From be6bea74a8eb6897525780c16b39507a957dab73 Mon Sep 17 00:00:00 2001
From: markstubb <1832715+markstubb@users.noreply.github.com>
Date: Tue, 12 Sep 2023 21:35:18 -0400
Subject: [PATCH] update readme

---
 README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 47 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 2851e9b..537b20c 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,10 @@ spec:
               value: 42crunch/scand-agent:latest
             - name: EXPIRATION_TIME
               value: "86400"
+      imagePullSecrets:
+      	  # Pull secret for scand-manager container, if required
+      	  # NOT for scand-agent jobs, that should be in podconfig.yaml
+  		  - name: privatepullsecret 
 ---
 # service
 apiVersion: v1
@@ -134,9 +138,28 @@ We can also specify a pull secret array for the pod
 imagePullSecrets: 
   name: ...
 ```
-
 See the docs for [`imagePullSecrets` key here](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)
 
+An example podconfig.yaml would be:
+
+```yaml
+apiVersion: v1
+kind: PodSpec
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: scandallowed
+              operator: In
+              values:
+                - "true"
+imagePullSecrets:
+  - name: secret1
+  - name: privatepullsecret
+```
+This would have an affinity for any cluster node tagged with `scandallowed: true` and would attempt to use the k8s secrets `secret1` or `privatepullsecret` to pull `SCAND_IMAGE` from your private container registry.
+
 Typically the podconfig yaml file should be supplied via a config map and mounted inside Scan Jobs Manager container and path to it supplied through `args`: 
 
 ```yaml
@@ -150,16 +173,36 @@ containers:
     volumeMounts:
       - name: config
         mountPath: /config
+        readOnly: true
 volumes:
   - name: config
     configMap:
-      name: podconfig
+      name: scandpodconfig
+
 ```
 
+In this example, we would create the configmap (assuming we deployed in the scand-manager namespace):
+
+
+
 ### Deployment
 
 To deploy Scan Jobs Manager, run the following commands to create a separate namespace and apply the configuration you defined:
 
-`kubectl create namespace scan`
+Create the namespace:
+
+`kubectl create namespace scand-manager`
+
+Create the configmap:
+
+`kubectl create configmap scandpodconfig --from-file=podconfig.yaml -n scand-manager`
+
+Create a secret, if required:
+
+* For example, this would be for a private Docker Hub repo
+
+	`kubectl create secret docker-registry privatepullsecret --docker-username={Your Username} --docker-password={Access Token} --docker-email={Your Email} -n scand-manager`
+
+Deploy:
 
-`kubectl apply -n scan -f job-manager-config.yaml`
+`kubectl apply -n scand-manager -f job-manager-config.yaml`