Rewrite OpenShift deployment guide for 4.7.0

[Saadha123]

Purpose

Complete rewrite of the OpenShift deployment overview:

[coderabbitai]

📝 Walkthrough

OpenShift Deployment Documentation Rewrite

This pull request fully rewrites the OpenShift deployment overview for WSO2 API Manager, reorganizing content into a Helm-based Quick Start plus Advanced Configuration and Troubleshooting sections tailored for OpenShift.

Key Changes

• Adds a step-by-step Quick Start covering required tools, OpenShift login and namespace creation, Helm repo setup, building and pushing an OpenShift-compatible image (with GID 0 group-write guidance and platform-specific build notes), obtaining image digest, optional external database setup, creating the required keystore secret, deploying the All-in-One release with a default OpenShift values file, generating/setting the mandatory encryption key, verifying readiness and Routes, and listing portal URLs.
• Introduces explicit guidance on OpenShift’s UID/GID behavior and image preparation requirements (group-write permissions with root group ownership) plus keystore secret prerequisites.
• Replaces the prior Advanced Configuration content with reusable OpenShift securityContext blocks for values files and guidance for distributed deployments (per-component OpenShift-compatible images, shared encryption key, and deployment order with helm install commands).
• Revises Troubleshooting to focus on common operational issues (permission denied, image pull errors, volume/fsGroup permissions, and network/communication) with concrete oc commands and an example permissive NetworkPolicy.

Scope

• File modified: en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md
• Lines changed: +445 / -434

Impact

• Documentation-only change; no code or exported/public API changes.
• Aims to improve clarity and correctness for deploying WSO2 API Manager on OpenShift, particularly around image preparation, security context configuration, and practical deployment steps.

Walkthrough

This pull request substantially reorganizes the OpenShift deployment documentation for WSO2 API Manager. The content shifts from a generic prerequisites-and-steps layout to a structure emphasizing OpenShift's security model and Helm-based deployment. The new introduction explains UID/GID randomization, image preparation requirements (GID 0 group-write with root ownership), and Route-based routing. A comprehensive Quick Start section replaces prior deployment guidance, detailing tool installation, image building with architecture-specific platform handling, keystore secret creation, values file customization, and verification workflows. Advanced Configuration provides reusable OpenShift securityContext blocks. A new Distributed Deployments section outlines multi-component patterns with concrete examples. Troubleshooting narrows to OpenShift-specific operational issues with specific oc commands and NetworkPolicy examples.

Suggested reviewers

• chamilaadhi
• tharikaGitHub
• Krishanx92

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description provides only the Purpose section with minimal detail. All other required sections (Goals, Approach, User Stories, Release Notes, Documentation, Training, Certification, Marketing, Testing, Security, Samples, Related PRs, Migrations, Test Environment, Learning) are missing or incomplete.	Complete the pull request description by filling in the remaining required template sections, particularly Goals, Approach, Release Notes, and Documentation sections to explain the rationale and impact of the rewrite.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: a rewrite of the OpenShift deployment guide documentation for version 4.7.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md (1)

100-102: 💤 Low value

Consider using GID 0 for JDBC driver consistency.

The ADD command uses --chown=wso2carbon:wso2, which sets the group to wso2 instead of the root group (GID 0). While JDBC drivers are typically read-only and this may work, using --chown=wso2carbon:0 would align with the GID 0 pattern explained earlier and ensure the file is always accessible when OpenShift assigns an arbitrary UID.

♻️ Suggested change for consistency

-        ADD --chown=wso2carbon:wso2 \
+        ADD --chown=wso2carbon:0 \
           https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.28/mysql-connector-java-8.0.28.jar \
           ${WSO2_SERVER_HOME}/repository/components/lib/

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`
around lines 100 - 102, Update the Dockerfile ADD instruction that currently
reads ADD --chown=wso2carbon:wso2 ... to use GID 0 for consistency with
OpenShift's arbitrary UIDs; change the group portion to 0 (i.e.,
--chown=wso2carbon:0) so the JDBC driver file added by the ADD command
(mysql-connector-java-8.0.28.jar) is owned by user wso2carbon and group GID 0.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`:
- Around line 100-102: Update the Dockerfile ADD instruction that currently
reads ADD --chown=wso2carbon:wso2 ... to use GID 0 for consistency with
OpenShift's arbitrary UIDs; change the group portion to 0 (i.e.,
--chown=wso2carbon:0) so the JDBC driver file added by the ADD command
(mysql-connector-java-8.0.28.jar) is owned by user wso2carbon and group GID 0.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d6e3f84b-1512-48b5-9282-d020f71e580f

📥 Commits

Reviewing files that changed from the base of the PR and between 08582df and db3e3c6.

