diff --git a/README.md b/README.md index 232cbfa..4b860b9 100644 --- a/README.md +++ b/README.md @@ -8,29 +8,12 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against. ### Running on the EKS cluster 1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file. -2. Install the Helm chart after making any necessary changes to `charts/kyverno-aws-adapter/values.yaml` - ```sh - helm install kyverno-aws-adapter charts/kyverno-aws-adapter - ``` +2. Install the Helm Chart. Follow instructions given [here](/charts/kyverno-aws-adapter#installation). 3. Check the `status` field of the `-config` custom resource in the namespace specified in `values.yaml`. For instance, if the cluster name is `eks-test` and namespace is `kyverno-aws-adapter`, then: ```sh kubectl get awsacfg eks-test-config -n kyverno-aws-adapter -o yaml ``` -## Helm Values -Currently supported values for the Helm chart are as follows: -| Value | Description | --- | --- -| `namespace` | Namespace for installing the controller and CRD | -| `eksCluster` | Configuration for EKS cluster's `name` and `region` | -| `registryConfig` | ghcr.io `username` and `password` configuration for the image secret | -| `pollInterval` | Interval for controller reconciliation | -| `image` | Configuration for image `name`, `tag` and `pullPolicy` | -| `roleArn` | IAM Role ARN with required permissions for the EKS cluster | -| `nameOverride` | Override the chart name | -| `fullnameOverride` | Override the entire generated name | - - ## IAM Role for Service Account This adapter utilizes the ARN of a user-defined IAM Role associated with any policy that has `Full: List, Read` permissions for the `EKS` service, including the following: @@ -52,7 +35,7 @@ This adapter utilizes the ARN of a user-defined IAM Role associated with any pol | DescribeUpdate | | ListTagsForResource | -You can specify the Role's ARN in the `roleArn` field inside the Helm chart's `values.yaml` file. +You can specify the Role's ARN through the `roleArn` setting in the [Helm chart](/charts/kyverno-aws-adapter#installation). Please ensure that the trust relationship policy for your IAM role resembles the following format: ```json diff --git a/charts/kyverno-aws-adapter/README.md b/charts/kyverno-aws-adapter/README.md index f085514..f76a3a1 100644 --- a/charts/kyverno-aws-adapter/README.md +++ b/charts/kyverno-aws-adapter/README.md @@ -15,14 +15,22 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against. ### Running on the EKS cluster 1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file. -2. Install the Helm chart after making any necessary changes to `charts/kyverno-aws-adapter/values.yaml` - ```sh - helm install kyverno-aws-adapter charts/kyverno-aws-adapter - ``` -3. Check the `status` field of the `-config` custom resource in the namespace specified in `values.yaml`. For instance, if the cluster name is `eks-test` and namespace is `kyverno-aws-adapter`, then: - ```sh - kubectl get awsacfg eks-test-config -n kyverno-aws-adapter -o yaml - ``` + +2. Add the Kyverno AWS Adapter Helm repository. + ```console + helm repo add kyverno-aws-adapter https://nirmata.github.io/kyverno-aws-adapter/ + helm repo update kyverno-aws-adapter + ``` + +3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section. + ```console + helm install --namespace kyverno-aws-adapter --create-namespace kyverno-aws-adapter kyverno-aws-adapter/kyverno-aws-adapter + ``` + +4. Check the `status` field of the `awsacfg` custom resource created in the namespace specified in `values.yaml`. For instance if namespace is `kyverno-aws-adapter`, then: + ```console + kubectl get awsacfg -n kyverno-aws-adapter -o yaml + ``` ## Values diff --git a/charts/kyverno-aws-adapter/README.md.gotmpl b/charts/kyverno-aws-adapter/README.md.gotmpl index 6e2101f..83550b0 100644 --- a/charts/kyverno-aws-adapter/README.md.gotmpl +++ b/charts/kyverno-aws-adapter/README.md.gotmpl @@ -15,14 +15,22 @@ You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against. ### Running on the EKS cluster 1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `kyverno-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file. -2. Install the Helm chart after making any necessary changes to `charts/kyverno-aws-adapter/values.yaml` - ```sh - helm install kyverno-aws-adapter charts/kyverno-aws-adapter - ``` -3. Check the `status` field of the `-config` custom resource in the namespace specified in `values.yaml`. For instance, if the cluster name is `eks-test` and namespace is `kyverno-aws-adapter`, then: - ```sh - kubectl get awsacfg eks-test-config -n kyverno-aws-adapter -o yaml - ``` + +2. Add the Kyverno AWS Adapter Helm repository. + ```console + helm repo add kyverno-aws-adapter https://nirmata.github.io/kyverno-aws-adapter/ + helm repo update kyverno-aws-adapter + ``` + +3. Install the Helm chart in an appropriate namespace, providing other parameters as described in the [Values](#values) section. + ```console + helm install --namespace kyverno-aws-adapter --create-namespace kyverno-aws-adapter kyverno-aws-adapter/kyverno-aws-adapter + ``` + +4. Check the `status` field of the `awsacfg` custom resource created in the namespace specified in `values.yaml`. For instance if namespace is `kyverno-aws-adapter`, then: + ```console + kubectl get awsacfg -n kyverno-aws-adapter -o yaml + ``` {{ template "chart.valuesSection" . }}