fix(values): correct installation values (#53)

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

Author: oliverbaehler

content/en/docs/operating/setup/installation.md

@@ -88,16 +88,16 @@ Generally we recommend to use [matchconditions](https://kubernetes.io/docs/refer
 
 #### Nodes
 
-There is a webhook which catches interactions with the Node resource. This Webhook is mainly interesting, when you make use of [Node Metadata](/docs/tenants/enforcement/#nodes). In any other case it will just case you problems. By default the webhook is enabled, but you can disable it by setting the following value:
+There is a webhook which catches interactions with the Node resource. This Webhook is mainly interesting, when you make use of [Node Metadata](/docs/tenants/enforcement/#nodes). In any other case it will just case you problems. By default the webhook is **disabled**, but you can enabled it by setting the following value:
 
 ```yaml
 webhooks:
   hooks:
     nodes:
-      enabled: false
+      enabled: true
 ```
 
-Or you could at least consider to set the failure policy to `Ignore`:
+Or you could at least consider to set the failure policy to `Ignore`, if you don't want to disrupt critical nodes:
 
 ```yaml
 webhooks:
@@ -132,10 +132,6 @@ webhooks:
         expression: '!("system:serviceaccounts:kube-system" in request.userInfo.groups)'
 ```
 
-## Compatibility
-
-The Kubernetes compatibility is announced for each [Release](https://github.com/projectcapsule/capsule/releases). Generally we are up to date with the latest upstream Kubernetes Version. Note that the Capsule project offers support only for the latest minor version of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by [vendors](/support/).
-
 ## GitOps
 
 There are no specific requirements for using Capsule with GitOps tools like ArgoCD or FluxCD. You can manage Capsule resources as you would with any other Kubernetes resource.
@@ -186,14 +182,13 @@ spec:
             capsuleUserGroups:
               - oidc:kubernetes-users
               - system:serviceaccounts:capsule-argo-addon
-        webhooks:
-          hooks:
-            nodes:
-              failurePolicy: Ignore
-        serviceMonitor:
-          enabled: true
-          annotations:
-            argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+        monitoring:
+          dashboards:
+            enabled: true
+          serviceMonitor:
+            enabled: true
+            annotations:
+              argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
         proxy:
           enabled: true
           webhooks:
@@ -263,7 +258,7 @@ spec:
   chart:
     spec:
       chart: capsule
-      version: "0.10.6"
+      version: "0.11.0"
       sourceRef:
         kind: HelmRepository
         name: capsule
@@ -291,12 +286,11 @@ spec:
         capsuleUserGroups:
           - oidc:kubernetes-users
           - system:serviceaccounts:capsule-argo-addon
-    webhooks:
-      hooks:
-        nodes:
-          failurePolicy: Ignore
-    serviceMonitor:
-      enabled: true
+    monitoring:
+      dashboards:
+        enabled: true
+      serviceMonitor:
+        enabled: true
     proxy:
       enabled: true
       webhooks:
@@ -387,3 +381,7 @@ To inspect the SBOM of the docker image, run the following command. Replace `<re
 To inspect the SBOM of the helm image, run the following command. Replace `<release_tag>` with an [available release tag](https://github.com/projectcapsule/capsule/pkgs/container/charts%2Fcapsule):
 
     COSIGN_REPOSITORY=ghcr.io/projectcapsule/charts/capsule cosign download sbom ghcr.io/projectcapsule/charts/capsule:<release_tag>
+
+## Compatibility
+
+The Kubernetes compatibility is announced for each [Release](https://github.com/projectcapsule/capsule/releases). Generally we are up to date with the latest upstream Kubernetes Version. Note that the Capsule project offers support only for the latest minor version of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by [vendors](/support/).

content/en/docs/tenants/permissions.md

@@ -216,6 +216,10 @@ spec:
     - capsule-namespace-deleter
     kind: User
     name: alice
+    labels:
+      projectcapsule.dev/sample: "true"
+    annotations:
+      projectcapsule.dev/sample: "true"
   resourceQuotas:
     scope: Tenant
 status:
@@ -248,6 +252,9 @@ items:
     labels:
       capsule.clastix.io/role-binding: 8fb969aaa7a67b71
       capsule.clastix.io/tenant: solar
+      projectcapsule.dev/sample: "true"
+    annotations:
+      projectcapsule.dev/sample: "true"
     name: capsule-solar-0-admin
     namespace: solar-production
     ownerReferences:
@@ -274,6 +281,9 @@ items:
     labels:
       capsule.clastix.io/role-binding: b8822dde20953fb1
       capsule.clastix.io/tenant: solar
+      projectcapsule.dev/sample: "true"
+    annotations:
+      projectcapsule.dev/sample: "true"
     name: capsule-solar-1-capsule-namespace-deleter
     namespace: solar-production
     ownerReferences:
@@ -457,6 +467,10 @@ spec:
     - apiGroup: rbac.authorization.k8s.io
       kind: User
       name: joe
+    labels:
+      projectcapsule.dev/sample: "true"
+    annotations:
+      projectcapsule.dev/sample: "true"
 EOF
 ```
 
@@ -536,8 +550,3 @@ roleRef:
 With the above example, Capsule is leaving the tenant owner to create namespaced custom resources.
 
 > Take Note: a tenant owner having the admin scope on its namespaces only, does not have the permission to create Custom Resources Definitions (CRDs) because this requires a cluster admin permission level. Only Bill, the cluster admin, can create CRDs. This is a known limitation of any multi-tenancy environment based on a single shared control plane.
-
-
-
-
-