OCPBUGS-18836: Add SCC flag and PSA references to OSDK CLI ref

Michael Peter · Michael Peter · commit ee3e663e4d14 · 2023-09-13T12:38:26.000-04:00
diff --git a/modules/osdk-cli-ref-run-bundle-upgrade.adoc b/modules/osdk-cli-ref-run-bundle-upgrade.adoc
@@ -23,7 +23,14 @@ The `run bundle-upgrade` subcommand upgrades an Operator that was previously ins
 |`-n`, `--namespace` (string)
 |If present, namespace in which to run the CLI request.
 
+|`--security-context-config <security_context>`
+|Specifies the security context to use for the catalog pod. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-h`, `--help`
 |Help output for the `run bundle` subcommand.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/modules/osdk-cli-ref-run-bundle.adoc b/modules/osdk-cli-ref-run-bundle.adoc
@@ -29,7 +29,14 @@ The `run bundle` subcommand deploys an Operator in the bundle format with Operat
 |`-n`, `--namespace` (string)
 |If present, namespace in which to run the CLI request.
 
+|`--security-context-config <security_context>`
+|Specifies the security context to use for the catalog pod. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-h`, `--help`
 |Help output for the `run bundle` subcommand.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/modules/osdk-cli-ref-scorecard.adoc b/modules/osdk-cli-ref-scorecard.adoc
@@ -31,6 +31,9 @@ The `operator-sdk scorecard` command runs the scorecard tool to validate an Oper
 |`-o`, `--output` (string)
 |Output format for results. Available values are `text`, which is the default, and `json`.
 
+|`--pod-security <security_context>`
+|Option to run scorecard with the specified security context. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-l`, `--selector` (string)
 |Label selector to determine which tests are run.
 
@@ -44,3 +47,7 @@ The `operator-sdk scorecard` command runs the scorecard tool to validate an Oper
 |Seconds to wait for tests to complete, for example `35s`. The default value is `30s`.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/operators/operator_sdk/osdk-cli-ref.adoc b/operators/operator_sdk/osdk-cli-ref.adoc
@@ -38,11 +38,22 @@ include::modules/osdk-cli-ref-run-bundle.adoc[leveloffset=+2]
 .Additional resources
 
 * See xref:../../operators/understanding/olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-membership_olm-understanding-operatorgroups[Operator group membership] for details on possible install modes.
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
 
 include::modules/osdk-cli-ref-run-bundle-upgrade.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
+
 include::modules/osdk-cli-ref-scorecard.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/operator_sdk/osdk-scorecard.adoc#osdk-scorecard[Validating Operators using the scorecard tool] for details about running the scorecard tool.
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
