Merge pull request #3686 from jtravee/project-secret

Documented workaround to create project-level secret

content/rancher/v2.6/en/cluster-admin/projects-and-namespaces/_index.md

@@ -8,6 +8,8 @@ A namespace is a Kubernetes concept that allows a virtual cluster within a clust
 
 A project is a group of namespaces, and it is a concept introduced by Rancher. Projects allow you to manage multiple namespaces as a group and perform Kubernetes operations in them. You can use projects to support multi-tenancy, so that a team can access a project within a cluster without having access to other projects in the same cluster.
 
+>**Note:** As of Rancher v2.6, projects are de-emphasized on the UI because it is no longer required to create any Kubernetes resources within a project scope. However, resources such as [Secrets]({{<baseurl>}}/rancher/v2.6/en/k8s-in-rancher/secrets/#creating-secrets-in-projects) can still be created in a project scope if the legacy feature flag is enabled.
+
 This section describes how projects and namespaces work with Rancher. It covers the following topics:
 
 - [About namespaces](#about-namespaces)

content/rancher/v2.6/en/k8s-in-rancher/registries/_index.md

@@ -14,13 +14,13 @@ Deployments use the Kubernetes registry secret to authenticate with a private Do
 
 Currently, deployments pull the private registry credentials automatically only if the workload is created in the Rancher UI and not when it is created via kubectl.
 
-# Creating a Registry
+# Creating a Registry in Namespaces
 
 >**Prerequisites:** You must have a [private registry](https://docs.docker.com/registry/deploying/) available to use.
 
 1. In the upper left corner, click **☰ > Cluster Management**.
 1. Go to the cluster where you want to add a registry and click **Explore**.
-1. In the left navigation lick **More Resources > Core > Secrets**.
+1. In the left navigation, click either **Storage > Secrets** or **More Resources > Core > Secrets**. 
 1. Click **Create**.
 1. Click **Registry**.
 1. Enter a **Name** for the registry.
@@ -28,17 +28,46 @@ Currently, deployments pull the private registry credentials automatically only
     >**Note:** Kubernetes classifies secrets, certificates, and registries all as [secrets](https://kubernetes.io/docs/concepts/configuration/secret/), and no two secrets in a project or namespace can have duplicate names. Therefore, to prevent conflicts, your registry must have a unique name among all secrets within your workspace.
 
 1. Select a namespace for the registry.
-
 1. Select the website that hosts your private registry. Then enter credentials that authenticate with the registry. For example, if you use DockerHub, provide your DockerHub username and password.
-
 1. Click **Save**.
 
 **Result:** 
 
 - Your secret is added to the namespace you chose.
-- You can view the secret in the Rancher UI from the **Resources > Registries** view.
+- You can view the secret in the Rancher UI by clicking either **Storage > Secrets** or **More Resources > Core > Secrets**. 
 - Any workload that you create in the Rancher UI will have the credentials to access the registry if the workload is within the registry's scope.
 
+# Creating a Registry in Projects
+
+>**Prerequisites:** You must have a [private registry](https://docs.docker.com/registry/deploying/) available to use.
+
+Before v2.6, secrets were required to be in a project scope. Projects are no longer required, and you may use the namespace scope instead. As a result, the Rancher UI was updated to reflect this new functionality. However, you may still create a project-scoped registry if desired. Use the following steps to do so:
+
+1. In the upper left corner, click **☰ > Global Settings** in the dropdown.
+1. Click **Feature Flags**.
+1. Go to the `legacy` feature flag and click **Activate**.
+1. In the upper left corner, click **☰ > Cluster Management**.
+1. Go to the cluster where you want to add a registry and click **Explore**.
+1. In the left navigation, click either **Storage > Secrets** or **More Resources > Core > Secrets**. 
+1. Click **Create**.
+1. Click **Registry**.
+1. In the top navigation bar, filter to see only one project.
+1. Enter a **Name** for the registry.
+
+    >**Note:** Kubernetes classifies secrets, certificates, and registries all as [secrets](https://kubernetes.io/docs/concepts/configuration/secret/), and no two secrets in a project or namespace can have duplicate names. Therefore, to prevent conflicts, your registry must have a unique name among all secrets within your workspace.
+
+1. Select a namespace for the registry.
+1. Select the website that hosts your private registry. Then enter credentials that authenticate with the registry. For example, if you use DockerHub, provide your DockerHub username and password.
+1. Click **Save**.
+
+**Result:** 
+
+- Your secret is added to the individual project you chose.
+- You can view the secret in the Rancher UI by clicking either **Storage > Secrets** or **More Resources > Core > Secrets**.
+- Any workload that you create in the Rancher UI will have the credentials to access the registry if the workload is within the registry's scope.
+
+>**Note:** Project-scoped registries on the local cluster are only visible when a single project is selected.
+
 # Using a Private Registry
 
 You can deploy a workload with an image from a private registry through the Rancher UI, or with `kubectl`.

content/rancher/v2.6/en/k8s-in-rancher/secrets/_index.md

@@ -11,7 +11,7 @@ When configuring a workload, you'll be able to choose which secrets to include.
 
 Mounted secrets will be updated automatically unless they are mounted as subpath volumes. For details on how updated secrets are propagated, refer to the [Kubernetes documentation.](https://kubernetes.io/docs/concepts/configuration/secret/#mounted-secrets-are-updated-automatically)
 
-# Creating Secrets
+# Creating Secrets in Namespaces
 
 1. In the upper left corner, click **☰ > Cluster Management**.
 1. Go to the cluster where you want to add a secret and click **Explore**.
@@ -35,6 +35,25 @@ Mounted secrets will be updated automatically unless they are mounted as subpath
 
 Mounted secrets will be updated automatically unless they are mounted as subpath volumes. For details on how updated secrets are propagated, refer to the [Kubernetes documentation.](https://kubernetes.io/docs/concepts/configuration/secret/#mounted-secrets-are-updated-automatically)
 
+
+# Creating Secrets in Projects
+
+Before v2.6, secrets were required to be in a project scope. Projects are no longer required, and you may use the namespace scope instead. As a result, the Rancher UI was updated to reflect this new functionality. However, you may still create project-scoped secrets if desired. Note that you have to first enable the `legacy` feature flag and look at a single project to do so. Use the following steps to set up your project-level secret:
+
+1. In the upper left corner, click **☰ > Global Settings** in the dropdown.
+1. Click **Feature Flags**.
+1. Go to the `legacy` feature flag and click **Activate**.
+1. In the upper left corner, click **☰ > Cluster Management** in the dropdown.
+1. Go to the cluster that you created and click **Explore.**
+1. Click **Legacy > Projects**.
+1. In the top navigation bar, filter to see only one project.
+1. In the left navigation bar, click **Secrets**.
+1. Click **Add Secret**.
+
+**Result:** Your secret is added to the individual project you chose. You can view the secret in the Rancher UI by clicking either **Storage > Secrets** or **More Resources > Core > Secrets**. 
+
+>**Note:** Project-scoped secrets on the local cluster are only visible when a single project is selected.
+
 # What's Next?
 
 Now that you have a secret added to a namespace, you can add it to a workload that you deploy.