From 85cfa7285be060366a984e25c1d3dbb926afcf98 Mon Sep 17 00:00:00 2001
From: Franco Hielpos <48300215+fhielpos@users.noreply.github.com>
Date: Thu, 5 Oct 2023 14:23:13 +0200
Subject: [PATCH] Update README (#18)

---
 README.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9fa65d9..de9c34b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,57 @@
+[![CircleCI](https://dl.circleci.com/status-badge/img/gh/giantswarm/exception-recommender/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/giantswarm/exception-recommender/tree/main)
+
 # exception-recommender chart
 
-The `exception-recommender` Helm chart creates PolicyExceptionDrafts that can be used as a base model for Kyverno PolicyExceptions. The Drafts are created from PolicyReports for the "Pod Security Standard" Policy categories. 
+The `exception-recommender` Helm chart creates PolicyExceptionDrafts that can be used as a base model for Giant Swarm PolicyExceptions. These drafts are generated based on PolicyReports within the "Pod Security Standard" Policy categories.
+
+### PolicyExceptionDraft example
+
+Below is an example of a generated PolicyExceptionDraft generated by the app. This specific draft exempts the `my-custom-operator` Deployment in the `default` namespace from the `disallow-privilege-escalation` and `require-run-as-nonroot policies`:
+
+```yaml
+apiVersion: policy.giantswarm.io/v1alpha1
+kind: PolicyExceptionDraft
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: exception-recommender
+  name: my-custom-operator
+  namespace: policy-exceptions
+spec:
+  policies:
+  - disallow-privilege-escalation
+  - require-run-as-nonroot
+  targets:
+  - kind: Deployment
+    names:
+    - my-custom-operator*
+    namespaces:
+    - default
+```
+
+It's crucial to understand that this object alone does not modify policy behavior. It serves as a preliminary draft for a Giant Swarm PolicyException. To make this exception effective, users must apply a modified version of this object, removing the `Draft` suffix from the Kind, as shown below:
+
+### Resulting Giant Swarm PolicyException
+```yaml
+apiVersion: policy.giantswarm.io/v1alpha1
+kind: PolicyException
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: exception-recommender
+  name: my-custom-operator
+  namespace: policy-exceptions
+spec:
+  policies:
+  - disallow-privilege-escalation
+  - require-run-as-nonroot
+  targets:
+  - kind: Deployment
+    names:
+    - my-custom-operator*
+    namespaces:
+    - default
+```
+
+**Note:** This requires to have [kyverno-policy-operator](https://github.com/giantswarm/kyverno-policy-operator/) installed
 
 ## Installing