Added content

Author: pabel-rh

assemblies/assembly-configuring-readonlyrootfilesystem.adoc

@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: readonlyrootfilesystem
+[id="{context}"]
+= Configuring readOnlyRootFilesystem in {product}
+
+The {product} deployment consists of two containers, an initContainer that installs the Dynamic Plugins, and a backend container which runs the application. The initContainer has the `readOnlyRootFilesystem` option enabled by default, and you can manually configure the `readOnlyRootFilesystem` option on the backend container using the following methods. To enable this option, you must have `platform administrator` permissions so that you can modify the configuration and redeploy.
+
+
+include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-operator-deployment.adoc[leveloffset=+1]
+
+include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]

modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment.adoc

@@ -0,0 +1,15 @@
+[id="proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment"]
+= Configuring the readOnlyRootFilesystem option in a {product} Helm chart deployment
+
+.Procedure
+. When you are deploying {product-short} using the Helm chart, add the `readOnlyFilesystem: true` line to the `containerSecurityContext` section in your values.yaml file. For example:
++
+====
+[source,yaml,subs="+attributes,+quotes"]
+----
+upstream:
+  backstage:
+    containerSecurityContext:
+      readOnlyRootFilesystem: true
+----
+====

modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-operator-deployment.adoc

@@ -0,0 +1,24 @@
+[id="proc-configuring-readonlyrootfilesystem-option-in-rhdh-operator-deployment"]
+= Configuring the readOnlyRootFilesystem option in a {product} Operator deployment
+
+When you are deploying {product-short} using the Operator, specify a `patch` for the `deployment` in your `{product-custom-resource-type}` custom resource (CR) that applies the `readOnlyRootFilesystem` option to the `securityContext` section in the {product-short} backend container.
+
+.Procedure
+
+. Add the `securityContext` specification in your CR. For example:
++
+====
+[source,yaml,subs="+attributes,+quotes"]
+----
+spec:
+  deployment:
+    patch:
+      spec:
+        template:
+          spec:
+            containers:
+              - name: backstage-backend
+                securityContext:
+                  readOnlyRootFilesystem: true
+----
+====

modules/configuring/proc-mounting-additional-files-in-your-custom-configuration-using-rhdh-operator.adoc

@@ -11,7 +11,7 @@ The `mountPath` field specifies the location where a ConfigMap or Secret is moun
 
 [NOTE]
 ====
-* {ocp-short} does not automatically update a volume mounted with `subPath`. By default, the {product-very-short} operator monitors these ConfigMaps or Secrets and refreshes the {product-very-short} Pod when changes occur.
+* {ocp-short} does not automatically update a volume mounted with `subPath`. By default, the {product-very-short} Operator monitors these ConfigMaps or Secrets and refreshes the {product-very-short} Pod when changes occur.
 * For security purposes, {product} does not give the Operator Service Account read access to Secrets. As a result, mounting files from Secrets without specifying both mountPath and key is not supported.
 ====
 

modules/configuring/proc-using-the-operator-to-run-rhdh-with-your-custom-configuration.adoc

@@ -1,7 +1,7 @@
 [id="using-the-operator-to-run-rhdh-with-your-custom-configuration"]
-= Using the {product} operator to run {product-short} with your custom configuration
+= Using the {product} Operator to run {product-short} with your custom configuration
 
-To use the {product-short} operator to run {product} with your custom configuration, create your {product-custom-resource-type} custom resource (CR) that:
+To use the {product-short} Operator to run {product} with your custom configuration, create your {product-custom-resource-type} custom resource (CR) that:
 
 * Mounts files provisioned in your custom config maps.
 * Injects environment variables provisioned in your custom secrets.