HYPERFLEET-291| deployment: helm charts template implemented for adapter deployment

[xueli181114]

Summary by CodeRabbit

• Documentation

  • Major rewrite of charts documentation into a parameterized guide with expanded examples, Helm values guidance, and a GCP Workload Identity setup section.

• New Features

  • Optional broker ConfigMap support and mounting options.
  • Richer deployment customization: strategy, probes, lifecycle, sidecars, envFrom, volumes, topology spread, and autoscaling controls.
  • Pod Disruption Budget support with validation.

• Changes

  • Removed legacy API token/secret parameter from configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request expands and restructures the Helm chart and documentation: greatly extends charts/README.md with a parameterized layout and examples; adds a helper template for broker ConfigMap naming; introduces charts/templates/broker-configmap.yaml to optionally create a broker ConfigMap; augments charts/templates/deployment.yaml with many new deployment, pod, container, env, probe, volume, and topology options and conditional broker mounting; adds runtime validation to charts/templates/pdb.yaml; updates charts/values.yaml with many new configurable fields; and removes hyperfleetApiToken and a clusterSecret resource from configs/adapter-config-template.yaml. No application runtime code paths were changed.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

• charts/templates/deployment.yaml — extensive conditional logic for env construction, broker/configMap mounting, probes, volumes, sidecars, and topology constraints; check Helm templating, quoting, indentation, and side-effect conditions.
• charts/values.yaml — verify new defaults, structure, comments, and consistency for broker, adapter config, hyperfleetApi, probes, autoscaling, and pod scheduling fields.
• charts/templates/broker-configmap.yaml & charts/templates/_helpers.tpl — validate naming helper, conditional labels, env key quoting, and multi-line broker.yaml handling.
• charts/templates/pdb.yaml — confirm the new fail-fast validation and mutually exclusive minAvailable/maxUnavailable logic render as intended.
• configs/adapter-config-template.yaml — confirm removal of hyperfleetApiToken and clusterSecret and ensure callers/migrations are addressed.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly relates to the main changeset focus: implementing Helm chart templates for adapter deployment, which is evident across multiple files (deployment.yaml, values.yaml, helpers, ConfigMaps, etc.).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

charts/templates/broker-configmap.yaml (1)

1-32: Consider validating broker configuration when create is enabled.

The template is gated by .Values.broker.create, but all data fields (subscriptionId, topic, env, yaml) are independently conditional. This could result in an empty ConfigMap if broker.create=true but no data is provided.

Consider adding validation to ensure at least one configuration field is set when broker creation is enabled, or document in values.yaml that enabling broker.create requires providing broker configuration.

Example validation block to add after line 1:

 {{- if .Values.broker.create }}
+{{- if not (or .Values.broker.subscriptionId .Values.broker.topic .Values.broker.env .Values.broker.yaml) }}
+{{- fail "broker.create is enabled but no broker configuration provided. Set at least one of: broker.subscriptionId, broker.topic, broker.env, or broker.yaml" }}
+{{- end }}
 apiVersion: v1
 kind: ConfigMap

charts/templates/deployment.yaml (2)

91-91: Consider defining $brokerEnabled once at the container scope.

The variable $brokerEnabled is defined identically five times throughout the container definition (lines 91, 160, 259, 270, 285). While this works in Helm templates, defining it once at the beginning of the container block would reduce duplication and improve maintainability.

Consider moving the variable definition before the container block or consolidating the conditional logic.

---

172-252: Document probe endpoint requirements in values.yaml.

The health probes default to HTTP endpoints (/healthz, /readyz on port http) if enabled without specific configuration. However, as noted in the README, the adapter doesn't expose HTTP endpoints by default.

Consider adding a warning comment in values.yaml for each probe that enabling them requires configuring the appropriate endpoint type (httpGet, tcpSocket, or exec) and ensuring the adapter exposes the necessary endpoints.

charts/values.yaml (1)

194-215: Clarify the adapter ConfigMap configuration and empty ConfigMap behavior.

