update installation doc

documentation/installation.md

@@ -1,23 +1,28 @@
+<small>[documentation](/README.md#documentation) / Installation</small>
+
 # Installation
 
-The controller can be installed and operated in two ways: **Outside the cluster** and **Inside the cluster**. The controller **outside** the cluster is much more convenient to debug and verify changes in its code, so we can call it 'debug mode'. The controller **inside** the cluster is designed for use in the real world, and the **QA testing** should be performed when controller operate in this mode.
+To install Kyverno in your cluster run:
 
-
-## Inside the cluster (normal use)
-
-Just execute the command for creating all necesarry resources:
 `kubectl create -f definitions/install.yaml`
 
-In this mode controller will get TLS key/certificate pair and loads in-cluster config automatically on start.
-To check if the controller is working, find it in the list of kube-system pods:
+To check if the Kyverno controller
 
-`kubectl get pods -n kube-system`
+`kubectl get pods -n kyverno`
 
-The pod with controller contains **'kube-policy'** in its name. The STATUS column will show the health state of the controller. If controller doesn't start, see its logs:
+If the Kyverno controller doesn't start, you can check its status and logs:
 
-`kubectl describe pod <kube-policy-pod-name> -n kube-system`
+`kubectl describe pod <kyverno-pod-name> -n kyverno`
 
-or
+`kubectl logs <kyverno-pod-name> -n kyverno`
 
-`kubectl logs <kube-policy-pod-name> -n kube-system`
+# Installing in a Development Environment
 
+To run Kyverno in a development environment see: https://github.com/nirmata/kyverno/wiki/Building
+
+# Try Kyverno without a Kubernetes cluster
+
+To write and test policies without installing Kyverno in a Kubernetes cluster you can try the [Kyverno CLI](documentation/testing-policies-cli.md).
+
+
+<small>Read Next >> [Writing Policies](/documentation/writing-policies.md)</small>

documentation/writing-policies-validate.md

@@ -1 +1,7 @@
+<small>[documentation](/README.md#documentation) / Writing Policies [Writing Policies](/documentation/writing-policies.md) / Validate</small>
+
+
 # Policies that Validate Configurations 
+
+
+<small>Read Next >> [Mutate](/documentation/writing-policies-mutate.md)</small>

documentation/writing-policies.md

@@ -1 +1,41 @@
+<small>[documentation](/README.md#documentation) / Writing Policies</small>
+
 # Writing Policies
+
+A Kyverno policy contains a set of rules. Each rule matches resources by kind, name, or selectors.
+
+````yaml
+apiVersion : kyverno.io/v1alpha1
+kind : Policy
+metadata :
+  name : policy
+spec :
+
+  # Each policy has a list of rules applied in declaration order
+  rules:
+
+    # Rules must have a name
+    - name: "check-pod-controller-labels"
+      
+      # Each rule matches specific resource described by "resource" field.
+      resource:
+        kind: Deployment, StatefulSet, DaemonSet
+        # Name is optional. By default validation policy is applicable to any resource of supported kinds.
+        # Name supports wildcards * and ?
+        name: "*"
+        # Selector is optional and can be used to match specific resources
+        # Selector values support wildcards * and ?
+        selector:
+            # A selector can use match
+            matchLabels:
+                app: mongodb
+            matchExpressions:
+                - {key: tier, operator: In, values: [database]}
+
+
+     # Each rule can contain a single validate, mutate, or generate directive
+     ...
+````
+
+
+<small>Read Next >> [Validate](/documentation/writing-policies-validate.md)</small>