From 8e3a582f75627840f8c745bea651919b533ea8ad Mon Sep 17 00:00:00 2001
From: Arlan Lloyd <arlanlloyd@gmail.com>
Date: Tue, 18 Nov 2025 22:20:32 +0000
Subject: [PATCH] update docs

---
 chart/README.md | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/chart/README.md b/chart/README.md
index 4300e210..d084bd64 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -23,7 +23,7 @@ extraObjects:
     stringData:
       postgres_user: kyoo_all
       postgres_password: watchSomething4me
-      scanner_apikey: scanner-triquarter4u
+      scanner_apikey: triquarter4u
   - kind: PersistentVolumeClaim
     apiVersion: v1
     metadata:
@@ -43,14 +43,8 @@ values.yaml configuration
 # specify external hosts for resources
 global:
   postgres:
-    kyoo_api:
-      host: postgres
-    kyoo_auth:
-      host: postgres
-    kyoo_transcoder:
-      host: postgres
-    kyoo_scanner:
-      host: postgres
+    shared:
+      host: postgres-cluster01.databases
 # specify hardware resources
 transcoder:
   kyoo_transcoder:
@@ -86,7 +80,7 @@ stringData:
   tvdb_pin: ""
   postgres_user: kyoo_all
   postgres_password: watchSomething4me
-  scanner_apikey: scanner-triquarter4u
+  scanner_apikey: triquarter4u
 ```
 
 # Additional Notes
@@ -99,7 +93,7 @@ Subcharts are updated frequently and subject to changes.  This chart includes su
 # v5 Middleware Requirement
 Starting with v5, Kyoo leverages middleware for offloading auth from the microservices onto a gateway.  For additional reading, please see gateway-api sigs [documentation](https://gateway-api.sigs.k8s.io/geps/gep-1494/). 
 
-This Helm chart provides a few choices as most ingress/gatewayapi controllers do not currently support PhantomToken auth.  
+This Helm chart provides a few options as most ingress/gatewayapi controllers do not currently support ForwardAuth middleware.
 
 ## Add TraefikProxy (Default)
 By default, this chart will deploy TraefikProxy behind the existing ingress/gateway resources.  TraefikProxy hop is added and configured to handle ForwardAuth.  This approach offers the most compatibility and requires the least amount of change from the user perspective.
@@ -108,6 +102,6 @@ By default, this chart will deploy TraefikProxy behind the existing ingress/gate
 Instead of using an additional hop, Traefik can be exposed via LoadBalancer.  To do this securely, please be sure to mount and configuring the TLS certificate inside of Traefik.
 
 ## Ingress/GatewayApi (WIP)
-Disable the integrated TraefikProxy and adopt a controller that supports PhantomToken auth.  This option will offer the most Kubernetes native experience.
+Disable the integrated TraefikProxy and adopt a controller that supports ForwardAuth middleware.  This option will offer the most Kubernetes native experience.
 
 This is a work in progress.  One of the challenges is that microserice to microservice communication relies upon this middleware as well.  Pointing microservices to Ingress/Gateway service address is not enough since those leverage Layer7 hosts for routing traffic--unless we create a dedicated one that routes all hosts to Kyoo.
\ No newline at end of file