change SCC steps in install and upgrade

Author: kaitlynmichael

content/operate/kubernetes/deployment/openshift/openshift-cli.md

@@ -68,45 +68,11 @@ Changes to the `openshift.bundle.yaml` file can cause unexpected results.
 DO NOT modify or delete the StatefulSet created during the deployment process. Doing so could destroy your Redis Enterprise cluster (REC).
     {{</warning>}}
 
-## Install security context constraint
+## Security context constraints
 
-The Redis Enterprise pods must run in OpenShift with privileges set in a [Security Context Constraint](https://docs.openshift.com/container-platform/4.4/authentication/managing-security-context-constraints.html#security-context-constraints-about_configuring-internal-oauth). This grants the pod various rights, such as the ability to change system limits or run as a particular user.
+Upgrades to versions 7.22.0-6 and later run in **unprivileged mode** without any additional permissions or capabilities. If you don't specifally require additional capabilities, we recommend you maintain the default unprivileged mode, as its more secure. After upgrading, remove the existing `redis-enterprise-scc-v2` SCC and unbind it from the REC service account.
 
-1. Apply the file `scc.yaml` file.
-
-   {{<warning>}}
-Do not edit this file.
-    {{</warning>}}
-
-    ```sh
-    oc apply -f openshift/scc.yaml
-    ```
-
-    You should receive the following response:
-
-    ```sh
-    securitycontextconstraints.security.openshift.io "redis-enterprise-scc-v2" configured
-    ```
-
-    Releases before 6.4.2-6 use the earlier version of the SCC, named `redis-enterprise-scc`.
-
-1. Provide the operator permissions for the pods.
-
-    ```sh
-    oc adm policy add-scc-to-user redis-enterprise-scc-v2 \
-      system:serviceaccount:<my-project>:<rec>
-    ```
-
-    {{<note>}}
-If you are using version 6.2.18-41 or earlier, add additional permissions for your cluster.
-
-```sh
-oc adm policy add-scc-to-user redis-enterprise-scc \
-system:serviceaccount:<my-project>:redis-enterprise-operator
-```
-{{</note>}}
-
-  You can check the name of your project using the `oc project` command. To replace the project name, use `oc edit project myproject`. Replace `rec` with the name of your Redis Enterprise cluster, if different.
+To enable privileged mode, see [Enable privileged mode > OpenShift upgrades]({{<relref "/operate/kubernetes/security/enable-privileged-mode#new-openshift-installations">}}).
 
 ## Create a Redis Enterprise cluster custom resource
 

content/operate/kubernetes/deployment/openshift/openshift-operatorhub.md

@@ -43,39 +43,11 @@ To see which version of Redis Enterprise for Kubernetes supports your OpenShift
 
 {{<warning>}}DO NOT modify or delete the StatefulSet created during the deployment process. Doing so could destroy your Redis Enterprise cluster (REC).{{</warning>}}
 
-## Install security context constraint
+## Security context constraints
 
-The Redis Enterprise pods must run in OpenShift with privileges set in a [Security Context Constraint](https://docs.openshift.com/container-platform/4.4/authentication/managing-security-context-constraints.html#security-context-constraints-about_configuring-internal-oauth). This grants the pod various rights, such as the ability to change system limits or run as a particular user.
+Upgrades to versions 7.22.0-6 and later run in **unprivileged mode** without any additional permissions or capabilities. If you don't specifally require additional capabilities, we recommend you maintain the default unprivileged mode, as its more secure. After upgrading, remove the existing `redis-enterprise-scc-v2` SCC and unbind it from the REC service account.
 
-{{<warning>}}
- Before creating any clusters, install the security context constraint (SCC) for the operator in [scc.yaml](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/openshift/scc.yaml).
-{{</warning>}}
-
-You only need to install the SCC once, but you must not delete it.
-
-1. Select the project you'll be using or create a new project.
-
-1. Download [`scc.yaml`](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/openshift/scc.yaml).
-
-1. Apply the file to install the security context constraint.
-
-  ```sh
-  oc apply -f scc.yaml
-  ```
-
-After the install, the OperatorHub automatically uses the constraint for Redis Enterprise node pods.
-
-{{< note >}}
-If you are using the recommended RedisEnterpriseCluster name of `rec`, the SCC is automatically bound to the RedisEnterpriseCluster after install.
-
-If you choose a different name for the RedisEnterpriseCluster, or override the default service account name, you must manually bind the SCC to the RedisEnterpriseCluster’s service account:
-
-  ```sh
-  oc adm policy add-scc-to-user redis-enterprise-scc-v2 \
-  system:serviceaccount:<my-project>:<rec-service-account-name>
-  ```
-
-{{< /note >}}
+To enable privileged mode, see [Enable privileged mode > OpenShift upgrades]({{<relref "/operate/kubernetes/security/enable-privileged-mode#new-openshift-installations">}}).
 
