Update README

Author: phlg

README.md

@@ -4,12 +4,12 @@ This Operator SDK based tool aims at managing S3 related resources (buckets, pol
 
 ## At a glance
 
-- Current S3 providers : [Minio](https://github.com/InseeFrLab/s3-operator/blob/main/controllers/s3/factory/minioS3Client.go) (a [mock](https://github.com/InseeFrLab/s3-operator/blob/main/controllers/s3/factory/mockedS3Client.go) implementation is also present for testing purposes)
+- Current S3 providers : [Minio](https://github.com/InseeFrLab/s3-operator/blob/main/controllers/s3/factory/minioS3Client.go)
 - Currently managed S3 resources : [buckets](https://github.com/InseeFrLab/s3-operator/blob/main/api/v1alpha1/bucket_types.go), [policies](https://github.com/InseeFrLab/s3-operator/blob/main/api/v1alpha1/policy_types.go)
 
 ## Compatibility
 
-So far, this operator has been tested with : 
+This operator has been successfully tested with : 
 
 - Kubernetes : 1.25, 1.26
 - MinIO : 2023-05-27T05:56:19Z
@@ -23,22 +23,156 @@ At its heart, the operator revolves around CRDs that match S3 resources :
 
 The custom resources based on these CRDs are a somewhat simplified projection of the real S3 resources. From the operator's point of view : 
 
-- A `Bucket` CR only has a name, a quota (actually two, more on this below), and optionally, a set of paths
-- A `Policy` CR has a name, and its actual content (IAM JSON)
+- A `Bucket` CR matches a S3 bucket, and only has a name, a quota (actually two, [see Bucket example in *Usage* section below](#bucket)), and optionally, a set of paths
+- A `Policy` CR matches a "canned" policy (not a bucket policy, but a global one, that can be attached to a user), and has a name, and its actual content (IAM JSON)
 
 Each custom resource based on these CRDs on Kubernetes is to be matched with a resource on the S3 instance. If the CR and the corresponding S3 resource diverge, the operator will create or update the S3 resource to bring it back to .
 
 Two important caveats : 
 
-- It is one-way - if something happens on the S3 side directly (instead of going through the CRs), the operator has no way of reacting. At best, the next trigger will overwrite the S3 state with the declared state in the k8s custom resource.
-- For now, the operator won't delete any resource on S3 - if a CR is removed, its matching resource on S3 will still be present. This behavior was primarily picked to avoid data loss for bucket, but also applied to policies - which could be debatable.
+- It is one-way - if something happens on the S3 side directly (instead of going through the CRs), the operator ha                      s no way of reacting. At best, the next trigger will overwrite the S3 state with the declared state in the k8s custom resource.
+- For now, the operator won't delete any resource on S3 - if a CR is removed, its matching resource on S3 will still be present. This behavior was primarily picked to avoid data loss for bucket, but also applied to policies.
 
----
+## Installation
+
+The S3 operator is provided either in source form through this repositoy, or already built as a Docker image available on [Docker Hub](https://hub.docker.com/r/inseefrlab/s3-operator).
+
+### Helm
+
+With this Docker image, the recommended way of installing S3 Operator on your cluster is to use the Helm chart provided in the dedicated repository : https://github.com/InseeFrLab/helm-charts/tree/master/charts/s3-operator. Among other things, the chart takes care of managing a (Kubernetes) ServiceAccount for the operator to run as. The most basic way of using this chart would be : 
+
+```shell
+helm repo add inseefrlab https://inseefrlab.github.io/helm-charts # or [helm repo update] if already available
+helm install <name> s3-operator --values <yaml-file/url>  # see below for the parameters
 ```
-NB : the remainder of this README comes from the auto-generated Operator SDK placeholder. As it remains a useful reference, it is left as is until it's replaced by a documentation more accurately focused on this operator.
+
+### Running from source
+
+Alternatively, if you just wish to try out the operator without actually, it is also possible to just clone this repository, and run the operator locally - outside of the Kubernetes cluster. This requires Go 1.19+ : 
+
+```shell
+git clone https://github.com/InseeFrLab/s3-operator.git # or use a tag/release
+cd s3-operator
+go run main.go --s3-endpoint-url *** --s3-access-key *** --s3-secret-key *** # see below for the parameters
 ```
----
 
