docs: add badges and update examples section

- Add CI, Go Report Card, GoDoc, and codecov badges
- Update examples section with table listing both examples

Author: jimyag

README.md

@@ -1,5 +1,10 @@
 # auto-cert-webhook
 
+[![Go](https://github.com/jimyag/auto-cert-admission/actions/workflows/check.yaml/badge.svg)](https://github.com/jimyag/auto-cert-admission/actions/workflows/check.yaml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/jimyag/auto-cert-webhook)](https://goreportcard.com/report/github.com/jimyag/auto-cert-webhook)
+[![GoDoc](https://pkg.go.dev/badge/github.com/jimyag/auto-cert-webhook)](https://pkg.go.dev/github.com/jimyag/auto-cert-webhook)
+[![codecov](https://codecov.io/gh/jimyag/auto-cert-admission/branch/main/graph/badge.svg)](https://codecov.io/gh/jimyag/auto-cert-admission)
+
 A lightweight framework for building Kubernetes admission webhooks with automatic TLS certificate management.
 
 ## Features
@@ -148,7 +153,7 @@ webhooks:
       name: my-webhook
       namespace: default
       path: /mutate-pods
-      port: 8443
+      port: 443
     caBundle: ""  # auto-populated by the framework
   rules:
   - operations: ["CREATE"]
@@ -179,12 +184,35 @@ rules:
 
 ## Environment Variables
 
+All configuration options can be set via environment variables with the `ACW_` prefix. Configuration priority: **code > environment variables > defaults**.
+
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `POD_NAMESPACE` | Namespace for certificate secrets | Auto-detected from ServiceAccount |
+| `ACW_NAME` | Webhook name (required if not set in code) | - |
+| `ACW_NAMESPACE` | Namespace for webhook resources | Auto-detected |
+| `ACW_SERVICE_NAME` | Kubernetes service name | `<Name>` |
+| `ACW_PORT` | Webhook server port | `8443` |
+| `ACW_METRICS_ENABLED` | Enable metrics server | `true` |
+| `ACW_METRICS_PORT` | Metrics server port | `8080` |
+| `ACW_METRICS_PATH` | Metrics endpoint path | `/metrics` |
+| `ACW_HEALTHZ_PATH` | Health check endpoint path | `/healthz` |
+| `ACW_READYZ_PATH` | Readiness endpoint path | `/readyz` |
+| `ACW_CA_SECRET_NAME` | CA certificate secret name | `<Name>-ca` |
+| `ACW_CERT_SECRET_NAME` | Server certificate secret name | `<Name>-cert` |
+| `ACW_CA_BUNDLE_CONFIGMAP_NAME` | CA bundle configmap name | `<Name>-ca-bundle` |
+| `ACW_CA_VALIDITY` | CA certificate validity (e.g., `48h`) | `48h` |
+| `ACW_CA_REFRESH` | CA certificate refresh interval | `24h` |
+| `ACW_CERT_VALIDITY` | Server certificate validity | `24h` |
+| `ACW_CERT_REFRESH` | Server certificate refresh interval | `12h` |
+| `ACW_LEADER_ELECTION` | Enable leader election | `true` |
+| `ACW_LEADER_ELECTION_ID` | Leader election lease name | `<Name>-leader` |
+| `ACW_LEASE_DURATION` | Leader election lease duration | `30s` |
+| `ACW_RENEW_DEADLINE` | Leader election renew deadline | `10s` |
+| `ACW_RETRY_PERIOD` | Leader election retry period | `5s` |
+| `POD_NAMESPACE` | Namespace (backward compatibility) | Auto-detected |
 | `POD_NAME` | Pod identity for leader election | hostname |
 
-The namespace is automatically detected from `/var/run/secrets/kubernetes.io/serviceaccount/namespace` (mounted by Kubernetes). You only need to set `POD_NAMESPACE` if running outside a Kubernetes cluster or without a ServiceAccount.
+The namespace is automatically detected from `/var/run/secrets/kubernetes.io/serviceaccount/namespace` (mounted by Kubernetes). You only need to set `ACW_NAMESPACE` or `POD_NAMESPACE` if running outside a Kubernetes cluster or without a ServiceAccount.
 
 ## Metrics
 
@@ -211,6 +239,22 @@ groups:
       summary: "Webhook certificate expiring in less than 7 days"
 ```
 
+## Examples
+
+Complete working examples with deployment manifests and test scripts:
+
+| Example | Type | Description |
+|---------|------|-------------|
+| [pod-mutating](./examples/pod-mutating) | Mutating Webhook | Injects labels into pods automatically |
+| [pod-validating](./examples/pod-validating) | Validating Webhook | Enforces pod policies (labels, image tags, resource limits) |
+
+Each example includes:
+- Complete Go implementation
+- Dockerfile for container builds
+- Makefile with `docker-build-push`, `deploy`, `undeploy`, and `test` targets
+- Kubernetes manifests (namespace, RBAC, deployment, service, webhook configuration)
+- Test script for validation
+
 ## License
 
 Apache-2.0