refactor(helm): support crd upgrader#175
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request refactors the Helm chart deployment process to provide more robust handling of Custom Resource Definitions (CRDs). It introduces a dedicated CRD Upgrader Job to manage CRD installation and upgrades, especially for large CRD files that might exceed Helm's secret size limits. The changes also include updated Makefile targets for better CRD lifecycle management and comprehensive documentation for the new deployment methods. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Ignored Files
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a CRD upgrader job for the Helm chart, which is a good strategy for managing large CRDs that can exceed Helm's storage limits. The changes are well-structured, including new Makefile targets, updates to Helm templates and values, and comprehensive documentation updates. My review includes suggestions to improve the robustness of the deployment scripts and enhance consistency within the Makefile.
Syspretor
force-pushed
the
refactor/discouple-crd-and-helm
branch
from
1ccefdb to
237456e
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request refactors the Custom Resource Definition (CRD) management for Helm installations by introducing a dedicated CRD Upgrader Job. This job, configured as a Helm hook, is now responsible for applying CRDs using kubectl apply --server-side during both install and upgrade operations. The changes include updating the Makefile to build the upgrader image, modifying the Helm chart to deploy the job with configurable parameters such as tolerations, node selectors, and image pull policy, and updating the installation documentation to reflect the new CRD management approach and provide options for manual CRD handling. Review comments highlight security concerns regarding the Helm hook delete policies for the CRD Upgrader Job, its associated ClusterRole, ClusterRoleBinding, and ServiceAccount, suggesting that these resources should be cleaned up on both success and failure to prevent orphaned privileged resources. Additionally, a supply chain risk was identified in the Dockerfile for the CRD upgrader image, as the kubectl binary is downloaded without integrity verification, and a recommendation was made to use an official Alpine package or verify checksums.
There was a problem hiding this comment.
Pull request overview
Adds a Helm-managed CRD upgrade mechanism by introducing a CRD Upgrader image + hook Job, moving CRD ownership away from the chart’s crds/ directory and updating docs/CI accordingly.
Changes:
- Add a CRD upgrader container image (kubectl + packaged CRDs) and a script to install/upgrade CRDs.
- Update the Helm chart to run a pre-install/pre-upgrade hook Job with configurable scheduling options (tolerations/nodeSelector).
- Update installation docs and e2e workflow to rely on the CRD upgrader flow instead of manually applying CRDs.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/crd-upgrade/ensure-crds-up-to-date.sh | New CRD upgrade script executed by the upgrader Job image. |
| tools/crd-upgrade/Dockerfile | Builds the CRD upgrader image (copies CRDs + downloads kubectl). |
| deploy/helm/rbgs/templates/upgrade/crd-upgrade.yaml | Helm hook Job + RBAC updated to run on install and upgrade; adds pod scheduling knobs. |
| deploy/helm/rbgs/values.yaml | Exposes CRD upgrader image/pod config in chart values. |
| deploy/helm/rbgs/crds/workloads.x-k8s.io_rolebasedgroupscalingadapters.yaml | Removes CRD from Helm chart packaging (now handled by upgrader). |
| deploy/helm/rbgs/crds/workloads.x-k8s.io_instancesets.yaml | Removes CRD from Helm chart packaging (now handled by upgrader). |
| deploy/helm/rbgs/crds/workloads.x-k8s.io_instances.yaml | Removes CRD from Helm chart packaging (now handled by upgrader). |
| deploy/helm/rbgs/crds/workloads.x-k8s.io_clusterengineruntimeprofiles.yaml | Removes CRD from Helm chart packaging (now handled by upgrader). |
| Makefile | Stops copying CRDs into the Helm chart and adds CRD upgrader build/push + CRD install/uninstall helpers. |
| doc/install.md | Documents Helm CRD upgrader behavior and configuration; adds manual CRD management alternative. |
| .github/workflows/e2e-test.yml | Removes explicit CRD apply step and builds/loads the CRD upgrader image for Helm-based installs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Ⅰ. Motivation
Ⅱ. Modifications
Ⅲ. Does this pull request fix one issue?
fixes #XXXX
Ⅳ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.
Ⅴ. Describe how to verify it
VI. Special notes for reviews
Checklist
make fmt.