From a2c0796944353940f17566a59ab36238929850c1 Mon Sep 17 00:00:00 2001
From: Mykola Marusenko <mykola_marusenko@epam.com>
Date: Sun, 18 Feb 2024 17:52:41 +0200
Subject: [PATCH] docs: Add description for secretManager parameter (#27)

Change-Id: Ia7e0b1f83db63d195a264cae3f27069dc3b23797
---
 deploy-templates/README.md   |  2 +-
 deploy-templates/values.yaml | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/deploy-templates/README.md b/deploy-templates/README.md
index 40986e1..2e23eb1 100644
--- a/deploy-templates/README.md
+++ b/deploy-templates/README.md
@@ -34,7 +34,7 @@ A Helm chart for EDP CD Pipeline Operator
 | resources.limits.memory | string | `"192Mi"` |  |
 | resources.requests.cpu | string | `"50m"` |  |
 | resources.requests.memory | string | `"64Mi"` |  |
-| secretManager | string | `"none"` | flag that indicates whether the operator should manage secrets for stages; values: own/eso/none. own - just copy secrets; eso - secrete will be managed by External Secrets Operator(operator should be installed in the cluster: https://epam.github.io/edp-install/operator-guide/install-external-secrets-operator/); none - not enable secrets management logic; |
+| secretManager | string | `"none"` | Flag indicating whether the operator should manage secrets for stages. This parameter controls the provisioning of the 'regcred' secret within deployed environments, facilitating access to private container registries. Set the parameter to "none" under the following conditions:   - If 'global.dockerRegistry.type=ecr' and IRSA is enabled, or   - If 'global.dockerRegistry.type=openshift'. For private registries, choose the most appropriate method to provide credentials to deployed environments. Refer to the guide for managing container registries (https://epam.github.io/edp-install/user-guide/manage-container-registries/). Possible values: own/eso/none.   - own: Copies the secret once from the parent namespace, without subsequent reconciliation. If updated in the parent namespace, manual updating in all created namespaces is required.   - eso: The secret will be managed by the External Secrets Operator (requires installation and configuration in the cluster: https://epam.github.io/edp-install/operator-guide/install-external-secrets-operator/).   - none: Disables secrets management logic. |
 | tenancyEngine | string | `"none"` | defines the type of the tenant engine that can be "none", "kiosk" or "capsule"; for Stages with external cluster tenancyEngine will be ignored |
 | tolerations | list | `[]` |  |
 
diff --git a/deploy-templates/values.yaml b/deploy-templates/values.yaml
index 7155c92..03f7381 100644
--- a/deploy-templates/values.yaml
+++ b/deploy-templates/values.yaml
@@ -94,9 +94,14 @@ resources:
 # -- should the operator manage(create/delete) namespaces for stages
 manageNamespace: true
 
-# -- flag that indicates whether the operator should manage secrets for stages;
-# values: own/eso/none.
-# own - just copy secrets;
-# eso - secrete will be managed by External Secrets Operator(operator should be installed in the cluster: https://epam.github.io/edp-install/operator-guide/install-external-secrets-operator/);
-# none - not enable secrets management logic;
+# -- Flag indicating whether the operator should manage secrets for stages.
+# This parameter controls the provisioning of the 'regcred' secret within deployed environments, facilitating access to private container registries.
+# Set the parameter to "none" under the following conditions:
+#   - If 'global.dockerRegistry.type=ecr' and IRSA is enabled, or
+#   - If 'global.dockerRegistry.type=openshift'.
+# For private registries, choose the most appropriate method to provide credentials to deployed environments. Refer to the guide for managing container registries (https://epam.github.io/edp-install/user-guide/manage-container-registries/).
+# Possible values: own/eso/none.
+#   - own: Copies the secret once from the parent namespace, without subsequent reconciliation. If updated in the parent namespace, manual updating in all created namespaces is required.
+#   - eso: The secret will be managed by the External Secrets Operator (requires installation and configuration in the cluster: https://epam.github.io/edp-install/operator-guide/install-external-secrets-operator/).
+#   - none: Disables secrets management logic.
 secretManager: none