another round of feedback

Nickomang · Nickomang · commit 91e22391151e · 2022-09-08T09:00:54.000-07:00
diff --git a/articles/aks/image-cleaner.md b/articles/aks/image-cleaner.md
@@ -18,20 +18,20 @@ It's common to use pipelines to build and deploy images on Azure Kubernetes Serv
 
 * An Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
 * [Azure CLI][azure-cli-install] or [Azure PowerShell][azure-powershell-install] and the `aks-preview` CLI extension installed.
-* The `ImageCleanerPreview` feature flag registered on your subscription:
+* The `EnableImageCleanerPreview` feature flag registered on your subscription:
 
 ### [Azure CLI](#tab/azure-cli)
 
-Register the `ImageCleanerPreview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:
+Register the `EnableImageCleanerPreview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:
 
 ```azurecli-interactive
-az feature register --namespace "Microsoft.ContainerService" --name "ImageCleanerPreview"
+az feature register --namespace "Microsoft.ContainerService" --name "EnableImageCleanerPreview"
 ```
 
 It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:
 
 ```azurecli-interactive
-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/ImageCleanerPreview')].{Name:name,State:properties.state}"
+az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/EnableImageCleanerPreview')].{Name:name,State:properties.state}"
 ```
 
 When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:
@@ -42,16 +42,16 @@ az provider register --namespace Microsoft.ContainerService
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
-Register the `ImageCleanerPreview` feature flag by using the [Register-AzProviderPreviewFeature][register-azproviderpreviewfeature] cmdlet, as shown in the following example:
+Register the `EnableImageCleanerPreview` feature flag by using the [Register-AzProviderPreviewFeature][register-azproviderpreviewfeature] cmdlet, as shown in the following example:
 
 ```azurepowershell-interactive
-Register-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name ImageCleanerPreview
+Register-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name EnableImageCleanerPreview
 ```
 
 It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [Get-AzProviderPreviewFeature][get-azproviderpreviewfeature] cmdlet:
 
 ```azurepowershell-interactive
-Get-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name ImageCleanerPreview |
+Get-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name EnableImageCleanerPreview |
  Format-Table -Property Name, @{name='State'; expression={$_.Properties.State}}
 ```
 
@@ -72,11 +72,9 @@ ImageCleaner does not support the following:
 
 ## How ImageCleaner works
 
-When enabled, an `eraser-controller-manager` pod is deployed on each agent node, which will use an `ImageList` CRD to determine unreferenced and vulnerable images. An `ImageList` can either be defined manually or automatically generated by ImageCleaner.
+When enabled, an `eraser-controller-manager` pod is deployed on each agent node, which will use an `ImageList` CRD to determine unreferenced and vulnerable images. Vulnerability is determined based on a [trivy][trivy] scan, after which images with a `LOW`, `MEDIUM`, `HIGH`, or `CRITICAL` classification are flagged. An updated `ImageList` will be automatically generated by ImageCleaner based on a set time interval, and can also be supplied manually.
 
-In manual mode, the `ImageList` is created based off of a provided list of image names. In automatic mode, a time interval is set. ImageCleaner will repeatedly run in this interval to generate an updated `ImageList`.
-
-Once an `ImageList` is generated, ImageCleaner will continuously delete all the images in the list from node VMs.
+Once an `ImageList` is generated, ImageCleaner will remove all the images in the list from node VMs.
 
 ## Configuration options
 
@@ -111,7 +109,21 @@ az aks update -g MyResourceGroup -n MyManagedCluster \
   --image-cleaner-interval-hours 48
 ```
 
-Based on your configuration, ImageCleaner will generate an `ImageList` containing unreferenced/vulnerable images at the desired interval. ImageCleaner will automatically remove these images from cluster nodes.
+Based on your configuration, ImageCleaner will generate an `ImageList` containing non-running and vulnerable images at the desired interval. ImageCleaner will automatically remove these images from cluster nodes.
+
+## Manually remove images
+
+To manually remove images from your cluster using ImageCleaner, first create an `ImageList`. For example:
+
+```yml
+apiVersion: eraser.sh/v1alpha1
+kind: ImageList
+metadata:
+  name: imagelist
+spec:
+  images:
+    - docker.io/library/alpine:3.7.3   # You can also use "*" to specify all non-running images
+```
 
 ## Disable ImageCleaner
 
@@ -140,4 +152,5 @@ The deletion logs are stored in the `image-cleaner-kind-worker` pods. You can ch
 [az-provider-register]: /cli/azure/provider#az_provider_register
 [register-azresourceprovider]: /powershell/module/az.resources/register-azresourceprovider
 
-[arm-vms]: https://azure.microsoft.com/blog/azure-virtual-machines-with-ampere-altra-arm-based-processors-generally-available/
+[arm-vms]: https://azure.microsoft.com/blog/azure-virtual-machines-with-ampere-altra-arm-based-processors-generally-available/
+[trivy]: https://github.com/aquasecurity/trivy
