docs: fix a few minor issues and enhance helm readme

Signed-off-by: Peter Fiddes <[email protected]>

.gitignore

@@ -11,4 +11,5 @@ bom.xml
 predicate.json
 *.pem
 *.pub
+*.tgz
 

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.11.0
+    rev: v1.11.3
     hooks:
       - id: helm-docs
         args:

deploy/charts/venafi-kubernetes-agent/README.md

@@ -125,38 +125,33 @@ You can also check inb the Venafi Control Plane to see when the "Last Check In"
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` |  |
-| authentication | object | `{"secretKey":"privatekey.pem","secretName":"agent-credentials"}` | Authentication details for the Venafi Kuberente Agent |
-| authentication.secretKey | string | `"privatekey.pem"` | Key name in the references secret |
+| affinity | object | `{}` | Embed YAML for Node affinity settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/. |
+| authentication | object | `{"secretKey":"privatekey.pem","secretName":"agent-credentials"}` | Authentication details for the Venafi Kubernetes Agent |
+| authentication.secretKey | string | `"privatekey.pem"` | Key name in the referenced secret |
 | authentication.secretName | string | `"agent-credentials"` | Name of the secret containing the privatekey |
-| command | list | `[]` | Specify the command to run overriding default |
+| command | list | `[]` | Specify the command to run overriding default binary. |
 | config | object | `{"clientId":"","configmap":{"key":null,"name":null},"period":"0h1m0s","server":"https://api.venafi.cloud/"}` | Configuration section for the Venafi Kubernetes Agent itself |
-| config.configmap | object | `{"key":null,"name":null}` | Sepcify ConfigMap details to load config from an existing resource This should be blankby default unless you have you own config |
+| config.clientId | string | `""` | The client-id returned from the Venafi Control Plane |
+| config.configmap | object | `{"key":null,"name":null}` | Specify ConfigMap details to load config from an existing resource. This should be blank by default unless you have you own config.  |
 | config.period | string | `"0h1m0s"` | Send data back to the platform every minute unless changed |
-| config.server | string | `"https://api.venafi.cloud/"` | Overrides the server if using a proxy in your environment |
-| extraArgs | list | `[]` | Specify additional argument to pass to the agent |
-| fullnameOverride | string | `""` | Helm default setting, use this to shorten install name |
+| config.server | string | `"https://api.venafi.cloud/"` | Overrides the server if using a proxy in your environmen For the EU varint use: https://api.venafi.eu/ |
+| extraArgs | list | `[]` | Specify additional arguments to pass to the agent binary. For example `["--strict", "--oneshot"]` |
+| fullnameOverride | string | `""` | Helm default setting, use this to shorten the full install name. |
 | image.pullPolicy | string | `"IfNotPresent"` | Defaults to only pull if not already present |
 | image.repository | string | `"quay.io/jetstack/preflight"` | Default to Open Source image repository |
 | image.tag | string | `"v0.1.43"` | Overrides the image tag whose default is the chart appVersion |
-| imagePullSecrets | list | `[]` | Specify image pull credentials if using a prviate registry |
-| nameOverride | string | `""` | Helm default setting to override release name, leave blank |
-| nodeSelector | object | `{}` |  |
-| podAnnotations | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
+| imagePullSecrets | list | `[]` | Specify image pull credentials if using a prviate registry example: - name: my-pull-secret |
+| nameOverride | string | `""` | Helm default setting to override release name, usually leave blank. |
+| nodeSelector | object | `{}` | Embed YAML for nodeSelector settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ |
+| podAnnotations | object | `{}` | Additional YAML annotations to add the the pod. |
+| podSecurityContext | object | `{}` | Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod. |
 | replicaCount | int | `1` | default replicas, do not scale up |
-| resources.limits.cpu | string | `"500m"` |  |
-| resources.limits.memory | string | `"500Mi"` |  |
-| resources.requests.cpu | string | `"200m"` |  |
-| resources.requests.memory | string | `"200Mi"` |  |
-| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
-| securityContext.readOnlyRootFilesystem | bool | `true` |  |
-| securityContext.runAsNonRoot | bool | `true` |  |
-| securityContext.runAsUser | int | `1000` |  |
-| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
-| serviceAccount.create | bool | `true` | Specifies whether a service account should be created @default true |
-| serviceAccount.name | string | `""` |  |
-| tolerations | list | `[]` |  |
+| resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"200m","memory":"200Mi"}}` | Set custom resourcing settings for the pod. You may not want this if you intend to use a Vertical Pod Autoscaler. |
+| securityContext | object | `{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | Add Container specific SecurityContext settings to the container. Takes precedence over `podSecurityContext` when set. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container |
+| serviceAccount.annotations | object | `{}` | Annotations YAML to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release. |
+| tolerations | list | `[]` | Embed YAML for toleration settings, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

