refactor(helm): support crd upgrader

[Syspretor]

Ⅰ. Motivation

Ⅱ. Modifications

Ⅲ. Does this pull request fix one issue?

fixes #XXXX

Ⅳ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.

Ⅴ. Describe how to verify it

VI. Special notes for reviews

Checklist

• Format your code make fmt.
• Add unit tests or integration tests.
• Update the documentation related to the change.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the Helm chart deployment process to provide more robust handling of Custom Resource Definitions (CRDs). It introduces a dedicated CRD Upgrader Job to manage CRD installation and upgrades, especially for large CRD files that might exceed Helm's secret size limits. The changes also include updated Makefile targets for better CRD lifecycle management and comprehensive documentation for the new deployment methods.

Highlights

• CRD Upgrader Job: Introduced a Helm pre-install/pre-upgrade hook to manage CRD installation and upgrades, addressing Helm's 1MB secret limit for CRDs by running a dedicated job.
• Makefile Enhancements: Added new make targets for building and pushing the CRD Upgrader image, and for explicitly installing/uninstalling CRDs.
• Helm Deployment Workflow: Modified the helm-deploy target to leverage the new CRD installation process, either manually or via the upgrader job, by skipping CRD installation in the main chart.
• CRD Upgrader Configuration: Exposed new Helm values for configuring the CRD Upgrader Job's image pull policy, tolerations, and node selectors.
• Documentation Update: Revised the installation guide to reflect the new Helm deployment methods for CRDs, including manual and automatic upgrade options.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• Makefile
  • Added docker-buildx-push-crd-upgrader target for building and pushing the CRD Upgrader image.
  • Modified helm-deploy to depend on install-crds and use --skip-crds for the main chart.
  • Introduced install-crds target for manual CRD installation.
  • Added uninstall-crds target for explicit CRD removal.
  • Updated helm-undeploy to include a note about CRD preservation.
• deploy/helm/rbgs/templates/upgrade/crd-upgrade.yaml
  • Updated Helm hooks to trigger on pre-install in addition to pre-upgrade for the CRD upgrader job.
  • Added the patch verb to the CRD ClusterRole for broader update capabilities.
  • Included tolerations, nodeSelector, and imagePullPolicy options for the CRD Upgrader Job pod.
• deploy/helm/rbgs/values.yaml
  • Added imagePullPolicy, tolerations, and nodeSelector parameters for the crdUpgrade section.
• doc/install.md
  • Rewrote Helm installation instructions to differentiate between manual CRD installation and automatic CRD upgrade methods.
  • Included details on new Makefile targets and CRD Upgrader configuration options.
• tools/crd-upgrade/Dockerfile
  • Updated the base image to alpine:3.20 for the CRD upgrader.
  • Streamlined package installation and added comments.
  • Ensured kubectl installation supports multi-architecture builds.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/e2e-test.yml

Activity

• No human activity (comments, reviews, progress updates) was provided in the context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a CRD upgrader job for the Helm chart, which is a good strategy for managing large CRDs that can exceed Helm's storage limits. The changes are well-structured, including new Makefile targets, updates to Helm templates and values, and comprehensive documentation updates. My review includes suggestions to improve the robustness of the deployment scripts and enhance consistency within the Makefile.

[gemini-code-assist]

The --ignore-not-found flag is not valid for the helm uninstall command and will cause an error. The || true already handles the case where the release doesn't exist. Please remove the invalid flag.

	$(HELM) uninstall rbgs --namespace rbgs-system || true

[gemini-code-assist]

The build platforms for the CRD upgrader image are hardcoded. For better consistency and maintainability, consider using the $(PLATFORMS) variable, which is already used for building the main controller image. This centralizes platform management.

	- $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${CRD_UPGRADER_IMG}:${TAG} -f ${CRD_UPGRADER_DOCKERFILE} .

[gemini-code-assist]

The upgrade-crds.sh script can be significantly simplified and made more robust. Instead of looping and using kubectl create or kubectl replace, it's better to use kubectl apply. kubectl apply is idempotent and is the standard practice for managing Kubernetes resources declaratively, handling both initial creation and subsequent updates correctly.

I recommend changing the content of tools/crd-upgrade/upgrade-crds.sh to:

#!/bin/bash
set -e

echo "Applying CRDs from /rbgs/crds/..."
kubectl apply -f /rbgs/crds/
echo "CRDs applied successfully."

This aligns with Kubernetes best practices and the patch permission that has been added to the associated ClusterRole.

[cheyang]

I suggest removing the CRD files from the Helm chart so that users can install it without needing a Makefile.