Hide Forgot
Document URL: https://docs.openshift.com/container-platform/3.3/dev_guide/volumes.html#overview Section Number and Name: Understanding Volumes Describe the issue: We do a very poor job of explain volumes, and how the interact with the system (get mounted) or attached to pods. The key part of this issue is the use of "--source" in sections of our docs. > https://bugzilla.redhat.com/show_bug.cgi?id=1393568 When this option is used, over a PVC, the PV that is created, and mounted, may be subject to SCC restrictions. However in addition to not calling out these SCC restrictions, we don't properly highlight the benefits of PVC's (which is the focus of this bullet point). We also do a poor job of explaining how SCC's can limit or restrict what "users" can or can not do with volumes. > https://docs.openshift.com/enterprise/3.2/release_notes/ose_3_2_release_notes.html#ose-32-security > The new Volumes field in SCCs allows an administrator full control over which volume plug-ins may be specified. > ... > By default, regular users are now forbidden from directly mounting any of the remote volume type; they must use a persistent volume claim (PVC). Suggestions for improvement: 1. Diagram and Describe a flow of how a pod mount a volume (what process it goes through). Include information on how it interacts with the host (in situation where that is needed). - Point is to show why PVC's are important, and highlight the value they provide to the end user. It should also be noted, that admins have the "control" to limit or provide users with the ability to directly mount PV's should they choose, by altering SCC's. 2. Better document how and admin can control, the PV's that can be mounted, by altering SCC rules and policies.