From b3740e89896e58edbed03e6402b190178facadf4 Mon Sep 17 00:00:00 2001
From: Arnie <i@cechis.cz>
Date: Thu, 28 Nov 2024 16:41:14 +0100
Subject: [PATCH] Update readme with result information about the demo

---
 README.md | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b6201ed..cd616da 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,37 @@
-# Rossum - Kyverno policy
+# Rossum - Kyverno policy demo
+
+This example assumes an existing and preconfigured access to k8s api server
+
+Provide environment variables in the workdir as defined in the `.envrc.example`
+
+`anydatacenter` directory represents a theoretical structure where the cluster would be located
+
+## Root modules
+- `anydatacenter/10-devops` is a terraform root module providing prerequisites for kubernetes resources
+
+- `anydatacenter/30-policy-demo` is a root module with deployments and policies to demonstrate automated topology spread of k8s pods
+
+The reason for split root modules comes from the chicken or the egg dilemma with kubernetes manifests and CRDs
+
+Because the kubernetes provider validates the manifests against CRDs during planning phase, it is not possible to do a single apply
+in which CRDs are installed and manifests are produced against those CRDs. Other solution would be using kubectl provider which is
+more error prone (opinionated statement) and using the kubernetes provider is preferred. This requires either a multi-apply
+approach (frowned upon!) or splitting root modules and applying one after another.
+
+## Policies
+
+Policies are deliberately limited to `rossum` namespace
+
+## Tests
+
+Kyverno tests are defined in the policy root module at [./anydatacenter/30-policy-demo/kyvernoPolicies/tests](./anydatacenter/30-policy-demo/kyvernoPolicies/tests)
+
+Execute with nix and devenv
+```sh
+tests
+```
+
+Execute with kyverno cli
+```sh
+kyverno test ./anydatacenter/30-policy-demo
+```