You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/deploy-confidential-containers-default-policy.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -139,7 +139,7 @@ Use the following command to enable Confidential Containers (preview) by creatin
139
139
* **--cluster-name**: Enter a unique name for the AKS cluster, such as *myAKSCluster*.
140
140
* **--name**: Enter a unique name for your clusters node pool, such as *nodepool2*.
141
141
* **--workload-runtime**: Specify *KataCcIsolation* to enable the feature on the node pool. Along with the `--workload-runtime` parameter, these other parameters shall satisfy the following requirements. Otherwise, the command fails and reports an issue with the corresponding parameter(s).
142
-
* **--os-sku**: **AzureLinux*. Only the Azure Linux os-sku supports this feature in this preview release.
142
+
* **--os-sku**: *AzureLinux*. Only the Azure Linux os-sku supports this feature in this preview release.
143
143
* **--node-vm-size**: Any Azure VM size that is a generation 2 VM and supports nested virtualization works. For example, [Standard_DC8as_cc_v5][DC8as-series] VMs.
144
144
145
145
The following example adds a user node pool to *myAKSCluster* with two nodes in *nodepool2* in the *myResourceGroup*:
@@ -193,7 +193,7 @@ For this preview release, we recommend for test and evaluation purposes to eithe
193
193
1. Grant the managed identity you created earlier, and your account, access to the key vault. [Assign][assign-key-vault-access-cli] both identities the **Key Vault Crypto Officer** and **Key Vault Crypto User** Azure RBAC roles.
194
194
195
195
>[!NOTE]
196
-
>The managed identity is the value you assigned to the `USER_ASSIGNED_IDENTITY_NAME` variable.
196
+
>The managed identity is the value you assign to the `USER_ASSIGNED_IDENTITY_NAME` variable.
197
197
198
198
>[!NOTE]
199
199
>To add role assignments, you must have `Microsoft.Authorization/roleAssignments/write` and `Microsoft.Authorization/roleAssignments/delete` permissions, such as [Key Vault Data Access Administrator][key-vault-data-access-admin-rbac], [User Access Administrator][user-access-admin-rbac], or [Owner][owner-rbac].
@@ -338,7 +338,7 @@ For this preview release, we recommend for test and evaluation purposes to eithe
338
338
339
339
```
340
340
341
-
1. Prepare the RSA Encryption/Decryption key by the [bash script](https://github.com/microsoft/confidential-container-demos/raw/main/kafka/setup-key.sh) for the workload from GitHub. Save the file as `setup-key.sh`.
341
+
1. Prepare the RSA Encryption/Decryption key using the [bash script](https://github.com/microsoft/confidential-container-demos/raw/main/kafka/setup-key.sh) for the workload from GitHub. Save the file as `setup-key.sh`.
342
342
343
343
1. Set the `MAA_ENDPOINT` environmental variable to match the value for the `SkrClientMAAEndpoint` from the `consumer.yaml` manifest file by running the following command.
344
344
@@ -379,7 +379,7 @@ For this preview release, we recommend for test and evaluation purposes to eithe
379
379
380
380
1. Copy and paste the external IP address of the consumer service into your browser and observe the decrypted message.
381
381
382
-
The following resembles the output of the command:
382
+
The following example resembles the output of the command:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments