Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1801331

Summary: scc to special meaning namespaces doesn't get scc assigned to it's pod?
Product: OpenShift Container Platform Reporter: Rupesh Patel <rupatel>
Component: DocumentationAssignee: Samantha Gidlow <sagidlow>
Status: CLOSED CURRENTRELEASE QA Contact: Weinan Liu <weinliu>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 4.1.zCC: aos-bugs, jokerman, kalexand, vigoyal, weinliu
Target Milestone: ---Keywords: Reopened
Target Release: 4.5.z   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-12 20:03:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 2 Kevin Lamenzo 2020-04-04 13:56:41 UTC 
I agree that https://docs.openshift.com/container-platform/4.2/authentication/managing-security-context-constraints.html is a better location for this information. Even though the topic is about creating pods, SCCs are applied to pods through RBAC, so I'd expect customers to look here for this information.

@xtian appreciate a quick review. I think this applies to all 4.x versions.
https://github.com/openshift/openshift-docs/pull/20912
Comment 3 Weinan Liu 2020-04-27 14:22:06 UTC 
LGTM. Thanks.
Comment 4 Kevin Lamenzo 2020-05-08 00:26:30 UTC 
This is live in the published docs here - https://docs.openshift.com/container-platform/4.2/authentication/managing-security-context-constraints.html#role-based-access-to-ssc_configuring-internal-oauth
Comment 5 Rupesh Patel 2020-05-27 18:47:00 UTC 
A customer (IBM) reporter of this thinks that the page where we add this info doesn't help much. 

They think the best place to have this information is on 

  https://docs.openshift.com/container-platform/4.4/applications/projects/working-with-projects.html
  and here:
  https://docs.openshift.com/container-platform/4.4/authentication/using-rbac.html#rbac-default-projects_using-rbac
 
The customer comments;

[1]

Thanks for adding it.  It would have be nice to also add it here:
https://docs.openshift.com/container-platform/4.4/applications/projects/working-with-projects.html
and here:
https://docs.openshift.com/container-platform/4.4/authentication/using-rbac.html#rbac-default-projects_using-rbac

These pages don't really tell the user that these shouldn't be used for workloads.  They almost suggest that they SHOULD be used....   Can you make the wording for the default projects a bit more clear that they SHOULD NOT be used for most workloads?

[2]

Rupesh:  Yes, please pursue a more complete change, as it will get customers in trouble.
Comment 11 Weinan Liu 2021-02-10 07:48:54 UTC 
The updates LGTM
Comment 13 Samantha Gidlow 2021-02-12 20:03:02 UTC 
Updates are live. Updated doc links below.

1. https://docs.openshift.com/container-platform/4.6/applications/projects/working-with-projects.html 
2. https://docs.openshift.com/container-platform/4.6/authentication/using-rbac.html#rbac-default-projects_using-rbac
Comment 14 Red Hat Bugzilla 2023-09-15 00:29:31 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days