There are a number of issues with the current https://docs.openshift.com/container-platform/4.17/machine_configuration/mco-coreos-layering.html#coreos-layering-examples_mco-coreos-layering

1. Examples still include "# Using a 4.12.0 image" text

  I suggest removing these lines altogether


2. Regarding the example package, https://example.com/myrepo/haproxy-1.0.16-5.el8.src.rpm

  a. The haproxy package is not included in RHCOS, so 'rpm-ostree override replace <not-installed package>' would not work

  b. A src.rpm file is the source code package used to build a binary RPM. We do not want to suggest installing these on the node

  It might be better to re-use the kernel example or to craft a new example using a BaseOS package, like systemd.


3. Under "Example out-of-cluster Containerfile to apply the libreswan utility"

  a. There is comment text, "# hadolint ignore=DL3006", this is possibly leaked from the doc source code?

  b. libreswan is not a good example, because 'libreswan' is actually a RHCOS extension.  We call out earlier in this section that, "Installing realtime kernel and extensions RPMs as custom layered content is not recommended...."

  We probably want to find a different non-extension example to use here.


  c. The following sentences, "Because libreswan requires additional RHEL packages, the image must be built on an entitled RHEL host. For RHEL entitlements to work, you must copy the etc-pki-entitlement secret into the openshift-machine-api namespace." are confusing. 

  The On-cluster layering functionality means we do not need an out-of-cluster RHEL system to pull in entitled content into our builds. Also, to access entitled content during out MachineOSBuilds, the user needs to copy the 'etc-pki-entitlement' secrets _from_ openshift-config-managed namespace _to_ *openshift-machine-config-operator* namespace, not openshift-machine-api.