(DOCS-13693): added MANAGED_SECURITY_CONTEXT to install instructions (#308)

* (DOCS-13693): added MANAGED_SECURITY_CONTEXT to install instructions

* (DOCS-13693): updated per @zach-carr review

Author: jwilliams-mongo

source/includes/list-tables/k8s-helm-install-options.rst

@@ -19,6 +19,25 @@
 
      - ``mongodb``
 
+   * - ``managedSecurityContext``
+
+     - Flag that determines if the |k8s-op-short| inherits the
+       ``securityContext`` settings that your |k8s| cluster manages.
+
+       Set this field to ``true`` if your cluster manages the
+       ``securityContext`` for your |k8s| resources.
+
+       .. example::
+
+          .. code-block:: yaml
+             :emphasize-lines: 3
+
+             # Set this to true if your cluster is managing SecurityContext for you.
+             # If running OpenShift (Cloud, Minishift, etc.), set this to true.
+             managedSecurityContext: false
+
+     - ``false``
+
    * - | ``operator``
        | ``.env``
 

source/includes/list-tables/k8s-kubectl-install-options.rst

@@ -391,3 +391,37 @@
                      env:
                      - name: INIT_APPDB_VERSION
                        value: latest
+
+   * - ``MANAGED_SECURITY_CONTEXT``
+     - Flag that determines if the |k8s-op-short| inherits the
+       ``securityContext`` settings that your |k8s| cluster manages.
+
+       Set this field to ``true`` if you want to run the |k8s-op-short|
+       in OpenShift or in a restrictive environment.
+
+       Default value is ``false``.
+
+       .. code-block:: yaml
+
+          spec.template.spec.containers.name.env.name: 
+          MANAGED_SECURITY_CONTEXT
+          spec.template.spec.containers.name.env.value: 
+          false
+
+       .. example::
+
+          .. code-block:: yaml
+             :linenos:
+             :emphasize-lines: 9-11
+
+             spec:
+               template:
+                 spec:
+                   serviceAccountName: mongodb-enterprise-operator
+                   containers:
+                   - name: mongodb-enterprise-operator
+                     image: <operatorVersionUrl>
+                     imagePullPolicy: <policyChoice>
+                     env:
+                     - name: MANAGED_SECURITY_CONTEXT
+                       value: true

source/includes/list-tables/k8s-oc-install-options.rst

@@ -392,3 +392,37 @@
                      env:
                      - name: INIT_APPDB_VERSION
                        value: latest
+
+   * - ``MANAGED_SECURITY_CONTEXT``
+     - Flag that determines if the |k8s-op-short| inherits the
+       ``securityContext`` settings that your |k8s| cluster manages.
+
+       For OpenShift, ``MANAGED_SECURITY_CONTEXT`` must always be
+       ``true``.
+
+       Default value is ``true``.
+
+       .. code-block:: yaml
+
+          spec.template.spec.containers.name.env.name: 
+          MANAGED_SECURITY_CONTEXT
+          spec.template.spec.containers.name.env.value: 
+          true
+
+       .. example::
+
+          .. code-block:: yaml
+             :linenos:
+             :emphasize-lines: 9-11
+
+             spec:
+               template:
+                 spec:
+                   serviceAccountName: mongodb-enterprise-operator
+                   containers:
+                   - name: mongodb-enterprise-operator
+                     image: <operatorVersionUrl>
+                     imagePullPolicy: <policyChoice>
+                     env:
+                     - name: MANAGED_SECURITY_CONTEXT
+                       value: true

source/includes/list-tables/os-helm-install-options.rst

@@ -21,6 +21,24 @@
 
      - ``mongodb``
 
+   * - ``managedSecurityContext``
+
+     - Flag that determines if the |k8s-op-short| inherits the
+       ``securityContext`` settings that your |k8s| cluster manages.
+
+       For OpenShift, ``managedSecurityContext`` must always be
+       ``true``.
+
+       .. example::
+
+          .. code-block:: yaml
+             :emphasize-lines: 2
+
+             # OpenShift manages security context on its own
+             managedSecurityContext: true
+
+     - ``true``
+
    * - | ``operator``
        | ``.env``
 

source/tutorial/plan-k8s-operator-install.txt

@@ -44,6 +44,21 @@ Versions in *italics* are deprecated.
 
 .. include:: /includes/list-tables/compatibility.rst
 
+``MANAGED_SECURITY_CONTEXT`` for |k8s-op-short| OpenShift Deployments
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When you deploy the |k8s-op-short| to OpenShift, you must set the
+``MANAGED_SECURITY_CONTEXT`` flag to ``true``. This value is set for you
+in the :gh:`mongodb-enterprise-openshift.yaml
+</mongodb/mongodb-enterprise-kubernetes/blob/master/mongodb-enterprise-openshift.yaml>`
+and :gh:`values-openshift.yaml
+</mongodb/mongodb-enterprise-kubernetes/blob/master/helm_chart/values-openshift.yaml>`
+files included in the :gh:`MongoDB Enterprise Kubernetes Operator
+repository </mongodb/mongodb-enterprise-kubernetes>`.
+
+For more information on modifying this value, see the :ref:`instructions
+<install-k8s-operator>` for the installation method you want to use.
+
 Docker Container Details
 ~~~~~~~~~~~~~~~~~~~~~~~~