PR review team edits

johnmarco · johnmarco · commit 2fbf69ec730d · 2024-11-04T11:42:17.000-05:00
diff --git a/articles/openshift/confidential-containers-deploy.md b/articles/openshift/confidential-containers-deploy.md
@@ -209,7 +209,6 @@ By default, the OpenShift sandboxed containers operator creates the secret based
       AZURE_SUBSCRIPTION_ID: "<azure_subscription_id>"
     ```
 
-    **Notes:**
     - Specify the `AZURE_CLIENT_ID value`.
     - Specify the `AZURE_CLIENT_SECRET value`.
     - Specify the `AZURE_TENANT_ID value`.
@@ -275,7 +274,6 @@ By default, the OpenShift sandboxed containers operator creates the secret based
       AZURE_RESOURCE_GROUP: "<azure_resource_group>"
       DISABLECVM: "true"
     ```
-    **Notes:**
     - `AZURE_INSTANCE_SIZE` is the default if an instance size isn't defined in the workload.
     - `AZURE_INSTANCE_SIZES` lists all of the instance sizes you can specify when creating the pod. This allows you to define smaller instance sizes for workloads that need less memory and fewer CPUs or larger instance sizes for larger workloads.
     - Specify the `AZURE_SUBNET_ID` value that you retrieved.
@@ -483,7 +481,6 @@ Create a secure route with edge TLS termination for Trustee. External ingress tr
       AA_KBC_PARAMS: "cc_kbc::https://${TRUSTEE_HOST}"
     ```
 
-    **Notes:**
     - `AZURE_INSTANCE_SIZE` is the default if an instance size isn't defined in the workload.
     - `AZURE_INSTANCE_SIZES` lists all of the instance sizes you can specify when creating the pod. This allows you to define smaller instance sizes for workloads that need less memory and fewer CPUs or larger instance sizes for larger workloads.
     - Specify the `AZURE_SUBNET_ID` value that you retrieved.
@@ -665,8 +662,6 @@ If your TEE is Intel Trust Domain Extensions (TDX), you must configure the Provi
         ]
     ```
     
-    **Notes:**
-
     For `reference-values.json` specify the trusted digests for your hardware platform if required. Otherwise, leave it empty.
 
 1.	Create the RVPS config map by running the following command:
@@ -698,7 +693,6 @@ If your TEE is Intel Trust Domain Extensions (TDX), you must configure the Provi
           input["tee"] != "sample"
         }
     ```
-    **Notes:**
 
     - The name of the resource policy, `policy.rego`, must match the resource policy defined in the Trustee config map.
     - The resource package policy follows the Open Policy Agent specification. This example allows the retrieval of all resources when the TEE isn't the sample attester.
@@ -762,7 +756,6 @@ If your TEE is Intel Trust Domain Extensions (TDX), you must configure the Provi
             _ = m[k]
          }
     ```
-    **Notes:**
 
     For `package policy`, The attestation policy follows the Open Policy Agent specification. In this example, the attestation policy compares the claims provided in the attestation report to the reference values registered in the RVPS database. The attestation process is successful only if all the values match.
 
@@ -785,7 +778,6 @@ If your TEE is Intel Trust Domain Extensions (TDX), you must configure the Provi
             "pccs_url": "<pccs_url>"
           }
     ```
-    **Notes:**
 
     For `pccs_url`, specify the PCCS URL, for example, https://localhost:8081/sgx/certification/v4/.
 
@@ -895,9 +887,8 @@ In a test scenario, you can override the restriction at runtime by adding a poli
             seccompProfile:
               type: RuntimeDefault
     ```
-    
-    Notes:
-    
+   
+   
     The pod metada `annotations` overrides the policy that prevents sensitive data from being written to standard I/O.
     
 1.	Create the pod by running the following command:
diff --git a/articles/openshift/confidential-containers-overview.md b/articles/openshift/confidential-containers-overview.md
@@ -44,7 +44,7 @@ Confidential Containers is a feature of Red Hat OpenShift sandboxed containers,
 
 Azure Red Hat OpenShift serves as the orchestrator, overseeing the sandboxing of workloads (pods) through the utilization of virtual machines. When employing CVMs, Azure Red Hat OpenShift empowers Confidential Container capabilities for your workloads. Once a Confidential Containers workload is created, Azure Red Hat OpenShift deploys it within a CVM executing within the TEE, providing a secure and isolated environment for your sensitive data.
 
-:::image type="content" source="media/confidential-containers-overview/confidential-containers-arch.png" alt-text="Architecture diagram of ARC confidential containers":::
+:::image type="content" source="media/confidential-containers-overview/confidential-containers-arch.png" alt-text="Architecture diagram of ARC confidential containers." lightbox="media/confidential-containers-overview/confidential-containers-arch.png":::
 
 The diagram shows the three main steps for using Confidential Containers on an ARO cluster:
 1. The OpenShift Sandboxed Containers Operator is deployed on the ARO cluster.
@@ -66,11 +66,11 @@ The Trustee project provides the attestation capabilities essential for Confiden
 - Attestation Service (AS): This service validates the TEE evidence.
 
 ### The Confidential Compute Attestation Operator
-The confidential compute attestation Operator, an integral component of the Azure Red Hat OpenShift Confidential Containers solution, facilitates the deployment and management of Trustee services within an Azure Red Hat OpenShift cluster. It streamlines the configuration of Trustee services and the management of secrets for Confidential Containers workloads.
+The Confidential Compute Attestation Operator, an integral component of the Azure Red Hat OpenShift Confidential Containers solution, facilitates the deployment and management of Trustee services within an Azure Red Hat OpenShift cluster. It streamlines the configuration of Trustee services and the management of secrets for Confidential Containers workloads.
 
-### A Unified Perspective
+### A Unified perspective
 
-A typical Confidential Containers deployment involves Azure Red Hat OpenShift working in conjunction with the confidential compute attestation operator deployed in a separate, trusted environment. The workload is executed within a CVM operating inside a TEE, benefiting from the encrypted memory and integrity guarantees provided by the TEE. Trustee agents residing within the CVM perform attestation and acquire requisite secrets, safeguarding the security and confidentiality of your data.
+A typical Confidential Containers deployment involves Azure Red Hat OpenShift working in conjunction with the Confidential Compute Attestation Operator deployed in a separate, trusted environment. The workload is executed within a CVM operating inside a TEE, benefiting from the encrypted memory and integrity guarantees provided by the TEE. Trustee agents residing within the CVM perform attestation and acquire requisite secrets, safeguarding the security and confidentiality of your data.
 
 ## Next steps
 
diff --git a/articles/openshift/media/confidential-containers-overview/confidential-containers-arch.png b/articles/openshift/media/confidential-containers-overview/confidential-containers-arch.png
