From ee9386c93762ec21506a89cfb785c2fd3ce72762 Mon Sep 17 00:00:00 2001
From: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Wed, 7 Aug 2024 09:42:10 +0200
Subject: [PATCH] doc: improve description of Values

---
 charts/kubernetes-etcd-backup/README.md   | 4 ++--
 charts/kubernetes-etcd-backup/values.yaml | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/charts/kubernetes-etcd-backup/README.md b/charts/kubernetes-etcd-backup/README.md
index 2c2d0b32..1929f772 100644
--- a/charts/kubernetes-etcd-backup/README.md
+++ b/charts/kubernetes-etcd-backup/README.md
@@ -27,8 +27,8 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk
 | backup.umask | string | `"0027"` | Set umask during the backup |
 | etcdCertification.etcdPeerTlsName | string | `"changeme"` | etcd-peer-tls secret name |
 | etcdCertification.etcdServerCaName | string | `"changeme"` | etcd-server-ca secret name |
-| etcdConfiguration.endpoint | string | `"changeme"` | Etcd endpoint ip or hostname without protocol or port |
-| etcdConfiguration.insecureSkipTlsVerify | bool | `false` | skip server certificate verification |
+| etcdConfiguration.endpoint | string | `"changeme"` | Etcd endpoint ip or hostname without protocol or port Example: etcd.kube-system.svc.cluster.local |
+| etcdConfiguration.insecureSkipTlsVerify | bool | `false` | Skip server certificate verification Useful for scenarios where etcd nodes are external endpoints (access through etcd service in kube-system namespace) and have a different CN/SAN in the certificate . Otherwise, "failed to verify certificate: x509: certificate is valid for etcd-2, etc., not etcd.kube-system.svc.cluster.local" |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"Always"` | Image pull policy configuration |
 | image.repository | string | `"ghcr.io/adfinis/kubernetes-etcd-backup"` | Repository image to use |
diff --git a/charts/kubernetes-etcd-backup/values.yaml b/charts/kubernetes-etcd-backup/values.yaml
index e41f1984..92adfaa8 100644
--- a/charts/kubernetes-etcd-backup/values.yaml
+++ b/charts/kubernetes-etcd-backup/values.yaml
@@ -22,8 +22,14 @@ backup:
 
 etcdConfiguration:
   # -- Etcd endpoint ip or hostname without protocol or port
+  # Example: etcd.kube-system.svc.cluster.local
   endpoint: "changeme"
-  # -- skip server certificate verification
+  # -- Skip server certificate verification
+  # Useful for scenarios where etcd nodes are external endpoints (access
+  # through etcd service in kube-system namespace) and have a different CN/SAN
+  # in the certificate . Otherwise, "failed to verify certificate: x509:
+  # certificate is valid for etcd-2, etc., not
+  # etcd.kube-system.svc.cluster.local"
   insecureSkipTlsVerify: false