Bug 1411421 - [DOCS] "oc secrets link" advice needs review
Summary: [DOCS] "oc secrets link" advice needs review
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: brice
QA Contact: Chuan Yu
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-09 16:49 UTC by Jim Minter
Modified: 2017-02-03 04:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-03 04:41:54 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Jim Minter 2017-01-09 16:49:40 UTC
Since 3.0.2.0, by default serviceAccountConfig.limitSecretReferences is off (see the release notes https://docs.openshift.com/enterprise/3.0/whats_new/ose_3_0_release_notes.html).  

In light of this it would be good to review the documentation where 'oc secrets link' or 'oc secrets link --for=mount' (but not 'oc secrets link --for=pull', I think) is referenced.

https://docs.openshift.com/container-platform/3.3/dev_guide/service_accounts.html / Managing Allowed Secrets
- should mention that when serviceAccountConfig.limitSecretReferences is off (by default), 'oc secrets link --for=mount' has little effect.

https://docs.openshift.com/container-platform/3.3/dev_guide/managing_images.html / Allowing Pods to Reference Images from Other Secured Registries
- the advice about 'oc secrets link' is superfluous unless serviceAccountConfig.limitSecretReferences is on, which it is probably not in the majority of installs.

https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html / Securing the Registry
- ditto

https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html / Source Secrets
- ditto

Comment 1 brice 2017-01-11 05:08:29 UTC
Jim,

I created a PR for this issue:

https://github.com/openshift/openshift-docs/pull/3475

Can I please get an ack this fulfills this BZ? I'm worried some of the wording is confused.

Thanks!

Comment 2 Jim Minter 2017-01-11 08:59:57 UTC
Review added in PR - many thanks.

Comment 3 openshift-github-bot 2017-01-17 02:23:56 UTC
Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/15dfa6cc0185b75eb2d0db3f492db658ac991a50
Merge pull request #3475 from bfallonf/secrets_1411421

Bug 1411421 added information on linking pods to serviceaccounts


Note You need to log in before you can comment on or make changes to this bug.