Skip to content

Document SDK read-only mode (v1.19.0)#3928

Merged
alicenstar merged 6 commits intomainfrom
docs/sdk-read-only-mode
Apr 3, 2026
Merged

Document SDK read-only mode (v1.19.0)#3928
alicenstar merged 6 commits intomainfrom
docs/sdk-read-only-mode

Conversation

@alicenstar
Copy link
Copy Markdown
Member

@alicenstar alicenstar commented Apr 2, 2026
edited
Loading

Summary

  • Adds a new "Enable read-only mode" section to the SDK customization docs explaining the readOnlyMode Helm value, its effects on RBAC, secret writes, and API behavior
  • Adds :::note callouts to the 5 affected write endpoints in the SDK API reference documenting the 422 response in read-only mode
  • Adds readOnlyMode to the SDK Helm values example partial
  • Adds 1.19.0 release notes entry for the new feature

@alicenstar
Add documentation for SDK read-only mode (v1.19.0)
d9738e5 
Document the new readOnlyMode Helm value that prevents the SDK from
writing Kubernetes secrets at runtime, reduces RBAC to read-only
permissions, and returns 422 on write API endpoints.
@alicenstar alicenstar requested a review from a team as a code owner April 2, 2026 18:21
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 2, 2026
edited
Loading

Deploy Preview for replicated-docs ready!

Name Link
🔨 Latest commit 4e47e0b
🔍 Latest deploy log https://app.netlify.com/projects/replicated-docs/deploys/69cff6066a77a400088d04a5
😎 Deploy Preview https://deploy-preview-3928--replicated-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify bot commented Apr 2, 2026
edited
Loading

Deploy Preview for replicated-docs-upgrade ready!

Name Link
🔨 Latest commit 4e47e0b
🔍 Latest deploy log https://app.netlify.com/projects/replicated-docs-upgrade/deploys/69cff6061d10a30008304c18
😎 Deploy Preview https://deploy-preview-3928--replicated-docs-upgrade.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@replicated-ci replicated-ci added type::docs Improvements or additions to documentation type::feature labels Apr 2, 2026
github-actions[bot]
github-actions bot reviewed Apr 2, 2026
View reviewed changes
@alicenstar
Fix passive voice flagged by Vale linter
ebf353d 
Rewrite sentences to use active voice in the read-only mode
documentation section.
@AmberAlston
Copy link
Copy Markdown
Member

AmberAlston commented Apr 2, 2026
edited
Loading

Thanks @alicenstar !

I'll defer to @paigecalvert on this one, but I think Read Only mode content should be up in the "Customize RBAC for the SDK" section as it is essentially a fourth method. The requesting vendor even called in "even more minimal rbac" when describing it

For the behavior in read-only mode, I think we need to be clearer what impact that actually has on the product experience.

  • Support metada - You are not able to use the option to write enrichment data to the SDK API that would have been included in a generated support bundle
  • Instance and custom app metrics - be more clear that this is only for air gap, because it's only in airgap that these are written to and stored in a secret. Readers won't naturally put that together even with online being the next bullet
  • that next bullet - "However, the SDK treats sync failures as non-fatal and does not return errors." do we really need that? if so it feels like it needs more of a "so what should i do about that?" which is the vendor's next question when they read that
  • 422 error note - similar feedback on what does that actually mean for me? Make it clearer that it means I can't add tags to my instance programatically because those rely on a secret. Also the list is a bit confusing as-is, probably because it's not clear in our docs now which API actions relying on writing to secrets or not

@paigecalvert
Copy link
Copy Markdown
Contributor

paigecalvert commented Apr 3, 2026
edited
Loading

Thanks @alicenstar !

I'll defer to @paigecalvert on this one, but I think Read Only mode content should be up in the "Customize RBAC for the SDK" section as it is essentially a fourth method. The requesting vendor even called in "even more minimal rbac" when describing it

I had the same thought :) @alicenstar I think a single section named "Read-only mode" just after "Minimal RBAC" would work.
Also, if you want to just focus on addressing Amber's clarity questions, I can do a pass after you for the formatting/organization things.

@alicenstar
Address review feedback: move read-only mode into RBAC section, clari…
ec018aa 
…fy impact

- Move read-only mode from standalone section to h3 under "Customize
  RBAC for the SDK", after Minimal RBAC
- Rewrite behavior bullets to explain practical vendor impact
- Clarify air gap vs online distinction for custom metrics
- Explain that POST/PATCH custom-metrics still work, only DELETE is 422
- Drop vague "non-fatal sync failures" sentence
github-actions[bot]
github-actions bot reviewed Apr 3, 2026
View reviewed changes
@alicenstar
Fix Vale linter: shorten sentence, replace 'via' with 'through'
fd1ec55
@alicenstar
Remove redundant read-only mode notes from API reference
86592c2 
The read-only mode impact is documented comprehensively in the
customizing page. These per-endpoint notes were redundant.
@alicenstar
Copy link
Copy Markdown
Member Author

alicenstar commented Apr 3, 2026

@paigecalvert Ready for re-review here!

github-actions[bot]
github-actions bot reviewed Apr 3, 2026
View reviewed changes
docs/vendor/replicated-sdk-customizing.mdx
## Customize RBAC for the SDK

This section describes role-based access control (RBAC) for the Replicated SDK, including the default RBAC, minimal RBAC, and how to install the SDK with custom RBAC.
This section describes role-based access control (RBAC) for the Replicated SDK, including the default RBAC, minimal RBAC, read-only mode, and how to install the SDK with custom RBAC.
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [vale] reported by reviewdog 🐶
[Replicated.SentenceLength] Try to keep your sentence length to 26 words or fewer.

@alicenstar alicenstar merged commit 912bbca into main Apr 3, 2026
5 checks passed
@alicenstar alicenstar deleted the docs/sdk-read-only-mode branch April 3, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@paigecalvert paigecalvert paigecalvert approved these changes

@AmberAlston AmberAlston Awaiting requested review from AmberAlston

Assignees

No one assigned

Labels

type::docs Improvements or additions to documentation type::feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alicenstar @AmberAlston @paigecalvert @replicated-ci