1411421 – [DOCS] "oc secrets link" advice needs review

Bug 1411421 - [DOCS] "oc secrets link" advice needs review

Summary: [DOCS] "oc secrets link" advice needs review

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	brice
QA Contact:	Chuan Yu
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-09 16:49 UTC by Jim Minter
Modified:	2017-02-03 04:41 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-02-03 04:41:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jim Minter 2017-01-09 16:49:40 UTC

Since 3.0.2.0, by default serviceAccountConfig.limitSecretReferences is off (see the release notes https://docs.openshift.com/enterprise/3.0/whats_new/ose_3_0_release_notes.html).  

In light of this it would be good to review the documentation where 'oc secrets link' or 'oc secrets link --for=mount' (but not 'oc secrets link --for=pull', I think) is referenced.

https://docs.openshift.com/container-platform/3.3/dev_guide/service_accounts.html / Managing Allowed Secrets
- should mention that when serviceAccountConfig.limitSecretReferences is off (by default), 'oc secrets link --for=mount' has little effect.

https://docs.openshift.com/container-platform/3.3/dev_guide/managing_images.html / Allowing Pods to Reference Images from Other Secured Registries
- the advice about 'oc secrets link' is superfluous unless serviceAccountConfig.limitSecretReferences is on, which it is probably not in the majority of installs.

https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html / Securing the Registry
- ditto

https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html / Source Secrets
- ditto

Comment 1 brice 2017-01-11 05:08:29 UTC

Jim,

I created a PR for this issue:

https://github.com/openshift/openshift-docs/pull/3475

Can I please get an ack this fulfills this BZ? I'm worried some of the wording is confused.

Thanks!

Comment 2 Jim Minter 2017-01-11 08:59:57 UTC

Review added in PR - many thanks.

Comment 3 openshift-github-bot 2017-01-17 02:23:56 UTC

Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/15dfa6cc0185b75eb2d0db3f492db658ac991a50
Merge pull request #3475 from bfallonf/secrets_1411421

Bug 1411421 added information on linking pods to serviceaccounts

Comment 4 brice 2017-02-03 04:41:54 UTC

Links to released docs:

https://access.redhat.com/documentation/en/openshift-container-platform/3.4/single/developer-guide/#source-code

https://access.redhat.com/documentation/en/openshift-container-platform/3.4/single/developer-guide/#managing-allowed-secrets

https://access.redhat.com/documentation/en/openshift-container-platform/3.4/single/installation-and-configuration/#securing-the-registry

Note You need to log in before you can comment on or make changes to this bug.