update wording, links and adding examples

Author: mlsmaycon

README.md

@@ -5,7 +5,7 @@ https://github.com/user-attachments/assets/5472a499-e63d-4301-a513-ad84cfe5ca7b
 
 ## Description
 
-This operator enables easily provisioning NetBird access on kubernetes clusters, allowing users to access internal resources directly.
+This operator easily provides NetBird access on Kubernetes clusters, allowing users to access internal resources directly.
 
 ## Getting Started
 
@@ -18,7 +18,7 @@ This operator enables easily provisioning NetBird access on kubernetes clusters,
 
 ### Deployment
 > [!NOTE]
-> Helm Installation method is recommended due to automation of multiple settings within the deployment.
+> Helm Installation method is recommended due to the automation of multiple settings within the deployment.
 
 #### Using Helm
 
@@ -27,14 +27,15 @@ This operator enables easily provisioning NetBird access on kubernetes clusters,
 helm repo add netbirdio https://netbirdio.github.io/kubernetes-operator
 ```
 2. (Recommended) Install [cert-manager](https://cert-manager.io/docs/installation/#default-static-install).
-1. (Recommended) Create a values.yaml file, check `helm show values netbirdio/kubernetes-operator` for more info.
-1. Install using `helm install --create-namespace -f values.yaml -n netbird netbird-operator netbirdio/kubernetes-operator`.
+3. (Recommended) Create a values.yaml file, check `helm show values netbirdio/kubernetes-operator` for more info.
+4. Install using `helm install --create-namespace -f values.yaml -n netbird netbird-operator netbirdio/kubernetes-operator`.
 
+> Learn more about the values.yaml options [here](helm/netbird-operator/values.yaml) and  [Granting controller access to NetBird Management](docs/values.md#granting-controller-access-to-netbird-management).
 #### Using install.yaml
 
 > [!IMPORTANT]
-> install.yaml only includes a very basic template for deploying a stripped down version of kubernetes-operator.
-> This excludes any and all configuration for ingress capabilities, and requires cert-manager to be installed.
+> install.yaml only includes a very basic template for deploying a stripped-down version of Kubernetes-operator.
+> This excludes any and all configurations for ingress capabilities and requires the cert-manager to be installed.
 
 ```sh
 kubectl create namespace netbird
@@ -43,13 +44,13 @@ kubectl apply -n netbird -f https://raw.githubusercontent.com/netbirdio/kubernet
 
 ### Usage
 
-Checks [usage.md](docs/usage.md).
+Check the usage of [usage.md](docs/usage.md) and examples.
 
 ## Contributing
 
 ### Prerequisites
 
-To be able to develop on this project, you need to have the following tools installed:
+To be able to develop this project, you need to have the following tools installed:
 
 - [Git](https://git-scm.com/).
 - [Make](https://www.gnu.org/software/make/).

docs/usage.md

@@ -47,41 +47,89 @@ spec:
 ### Granting controller access to NetBird Management
 
 > [!IMPORTANT]
-> NetBird kubernetes operator generates configurations using NetBird API, editing or deleting these configurations in the NetBird console may cause temporary network disconnection until the operator reconciles the configuration.
+> The NetBird Kubernetes operator generates configurations using NetBird API; editing or deleting these configurations in the NetBird console may cause temporary network disconnection until the operator reconciles the configuration.
 
 1. Create a Service User on your NetBird dashboard (Must be Admin). [Doc](https://docs.netbird.io/how-to/access-netbird-public-api#creating-a-service-user).
-1. Create access token for the Service User (Must be Admin). [Doc](https://docs.netbird.io/how-to/access-netbird-public-api#creating-a-service-user).
+1. Create an access token for the Service User (Must be Admin). [Doc](https://docs.netbird.io/how-to/access-netbird-public-api#creating-a-service-user).
 1. Add access token to your helm values file under `netbirdAPI.key`.
     1. Alternatively, provision secret in the same namespace as the operator and set the key `NB_API_KEY` to the access token generated.
     1. Set `netbirdAPI.keyFromSecret` to the name of the secret created.
 1. Set `ingress.enabled` to `true`.
-    1. Optionally, to provision network immediately, set `ingress.router.enabled` to `true`.
-    1. Optionally, to provision 1 network per kubernetes namespace, set `ingress.namespacedNetworks` to `true`.
+    1. Optionally, to provision the network immediately, set `ingress.router.enabled` to `true`.
+    1. Optionally, to provision 1 network per > The NetBird Kubernetes operator generates configurations using NetBird API; editing or deleting these configurations in the NetBird console may cause temporary network disconnection until the operator reconciles the configuration. namespace, set `ingress.namespacedNetworks` to `true`.
 1. Run `helm install` or `helm upgrade`.
 
