docs: update usage and add installation section

aabouzaid · aabouzaid · commit 71a366ed5a6e · 2025-06-04T07:13:45.000+02:00
diff --git a/README.md b/README.md
@@ -28,6 +28,14 @@ For some use cases when a tight security access is required, users should only h
 
 For example, you can use `kube-rbac-extractor` to limit the user's access to the kinds used in a specific Helm chart.
 
+## Installation
+
+Download pre-compiled binary from [GitHub releases](https://github.com/DevOpsHiveHQ/kube-rbac-extractor/releases) page, or use Docker image:
+
+```
+ghcr.io/devopshivehq/kube-rbac-extractor:latest
+```
+
 ## Usage
 
 ```
@@ -37,11 +45,16 @@ Usage of kube-rbac-extractor:
   --cluster
     	Generate ClusterRole instead of Role
   --extra-schema string
-    	Path to extra kinds schema RBAC JSON file for custom resources
+    	Path to extra kinds RBAC schema JSON file for custom resources
   --name string
     	Metadata name for the Role/ClusterRole (default "access")
   --namespace string
     	Namespace for Role (ignored for ClusterRole)
+  --resource-names
+    	Include resourceNames from manifest metadata.name in the rules
+  --role-binding-subjects string
+    	Generate RoleBinding/ClusterRoleBinding using comma-separated list of subjects to bind the role to
+      (e.g., User:alice,Group:devs,ServiceAccount:ns:sa)
 ```
 
 ## Example
diff --git a/main.go b/main.go
@@ -332,10 +332,11 @@ func main() {
 	namespace := flag.String("namespace", "", "Namespace for Role (ignored for ClusterRole)")
 	extraSchemaPath := flag.String("extra-schema", "", "Path to extra kinds RBAC schema JSON file for custom resources")
 	includeResourceNames := flag.Bool("resource-names", false, "Include resourceNames from manifest metadata.name in the rules")
-	roleBindingSubjects := flag.String("role-binding-subjects", "", "Comma-separated list of subjects to bind the role to (e.g., User:alice,Group:devs,ServiceAccount:ns:sa)")
+	generateRoleBindingSubjects := flag.String("role-binding-subjects", "",
+		"Generate RoleBinding/ClusterRoleBinding using comma-separated list of subjects to bind the role to (e.g., User:alice,Group:devs,ServiceAccount:ns:sa)")
 	flag.Parse()
 
-	sk, err := loadSchemaKindsRBAC(schemaKindsJSON, *extraSchemaPath)
+	schemaKinds, err := loadSchemaKindsRBAC(schemaKindsJSON, *extraSchemaPath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed to load kinds RBAC schema data: %v\n", err)
 		os.Exit(1)
@@ -347,12 +348,12 @@ func main() {
 		os.Exit(1)
 	}
 
-	rules := parseManifests(string(input), sk, *access, *includeResourceNames)
+	rules := parseManifests(string(input), schemaKinds, *access, *includeResourceNames)
 
 	roleKind := "Role"
 	if *cluster {
 		roleKind = "ClusterRole"
 	}
 
-	outputRoleAndBinding(*cluster, *name, *namespace, rules, *roleBindingSubjects, roleKind)
+	outputRoleAndBinding(*cluster, *name, *namespace, rules, *generateRoleBindingSubjects, roleKind)
 }
