Skip to content

docs: warn against deploying to the default namespace#60

Merged
alexeykazakov merged 2 commits intocodeready-toolchain:masterfrom
alexeykazakov:docs/warn-default-namespace
Apr 16, 2026
Merged

docs: warn against deploying to the default namespace#60
alexeykazakov merged 2 commits intocodeready-toolchain:masterfrom
alexeykazakov:docs/warn-default-namespace

Conversation

@alexeykazakov
Copy link
Copy Markdown
Contributor

@alexeykazakov alexeykazakov commented Apr 16, 2026
edited
Loading

  • Add note in Quick Start explaining that the default namespace on OpenShift uses a different SCC assignment that may skip runAsUser injection, causing runAsNonRoot verification failures for images with non-numeric USER directives

  • Rename the default my-claw-namespace NS to my-claw NS

Summary by CodeRabbit

  • Documentation
    • Added guidance for OpenShift users regarding namespace configuration best practices. Documentation now warns against using the default namespace and recommends creating a dedicated namespace to prevent security context constraint complications and ensure proper handling of container specifications and runtime verification.

@alexeykazakov
docs: warn against deploying to the default namespace
c192a1b 
- Add note in Quick Start explaining that the default namespace on
  OpenShift uses a different SCC assignment that may skip runAsUser
  injection, causing runAsNonRoot verification failures for images
  with non-numeric USER directives

Signed-off-by: Alexey Kazakov <alkazako@redhat.com>
Made-with: Cursor
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 16, 2026
edited
Loading

Walkthrough

Updated README to introduce NS as a reusable variable across commands, added an OpenShift-specific warning about avoiding the default namespace due to SCC/runAsUser behavior, and changed the Makefile default NS from my-claw-namespace to my-claw.

Changes

Cohort / File(s) Summary
Documentation
README.md		 Introduced reusable NS usage in setup instructions and added an OpenShift warning advising against using the default namespace because SCC may not inject numeric runAsUser, causing runAsNonRoot verification failures for images with non-numeric USER values.
Makefile
Makefile		 Changed default namespace variable from NS ?= my-claw-namespace to NS ?= my-claw, affecting targets that use $(NS) unless overridden on the command line.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately reflects the main change in the pull request - adding a warning against using the default namespace in the README documentation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

xcoulon
xcoulon approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@xcoulon xcoulon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks!

@alexeykazakov alexeykazakov merged commit a2410e4 into codeready-toolchain:master Apr 16, 2026
4 checks passed
@alexeykazakov alexeykazakov deleted the docs/warn-default-namespace branch April 16, 2026 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xcoulon xcoulon xcoulon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexeykazakov @xcoulon