From a54ee4f6c2dea86c3ca682042168c587ecbf8daf Mon Sep 17 00:00:00 2001
From: Balakoteswara Panchakshari <b.panchakshari@f5.com>
Date: Thu, 20 Feb 2025 21:47:48 +0530
Subject: [PATCH 1/2] fix: correcting the SCC link

---
 content/nim/deploy/kubernetes/deploy-using-helm.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/nim/deploy/kubernetes/deploy-using-helm.md b/content/nim/deploy/kubernetes/deploy-using-helm.md
index 7a0de5a95..6ab997c34 100644
--- a/content/nim/deploy/kubernetes/deploy-using-helm.md
+++ b/content/nim/deploy/kubernetes/deploy-using-helm.md
@@ -184,11 +184,11 @@ openshift:
 
 ### How OpenShift handles security constraints
 
-When `openshift.enabled: true` is set in the `values.yaml` file, the NGINX Instance Manager deployment automatically creates a **custom Security Context Constraint (SCC)** and links it to the Service Account used by all pods.  
+When `openshift.enabled: true` is set in the `values.yaml` file, the NGINX Instance Manager deployment automatically creates a **custom [Security Context Constraints](https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/authentication_and_authorization/managing-pod-security-policies) (SCCs)** and links it to the Service Account used by all pods.  
 
 By default, OpenShift enforces strict security policies that require containers to run as **non-root** users. The NGINX Instance Manager deployment needs specific user IDs (UIDs) for certain services, such as **1000** for `nms` and **101** for `nginx` and `clickhouse`. Since the default SCCs do not allow these UIDs, a **custom SCC** is created. This ensures that the deployment can run with the necessary permissions while maintaining OpenShift’s security standards. The custom SCC allows these UIDs by setting the `runAsUser` field, which controls which users can run containers.  
 
-{{< note >}} If you’re encountering errors with the custom [Security Context Constraints](https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/authentication_and_authorization/managing-pod-security-policies), you may not have permissions to access the Security Context Constraints resource. Please contact a Cluster Administrator to request access, either through a cluster role binding or by adjusting your user role. {{< /note >}}
+{{< note >}} If you’re encountering errors with the custom SCC, you may not have permissions to access the Security Context Constraints resource. Please contact a Cluster Administrator to request access, either through a cluster role binding or by adjusting your user role. {{< /note >}}
 
 To verify that the custom SCC has been created, after installing the helm chart, run:
 

From 97809dc0d2f5a2b1728b6f9c870a8c7884f322e2 Mon Sep 17 00:00:00 2001
From: Balakoteswara Panchakshari <b.panchakshari@f5.com>
Date: Thu, 20 Feb 2025 22:14:50 +0530
Subject: [PATCH 2/2] fix: added a note for OpenShift version

---
 content/nim/deploy/kubernetes/deploy-using-helm.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/nim/deploy/kubernetes/deploy-using-helm.md b/content/nim/deploy/kubernetes/deploy-using-helm.md
index 6ab997c34..585c7d28e 100644
--- a/content/nim/deploy/kubernetes/deploy-using-helm.md
+++ b/content/nim/deploy/kubernetes/deploy-using-helm.md
@@ -182,6 +182,8 @@ openshift:
   enabled: true
 ```
 
+{{< note >}} The NIM deployment on OpenShift has been tested with OpenShift v4.13.0 Server. {{< /note >}}
+
 ### How OpenShift handles security constraints
 
 When `openshift.enabled: true` is set in the `values.yaml` file, the NGINX Instance Manager deployment automatically creates a **custom [Security Context Constraints](https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/authentication_and_authorization/managing-pod-security-policies) (SCCs)** and links it to the Service Account used by all pods.