Merge pull request #68666 from sheriff-rh/OCPBUGS-18377.1

sheriff-rh · web-flow · commit 7e91c66c8407 · 2024-01-03T14:06:26.000-05:00
diff --git a/modules/spo-applying-profiles.adoc b/modules/spo-applying-profiles.adoc
@@ -85,7 +85,7 @@ spec:
           localhostProfile: operator/my-namespace/profile1.json
 ----
 
-. Apply the profile to a `Deployment` object by running the following command:
+. Apply the profile to any other workload, such as a `Deployment` object, by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/spo-binding-workloads.adoc b/modules/spo-binding-workloads.adoc
@@ -47,12 +47,31 @@ spec:
 $ oc label ns my-namespace spo.x-k8s.io/enable-binding=true
 ----
 
-. Delete and re-create the pod to use the `ProfileBinding` object:
+. Define a pod named `test-pod.yaml`:
 +
-[source,terminal,subs="attributes+"]
+[source,yaml]
 ----
-$ oc delete pods test-pod && oc create -f pod01.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - name: test-container
+    image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21
+----
+
+. Create the pod:
++
+[source,terminal]
 ----
+$ oc create -f test-pod.yaml
+----
++
+[NOTE]
+====
+If the pod already exists, you must re-create the pod for the binding to work properly.
+====
 
 .Verification
 
diff --git a/modules/spo-creating-profiles.adoc b/modules/spo-creating-profiles.adoc
@@ -26,7 +26,14 @@ ifdef::seccomp[]
 
 .Procedure
 
-* Create the `{kind}` object:
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project my-namespace
+----
+
+. Create the `{kind}` object:
 +
 [source,yaml,subs="attributes+"]
 ----
@@ -54,6 +61,13 @@ The `{kind}` object has several features that allow for better security hardenin
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project nginx-deploy
+----
+
 . Create a policy that can be used with a non-privileged workload by creating the following `{kind}` object:
 +
 [source,yaml,subs="attributes+"]
diff --git a/modules/spo-recording-profiles.adoc b/modules/spo-recording-profiles.adoc
@@ -32,6 +32,13 @@ A container with `privileged: true` security context restraints prevents log-bas
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project my-namespace
+----
+
 . Label the namespace with `enable-recording=true` by running the following command:
 +
 [source,terminal]
diff --git a/modules/spo-replicating-controllers.adoc b/modules/spo-replicating-controllers.adoc
@@ -10,6 +10,13 @@ When you deploy SELinux policies for replicating controllers, such as deployment
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project nginx-secure
+----
+
 . Create the following `RoleBinding` object to allow SELinux policies to be used in the `nginx-secure` namespace:
 +
 [source,yaml]

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ spec:`
`85`	`85`	`localhostProfile: operator/my-namespace/profile1.json`
`86`	`86`	`----`
`87`	`87`
`88`		-. Apply the profile to a `Deployment` object by running the following command:
	`88`	+. Apply the profile to any other workload, such as a `Deployment` object, by running the following command:
`89`	`89`	`+`
`90`	`90`	`[source,terminal]`
`91`	`91`	`----`