OCPBUGS-27426:Add admin groups info to NetObserv

Author: skrthomas

logging/log_storage/cluster-logging-loki.adoc

@@ -39,7 +39,8 @@ ifdef::openshift-enterprise[]
 * xref:../../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc#nodes-scheduler-pod-topology-spread-constraints-configuring[Controlling pod placement by using pod topology spread constraints]
 endif::[]
 
-include::modules/logging-loki-log-access.adoc[leveloffset=+1]
+include::modules/logging-loki-log-access.adoc[leveloffset=+1,tag=ForLoki]
+
 
 [role="_additional-resources"]
 .Additional resources

modules/logging-creating-new-group-cluster-admin-user-role.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 
-//  cluster-logging-loki.adoc
+//  * cluster-logging-loki.adoc
+//  * network_observability/installing-operators.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="logging-creating-new-group-cluster-admin-user-role_{context}"]

modules/logging-loki-log-access.adoc

@@ -1,5 +1,6 @@
 // Module included in the following assemblies:
 //
+// * network_observability/installing-operators.adoc
 // * logging/cluster-logging-loki.adoc
 
 :_mod-docs-content-type: CONCEPT
@@ -70,6 +71,7 @@ subjects:
 ----
 <1> Specifies the namespace this `RoleBinding` applies to.
 
+tag::ForNetObserv[]
 == Custom admin group access
 
 If you have a large deployment with a number of users who require broader permissions, you can create a custom group using the `adminGroup` field. Users who are members of any group specified in the `adminGroups` field of the `LokiStack` CR are considered admins. Admin users have access to all application logs in all namespaces, if they also get assigned the `cluster-logging-application-view` role.
@@ -84,7 +86,12 @@ metadata:
   namespace: openshift-logging
 spec:
   tenants:
+# tag::ForLoki[]
     mode: openshift-logging # <1>
+# end::ForLoki[]
+# tag::ForNetObserv[]
+    mode: openshift-network # <1>
+# end::ForNetObserv[]
     openshift:
       adminGroups: # <2>
       - cluster-admin
@@ -93,3 +100,4 @@ spec:
 <1> Custom admin groups are only available in this mode.
 <2> Entering an empty list `[]` value for this field disables admin groups.
 <3> Overrides the default groups (`system:cluster-admins`, `cluster-admin`, `dedicated-admin`)
+end::ForNetObserv[]

modules/network-observability-lokistack-create.adoc

@@ -8,9 +8,6 @@
 
 You can deploy a LokiStack using the web console or CLI to create a namespace, or new project.
 
-include::snippets/logging-clusteradmin-access-logs-snip.adoc[]
-For more information about creating a `cluster-admin` group, see the "Additional resources" section.
-
 .Procedure
 
 . Navigate to *Operators* -> *Installed Operators*, viewing *All projects* from the *Project* dropdown.

network_observability/installing-operators.adoc

@@ -29,11 +29,8 @@ include::modules/network-observability-loki-secret.adoc[leveloffset=+2]
 * xref:../logging/log_storage/installing-log-storage.adoc#logging-loki-storage_installing-log-storage[Loki object storage]
 
 include::modules/network-observability-lokistack-create.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../logging/log_storage/cluster-logging-loki.adoc#logging-creating-new-group-cluster-admin-user-role_cluster-logging-loki[Creating a new group for the cluster-admin user role]
-
+include::modules/logging-creating-new-group-cluster-admin-user-role.adoc[leveloffset=+2]
+include::modules/logging-loki-log-access.adoc[leveloffset=+1,tag=ForNetObserv]
 include::modules/loki-deployment-sizing.adoc[leveloffset=+2]
 include::modules/network-observability-lokistack-ingestion-query.adoc[leveloffset=+2]
 include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+2]

snippets/logging-clusteradmin-access-logs-snip.adoc

@@ -4,7 +4,6 @@
 // Text snippet included in the following modules:
 //
 // * modules/logging-creating-new-group-cluster-admin-user-role.adoc
-// * modules/network-observability-lokistack-create.adoc
 //
 :_mod-docs-content-type: SNIPPET