✨ helm values hardening; user-configured env; optional v1alpha1 disable

[arturshadnik]

• Exposes additional env var configuration via values.yaml
• Sets pod seccompprofile to "RuntimeDefault" for enhanced security
• Adds a new helm value and controller flag to allow disabling v1alpha1 reconcilers
• Moves v1alpha1 CRD into templates/ so that it can be disabled conditionally (crds/ dir doesnt support templating)

Summary by CodeRabbit

• New Features

  • Optional legacy controllers toggle via enableLegacyControllers (CRDs and controller/webhook only active when enabled).
  • Support injecting additional env variables into controller and addon agent via Helm values.

• Configuration

  • Default podSecurityContext seccompProfile set to RuntimeDefault.
  • New image.repository and image.tag Helm parameters.

• Documentation

  • README updated to document enableLegacyControllers, env, and image parameters.

• Chores

  • Added post-generation formatting/moving step for legacy CRDs.

• Tests

  • Test setup expanded to load CRDs from config/crds.

[coderabbitai]

Walkthrough

Adds a feature flag to enable legacy FleetConfig controllers and conditionally render the legacy FleetConfig CRD; wires the flag through CLI, manager options, Helm values/templates, DevSpace, a CRD-formatting/move script, and test CRD discovery paths.

Changes

Cohort / File(s)	Summary
Build & automation fleetconfig-controller/Makefile, fleetconfig-controller/hack/format_legacy_crds.sh, fleetconfig-controller/devspace.yaml	Manifests target now runs ./hack/format_legacy_crds.sh; script wraps CRD in a Helm conditional and also moves/copies CRD to config/crds; DevSpace adds ENABLE_LEGACY_CONTROLLERS and wires enableLegacyControllers into deployments/profiles.
Helm chart docs & values fleetconfig-controller/charts/fleetconfig-controller/README.md, fleetconfig-controller/charts/fleetconfig-controller/values.yaml	README documents new enableLegacyControllers, env, image params and podSecurityContext.seccompProfile.type; values.yaml adds enableLegacyControllers: false, env: [], and sets seccomp profile to RuntimeDefault.
Helm templates fleetconfig-controller/charts/fleetconfig-controller/templates/crd-fleetconfig.open-cluster-management.io_fleetconfigs.yaml, fleetconfig-controller/charts/fleetconfig-controller/templates/deployment.yaml, fleetconfig-controller/charts/fleetconfig-controller/templates/ocm/fcc-addon/addon-template.yaml	CRD template wrapped with {{- if .Values.enableLegacyControllers }}; deployment adds --enable-legacy-controllers arg and renders extra env from .Values.env; addon template conditionally injects provided env.
Controller CLI & manager fleetconfig-controller/cmd/main.go, fleetconfig-controller/cmd/manager/manager.go	Adds --enable-legacy-controllers CLI flag and Options.EnableLegacyControllers field; registration of FleetConfig reconciler and its webhook moved behind this flag.
Tests fleetconfig-controller/api/v1alpha1/webhook_suite_test.go, fleetconfig-controller/internal/controller/v1alpha1/suite_test.go, fleetconfig-controller/internal/controller/v1beta1/suite_test.go, fleetconfig-controller/internal/webhook/v1beta1/webhook_suite_test.go	Test env CRDDirectoryPaths expanded to include both charts/fleetconfig-controller/crds and config/crds so CRDs in config/crds are discovered during tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ✨ scaffold fleetconfig v1beta1 resources and webhooks #52 — modifies CRD generation/output and test CRD loading paths; overlaps with Makefile/CRD placement and test env changes.
• ✨ allow installing and uninstalling hub-addons #50 — touches FleetConfig CRD handling and chart CRD files; related to CRD movement and templating.
• ✨implement separate hub and spoke resources #59 — updates CRD packaging and Helm templates; similar CRD relocation and template conditionalization.

Suggested labels

lgtm

Suggested reviewers

• ahmad-ibra
• TylerGillson

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly reflects the core enhancements in this pull request by summarizing the Helm values hardening, the addition of user-configured environment variables, and the optional disablement of v1alpha1 controllers, all of which align directly with the changes described in the PR objectives and code diffs.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 555508c and 623f5a9.

