Merge pull request #9 from ereslibre/rancher-helm-files

Add descriptive files for Rancher UI to show for this chart

charts/kubewarden-controller/Chart.yaml

@@ -1,13 +1,19 @@
 apiVersion: v2
 name: kubewarden-controller
 description: A Helm chart for deploying the Kubewarden stack
-
+icon: https://www.kubewarden.io/images/icon-kubewarden.svg
 type: application
+home: https://www.kubewarden.io/
+maintainers:
+- name: Flavio Castelli
+  email: [email protected]
+- name: Rafael Fernández López
+  email: [email protected]
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.9
+version: 0.1.10
 
 # This is the version of kubewarden-controller container image to be used
 appVersion: "v0.1.4"

charts/kubewarden-controller/README.md

@@ -0,0 +1,112 @@
+Kubewarden is a Kubernetes Dynamic Admission Controller that uses policies written
+in WebAssembly.
+
+For more information refer to the [official Kubewarden website](https://kubewarden.io/).
+
+# kubewarden-controller
+
+`kubewarden-controller` is a Kubernetes controller that allows you to
+dynamically register Kubewarden admission policies.
+
+The `kubewarden-controller` will reconcile the admission policies you
+have registered against the Kubernetes webhooks of the cluster where
+it is deployed.
+
+## Installation
+
+The kubewarden-controller can be deployed using a helm chart:
+
+```shell
+$ helm repo add kubewarden https://charts.kubewarden.io
+$ helm install --create-namespace -n kubewarden kubewarden-controller kubewarden/kubewarden-controller
+```
+
+This will install kubewarden-controller on the Kubernetes cluster in the default
+configuration.
+
+The default configuration values should be good enough for the
+majority of deployments, all the options are documented
+[here](https://charts.kubewarden.io/#configuration).
+
+## Usage
+
+Once the kubewarden-controller is up and running, Kubewarden policies can be defined
+via the `ClusterAdmissionPolicy` resource.
+
+The documentation of this Custom Resource can be found
+[here](https://github.com/kubewarden/kubewarden-controller/blob/main/docs/crds/README.asciidoc)
+or on [docs.crds.dev](https://doc.crds.dev/github.com/kubewarden/kubewarden-controller).
+
+**Note well:** `ClusterAdmissionPolicy` resources are cluster-wide.
+
+### Deploy your first admission policy
+
+The following snippet defines a Kubewarden Policy based on the
+[pod-privileged](https://github.com/kubewarden/pod-privileged-policy)
+policy:
+
+```yaml
+apiVersion: policies.kubewarden.io/v1alpha1
+kind: ClusterAdmissionPolicy
+metadata:
+  name: privileged-pods
+spec:
+  module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
+  resources:
+  - pods
+  operations:
+  - CREATE
+  - UPDATE
+  mutating: false
+```
+
+Let's try to create a Pod with no privileged containers:
+
+```shell
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  name: unprivileged-pod
+spec:
+  containers:
+    - name: nginx
+      image: nginx:latest
+EOF
+```
+
+This will produce the following output, which means the Pod was successfully
+created:
+
+`pod/unprivileged-pod created`
+
+Now, let's try to create a pod with at least one privileged container:
+
+```shell
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+  name: privileged-pod
+spec:
+  containers:
+    - name: nginx
+      image: nginx:latest
+      securityContext:
+        privileged: true
+EOF
+```
+
+This time the creation of the Pod will be blocked, with the following message:
+
+```
+Error from server: error when creating "STDIN": admission webhook "privileged-pods.kubewarden.admission" denied the request: User 'minikube-user' cannot schedule privileged containers
+```
+
+### Remove your first admission policy
+
+You can delete the admission policy you just created:
+
+```
+$ kubectl delete clusteradmissionpolicy privileged-pods
+```

charts/kubewarden-controller/app-readme.md

@@ -0,0 +1,12 @@
+# Kubewarden
+
+[Kubewarden](https://kubewarden.io) makes it very easy to write and
+distribute Kubernetes admission and mutation policies using your
+preferred languages and frameworks, as well-known distribution methods
+for policies.
+
+It is powered by [WebAssembly](https://webassembly.org/), so
+Kubewarden policies are processor, architecture and OS agnostic.
+
+Download policies or build your own once, and run it everywhere, no
+matter what the system is.