chore: Add configuring nested containers article (#2986)

* chore: Add configuring nested containers article

Signed-off-by: Anatolii Bazko <[email protected]>

* Update modules/administration-guide/pages/enabling-container-run-capabilities.adoc

Co-authored-by: Jana Vrbkova <[email protected]>

* Update modules/administration-guide/pages/enabling-container-run-capabilities.adoc

Co-authored-by: Jana Vrbkova <[email protected]>

---------

Signed-off-by: Anatolii Bazko <[email protected]>
Co-authored-by: Jana Vrbkova <[email protected]>

Author: tolusha

modules/administration-guide/nav.adoc

@@ -54,6 +54,7 @@
 *** xref:deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc[]
 *** xref:configuring-workspaces-nodeselector.adoc[]
 *** xref:configuring-allowed-urls-for-cloud-development-environments.adoc[]
+*** xref:enabling-container-run-capabilities.adoc[]
 ** xref:caching-images-for-faster-workspace-start.adoc[]
 *** xref:installing-kubernetes-image-puller.adoc[]
 **** xref:installing-image-puller-on-kubernetes-by-using-cli.adoc[]

modules/administration-guide/pages/configuring-workspaces-globally.adoc

@@ -20,3 +20,5 @@ This section describes how an administrator can configure workspaces globally.
 * xref:configuring-workspaces-nodeselector.adoc[]
 
 * xref:configuring-allowed-urls-for-cloud-development-environments.adoc[]
+
+* xref:enabling-container-run-capabilities.adoc[]

modules/administration-guide/pages/enabling-container-run-capabilities.adoc

@@ -0,0 +1,45 @@
+:_content-type: PROCEDURE
+:description: Enabling container run capabilities
+:keywords: administration-guide, container, podman, nested containers
+:navtitle: Enabling container run capabilities
+:page-aliases:
+
+[id="enabling-container-run-capabilities"]
+= Enabling container run capabilities
+
+You can enable container run capabilities in {prod-short} workspaces to
+allow running nested containers using tools like Podman. This feature leverages Linux kernel
+user namespaces for isolation, so that users can build and run container
+images within their workspaces.
+
+[IMPORTANT]
+====
+Previously created workspaces can not be started after enabling this feature. Users will need to create new workspaces.
+====
+
+[IMPORTANT]
+====
+* This feature is available on OpenShift 4.20 and later versions.
+====
+
+.Prerequisites
+
+* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.
+
+* An instance of {prod-short} running in {orch-name}.
+
+
+.Procedure
+
+. Configure the `CheCluster` custom resource to enable container run capabilities:
++
+[source,subs="+quotes,attributes"]
+----
+{orch-cli} patch checluster/{prod-checluster} -n {prod-namespace} \
+  --type='merge' -p \
+  '{"spec":{"devEnvironments":{"disableContainerRunCapabilities":false}}}'
+----
+
+.Additional resources
+
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/release_notes/index#ocp-release-notes-machine-config-operator-namespace_release-notes{ocp4-ver}/authentication/managing-security-context-constraints.html[Linux user namespace support]