+Minimum values.yaml example:
+```yaml
+netbirdAPI:
+  key: "nbp_XXxxxxxxXXXXxxxxXXXXXxxx"
+
+ingress:
+  enabled: true
+```
+
 ### Exposing a Service
 
 > [!IMPORTANT]  
-> Ingress DNS Resolution requires DNS Wildcard Routing to be enabled, and at least one DNS Nameserver configured for clients.
+> Ingress DNS Resolution requires DNS Wildcard Routing to be enabled and at least one DNS Nameserver configured for clients.
 
 |Annotation|Description|Default|Valid Values|
 |---|---|---|---|
-|`netbird.io/expose`|Expose service using NetBird Network Resource||(`null`, `true`)|
-|`netbird.io/groups`|Comma-separated list of group names to assign to Network Resource|`{ClusterName}-{Namespace}-{Service}`|Any comma-separated list of strings.|
-|`netbird.io/resource-name`|Network Resource name|`{Namespace}-{Service}`|Any valid network resource name, make sure they're unique!|
-|`netbird.io/policy`|Name of NBPolicy to propagate service ports as destination.||Name of any NBPolicy resource|
-|`netbird.io/policy-ports`|Narrow down exposed ports in policy, leave empty for all ports.||Comma-separated integer list, integers must be between 0-65535|
-|`netbird.io/policy-protocol`|Narrow down protocol for use in policy, leave empty for all protocols.||(`tcp`,`udp`)|
+|`netbird.io/expose`| Expose service using NetBird Network Resource ||(`null`, `true`)|
+|`netbird.io/groups`| Comma-separated list of group names to assign to Network Resource |`{ClusterName}-{Namespace}-{Service}`|Any comma-separated list of strings.|
+|`netbird.io/resource-name`| Network Resource name |`{Namespace}-{Service}`|Any valid network resource name, make sure they're unique!|
+|`netbird.io/policy`| Name of NBPolicy to propagate service ports as destination. ||Name of any NBPolicy resource|
+|`netbird.io/policy-ports`| Narrow down exposed ports in a policy. Leave empty for all ports. ||Comma-separated integer list, integers must be between 0-65535|
+|`netbird.io/policy-protocol`| Narrow down protocol for use in a policy. Leave empty for all protocols. ||(`tcp`,`udp`)|
+
+Example service:
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:latest
+          ports:
+            - containerPort: 80
 
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+  annotations:
+    netbird.io/expose: "true"
+    netbird.io/groups: "groupA,groupB"
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 80
+  type: ClusterIP
+```
 ### Notes
-* `netbird.io/expose` will interpret any string as true value, the only false value is `null`.
+* `netbird.io/expose` will interpret any string as a `true` value; the only `false` value is `null`.
 * The operator does **not** handle duplicate resource names within the same network, it is up to you to ensure resource names are unique within the same network.
 * While the NetBird console will allow group names to contain commas, this is not allowed in `netbird.io/groups` annotation as commas are used as separators.
 * If a group already exists on NetBird console with the same name, NetBird Operator will use that group ID instead of creating a new group.
 * NetBird Operator will attempt to clean up any resources created, including groups created for resources.
-    * In case a group is used by resources that cannot be cleaned up by the operator, the operator will eventually ignore the group in NetBird.
-    * It's recommended to use unique groups per NetBird Operator installation to remove any possible conflicts.
-* NetBird Operator does not validate service annotations on update, as this may cause unnecessary overhead on any Service update.
+    * If a group is used by resources that the operator cannot clean up, the operator will eventually ignore the group in NetBird.
+    * It's recommended that unique groups be used per NetBird Operator installation to remove any possible conflicts.
+* The Operator does not validate service annotations on updates, as this may cause unnecessary overhead on any Service update.
 
 ### Managing Policies
 
@@ -102,11 +150,11 @@ ingress:
       - udp
       bidirectional: true # Optional, defaults to true
 ```
-2. Reference policy in Services using `netbird.io/policy=default`, this will add relevant ports and destination groups to Policy.
-3. (Optional) limit specific ports in exposed service by adding `netbird.io/policy-ports=443`.
-4. (Optional) limit specific protocol in exposed service by adding `netbird.io/policy-protocol=tcp`.
+2. Reference policy in Services using `netbird.io/policy=default`, this will add relevant ports and destination groups to policy.
+3. (Optional) Limit specific ports in exposed service by adding `netbird.io/policy-ports=443`.
+4. (Optional) Limit specific protocol in exposed service by adding `netbird.io/policy-protocol=tcp`.
 
 #### Notes
-* Each NBPolicy will only create policies in NetBird console when information provided is enough to create one. If there are no services acting as destination, or specified services do not conform to the protocol(s) defined, policy will not be created.
-* Each NBPolicy will create one Policy in NetBird console per protocol specified as long as protocol has destinations, this ensures better secured policies by separating ports for TCP and UDP.
-* Policies currently do not support ICMP protocol, as ICMP is not supported in kubernetes services, and there are [no current plans to support it](https://discuss.kubernetes.io/t/icmp-support-for-kubernetes-service/21738).
+* Each NBPolicy will only create policies in the NetBird console when the information provided is enough to create one. If no services act as a destination or specified services do not conform to the protocol(s) defined, the policy will not be created.
+* Each NBPolicy will create one policy in the NetBird console per protocol specified as long as the protocol has destinations; this ensures better-secured policies by separating ports for TCP and UDP.
+* Policies currently do not support ICMP protocol, as ICMP is not supported in Kubernetes services, and there are [no current plans to support it](https://discuss.kubernetes.io/t/icmp-support-for-kubernetes-service/21738).