fix: Update security best practices doc

Signed-off-by: dkwon17 <[email protected]>
eclipse-che · Jan 20, 2025 · 9e1336b · 9e1336b
1 parent 6232c8a
commit 9e1336b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/modules/overview/examples/snip_che-curated-access.adoc b/modules/overview/examples/snip_che-curated-access.adoc
@@ -1,4 +1,4 @@
 With this setup, you achieve a curated access to {prod-short},
 where cluster administrators control provisioning for each user
 and can explicitly configure various settings including resource limits and quotas.
-Learn more about project provisioning in the link:https://eclipse.dev/che/docs/stable/administration-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/#mounting-a-secret-or-a-configmap-as-an-environment-variable-into-a-container[product documentation].
+Learn more about project provisioning in the xref:administration-guide:provisioning-namespaces-in-advance.adoc[product documentation].
diff --git a/modules/overview/pages/security-best-practices.adoc b/modules/overview/pages/security-best-practices.adoc
@@ -60,10 +60,10 @@ All resources and actions you can grant users permission to use in their {namesp
 |"get", "list", "create"
 
 |configmaps
-|“get", "list", "create", "update", "patch", "delete"
+|"get", "list", "create", "update", "patch", "delete"
 
 |events
-|“watch”
+|"list", "watch"
 
 |secrets
 |"get", "list", "create", "update", "patch", "delete"
@@ -72,10 +72,10 @@ All resources and actions you can grant users permission to use in their {namesp
 |"get", "list", "create", "delete", "update", "patch"
 
 |routes
-|”get", "list", "create", "delete"
+|"get", "list", "create", "delete"
 
 |persistentvolumeclaims
-|“get", "list", "watch", "create", "delete", "update", "patch"
+|"get", "list", "watch", "create", "delete", "update", "patch"
 
 |apps/deployments
 |"get", "list", "watch", "create", "patch", "delete"
@@ -87,7 +87,7 @@ All resources and actions you can grant users permission to use in their {namesp
 |"get", "list"
 
 |projects
-|“get”
+|"get"
 
 |devworkspace
 |"get", "create", "delete", "list", "update", "patch", "watch"
@@ -215,8 +215,8 @@ spec:
 
 .Resource Quotas and Limit Ranges
 
-Resource Quotas and Limit Ranges are {kubernetes} features you can use to help prevent bad actors or resource abuse within a cluster.
-They help in controlling and managing resource consumption by pods and containers.
+Resource Quotas and Limit Ranges are {kubernetes} features you can use to help prevent bad actors and resource abuse within a cluster.
+Specifically, they allow you to set resource consumption constraints for pods and containers.
 By combining Resource Quotas and Limit Ranges,
 you can enforce project-specific policies to prevent bad actors from consuming excessive resources.
 
@@ -227,8 +227,7 @@ More details about link:https://docs.openshift.com/container-platform/4.14/appli
 
 An air-gapped OpenShift disconnected cluster refers to an OpenShift cluster
 isolated from the internet or any external network.
-This isolation is often done for security reasons,
-to protect sensitive or critical systems from potential cyber threats.
+This isolation is often done for security reasons to protect sensitive or critical systems from potential cyber threats.
 In an air-gapped environment,
 the cluster cannot access external repositories or registries to download container images, updates, or dependencies.
 
@@ -239,7 +238,7 @@ include::example$snip_che-installation-instructions.adoc[]
 
 By default, {prod}
 includes the embedded Open VSX registry
-which contains a limited set of extensions used by Microsoft Visual Studio Code -
+which contains a limited set of extensions for the Microsoft Visual Studio Code -
 Open Source editor.
 Alternatively, cluster administrators can specify a different plugin registry in the Custom Resource, e.g.
 https://open-vsx.org that contains thousands of extensions.