Skip to content

Commit 5c2789b

Browse files
committed
Incorporated new edits from PM from other PR
1 parent f2fcdf3 commit 5c2789b

File tree

1 file changed

+15
-4
lines changed

1 file changed

+15
-4
lines changed

articles/aks/use-pod-sandboxing.md

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -223,26 +223,37 @@ To demonstrate the deployed application on the AKS cluster isn't isolated and is
223223
224224
Kubectl connects to your cluster, runs `/bin/sh` inside the first container within the *untrusted* pod, and forward your terminal's input and output streams to the container's process. You can also start a shell session to the container hosting the *trusted* pod.
225225
226-
2. After starting a shell session to the container of the *untrusted* pod, you can run commands to verify that the *untrusted* container is running in a nested VM that has a different kernel version compared to the *trusted* container.
226+
2. After starting a shell session to the container of the *untrusted* pod, you can run commands to verify that the *untrusted* container is running in a pod sandbox that has a different kernel version compared to the *trusted* container outside the sandbox.
227227
228228
To see the kernel version run the following command:
229229
230230
```bash
231231
uname -r
232232
```
233233
234-
The following example resembles output from the nested VM kernel:
234+
The following example resembles output from the pod sandbox kernel:
235235
236236
```output
237237
root@untrusted:/# uname -r
238238
5.15.48.1-8.cm2
239239
```
240240
241-
Running the same command on the shared VM kernel resembles output from the same command used earlier:
241+
3. Start a shell session to the container of the *trusted* pod to verify the kernel output:
242+
243+
```bash
244+
kubectl exec -it trusted -- /bin/bash
245+
```
246+
247+
To see the kernel version run the following command:
248+
249+
```bash
250+
uname -r
251+
```
252+
253+
The following example resembles output from the VM that is running the *trusted* pod, which is a different kernel than the *untrusted* pod running within the pod sandbox:
242254
243255
```output
244256
5.15.80.mshv2-hvl1.m2
245-
```
246257
247258
## Cleanup
248259

0 commit comments

Comments
 (0)