deploy/charts/venafi-kubernetes-agent/values.yaml

@@ -14,28 +14,34 @@ image:
   tag: "v0.1.43"
 
 # -- Specify image pull credentials if using a prviate registry
+# example: - name: my-pull-secret
 imagePullSecrets: []
 
-# -- Helm default setting to override release name, leave blank
+# -- Helm default setting to override release name, usually leave blank.
 nameOverride: ""
-# -- Helm default setting, use this to shorten install name
+
+# -- Helm default setting, use this to shorten the full install name.
 fullnameOverride: ""
 
 serviceAccount:
   # -- Specifies whether a service account should be created
-  # @default true
   create: true
-  # -- Annotations to add to the service account
+  # -- Annotations YAML to add to the service account
   annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
+  # -- The name of the service account to use.
+  # If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release.
   name: ""
 
+# -- Additional YAML annotations to add the the pod.
 podAnnotations: {}
 
+# -- Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod.
 podSecurityContext: {}
+  # runAsUser: 1000
+  # runAsGroup: 3000
   # fsGroup: 2000
 
+# -- Add Container specific SecurityContext settings to the container. Takes precedence over `podSecurityContext` when set. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container
 securityContext:
   capabilities:
     drop:
@@ -44,46 +50,50 @@ securityContext:
   runAsNonRoot: true
   runAsUser: 1000
 
+# -- Set custom resourcing settings for the pod. You may not want this if you intend to use a Vertical Pod Autoscaler.
 resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   requests:
     memory: 200Mi
     cpu: 200m
   limits:
     memory: 500Mi
     cpu: 500m
 
+# -- Embed YAML for nodeSelector settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
 nodeSelector: {}
 
+# -- Embed YAML for toleration settings, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
 tolerations: []
 
+# -- Embed YAML for Node affinity settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/.
 affinity: {}
 
-# -- Specify the command to run overriding default
+# -- Specify the command to run overriding default binary.
 command: []
-# -- Specify additional argument to pass to the agent
+
+# -- Specify additional arguments to pass to the agent binary.
+# For example `["--strict", "--oneshot"]`
 extraArgs: []
 
-# -- Authentication details for the Venafi Kuberente Agent
+# -- Authentication details for the Venafi Kubernetes Agent
 authentication:
   # -- Name of the secret containing the privatekey
   secretName: agent-credentials
-  # -- Key name in the references secret
+  # -- Key name in the referenced secret
   secretKey: "privatekey.pem"
 
 # -- Configuration section for the Venafi Kubernetes Agent itself
 config:
-  # -- Overrides the server if using a proxy in your environment
+  # -- Overrides the server if using a proxy in your environmen
+  # For the EU varint use: https://api.venafi.eu/
   server: "https://api.venafi.cloud/"
-  ## -- The client-id returned from the Venafi Control Plane
+  # -- The client-id returned from the Venafi Control Plane
   clientId: ""
   # -- Send data back to the platform every minute unless changed
   period: "0h1m0s"
-  # -- Sepcify ConfigMap details to load config from an existing resource
-  # This should be blankby default unless you have you own config
+
+  # -- Specify ConfigMap details to load config from an existing resource.
+  # This should be blank by default unless you have you own config. 
   configmap:
     name: 
     key: