Removed refs to values.yaml and more doc changes (#36)

nirmata · Dec 16, 2022 · 1c48b53 · 1c48b53
1 parent 113f943
commit 1c48b53
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -12,12 +12,9 @@ Check out the [getting_started.md](docs/getting_started.md) guide for installing
 You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against.
 
 ### Running on the EKS cluster
-1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file.
-2. Install the Helm Chart. Follow instructions given [here](/charts/kyverno-aws-adapter#installation).
-3. Check the `status` field of the `<cluster-name>-config` custom resource in the namespace specified in `values.yaml`. For instance, if the cluster name is `eks-test` and namespace is `kyverno-aws-adapter`, then:
-   ```sh
-   kubectl get awsacfg eks-test-config -n kyverno-aws-adapter -o yaml
-   ```
+1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) to be used by the Kyverno AWS Adapter.
+
+2. Install the Helm Chart and verify that the Adapter works as expected. Follow instructions given [here](/charts/kyverno-aws-adapter#installation)
 
 ## IAM Role for Service Account
 This adapter utilizes the ARN of a user-defined IAM Role associated with any policy that has `Full: List, Read` permissions for the `EKS` service, including the following:

diff --git a/charts/kyverno-aws-adapter/README.md b/charts/kyverno-aws-adapter/README.md
@@ -14,20 +14,20 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against.
 
 ### Running on the EKS cluster
 
-1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file.
+1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) to be used by the Adapter, through the `roleArn` parameter of the Helm install command that follows.
 
 2. Add the Kyverno AWS Adapter Helm repository.
     ```console
     helm repo add kyverno-aws-adapter https://nirmata.github.io/kyverno-aws-adapter/
     helm repo update kyverno-aws-adapter
     ```
 
-3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section.
+3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section. Parameters `roleArn`, `eksCluster.name`, `eksCluster.region`  are required.
     ```console
     helm install --namespace kyverno-aws-adapter --create-namespace kyverno-aws-adapter kyverno-aws-adapter/kyverno-aws-adapter
     ```
 
-4. Check the `status` field of the `awsacfg` custom resource created in the namespace specified in `values.yaml`. For instance if namespace is `kyverno-aws-adapter`, then:
+4. Check the `status` field of the `awsacfg` custom resource created in the installation namespace. For instance:
     ```console
     kubectl get awsacfg -n kyverno-aws-adapter -o yaml
     ```
@@ -40,8 +40,8 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against.
 | fullnameOverride | string | `nil` | Override the expanded name of the chart |
 | roleArn | string | `nil` | Role for accessing AWS API (REQUIRED) |
 | pollInterval | int | `30` | Interval at which the controller reconciles in minutes |
-| eksCluster.name | string | `nil` | EKS cluster name |
-| eksCluster.region | string | `nil` | EKS cluster region |
+| eksCluster.name | string | `nil` | EKS cluster name (REQUIRED) |
+| eksCluster.region | string | `nil` | EKS cluster region (REQUIRED) |
 | rbac.create | bool | `true` | Enable RBAC resources creation |
 | rbac.serviceAccount.name | string | `nil` | Service account name, you MUST provide one when `rbac.create` is set to `false` |
 | image.repository | string | `"ghcr.io/nirmata/kyverno-aws-adapter"` | Image repository |
@@ -71,8 +71,6 @@ This adapter utilizes the ARN of a user-defined IAM Role associated with any pol
 | DescribeUpdate |
 | ListTagsForResource |
 
-You can specify the Role's ARN in the `roleArn` field inside the Helm chart's `values.yaml` file.
-
 Please ensure that the trust relationship policy for your IAM role resembles the following format:
 ```json
 {

diff --git a/charts/kyverno-aws-adapter/README.md.gotmpl b/charts/kyverno-aws-adapter/README.md.gotmpl
@@ -14,20 +14,20 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against.
 
 ### Running on the EKS cluster
 
-1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file.
+1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) to be used by the Adapter, through the `roleArn` parameter of the Helm install command that follows.
 
 2. Add the Kyverno AWS Adapter Helm repository.
     ```console
     helm repo add kyverno-aws-adapter https://nirmata.github.io/kyverno-aws-adapter/
     helm repo update kyverno-aws-adapter
     ```
 
-3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section. 
+3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section. Parameters `roleArn`, `eksCluster.name`, `eksCluster.region`  are required.
     ```console
     helm install --namespace kyverno-aws-adapter --create-namespace kyverno-aws-adapter kyverno-aws-adapter/kyverno-aws-adapter
     ```
 
-4. Check the `status` field of the `awsacfg` custom resource created in the namespace specified in `values.yaml`. For instance if namespace is `kyverno-aws-adapter`, then:
+4. Check the `status` field of the `awsacfg` custom resource created in the installation namespace. For instance:
     ```console
     kubectl get awsacfg -n kyverno-aws-adapter -o yaml
     ```
@@ -56,8 +56,6 @@ This adapter utilizes the ARN of a user-defined IAM Role associated with any pol
 | DescribeUpdate |
 | ListTagsForResource |
 
-You can specify the Role's ARN in the `roleArn` field inside the Helm chart's `values.yaml` file.
-
 Please ensure that the trust relationship policy for your IAM role resembles the following format:
 ```json
 {

diff --git a/charts/kyverno-aws-adapter/templates/rbac.yaml b/charts/kyverno-aws-adapter/templates/rbac.yaml
@@ -45,9 +45,7 @@ metadata:
   labels:
     {{- include "kyverno-aws-adapter.labels" . | nindent 4 }}
   annotations:
-  {{- if .Values.roleArn }}
-    eks.amazonaws.com/role-arn: {{ .Values.roleArn }}
-  {{- end }}
+    eks.amazonaws.com/role-arn: {{ required "Role ARN is required" .Values.roleArn }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/charts/kyverno-aws-adapter/values.yaml b/charts/kyverno-aws-adapter/values.yaml
@@ -15,9 +15,9 @@ roleArn:
 pollInterval: 30
 
 eksCluster:
-  # -- EKS cluster name
+  # -- EKS cluster name (REQUIRED)
   name:
-  # -- EKS cluster region
+  # -- EKS cluster region (REQUIRED)
   region:
 
 rbac: