Bug 1315850 - [DOCS] Running containers/pods with Security Context to run as UID
[DOCS] Running containers/pods with Security Context to run as UID
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation (Show other bugs)
3.1.0
Unspecified Unspecified
low Severity medium
: ---
: ---
Assigned To: Ashley Hardin
Chuan Yu
Vikram Goyal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-08 13:56 EST by Ryan Howe
Modified: 2018-05-08 20:30 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-09 11:23:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ryan Howe 2016-03-08 13:56:26 EST
Document URL: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_scc.html

Describe the issue: 

- We need information on how setting SecurityContext in a pod or container works with the SCC that the pod is running with. 

- Information is needed on use cases for setting the SecurityContext in a pod or container. For example how to run a container with a given UID or SELinux options via a Deployment config or build config.   
  - How does the SCC effect this 
  - How does the project/namespace effect this with the annotations [openshift.io/sa.scc.uid-range: 1000120000/10000}

Suggestions for improvement: 
 - Usecase needed

Additional information: 

   -Pod API info
    https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-pod
      https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-podspec
        https://docs.openshift.com/enterprise/3.1/rest_api/openshift_v1.html#v1-securitycontext
    
  -Container API info 
  https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-container
   https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-securitycontext

Kube Docs:
- https://github.com/kubernetes/kubernetes/blob/master/docs/design/security_context.md
- https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/pod-security-context.md
Comment 3 Ashley Hardin 2018-01-17 13:52:56 EST
Work in progress: https://github.com/openshift/openshift-docs/pull/7210
Comment 4 Ashley Hardin 2018-01-17 19:14:33 EST
I discussed this with Paul and Slava. This bug was filed a while ago against 3.1 docs and it seems like our docs have come a long way since then to address most of the original issue, namely within these topics:

https://docs.openshift.org/latest/install_config/persistent_storage/pod_security_context.html

https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints

I do not see `oc explain` recommended anywhere, so I opened this PR to include that.
https://github.com/openshift/openshift-docs/pull/7210
Comment 5 Chuan Yu 2018-01-18 04:32:21 EST
The changes looks good and verified with OCP3.1

openshift v3.1.1.11-9-g44fe9ba
kubernetes v1.1.0-origin-1107-g4c8e6f4
etcd 2.1.2
Comment 6 openshift-github-bot 2018-03-06 14:01:06 EST
Commits pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/64e3edbb5a57b4a093fc1b36fa8b087e9592bc68
Bug 1315850, added supplemental information about SCC

https://github.com/openshift/openshift-docs/commit/a3fa586374f15f7d18224f9f240da4b6d7d0a008
Merge pull request #7210 from ahardin-rh/scc-improvements

Bug 1315850, added supplemental information about SCC

Note You need to log in before you can comment on or make changes to this bug.