From 14099e3b98b397e177667579efbe4eec7684b6e2 Mon Sep 17 00:00:00 2001
From: Jonny Stoten <jonny.stoten@docker.com>
Date: Tue, 11 Jun 2024 10:58:45 +0100
Subject: [PATCH] Fix getting started instructions in README

and add Makefile task for rebuild and reload
---
 Makefile  |  9 ++++++++-
 README.md | 25 ++++++++++++++++++++-----
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index d64abb8..12d7113 100644
--- a/Makefile
+++ b/Makefile
@@ -34,4 +34,11 @@ docker-buildx: docker-buildx-builder
 
 .PHONY: kind-load-image
 kind-load-image:
-	kind load docker-image ${IMG} --name gatekeeper
+	kind load docker-image ${IMG}
+
+.PHONY: rollout-restart
+rollout-restart:
+	kubectl -n security rollout restart deployment/attest-provider
+
+.PHONY: reload
+reload: docker-buildx kind-load-image rollout-restart
diff --git a/README.md b/README.md
index 5b81900..b5a98de 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,10 @@ OPA Gatekeeper external data provider implementation for Docker attest library i
 
 1. Create a [kind cluster](https://kind.sigs.k8s.io/docs/user/quick-start/).
 
+```bash
+kind create cluster
+```
+
 2. Install the latest version of Gatekeeper and enable the external data feature.
 
 ```bash
@@ -23,6 +27,9 @@ helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
 helm install gatekeeper/gatekeeper \
     --set enableExternalData=true \
     --set validatingWebhookFailurePolicy=Fail \
+    --set validatingWebhookTimeoutSeconds=30 \
+    --set postInstall.probeWebhook.enabled=false \
+    --set postInstall.labelNamespace.enabled=false \
     --name-template=gatekeeper \
     --namespace security \
     --create-namespace
@@ -61,31 +68,33 @@ helm install attest-provider charts/external-data-provider \
     --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
     --namespace "${NAMESPACE:-gatekeeper-system}" \
     --create-namespace
+```
 
-4a. Install constraint template and constraint.
+4. Install constraint template and constraint.
 
 ```bash
 kubectl apply -f validation/attest-constraint-template.yaml
 kubectl apply -f validation/attest-constraint.yaml
 ```
 
-4b. Test the external data provider by dry-running the following command:
+5. Test the external data provider by dry-running the following command:
 
 ```bash
 kubectl create ns test
-kubectl run nginx -n test --dry-run=server -ojson
+kubectl run nginx --image nginx -n test --dry-run=server -ojson
 ```
 
 Gatekeeper should deny the pod admission above because the image `nginx` is missing signed annotations but has an image policy in tuf-staging.
 
 TODO: implement mutating policy (tag -> digest)
-<!-- 5a. Install Assign mutation.
+
+<!-- 6. Install Assign mutation.
 
 ```bash
 kubectl apply -f mutation/external-data-provider-mutation.yaml
 ```
 
-5b. Test the external data provider by dry-running the following command:
+7. Test the external data provider by dry-running the following command:
 
 ```bash
 kubectl run nginx --image=nginx --dry-run=server -ojson
@@ -103,6 +112,12 @@ The expected JSON output should have the following image field with `_valid` app
 ]
 ``` -->
 
+1. To reload the attest-provider image after making changes, run the following command:
+
+```bash
+make reload
+```
+
 1. Uninstall the external data provider and Gatekeeper.
 
 ```bash