Mention KCM configuration

jsafrane · jsafrane · commit bf32989b93db · 2024-11-19T09:52:58.000+01:00
diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md
@@ -722,8 +722,12 @@ only one of such pods is able to run on a node, the other one gets ContainerCrea
 #### SELinuxWarningController
 To make it easier to identify Pods that are affected by the change in SELinux volume relabeling,
 a new controller called `SELinuxWarningController` has been introduced in kube-controller-manager.
-It is disabled by default and can be enabled by setting the `--controllers=*,selinux-warning-controller` command line flag
-and `SELinuxChangePolicy` feature gate.
+It is disabled by default and can be enabled by either setting the `--controllers=*,selinux-warning-controller`
+[command line flag](/docs/reference/command-line-tools-reference/kube-controller-manager/),
+or by setting `genericControllerManagerConfiguration.controllers`
+[field in KubeControllerManagerConfiguration](/docs/reference/config-api/kube-controller-manager-config.v1alpha1/#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration).
+This controller requires `SELinuxChangePolicy` feature gate to be enabled.
+
 When enabled, the controller observes running Pods and when it detects that two Pods use the same volume
 with different SELinux labels:
 1. It emits an event to both of the Pods. `kubectl describe pod <pod-name>` the shows
