Tweak the share process namespace page

tengqm · tengqm · commit 060b924df8fe · 2022-05-29T08:03:37.000+08:00
This PR removes the outdated information about very old versions of k8s releases.
It also revises the indentation of unordered lists.
Some other trivial clarifications of text are applied as well.
diff --git a/content/en/docs/tasks/configure-pod-container/share-process-namespace.md b/content/en/docs/tasks/configure-pod-container/share-process-namespace.md
@@ -1,6 +1,5 @@
 ---
 title: Share Process Namespace between Containers in a Pod
-min-kubernetes-server-version: v1.10
 reviewers:
 - verb
 - yujuhong
@@ -11,64 +10,69 @@ weight: 160
 
 <!-- overview -->
 
-{{< feature-state state="stable" for_k8s_version="v1.17" >}}
-
 This page shows how to configure process namespace sharing for a pod. When
 process namespace sharing is enabled, processes in a container are visible
-to all other containers in that pod.
+to all other containers in the same pod.
 
 You can use this feature to configure cooperating containers, such as a log
 handler sidecar container, or to troubleshoot container images that don't
 include debugging utilities like a shell.
 
-
-
 ## {{% heading "prerequisites" %}}
 
-
-{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
-
-
+{{< include "task-tutorial-prereqs.md" >}}
 
 <!-- steps -->
 
 ## Configure a Pod
 
-Process Namespace Sharing is enabled using the `shareProcessNamespace` field of
-`v1.PodSpec`. For example:
+Process namespace sharing is enabled using the `shareProcessNamespace` field of
+`.spec` for a Pod. For example:
 
 {{< codenew file="pods/share-process-namespace.yaml" >}}
 
 1. Create the pod `nginx` on your cluster:
 
-    ```shell
-    kubectl apply -f https://k8s.io/examples/pods/share-process-namespace.yaml
-    ```
+   ```shell
+   kubectl apply -f https://k8s.io/examples/pods/share-process-namespace.yaml
+   ```
 
 1. Attach to the `shell` container and run `ps`:
 
-    ```shell
-    kubectl attach -it nginx -c shell
-    ```
+   ```shell
+   kubectl attach -it nginx -c shell
+   ```
+
+   If you don't see a command prompt, try pressing enter. In the container shell:
+
+   ```shell
+   # run this inside the "shell" container
+   ps ax
+   ```
 
-    If you don't see a command prompt, try pressing enter.
+   The output is similar to this:
 
-    ```
-    / # ps ax
-    PID   USER     TIME  COMMAND
-        1 root      0:00 /pause
-        8 root      0:00 nginx: master process nginx -g daemon off;
-       14 101       0:00 nginx: worker process
-       15 root      0:00 sh
-       21 root      0:00 ps ax
-    ```
+   ```none
+   PID   USER     TIME  COMMAND
+       1 root      0:00 /pause
+       8 root      0:00 nginx: master process nginx -g daemon off;
+      14 101       0:00 nginx: worker process
+      15 root      0:00 sh
+      21 root      0:00 ps ax
+   ```
 
 You can signal processes in other containers. For example, send `SIGHUP` to
-nginx to restart the worker process. This requires the `SYS_PTRACE` capability.
+`nginx` to restart the worker process. This requires the `SYS_PTRACE` capability.
 
+```shell
+# run this inside the "shell" container
+kill -HUP 8   # change "8" to match the PID of the nginx leader process, if necessary
+ps ax
 ```
-/ # kill -HUP 8
-/ # ps ax
+
+The output is similar to this:
+
+```none
 PID   USER     TIME  COMMAND
     1 root      0:00 /pause
     8 root      0:00 nginx: master process nginx -g daemon off;
@@ -77,12 +81,18 @@ PID   USER     TIME  COMMAND
    23 root      0:00 ps ax
 ```
 
-It's even possible to access another container image using the
+It's even possible to access the file system of another container using the
 `/proc/$pid/root` link.
 
+```shell
+# run this inside the "shell" container
+# change "8" to the PID of the Nginx process, if necessary
+head /proc/8/root/etc/nginx/nginx.conf
 ```
-/ # head /proc/8/root/etc/nginx/nginx.conf
 
+The output is similar to this:
+
+```none
 user  nginx;
 worker_processes  1;
 
@@ -94,21 +104,19 @@ events {
     worker_connections  1024;
 ```
 
-
-
 <!-- discussion -->
 
-## Understanding Process Namespace Sharing
+## Understanding process namespace sharing
 
 Pods share many resources so it makes sense they would also share a process
-namespace. Some container images may expect to be isolated from other
-containers, though, so it's important to understand these differences:
+namespace. Some containers may expect to be isolated from others, though,
+so it's important to understand the differences:
 
-1. **The container process no longer has PID 1.** Some container images refuse
+1. **The container process no longer has PID 1.** Some containers refuse
    to start without PID 1 (for example, containers using `systemd`) or run
    commands like `kill -HUP 1` to signal the container process. In pods with a
-   shared process namespace, `kill -HUP 1` will signal the pod sandbox.
-   (`/pause` in the above example.)
+   shared process namespace, `kill -HUP 1` will signal the pod sandbox
+   (`/pause` in the above example).
 
 1. **Processes are visible to other containers in the pod.** This includes all
    information visible in `/proc`, such as passwords that were passed as arguments
@@ -118,6 +126,3 @@ containers, though, so it's important to understand these differences:
    `/proc/$pid/root` link.** This makes debugging easier, but it also means
    that filesystem secrets are protected only by filesystem permissions.
 
-
-
-
