spec:
   parentRefs:
-  - name: kuadrant-ingressgateway
-    namespace: gateway-system
+  - name: ${KUADRANT_GATEWAY_NAME}
+    namespace: ${KUADRANT_GATEWAY_NS}
   hostnames:
   - api.toystore.com
   rules:
-  - matches:
+  - name: rule-1
+    matches:
     - method: GET
       path:
         type: PathPrefix
@@ -45,7 +94,8 @@ spec:
     backendRefs:
     - name: toystore
       port: 80
-  - matches: # it has to be a separate HTTPRouteRule so we do not rate limit other endpoints
+  - name: rule-2
+    matches: # it has to be a separate HTTPRouteRule so we do not rate limit other endpoints
     - method: POST
       path:
         type: Exact
@@ -59,27 +109,27 @@ EOF
 Export the gateway hostname and port:
 
 ```sh
-export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
-export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+export KUADRANT_INGRESS_HOST=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.status.addresses[0].value}')
+export KUADRANT_INGRESS_PORT=$(kubectl get gtw ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
+export KUADRANT_GATEWAY_URL=${KUADRANT_INGRESS_HOST}:${KUADRANT_INGRESS_PORT}
 ```
 
 Verify the route works:
 
 ```sh
-curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i
+curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toys -i
 # HTTP/1.1 200 OK
 ```
 
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 &
-> export GATEWAY_URL=localhost:9080
+> kubectl port-forward -n ${KUADRANT_GATEWAY_NS} service/${KUADRANT_GATEWAY_NAME}-istio 9080:80 >/dev/null 2>&1 &
+> export KUADRANT_GATEWAY_URL=localhost:9080
 > ```
 >
 > ```sh
-> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i
+> curl -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
@@ -118,17 +168,11 @@ Verify the rate limiting works by sending requests in a loop.
 Up to 5 successful (`200 OK`) requests every 10 seconds to `POST /toys`, then `429 Too Many Requests`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -X POST | grep -E --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toys -X POST | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
 
 Unlimited successful (`200 OK`) to `GET /toys`:
 
 ```sh
-while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys | grep -E --color "\b(429)\b|$"; sleep 1; done
-```
-
-## Cleanup
-
-```sh
-make local-cleanup
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H 'Host: api.toystore.com' http://$KUADRANT_GATEWAY_URL/toys | grep -E --color "\b(429)\b|$"; sleep 1; done
 ```
diff --git a/doc/user-guides/tls/gateway-tls.md b/doc/user-guides/tls/gateway-tls.md
index e6952f0ce..db6cbff10 100644
--- a/doc/user-guides/tls/gateway-tls.md
+++ b/doc/user-guides/tls/gateway-tls.md
@@ -1,30 +1,14 @@
 # Gateway TLS for Cluster Operators
 
-This user guide walks you through an example of how to configure TLS for all routes attached to an ingress gateway.
+This tutorial walks you through an example of how to configure TLS for all routes attached to an ingress gateway. 
 
-## Requisites
+## Prerequisites
 
-- [Docker](https://docker.io)
+- Kubernetes cluster with Kuadrant operator installed. See our [Getting Started](/getting-started) guide for more information.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) command line tool.
 
 ### Setup
 
-This step uses tooling from the Kuadrant Operator component to create a containerized Kubernetes server locally using [Kind](https://kind.sigs.k8s.io),
-where it installs Istio, Kubernetes Gateway API, CertManager and Kuadrant itself.
-
-Clone the project:
-
-```shell
-git clone https://github.com/Kuadrant/kuadrant-operator && cd kuadrant-operator
-```
-
-Setup the environment:
-
-```shell
-make local-setup
-```
-
-Create a namespace:
-
 ```shell
 kubectl create namespace my-gateways
 ```
@@ -269,9 +253,3 @@ x-envoy-upstream-service-time: 1
 <
 * Connection #0 to host api.toystore.local left intact
 ```
-
-## Cleanup
-
-```shell
-make local-cleanup
-```