📒 Files selected for processing (1)

• en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md (1)

108-110: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix Buildx push flow and digest retrieval to match registry output

• The current docker buildx build (no --push/--load) + separate docker push can fail because the build isn’t exported to the local Docker image store or the registry.
• The current docker inspect ... .RepoDigests is not aligned with Buildx/registry-based outputs; fetch the digest directly from the registry via docker buildx imagetools inspect.

Proposed documentation update

-    docker buildx build --platform linux/amd64 -t <REGISTRY>/wso2am-ocp:<TAG> .
-    docker push <REGISTRY>/wso2am-ocp:<TAG>
+    docker buildx build --platform linux/amd64 -t <REGISTRY>/wso2am-ocp:<TAG> \
+      --push .

-    docker inspect <REGISTRY>/wso2am-ocp:<TAG> \
-      --format='{% raw %}{{index .RepoDigests 0}}{% endraw %}'
+    docker buildx imagetools inspect <REGISTRY>/wso2am-ocp:<TAG> \
+      --format '{% raw %}{{.Manifest.Digest}}{% endraw %}'

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`
around lines 108 - 110, The build/push/digest steps are incorrect for buildx:
change the two-step "docker buildx build" + "docker push" flow to a single
buildx invocation that exports to the registry (use "docker buildx build
--platform linux/amd64 --push -t <REGISTRY>/wso2am-ocp:<TAG> .") and remove the
separate "docker push"; then replace the "docker inspect ... .RepoDigests"
digest retrieval with a registry-aware lookup using "docker buildx imagetools
inspect <REGISTRY>/wso2am-ocp:<TAG>" to read the digest from the registry
output. Ensure these changes are applied where the build/push commands and
digest inspection are described.

♻️ Duplicate comments (1)

en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md (1)

46-50: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Prefer interactive password input for oc login (Username / Password)
The example oc login <API_SERVER_URL> -u <USERNAME> -p <PASSWORD> passes a password via CLI flags; switch to an interactive prompt by omitting -p so oc prompts for the password.

Proposed documentation update

-        oc login <API_SERVER_URL> -u <USERNAME> -p <PASSWORD>
+        oc login <API_SERVER_URL> -u <USERNAME>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`
around lines 46 - 50, The example uses `oc login <API_SERVER_URL> -u <USERNAME>
-p <PASSWORD>` which passes the password on the command line; update the
documentation to show `oc login <API_SERVER_URL> -u <USERNAME>` (omit the `-p`
flag) so `oc login` prompts interactively for the password, and mention that
this avoids exposing credentials in shell history or process lists.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`:
- Around line 108-110: The build/push/digest steps are incorrect for buildx:
change the two-step "docker buildx build" + "docker push" flow to a single
buildx invocation that exports to the registry (use "docker buildx build
--platform linux/amd64 --push -t <REGISTRY>/wso2am-ocp:<TAG> .") and remove the
separate "docker push"; then replace the "docker inspect ... .RepoDigests"
digest retrieval with a registry-aware lookup using "docker buildx imagetools
inspect <REGISTRY>/wso2am-ocp:<TAG>" to read the digest from the registry
output. Ensure these changes are applied where the build/push commands and
digest inspection are described.

---

Duplicate comments:
In
`@en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md`:
- Around line 46-50: The example uses `oc login <API_SERVER_URL> -u <USERNAME>
-p <PASSWORD>` which passes the password on the command line; update the
documentation to show `oc login <API_SERVER_URL> -u <USERNAME>` (omit the `-p`
flag) so `oc login` prompts interactively for the password, and mention that
this avoids exposing credentials in shell history or process lists.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cefb03cb-93ec-4c83-a018-1d5cb457be7f

📥 Commits

Reviewing files that changed from the base of the PR and between db3e3c6 and 8f52754.

📒 Files selected for processing (1)

• en/docs/install-and-setup/setup/kubernetes-deployment/openshift/openshift-deployment-overview.md