+To quote the Operator SDK README (also visible below), running the operator this way *will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows).* RBAC-wise, you need to be able to freely manipulate the custom resources associated to the operator (`Bucket` and `Policy`) in every namespace - [see also the generated ClusterRole manifest](https://github.com/InseeFrLab/s3-operator/blob/main/config/rbac/role.yaml).
+
+### Kustomize
+
+Finally, as this operator was generated through Operator SDK, it should be possible to use kustomize to bootstrap the operator as well. Though this method is untested by the maintainers of the project, the Operator SDK generated guidelines ([see below](#operator-sdk-generated-guidelines)) might help in making use of the various kustomize configuration files, possibly through the use of `make`.
+
+## Configuration
+
+The operator exposes a few parameters, meant to be set as arguments, though it's possible to use environment variables for some of them. When an environment variable is available, it takes precedence over the flag. 
+
+The parameters are summarized in the table below :
+
+|            Flag name            |     Default      | Environment variable | Multiple values allowed | Description |
+|---------------------------------|------------------|----------------------|-------------------------|-------------|
+| `health-probe-bind-address`     | `:8081`          | -                    | no  | The address the probe endpoint binds to. Comes from Operator SDK.
+| `leader-elect`                  | `false`          | -                    | no  | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. Comes from Operator SDK.
+| `metrics-bind-address`          | `:8080`          | -                    | no  | The address the metric endpoint binds to. Comes from Operator SDK.
+| `region`                        | `us-east-1`      | -                    | no  | The region to configure for the S3 client.
+| `s3-access-key`                 | -                | `S3_ACCESS_KEY`      | no  | The access key used to interact with the S3 server.
+| `s3-ca-certificate-base64`      | -                | -                    | yes | (Optional) Base64 encoded, PEM format CA certificate, for https requests to the S3 server.
+| `s3-ca-certificate-bundle-path` | -                | -                    | no  | (Optional) Path to a CA certificates bundle file, for https requests to the S3 server.
+| `s3-endpoint-url`               | `localhost:9000` | -                    | no  | Hostname (or hostname:port) of the S3 server.
+| `s3-provider`                   | `minio`          | -                    | no  | S3 provider (possible values : `minio`, `mockedS3Provider`)
+| `s3-secret-key`                 | -                | `S3_SECRET_KEY`      | no  | The secret key used to interact with  the S3 server.
+| `useSsl`                        | `true`           | -                    | no  | Use of SSL/TLS to connect to the S3 server
+
+
+## Usage
+
+- The first step is to install the CRDs in your Kubernetes cluster. The Helm chart will do just that, but it is also possible to do it manually - the manifests are in the [`config/crd/bases`](https://github.com/InseeFrLab/s3-operator/tree/main/config/crd/bases) folder.
+- With the CRDs available and the operator running, all that's left is to create some custom resources - you'll find some commented examples in the subsections below.
+- As soon as a custom resource is created, the operator will react, and create or update a S3 resource accordingly.
+- The same will happen if you modify a CR - the operator will adjust the S3 bucket or policy accordingly - with the notable exception that it will not delete paths for buckets.
+- Upon deleting a CR, the corresponding bucket or policy will be left as is, as mentioned in the [*Description* section above](#description)
+
+### Bucket example
+
+```yaml
+apiVersion: s3.onyxia.sh/v1alpha1
+kind: Bucket
+metadata:
+  labels:
+    app.kubernetes.io/name: bucket
+    app.kubernetes.io/instance: bucket-sample
+    app.kubernetes.io/part-of: s3-operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: s3-operator
+  name: bucket-sample
+spec:
+  # Bucket name (on S3 server, as opposed to the name of the CR)
+  name: dummy-bucket
+
+  # Paths to create on the bucket 
+  # As it is not possible to create empty paths on a S3 server, (limitation of either S3,
+  # or at least Minio, the only currently implemented provider), this will actually create
+  # a .keep file at the deepest folder in the path.
+  paths:
+    - a_path
+    - another/deeper/path
+  
+  # Quota to set on the bucket, in bytes (so 1000000000 would be 1GB).
+  # This is split over two different parameters, although there is only one actual quota
+  #   - "default" is required, and is used as the baseline
+  #   - "override" is optional, and as the name implies, takes precedence over "default"
+  # Though clumsy, this pattern (for lack of a better word) allows to easily track the growth
+  # of any given bucket. If this is not useful to you, you can safely skip using "override".
+  quota:
+    default: 10000000    
+    # override: 20000000
+
+```
+
+### Policy example
+
+```yaml
+apiVersion: s3.onyxia.sh/v1alpha1
+kind: Policy
+metadata:
+  labels:
+    app.kubernetes.io/name: policy
+    app.kubernetes.io/instance: policy-sample
+    app.kubernetes.io/part-of: s3-operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: s3-operator
+  name: policy-sample
+spec:
+  # Policy name (on S3 server, as opposed to the name of the CR)
+  name: dummy-policy
+
+  # Content of the policy, as a multiline string 
+  # This should be IAM compliant JSON - follow the guidelines of the actual
+  # S3 provider you're using, as sometimes only a subset is available.
+  policyContent: >-
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "s3:*"
+        ],
+        "Resource": [
+          "arn:aws:s3:::dummy-bucket",
+          "arn:aws:s3:::dummy-bucket/*"
+        ]
+      }
+      ]
+    }
+
+
+```
+
+## Operator SDK generated guidelines
+
+<details>
+
+<summary><strong>Click to fold / unfold</strong></summary>
 
 ## Getting Started
 
@@ -79,7 +213,6 @@ make undeploy
 ```
 
 ## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
 
 ### How it works
 This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
@@ -112,3 +245,5 @@ make manifests
 **NOTE:** Run `make --help` for more information on all potential `make` targets
 
 More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
+
+</details>