Merge pull request #97745 from shivanisathe25/update_csinote

Dhruv-Soni11 · web-flow · commit ff388db9408a · 2025-09-08T11:41:25.000+05:30
[DOCS] Shared Resource CSI Driver wording update
diff --git a/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc b/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc
@@ -2,129 +2,9 @@
 [id="builds-running-entitled-builds-with-sharedsecret-objects_{context}"]
 = Running builds using SharedSecret objects
 
-You can use a `SharedSecret` object to securely access the entitlement keys of a cluster in builds.
+You can use a `SharedSecret` object to securely access the entitlement keys of a cluster in builds. The `SharedSecret` object allows you to share and synchronize secrets across namespaces.
 
-The `SharedSecret` object allows you to share and synchronize secrets across namespaces.
-
-[IMPORTANT]
-====
-The Shared Resource CSI Driver feature is now generally available in link:https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.1[{builds-v2title} 1.1]. This feature is now removed in {product-title} 4.18 and later. To use this feature, ensure that you are using {builds-v2title} 1.1 or later.
-====
-
-.Prerequisites
-
-* You have enabled the `TechPreviewNoUpgrade` feature set by using the feature gates. For more information, see xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates].
-* You must have permission to perform the following actions:
-** Create build configs and start builds.
-** Discover which `SharedSecret` CR instances are available by entering the `oc get sharedsecrets` command and getting a non-empty list back.
-** Determine if the `builder` service account available to you in your namespace is allowed to use the given `SharedSecret` CR instance. In other words, you can run `oc adm policy who-can use <identifier of specific SharedSecret>` to see if the `builder` service account in your namespace is listed.
-
-[NOTE]
-====
-If neither of the last two prerequisites in this list are met, establish, or ask someone to establish, the necessary role-based access control (RBAC) so that you can discover `SharedSecret` CR instances and enable service accounts to use `SharedSecret` CR instances.
-====
-
-.Procedure
-
-. Use `oc apply` to create a `SharedSecret` object instance with the cluster's entitlement secret.
-+
 [IMPORTANT]
 ====
-You must have cluster administrator permissions to create `SharedSecret` objects.
-====
-+
-.Example `oc apply -f` command with YAML `Role` object definition
-[source,terminal]
-----
-$ oc apply -f - <<EOF
-kind: SharedSecret
-apiVersion: sharedresource.openshift.io/v1alpha1
-metadata:
-  name: etc-pki-entitlement
-spec:
-  secretRef:
-    name: etc-pki-entitlement
-    namespace: openshift-config-managed
-EOF
-----
-
-. Create a role to grant the `builder` service account permission to access the `SharedSecret` object:
-+
-.Example `oc apply -f` command
-[source,terminal]
-----
-$ oc apply -f - <<EOF
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: builder-etc-pki-entitlement
-  namespace: build-namespace
-rules:
-  - apiGroups:
-      - sharedresource.openshift.io
-    resources:
-      - sharedsecrets
-    resourceNames:
-      - etc-pki-entitlement
-    verbs:
-      - use
-EOF
-----
-
-. Create a `RoleBinding` object that grants the `builder` service account permission to access the `SharedSecret` object by running the following command:
-+
-.Example `oc create rolebinding` command
-[source,terminal]
-----
-$ oc create rolebinding builder-etc-pki-entitlement --role=builder-etc-pki-entitlement --serviceaccount=build-namespace:builder
-----
-
-. Add the entitlement secret to your `BuildConfig` object by using a CSI volume mount:
-+
-.Example YAML `BuildConfig` object definition
-[source,yaml]
-----
-apiVersion: build.openshift.io/v1
-kind: BuildConfig
-metadata:
-  name: uid-wrapper-rhel9
-  namespace: build-namespace
-spec:
-  runPolicy: Serial
-  source:
-    dockerfile: |
-      FROM registry.redhat.io/ubi9/ubi:latest
-      RUN rm -rf /etc/rhsm-host <1>
-      RUN yum --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms install \ <2>
-          nss_wrapper \
-          uid_wrapper -y && \
-          yum clean all -y
-      RUN ln -s /run/secrets/rhsm /etc/rhsm-host <3>
-  strategy:
-    type: Docker
-    dockerStrategy:
-      volumes:
-        - mounts:
-            - destinationPath: "/etc/pki/entitlement"
-          name: etc-pki-entitlement
-          source:
-            csi:
-              driver: csi.sharedresource.openshift.io
-              readOnly: true <4>
-              volumeAttributes:
-                sharedSecret: etc-pki-entitlement <5> 
-            type: CSI
-----
-+
-<1> You must include the command to remove the `/etc/rhsm-host` directory and all its contents in the Dockerfile before executing any `yum` or `dnf` commands.
-<2> Use the link:https://access.redhat.com/downloads/content/package-browser[Red Hat Package Browser] to find the correct repositories for your installed packages.
-<3> You must restore the `/etc/rhsm-host` symbolic link to keep your image compatible with other Red Hat container images.
-<4> You must set `readOnly` to `true` to mount the shared resource in the build.
-<5> Reference the name of the `SharedSecret` object to include it in the build. 
-
-. Start a build from the `BuildConfig` object and follow the logs using the `oc` command.
-+
-[source,terminal]
-----
-$ oc start-build uid-wrapper-rhel9 -n build-namespace -F
-----
+The Shared Resource CSI Driver feature is now generally available in link:https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.1[{builds-v2title} 1.1]. To use this feature, ensure that you have installed {builds-v2title} 1.1 or later.
+====
