Bug 1315850 - [DOCS] Running containers/pods with Security Context to run as UID
Summary: [DOCS] Running containers/pods with Security Context to run as UID
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: ---
Assignee: Ashley Hardin
QA Contact: Chuan Yu
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-08 18:56 UTC by Ryan Howe
Modified: 2020-02-14 17:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-09 16:23:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ryan Howe 2016-03-08 18:56:26 UTC 
Document URL: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_scc.html

Describe the issue: 

- We need information on how setting SecurityContext in a pod or container works with the SCC that the pod is running with. 

- Information is needed on use cases for setting the SecurityContext in a pod or container. For example how to run a container with a given UID or SELinux options via a Deployment config or build config.   
  - How does the SCC effect this 
  - How does the project/namespace effect this with the annotations [openshift.io/sa.scc.uid-range: 1000120000/10000}

Suggestions for improvement: 
 - Usecase needed

Additional information: 

   -Pod API info
    https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-pod
      https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-podspec
        https://docs.openshift.com/enterprise/3.1/rest_api/openshift_v1.html#v1-securitycontext
    
  -Container API info 
  https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-container
   https://docs.openshift.com/enterprise/3.1/rest_api/kubernetes_v1.html#v1-securitycontext

Kube Docs:
- https://github.com/kubernetes/kubernetes/blob/master/docs/design/security_context.md
- https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/pod-security-context.md
Comment 3 Ashley Hardin 2018-01-17 18:52:56 UTC 
Work in progress: https://github.com/openshift/openshift-docs/pull/7210
Comment 4 Ashley Hardin 2018-01-18 00:14:33 UTC 
I discussed this with Paul and Slava. This bug was filed a while ago against 3.1 docs and it seems like our docs have come a long way since then to address most of the original issue, namely within these topics:

https://docs.openshift.org/latest/install_config/persistent_storage/pod_security_context.html

https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints

I do not see `oc explain` recommended anywhere, so I opened this PR to include that.
https://github.com/openshift/openshift-docs/pull/7210
Comment 5 Chuan Yu 2018-01-18 09:32:21 UTC 
The changes looks good and verified with OCP3.1

openshift v3.1.1.11-9-g44fe9ba
kubernetes v1.1.0-origin-1107-g4c8e6f4
etcd 2.1.2
Comment 6 openshift-github-bot 2018-03-06 19:01:06 UTC 
Commits pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/64e3edbb5a57b4a093fc1b36fa8b087e9592bc68
Bug 1315850, added supplemental information about SCC

https://github.com/openshift/openshift-docs/commit/a3fa586374f15f7d18224f9f240da4b6d7d0a008
Merge pull request #7210 from ahardin-rh/scc-improvements

Bug 1315850, added supplemental information about SCC
Comment 7 Ashley Hardin 2018-03-09 16:23:14 UTC 
Content is now published:
https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-manage-scc#example-security-context-constraints
Note You need to log in before you can comment on or make changes to this bug.