Two observations:

1. Line 204 comment: References "adapter-configmap-template.yaml" which exists in configs/ (as a configuration example), but the actual Helm template is charts/templates/configmap.yaml. Consider clarifying which file is being referenced or updating the comment to avoid confusion.

2. Empty ConfigMap potential: With config.enabled: true but config.env: {}, config.adapterType: "", and config.adapterYaml: "", the chart will create an empty ConfigMap. While not necessarily an error, consider adding a comment noting that at least one configuration field should be provided, or set config.enabled: false by default to match the broker.create: false pattern.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2afea6e and 4585a7d.

📒 Files selected for processing (7)

• charts/README.md (2 hunks)
• charts/templates/_helpers.tpl (1 hunks)
• charts/templates/broker-configmap.yaml (1 hunks)
• charts/templates/deployment.yaml (2 hunks)
• charts/templates/pdb.yaml (1 hunks)
• charts/values.yaml (5 hunks)
• configs/adapter-config-template.yaml (1 hunks)

🧰 Additional context used

🪛 LanguageTool

charts/README.md

[style] ~109-~109: Consider replacing this word to strengthen your wording.
Context: ...ult) The adapter is a message consumer and doesn't expose HTTP endpoints by defaul...

(AND_THAT)

🪛 YAMLlint (1.37.1)

charts/templates/broker-configmap.yaml

[warning] 33-33: too many blank lines (1 > 0)

(empty-lines)

---

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/templates/pdb.yaml

[warning] 22-22: too many blank lines (1 > 0)

(empty-lines)

---

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (5)

charts/templates/_helpers.tpl (1)

75-84: LGTM!

The broker ConfigMap naming helper follows the same pattern as the existing configMapName helper, providing consistent naming behavior across the chart.

charts/README.md (1)

1-288: Excellent documentation!

The README provides comprehensive guidance covering:

• All configuration parameters with clear descriptions
• Multiple practical examples for different deployment scenarios
• Environment variable handling
• GCP Workload Identity setup instructions
• Security features and notes

This will greatly help users understand and deploy the Helm chart correctly.

charts/templates/deployment.yaml (1)

259-308: LGTM!

The volume and volumeMount configuration is well-structured:

• Properly coordinates volumes with their mounts
• Uses readOnly: true for security
• Correctly references ConfigMap names via helpers
• Uses subPath to mount specific files (adapter.yaml, broker.yaml)
• Allows for additional custom volumes via extraVolumes and extraVolumeMounts

charts/values.yaml (1)

257-298: LGTM!

The configuration values are well-structured with:

• Sensible defaults (disabled probes, disabled PDB, safe rolling updates)
• Clear documentation and examples
• Security-focused defaults (non-root, read-only filesystem, dropped capabilities)
• Flexible environment variable and volume configuration

The values align well with the templates and provide good guidance for users.

configs/adapter-config-template.yaml (1)

246-246: Verify authentication mechanism for HyperFleet API.

The template has removed the hyperfleetApiToken parameter and the associated clusterSecret resource. Ensure that authentication for the HyperFleet API is properly configured through an alternative mechanism (e.g., service account tokens, workload identity, or external secret management).

[ciaranRoche]

Aside from the coderabbit comment, looks good to me

# Basic template - ✅ Passes
helm template test ./charts/

# With broker config - ✅ Passes  
helm template test ./charts/ \
  --set broker.create=true \
  --set broker.type=googlepubsub \
  --set broker.subscriptionId=my-subscription

# With PDB - ✅ Passes
helm template test ./charts/ \
  --set podDisruptionBudget.enabled=true \
  --set podDisruptionBudget.minAvailable=1

# Lint - ✅ Passes (1 info about missing icon)
helm lint ./charts/

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

charts/templates/pdb.yaml (1)

24-25: Minor: Remove trailing blank line.

YAMLlint flags unnecessary blank lines at end of file. While non-blocking, remove for consistency.

charts/templates/broker-configmap.yaml (1)

32-33: Minor: Remove trailing blank line.

Consistent with pdb.yaml feedback.

charts/templates/deployment.yaml (2)

259-281: Volume mount logic correctly handles conditional file mounting.