 ## Create Redis Enterprise custom resources
 

content/operate/kubernetes/upgrade/openshift-cli.md

@@ -128,22 +128,13 @@ redis-enterprise-operator   1/1     1            1           0m36s
  We recommend upgrading the REC as soon as possible after updating the operator. After the operator upgrade completes, the operator suspends the management of the REC and its associated REDBs, until the REC upgrade completes.
  {{< /warning >}}
 
-### Reapply the SCC
+## Security context constraints
 
-If you are using OpenShift, you will also need to manually reapply the [security context constraints](https://docs.openshift.com/container-platform/4.8/authentication/managing-security-context-constraints.html) file ([`scc.yaml`]({{< relref "/operate/kubernetes/deployment/openshift/openshift-cli#deploy-the-operator" >}})) and bind it to your service account.
+Upgrades to versions 7.22.0-6 and later run in **unprivileged mode** without any additional permissions or capabilities. If you don't specifally require additional capabilities, we recommend you maintain the default unprivileged mode, as its more secure. After upgrading, remove the existing `redis-enterprise-scc-v2` SCC and unbind it from the REC service account.
 
-```sh
-oc apply -f openshift/scc.yaml
-```
-
-```sh
-oc adm policy add-scc-to-user redis-enterprise-scc-v2 \
-  system:serviceaccount:<my-project>:<rec-name>
-```
-
-If you are upgrading from operator version 6.4.2-6 or before, see the ["after upgrading"](#after-upgrading) section to delete the old SCC and role binding after all clusters are running 6.4.2-6 or later.
+To enable privileged mode, see [Enable privileged mode > OpenShift upgrades]({{<relref "/operate/kubernetes/security/enable-privileged-mode#openshift-upgrades">}}).
 
-## Upgrade the Redis Enterprise Cluster 
+## Upgrade the Redis Enterprise cluster
 
 {{<warning>}}
 Verify your license is valid before upgrading. Invalid licenses will cause the upgrade to fail.

content/operate/kubernetes/upgrade/upgrade-olm.md

@@ -73,20 +73,13 @@ Use `kubectl get rec` and verify the `LICENSE STATE` is valid on your REC before
 
 You can monitor the upgrade from the **Installed Operators** page. A new Redis Enterprise Operator will appear in the list, with the status "Installing". OpenShift will delete the old operator, showing the "Cannot update" status during deletion.
 
-## Reapply the SCC
+## Security context constraints
 
-If you are using OpenShift, you must manually reappply the [security context constraints (SCC)](https://docs.openshift.com/container-platform/4.8/authentication/managing-security-context-constraints.html) file ([`scc.yaml`]({{< relref "/operate/kubernetes/deployment/openshift/openshift-cli#deploy-the-operator" >}})) and bind it to your service account.
+Upgrades to versions 7.22.0-6 and later run in **unprivileged mode** without any additional permissions or capabilities. If you don't specifally require additional capabilities, we recommend you maintain the default unprivileged mode, as its more secure. After upgrading, remove the existing `redis-enterprise-scc-v2` SCC and unbind it from the REC service account.
 
-```sh
-oc apply -f openshift/scc.yaml
-```
-
-```sh
-oc adm policy add-scc-to-user redis-enterprise-scc-v2 \
-  system:serviceaccount:<my-project>:<rec-name>
-```
+To enable privileged mode, see [Enable privileged mode > OpenShift upgrades]({{<relref "/operate/kubernetes/security/enable-privileged-mode#openshift-upgrades">}}).
 
-## Upgrade the Redis Enterprise Cluster 
+## Upgrade the Redis Enterprise cluster
 
 {{<warning>}}
 Verify your license is valid before upgrading. Invalid licenses will cause the upgrade to fail.