From 91598063218b11ad989fe0c8cc2425f266edae0b Mon Sep 17 00:00:00 2001
From: slimm609 <dbrian@vmware.com>
Date: Sun, 23 Oct 2022 14:28:07 -0400
Subject: [PATCH] rebase and update gotemplate for readme

Signed-off-by: slimm609 <dbrian@vmware.com>
---
 charts/policy-controller/README.md        | 14 +++--
 charts/policy-controller/README.md.gotmpl | 65 ++++++++++++++++++-----
 2 files changed, 57 insertions(+), 22 deletions(-)

diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md
index 8a34627c..8d8ec070 100644
--- a/charts/policy-controller/README.md
+++ b/charts/policy-controller/README.md
@@ -2,7 +2,7 @@
 
 ![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square)
 
-The Helm chart for Policy  Controller
+The Helm chart for Policy Controller
 
 **Homepage:** <https://github.com/sigstore/policy-controller>
 
@@ -30,12 +30,8 @@ The Helm chart for Policy  Controller
 | policywebhook.extraArgs | object | `{}` |  |
 | policywebhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | policywebhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-webhook"` |  |
-<<<<<<< HEAD
-| policywebhook.image.version | string | `"sha256:03f6b9807103c988439741fdc2ec4410a85c13ba62fbad58448a070ac07bb5bc"` | `"v0.4.0"` |
-=======
-| policywebhook.image.version | string | `"sha256:2d8ec2534e903a722a89efd6fe04a52a8a420ca3f8be1703aa697bf5faf418eb"` |  |
+| policywebhook.image.version | string | `"sha256:03f6b9807103c988439741fdc2ec4410a85c13ba62fbad58448a070ac07bb5bc"` |  |
 | policywebhook.namespaceOptIn | bool | `true` |  |
->>>>>>> c616289 (Add ability to disable opt-in)
 | policywebhook.podSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
 | policywebhook.podSecurityContext.capabilities.drop[0] | string | `"all"` |  |
 | policywebhook.podSecurityContext.enabled | bool | `true` |  |
@@ -59,7 +55,7 @@ The Helm chart for Policy  Controller
 | webhook.extraArgs | object | `{}` |  |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | webhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-controller"` |  |
-| webhook.image.version | string | `"sha256:2b1c017535f6a0f672ec38279f3792ca1181555342a2deae53605e202afb9764"` | `"v0.4.0"` |
+| webhook.image.version | string | `"sha256:2b1c017535f6a0f672ec38279f3792ca1181555342a2deae53605e202afb9764"` |  |
 | webhook.name | string | `"webhook"` |  |
 | webhook.podSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
 | webhook.podSecurityContext.capabilities.drop[0] | string | `"all"` |  |
@@ -164,7 +160,9 @@ Creating a deployment referencing images that are not signed will yield the foll
    pod/pod1-signed created
    ```
 
-
 ## More info
 
 You can find more information about the policy-controller in [here](https://docs.sigstore.dev/policy-controller/overview/).
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/policy-controller/README.md.gotmpl b/charts/policy-controller/README.md.gotmpl
index fde123d9..460b0cbf 100644
--- a/charts/policy-controller/README.md.gotmpl
+++ b/charts/policy-controller/README.md.gotmpl
@@ -1,13 +1,22 @@
 {{ template "chart.header" . }}
-{{ template "chart.description" . }}
 
 {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
 
-## Requirements
-* Kubernetes cluster with rights to install admission webhooks
-* Helm
+{{ template "chart.description" . }}
+
+**Homepage:** <https://github.com/sigstore/policy-controller>
+
 
-The following table lists the configurable parameters of the policy-controller chart and their default values.
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| dlorenc |  |  |
+| hectorj2f |  |  |
+
+## Source Code
+
+* <https://github.com/sigstore/policy-controller>
 
 
 {{ template "chart.requirementsSection" . }}
@@ -16,28 +25,52 @@ The following table lists the configurable parameters of the policy-controller c
 
 ### Deploy `policy-controller` Helm Chart
 
+Install `policy-controller` using Helm:
+
+```shell
+helm repo add sigstore https://sigstore.github.io/helm-charts
+
+helm repo update
+
+kubectl create namespace cosign-system
+
+helm install policy-controller -n cosign-system sigstore/policy-controller --devel
+```
+
+The `policy-controller` enforce images matching the defined list of `ClusterImagePolicy` for the labeled namespaces.
+
+Note that, by default, the `policy-controller` offers a configurable behavior defining whether to allow, deny or warn whenever an image does not match a policy in a specific namespace. This behavior can be configured using the `config-policy-controller` ConfigMap created under the release namespace, and by adding an entry with the property `no-match-policy` and its value `warn|allow|deny`.
+By default, any image that does not match a policy is rejected whenever `no-match-policy` is not configured in the ConfigMap.
+
+As supported in previous versions, you could create your own key pair:
+
 ```shell
 export COSIGN_PASSWORD=<my_cosign_password>
 cosign generate-key-pair
 ```
 
-The previous command generates two key files `cosign.key` and `cosign.pub`. Next, create a secret to validate the signatures:
+This command generates two key files `cosign.key` and `cosign.pub`. Next, create a secret to validate the signatures:
 
 ```shell
-kubectl create namespace cosign-system
-
 kubectl create secret generic mysecret -n \
 cosign-system --from-file=cosign.pub=./cosign.pub
 ```
 
-Install `policy-controller` using Helm and setting the value of the secret key reference to `mysecret` that you created above:
+**IMPORTANT:** The `cosign.secretKeyRef` flag is not supported anymore. Finally, you could reuse your secret `mysecret` by creating a `ClusterImagePolicy` that sets it as listed authorities, as shown below.
 
-```shell
-helm repo add sigstore https://sigstore.github.io/helm-charts
-
-helm repo update
+```yaml
+apiVersion: policy.sigstore.dev/v1alpha1
+kind: ClusterImagePolicy
+metadata:
+  name: cip-key-secret
+spec:
+  images:
+  - glob: "**your-desired-value**"
+  authorities:
+  - key:
+      secretRef:
+        name: mysecret
 
-helm install policy-controller -n cosign-system sigstore/policy-controller --devel --set cosign.secretKeyRef.name=mysecret
 ```
 
 ### Enabling Admission control
@@ -76,4 +109,8 @@ Creating a deployment referencing images that are not signed will yield the foll
    pod/pod1-signed created
    ```
 
+
+## More info
+
+You can find more information about the policy-controller in [here](https://docs.sigstore.dev/policy-controller/overview/).
 {{ template "helm-docs.versionFooter" . }}