ConfigMaps are mounted using subPath to mount specific files (adapter.yaml, broker.yaml) with read-only access, which is secure and precise. The conditional logic properly checks if mounts are needed before rendering.

Minor: Line 270 redefines $brokerEnabled which is already defined at line 259. This is redundant; consider using the existing variable for consistency.

---

285-308: Volume definitions are well-structured with proper ConfigMap references.

Volumes correctly reference ConfigMaps via helper functions and use items to select specific keys, supporting both adapter and broker configurations plus custom volumes.

Minor: Similar to line 270, line 285 redefines $brokerEnabled. This variable is repeatedly redefined at lines 91, 160, 259, and 285 throughout the template. Consider defining it once at a higher scope to improve maintainability.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4585a7d and 70bb691.

📒 Files selected for processing (7)

• charts/README.md (2 hunks)
• charts/templates/_helpers.tpl (1 hunks)
• charts/templates/broker-configmap.yaml (1 hunks)
• charts/templates/deployment.yaml (2 hunks)
• charts/templates/pdb.yaml (1 hunks)
• charts/values.yaml (5 hunks)
• configs/adapter-config-template.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• charts/templates/_helpers.tpl
• configs/adapter-config-template.yaml

🧰 Additional context used

🪛 LanguageTool

charts/README.md

[style] ~109-~109: Consider replacing this word to strengthen your wording.
Context: ...ult) The adapter is a message consumer and doesn't expose HTTP endpoints by defaul...

(AND_THAT)

🪛 YAMLlint (1.37.1)

charts/templates/broker-configmap.yaml

[warning] 33-33: too many blank lines (1 > 0)

(empty-lines)

---

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/templates/pdb.yaml

[warning] 25-25: too many blank lines (1 > 0)

(empty-lines)

---

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (19)

charts/templates/pdb.yaml (2)

1-4: Validation logic is correctly implemented.

The fail-fast validation ensures that when podDisruptionBudget.enabled=true, at least one of minAvailable or maxUnavailable is set, preventing invalid Kubernetes resources from being generated. This addresses the prior review concern.

---

12-17: Mutual exclusivity enforcement is sound.

The conditions properly ensure that only one of minAvailable or maxUnavailable is rendered, preventing conflicting Kubernetes specifications.

charts/templates/broker-configmap.yaml (2)

1-32: Broker ConfigMap template is well-structured and properly conditioned.

The template correctly:

• Gates creation with .Values.broker.create
• Uses the brokerConfigMapName helper for consistent naming
• Applies quoting to all scalar values for YAML safety
• Conditionally renders each data field
• Handles multiline content (broker.yaml) with proper indentation

Ensure the referenced helper brokerConfigMapName is implemented in _helpers.tpl and all .Values.broker.* fields are documented in values.yaml.

---

27-31: YAML indentation and quoting are correct.

The indent 4 filter properly handles multiline YAML content, and all scalar values use quote filter for safety.

charts/README.md (4)

1-10: README introduction and prerequisites are clear.

The description accurately reflects the adapter's purpose (CloudEvents consumer for HyperFleet provisioning), and prerequisites are complete including GCP Workload Identity.

---

45-105: Configuration tables are comprehensive and well-documented.

All major parameter sections are covered with clear descriptions, defaults, and conditional behaviors. Tables align with the values.yaml structure.

---

127-245: Examples are practical and progressively demonstrate increasing complexity.

The examples cover common scenarios (basic, API, WIF, existing resources, comprehensive values file) and use realistic placeholder values. This guides users through typical deployment patterns.

---

247-260: Environment variables reference is clear and condition-based.

The table correctly documents which variables are set under what conditions. Note that line 260 mentions broker.env is loaded via envFrom, which should be verified against the deployment.yaml broker mounting logic.

charts/templates/deployment.yaml (6)

1-27: Deployment metadata is well-structured with new customization options.

Lines 7-13 add deploymentLabels and deploymentAnnotations for deployment-level customization, and lines 18-27 add strategy, minReadySeconds, and revisionHistoryLimit for controlled rollouts. This improves operational flexibility.

