Add OpenShift security section for anyuid security context (#1291)

* Add information on OpenShift anyuid security context

* Address comments on the OpenShift anyuid security context information

* fix typo

Author: TheFrogPad

docs-source/content/security/certificates.md

@@ -2,7 +2,7 @@
 title: "Certificates"
 date: 2019-03-06T21:14:18-05:00
 weight: 1
-description: "SSL/TLS certificate handling for the WebLogic operator."
+description: "SSL/TLS certificate handling for the WebLogic Kubernetes Operator"
 ---
 
 #### Updating operator external certificate

docs-source/content/security/openshift.md

@@ -0,0 +1,46 @@
+---
+title: "OpenShift"
+date: 2019-10-04T08:08:08-05:00
+weight: 7
+description: "OpenShift information for the WebLogic Kubernetes Operator"
+---
+
+#### OpenShift `anyuid` security context
+
+The Docker images that Oracle publishes default to the container user
+as `oracle`, which is UID `1000` and GID `1000`. When running the
+Oracle images or layered images that retain the default user as
+`oracle` with OpenShift, the `anyuid` security context constraint
+is required to ensure proper access to the file system within the
+Docker image. This means that the administrator must:
+
+1. Ensure the `anyuid` security content is granted
+2. Ensure that WebLogic containers are annotated with `openshift.io/scc: anyuid`
+
+For example, to update the OpenShift policy, use:
+
+```bash
+$ oc adm policy add-scc-to-user anyuid -z default
+```
+
+and to annotate the WebLogic containers, update the WebLogic `Domain` resource
+to include `annotations` for the `serverPod`. For example:
+
+``` yaml
+kind: Domain
+metadata:
+  name: domain1
+spec:
+  domainUID: domain1
+  serverPod:
+    env:
+      - name: var1
+        value: value1
+    annotations: 
+      openshift.io/scc: anyuid
+```
+
+{{% notice note %}}
+For additional information about OpenShift requirements and the operator,
+see the [OpenShift]({{<relref  "/userguide/introduction/introduction.md#openshift">}}) section in the User Guide.
+{{% /notice %}}

docs-source/content/security/rbac.md

@@ -2,7 +2,7 @@
 title: "RBAC"
 date: 2019-02-23T17:15:36-05:00
 weight: 5
-description: "Role based authorization for the WebLogic operator"
+description: "Role based authorization for the WebLogic Kubernetes Operator"
 ---
 
 #### Contents

docs-source/content/security/secrets.md

@@ -2,7 +2,7 @@
 title: "Secrets"
 date: 2019-02-23T17:36:33-05:00
 weight: 6
-description: "Kubernetes secrets for the WebLogic operator"
+description: "Kubernetes secrets for the WebLogic Kubernetes Operator"
 ---
 
 #### Contents

docs-source/content/security/service-accounts.md

@@ -2,7 +2,7 @@
 title: "Service accounts"
 date: 2019-02-23T17:36:12-05:00
 weight: 4
-description: "Kubernetes service accounts for the WebLogic operator"
+description: "Kubernetes service accounts for the WebLogic Kubernetes Operator"
 ---
 
 

docs-source/content/userguide/introduction/introduction.md

@@ -32,7 +32,8 @@ Detailed instructions are available [here]({{< relref "/userguide/managing-opera
 
 Operator 2.0.1+ is certified for use on OpenShift 3.11.43+, with Kubernetes 1.11.5+.  OpenShift 4 certification is currently in progress.
 
-When using the operator in OpenShift, the anyuid security context constraint is required to ensure that WebLogic containers run with a UNIX UID that has the correct permissions on the domain filesystem.
+When using the operator in OpenShift, the `anyuid` security context constraint is required to ensure that WebLogic containers run with a UNIX UID that has the correct permissions on the domain filesystem.
+For more information, see [OpenShift]({{<relref "/security/openshift.md">}}) in the Security section.
 
 ### Operator Docker image