kubernetes-sigs · AvineshTripathi · Feb 28, 2026 · Mar 1, 2026 · Mar 3, 2026 · Mar 4, 2026
diff --git a/Makefile b/Makefile
@@ -218,10 +218,14 @@ build-installer: build-manifests-temp ## Generate CRDs and deployment manifests
 	# Generate CRDs only
 	$(KUSTOMIZE) build config/crd > dist/crds.yaml
 	@echo "Generated dist/crds.yaml"
-	# Generate controller deployment without CRDs
+	# Generate standard installation (core controller only) manifest without CRDs
 	cp $(BUILD_DIR)/manifests.yaml dist/install.yaml
 	@echo "Generated dist/install.yaml with image ${IMG_PREFIX}:${IMG_TAG}"
-	@echo "NOTE: Install crds.yaml first, then install.yaml. Deployment runs on any available node by default."
+	# Generate full installation (with features: Metrics, TLS, webhook) manifest
+	$(MAKE) build-manifests-temp ENABLE_METRICS=true ENABLE_TLS=true ENABLE_WEBHOOK=true
+	cp $(BUILD_DIR)/manifests.yaml dist/install-full.yaml
+	@echo "Generated dist/install-full.yaml (Features: Metrics, TLS, Webhook - Requires cert-manager)"
+	@echo "Check https://node-readiness-controller.sigs.k8s.io/user-guide/installation.html for installation instructions."
 
 ## --------------------------------------
 ## Deployment

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v0.2.0
+v0.2.1
diff --git a/docs/book/src/releases.md b/docs/book/src/releases.md
@@ -2,6 +2,103 @@
 
 This page details the official releases of the Node Readiness Controller.
 
+## v0.2.0
+
+**Date:** 2026-02-28
+
+This release brings several new features, including a validating admission webhook that validates `NodeReadinessRule` configurations, prevents conflicting rules with overlapping node selectors, and warns against risky `NoExecute` enforcement. It also introduces metrics manifests natively integrated with Kustomize, which includes support for secure metrics via TLS. Finally, this release includes major documentation improvements.
+
+### Release Notes
+
+#### Features & Enhancements
+- Add webhook as kustomize component ([#122](https://github.com/kubernetes-sigs/node-readiness-controller/pull/122))
+- Enable metrics manifests ([#79](https://github.com/kubernetes-sigs/node-readiness-controller/pull/79)) 
+- Use `status.patch` api for node updates ([#104](https://github.com/kubernetes-sigs/node-readiness-controller/pull/104))
+- Mark controller as `system-cluster-critical` to prevent eviction ([#108](https://github.com/kubernetes-sigs/node-readiness-controller/pull/108))
+- Enhance Dockerfiles and bump Go module version ([#113](https://github.com/kubernetes-sigs/node-readiness-controller/pull/113))
+- Add `build-installer` make target to create CRD and install manifests ([#95](https://github.com/kubernetes-sigs/node-readiness-controller/pull/95), [#93](https://github.com/kubernetes-sigs/node-readiness-controller/pull/93))
+- Add a pull request template ([#110](https://github.com/kubernetes-sigs/node-readiness-controller/pull/110))
+- Restrict NodeReadinessRuleSpec.Taint to "readiness.k8s.io/" prefix ([#112](https://github.com/kubernetes-sigs/node-readiness-controller/pull/112))
+
+#### Bug Fixes
+- Fix dev-container: disable moby in newer version of debian ([#127](https://github.com/kubernetes-sigs/node-readiness-controller/pull/127))
+- Add missing boilerplate headers in `metrics.go` ([#119](https://github.com/kubernetes-sigs/node-readiness-controller/pull/119))
+- Update path to logo in README ([#115](https://github.com/kubernetes-sigs/node-readiness-controller/pull/115))
+
+#### Code Cleanup & Maintenance
+- Remove unused `globalDryRun` feature ([#123](https://github.com/kubernetes-sigs/node-readiness-controller/pull/123), [#130](https://github.com/kubernetes-sigs/node-readiness-controller/pull/130))
+- Bump versions for devcontainer and golangci-kal ([#132](https://github.com/kubernetes-sigs/node-readiness-controller/pull/132))
+- Add release automation workflow ([#144](https://github.com/kubernetes-sigs/node-readiness-controller/pull/144))
+
+#### Documentation & Examples
+- Document `NoExecute` taint risks and add admission warning ([#120](https://github.com/kubernetes-sigs/node-readiness-controller/pull/120))
+- Updates on getting-started guide and installation docs ([#135](https://github.com/kubernetes-sigs/node-readiness-controller/pull/135), [#92](https://github.com/kubernetes-sigs/node-readiness-controller/pull/92))
+- Add example for security agent readiness ([#101](https://github.com/kubernetes-sigs/node-readiness-controller/pull/101))
+- Managing CNI-readiness with node-readiness-controller and switch reporter to daemonset ([#99](https://github.com/kubernetes-sigs/node-readiness-controller/pull/99), [#116](https://github.com/kubernetes-sigs/node-readiness-controller/pull/116))
+- Update cni-patcher to use `registry.k8s.io` image ([#96](https://github.com/kubernetes-sigs/node-readiness-controller/pull/96))
+- Add video demo ([#114](https://github.com/kubernetes-sigs/node-readiness-controller/pull/114)) and update heptagon logo ([#109](https://github.com/kubernetes-sigs/node-readiness-controller/pull/109))
+- Remove stale `docs/spec.md` ([#126](https://github.com/kubernetes-sigs/node-readiness-controller/pull/126))
+
+### Images
+
+The following container images are published as part of this release.
+
+```
+// Node readiness controller
+registry.k8s.io/node-readiness-controller/node-readiness-controller:v0.2.0
+
+// Report component readiness condition from the node
+registry.k8s.io/node-readiness-controller/node-readiness-reporter:v0.2.0
+
+```
+
+### Installation
+
+**Prerequisites**: If you plan to install with all optional features enabled (`install-full.yaml`), you must have [cert-manager](https://cert-manager.io/docs/installation/) installed in your cluster.
+
+To install the CRDs, apply the `crds.yaml` manifest for this version:
+
+```sh
+kubectl apply -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/v0.2.0/crds.yaml
+```
+
+To install the controller, choose one of the following manifests based on your requirements:
+
+| Manifest | Contents | Prerequisites |
+| :--- | :--- | :--- |
+| **`install.yaml`** | Core Controller | None |
+| **`install-full.yaml`** | Core Controller + Metrics (Secure) + Validation Webhook | `cert-manager` |
+
+**Standard Installation (Minimal):**
+The simplest way to deploy the controller with no external dependencies.
+
+```sh
+kubectl apply -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/v0.2.0/install.yaml
+```
+
+**Full Installation (Production Ready):**
+Includes secure metrics (TLS-protected) and validating webhooks for rule conflict prevention. **Requires [cert-manager](https://cert-manager.io/docs/installation/)** to be installed in your cluster.
+
+```sh
+kubectl apply -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/v0.2.0/install-full.yaml
+```
+
+This will deploy the controller into any available node in the `nrr-system` namespace in your cluster. Check [here](https://node-readiness-controller.sigs.k8s.io/user-guide/installation.html) for more detailed installation instructions.
+
+### Contributors
+
+- ajaysundark
+- arnab-logs
+- AvineshTripathi
+- GGh41th
+- Hii-Himanshu
+- ketanjani21
+- knechtionscoding
+- OneUpWallStreet
+- pehlicd
+- Priyankasaggu11929
+- sats-23
+
 ## v0.1.1
 