---

34-36: Checksum annotation correctly triggers pod restarts on adapter config changes.

The annotation uses the standard Helm pattern to detect ConfigMap modifications and trigger pod recreation. Note that the checksum only covers the adapter ConfigMap; broker ConfigMap changes will not trigger pod restarts. This may be intentional if broker configuration is decoupled from pod lifecycle, but clarify if this is by design.

---

91-115: Environment variable logic is comprehensive but properly gated.

Lines 91-93 establish conditional variables to determine if environment configuration is needed, and lines 95-115 render environment variables based on multiple sources (direct env, HyperFleet API, adapter/broker config). The logic correctly:

• Uses local variables to avoid re-evaluating complex conditions
• Applies proper conditionals to each environment variable
• References ConfigMap keys safely via ConfigMapKeyRef

Ensure the helper functions hyperfleet-adapter.configMapName and hyperfleet-adapter.brokerConfigMapName are correctly implemented in _helpers.tpl.

---

140-171: Broker environment mounting logic is well-designed with clear modes.

The implementation correctly supports two mutually exclusive patterns:

1. Specific keys: When broker.envKeys is specified, only those keys are mounted via env (lines 146-157)
2. All keys: When broker.envKeys is empty and broker.mountAsEnv=true, the entire ConfigMap is mounted via envFrom (lines 161-171)

This design provides flexibility for both precise configuration and bulk loading of environment variables.

---

172-252: Health probe configuration is flexible and well-parameterized.

The probes support multiple strategies (httpGet, tcpSocket, exec) with configurable defaults, and each probe independently respects the enabled flag. The default timing values (liveness 30s initial delay, readiness 5s, startup 10s) are reasonable. Disabled by default is appropriate since the adapter is a message consumer without HTTP endpoints.

---

321-324: Topology spread constraints are properly parameterized.

The template defers to values configuration, allowing users full control over pod distribution.

charts/values.yaml (5)

1-53: Values file structure is well-organized with comprehensive documentation.

The file covers all necessary deployment parameters with clear defaults:

• Image configuration with registry override support
• Deployment strategy with RollingUpdate (maxSurge: 1, maxUnavailable: 0)
• Command/args properly specified for the adapter
• Clear documentation of customization options

All defaults appear appropriate for a production deployment.

---

54-179: Pod configuration options provide comprehensive customization while maintaining secure defaults.

The section covers:

• ServiceAccount with WIF annotation guidance
• Health probes (disabled by default, with examples for future use)
• Lifecycle hooks for graceful shutdown
• Networking (hostNetwork, DNS, DNS config)
• Scheduling (priority, termination grace period, init/sidecar containers, topology spread)

All defaults are production-appropriate for a non-HTTP message consumer.

---

194-256: Adapter and broker configuration sections are well-documented with sensible defaults.

Both sections provide:

• Clear enable/disable controls
• Custom ConfigMap naming options
• Type identifiers for broker routing
• Rich environment variable support
• YAML configuration file alternatives

Defaults are safe: adapter config enabled by default, broker config disabled by default. Comments provide helpful context including RabbitMQ and Google Pub/Sub examples.

One note: Line 204 references "adapter-configmap-template.yaml" which appears to be an external system file. Clarify if this reference is still relevant or should be updated.

---

257-291: HyperFleet API and environment configuration sections provide necessary flexibility.

The sections support:

• HyperFleet API integration with baseUrl and version
• Direct environment variables with valueFrom support
• ConfigMap/Secret bulk loading via envFrom
• Custom volume support for extensions

All defaults are safe and examples are clear.

---

293-298: Pod Disruption Budget configuration is properly parameterized.

The section provides placeholders for minAvailable and maxUnavailable with optional unhealthyPodEvictionPolicy, disabled by default. This aligns with the runtime validation in pdb.yaml that requires exactly one of minAvailable/maxUnavailable when enabled.

[ciaranRoche]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ciaranRoche, xueli181114

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ciaranRoche,xueli181114]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment