openshift-docs icon indicating copy to clipboard operation
openshift-docs copied to clipboard
verified publisher icon openshift

OSDOCS-3196 - Updating SCC content for OSD and ROSA

Open pneedle-rh opened this issue 3 years ago • 4 comments

This PR is a work in progress. Do not merge.

This applies to main, enterprise-4.11 and enterprise-4.10.

This PR relates to https://issues.redhat.com/browse/OSDOCS-3196. The PR updates the "Managing security context constraints" page in the OSD and ROSA libraries. The PR also includes some minor updates to the OCP SCC content, because the three distributions use the same assembly and module files for this page.

The previews are as follows:

  • OCP: http://file.fab.redhat.com/pneedle/pr48451/ocp/managing-security-context-constraints.html
  • OSD: http://file.fab.redhat.com/pneedle/pr48451/osd/managing-security-context-constraints.html
  • ROSA: http://file.fab.redhat.com/pneedle/pr48451/rosa/managing-security-context-constraints.html

pneedle-rh avatar Jul 28 '22 11:07 pneedle-rh

The enterprise-4.12 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.11. And any PR going into main must also target the latest version branch (enterprise-4.12).

If the update in your PR does NOT apply to version 4.12 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

bergerhoffer avatar Aug 10 '22 12:08 bergerhoffer

We should make clear that modifying the system default SCCs isn't supported (will break upgrades). Users can grant access to default SCCs via the use of RBAC, or create/modify their own additional SCCs (requires cluster admin).

It might be worth noting that this is an advanced action, and if you're not careful it could cause instability to the cluster (and that if customers have questions they should contact support).

cc @wgordon17 @jewzaam

cblecker avatar Aug 15 '22 23:08 cblecker

We should make clear that modifying the system default SCCs isn't supported (will break upgrades). Users can grant access to default SCCs via the use of RBAC, or create/modify their own additional SCCs (requires cluster admin).

It might be worth noting that this is an advanced action, and if you're not careful it could cause instability to the cluster (and that if customers have questions they should contact support).

cc @wgordon17 @jewzaam

@cblecker thank you for your review and guidance. In this PR, I have subsequently updated the existing note about not modifying the default SCCs in the "Default security context constraints" section for the OCP, OSD and ROSA libraries. I have also duplicated the admonition in the introductory section of the page, so that it is less likely to be missed.

Additionally, I have added an important admonition in the "Creating security context constraints" section in relation to SCC creation being an advanced procedure and on contacting Red Hat Support.

Please let me know if the further updates meet your requirements and if the PR now looks ok. Thanks!

pneedle-rh avatar Aug 17 '22 11:08 pneedle-rh

@yuwang-RH hi! Can you please review this PR from a QE perspective? Thanks!

pneedle-rh avatar Aug 17 '22 11:08 pneedle-rh

@yuwang-RH @xueli181114, in addition, for other ROSA/OSD parts changed within the ifndef::openshift-rosa[] or ifdef::openshift-rosa[], they are not OCP common scope so I have no more background, need you to double review. Others LGTM with previous comments left. Thanks!

xingxingxia avatar Sep 15 '22 09:09 xingxingxia

LGTM~

yuwang-RH avatar Sep 19 '22 09:09 yuwang-RH