 **Date:** 2026-01-19

diff --git a/docs/book/src/user-guide/installation.md b/docs/book/src/user-guide/installation.md
@@ -2,9 +2,13 @@
 
 Follow this guide to install the Node Readiness Controller in your Kubernetes cluster.
 
+## Prerequisites
+
+If you plan to use the `install-full.yaml` option (which includes secure metrics and the validating admission webhook), you must first have [cert-manager](https://cert-manager.io/docs/installation/) installed in your cluster.
+
 ## Deployment Options
 
-### Option 1: Install Official Release (Recommended)
+### Option 1: Official Release (Recommended)
 
 First, to install the CRDs, apply the `crds.yaml` manifest:
 
@@ -16,12 +20,29 @@ kubectl wait --for condition=established --timeout=30s crd/nodereadinessrules.re
 
 ```
 
-To install the controller, apply the `install.yaml` manifest:
+#### 2. Install the Controller
+
+Choose one of the two following manifests based on your requirements:
+
+| Manifest | Contents | Prerequisites |
+| :--- | :--- | :--- |
+| **`install.yaml`** | Core Controller | None |
+| **`install-full.yaml`** | Core Controller + Metrics (Secure) + Validation Webhook | `cert-manager` |
+
+**Standard Installation (Minimal):**
+The simplest way to deploy the controller with no external dependencies.
 
 ```sh
 kubectl apply -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/${VERSION}/install.yaml
 ```
 
+**Full Installation (Production Ready):**
+Includes secure metrics (TLS-protected) and validating webhooks for rule conflict prevention. **Requires [cert-manager](https://cert-manager.io/docs/installation/)** to be installed in your cluster.
+
+```sh
+kubectl apply -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/${VERSION}/install-full.yaml
+```
+
 This will deploy the controller into the `nrr-system` namespace on any available node in your cluster.
 
 #### Controller priority
@@ -41,16 +62,22 @@ REPO="registry.k8s.io/node-readiness-controller/node-readiness-controller"
 TAG=$(skopeo list-tags docker://$REPO | jq .'Tags[-1]' | tr -d '"')
 docker pull $REPO:$TAG
 ```
-### Option 2: Deploy Using Kustomize
+### Option 2: Advanced Deployment (Kustomize)
+
+If you need deeper customization, you can use Kustomize directly from the source.
 
 ```sh
-# 1. Install Custom Resource Definitions (CRDs)
+# 1. Install CRDs
 kubectl apply -k config/crd
 
-# 2. Deploy Controller and RBAC
+# 2. Deploy Controller with default configuration
 kubectl apply -k config/default
 ```
 
+You can enable optional components (Metrics, TLS, Webhook) by creating a `kustomization.yaml` that includes the relevant components from the `config/` directory. For reference on how these components can be combined, see the `deploy-with-metrics`, `deploy-with-tls`, `deploy-with-webhook`, and `deploy-full` targets in the projects [`Makefile`](https://github.com/kubernetes-sigs/node-readiness-controller/blob/main/Makefile).
+
+---
+
 ## Verification
 
 After installation, verify that the controller is running successfully.
@@ -90,6 +117,9 @@ The controller uses a **finalizer** (`readiness.node.x-k8s.io/cleanup-taints`) o
     ```sh
     # If installed via release manifest
     kubectl delete -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/${VERSION}/install.yaml
+
+    # Or if using the full manifest
+    kubectl delete -f https://github.com/kubernetes-sigs/node-readiness-controller/releases/download/${VERSION}/install-full.yaml
 
     # OR if using Kustomize
     kubectl delete -k config/default