📒 Files selected for processing (2)

• fleetconfig-controller/charts/fleetconfig-controller/README.md (2 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/values.yaml (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• fleetconfig-controller/charts/fleetconfig-controller/values.yaml
• fleetconfig-controller/charts/fleetconfig-controller/README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests
• GitHub Check: test (fleetconfig-controller) / Run Helm Chart Tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ed8ffbb and b5c2559.

📒 Files selected for processing (10)

• fleetconfig-controller/Makefile (1 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/README.md (2 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/templates/crd-fleetconfig.open-cluster-management.io_fleetconfigs.yaml (2 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/templates/deployment.yaml (2 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/templates/ocm/fcc-addon/addon-template.yaml (1 hunks)
• fleetconfig-controller/charts/fleetconfig-controller/values.yaml (3 hunks)
• fleetconfig-controller/cmd/main.go (1 hunks)
• fleetconfig-controller/cmd/manager/manager.go (3 hunks)
• fleetconfig-controller/devspace.yaml (5 hunks)
• fleetconfig-controller/hack/format_legacy_crds.sh (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-27T21:58:32.141Z

Learnt from: arturshadnik
PR: open-cluster-management-io/lab#58
File: fleetconfig-controller/charts/fleetconfig-controller/README.md:155-155
Timestamp: 2025-08-27T21:58:32.141Z
Learning: In the open-cluster-management-io/lab repository, the fleetconfig-controller follows a workflow where chart version bumps (in README.md and values.yaml) are included in PRs before the corresponding Docker image exists. The Docker image is built and pushed automatically via GitHub release workflows after the PR is merged and tagged, making the referenced version available.

Applied to files:

• fleetconfig-controller/hack/format_legacy_crds.sh

🧬 Code graph analysis (1)

fleetconfig-controller/cmd/manager/manager.go (2)

fleetconfig-controller/internal/controller/v1alpha1/fleetconfig_controller.go (1)

• FleetConfigReconciler (58-62)

fleetconfig-controller/api/v1alpha1/fleetconfig_webhook.go (1)

• SetupFleetConfigWebhookWithManager (38-43)

🪛 YAMLlint (1.37.1)

fleetconfig-controller/charts/fleetconfig-controller/templates/crd-fleetconfig.open-cluster-management.io_fleetconfigs.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests
• GitHub Check: test (fleetconfig-controller) / Run Helm Chart Tests
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5c2559 and 558fb8c.

📒 Files selected for processing (5)

• fleetconfig-controller/api/v1alpha1/webhook_suite_test.go (1 hunks)
• fleetconfig-controller/hack/format_legacy_crds.sh (1 hunks)
• fleetconfig-controller/internal/controller/v1alpha1/suite_test.go (1 hunks)
• fleetconfig-controller/internal/controller/v1beta1/suite_test.go (1 hunks)
• fleetconfig-controller/internal/webhook/v1beta1/webhook_suite_test.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• fleetconfig-controller/hack/format_legacy_crds.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: e2e (fleetconfig-controller) / e2e
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests
• GitHub Check: test (fleetconfig-controller) / Ensure PR is reviewable & run tests
• GitHub Check: test (fleetconfig-controller) / Run Helm Chart Tests

🔇 Additional comments (3)

fleetconfig-controller/internal/controller/v1alpha1/suite_test.go (1)

78-81: LGTM: Consistent CRD path expansion for v1alpha1 tests.

The expansion of CRD search paths is consistent with the v1beta1 controller test suite and properly supports testing of legacy v1alpha1 CRDs from the config/crds directory.

fleetconfig-controller/internal/webhook/v1beta1/webhook_suite_test.go (1)

89-92: LGTM: Consistent webhook test CRD configuration.

The CRD path expansion is consistent with the v1alpha1 webhook test suite and properly supports the conditional CRD installation feature.

fleetconfig-controller/api/v1alpha1/webhook_suite_test.go (1)

82-85: Approve: consistent ErrorIfCRDPathMissing:false in webhook tests ErrorIfCRDPathMissing is set to false across both webhook suites while controller suites use true; no change required.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: arturshadnik, TylerGillson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• fleetconfig-controller/OWNERS [TylerGillson,arturshadnik]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment