chore(docs): add clarification to helm values being disabled

[Skarlso]

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #5744

Proposed Changes

How do you like to solve the issue and why?

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

• charts
• release
• testing
• security
• templating

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

Summary by CodeRabbit

• Documentation
  • Clarified configuration docs: when a CRD creation option is disabled, the corresponding processing flag must also be disabled to avoid misconfiguration, reducing setup errors and improving guidance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated documentation in the chart README and values.yaml: CRD creation option descriptions now state that disabling a CRD (setting a crds.* flag to false) also requires disabling the matching process* flag. No code or default values were changed.

Changes

Cohort / File(s)

Summary

Chart documentation deploy/charts/external-secrets/README.md, deploy/charts/external-secrets/values.yaml

Expanded descriptions for CRD-related flags (crds.createClusterExternalSecret, crds.createClusterSecretStore, crds.createSecretStore, crds.createClusterGenerator, crds.createClusterPushSecret, crds.createPushSecret) to note that if a CRD creation flag is set to false, the corresponding process* (e.g., processClusterExternalSecret/processClusterGenerator/processClusterPushSecret/processClusterSecretStore/processPushSecret/processSecretStore) flag must also be set to false. No defaults or behavior were changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify the added notes are consistent and correctly map each crds.* flag to its corresponding process* flag.
• Confirm no YAML default values, indentation, or line-wrap changes were introduced in values.yaml.
• Check README formatting and phrasing for clarity.

Poem

🐰 I nibbled on lines and hopped through the keys,
Tucking a note where the CRD option frees.
"If you don't create, don't process," I rhyme—
A tiny hop saved some operator time. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description lacks concrete implementation details. The 'Problem Statement' and 'Proposed Changes' sections are empty, leaving unclear what specific documentation was changed or why.	Fill in the 'Problem Statement' with issue context and 'Proposed Changes' with specific details about what documentation was updated and how it clarifies the Helm values behavior.
Linked Issues check	❓ Inconclusive	The PR references issue #5744 which describes an operator bug (attempting to watch disabled cluster CRDs), but the PR only adds documentation clarification without showing evidence of fixing the underlying issue.	Clarify whether this PR solves the core issue (operator respecting disabled CRD toggles) or is solely documentation. If only docs, verify the issue assignment is correct.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore(docs): add clarification to helm values being disabled' clearly and specifically describes the main change—documentation clarification for Helm values—following the required format with scope.
Out of Scope Changes check	✅ Passed	The changes—updating README and values.yaml documentation with cross-field dependency clarifications—are directly scoped to the issue's intent of clarifying Helm values relationships.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e0533c and d6eeaa0.

📒 Files selected for processing (2)

• deploy/charts/external-secrets/README.md (1 hunks)
• deploy/charts/external-secrets/values.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• deploy/charts/external-secrets/README.md
• deploy/charts/external-secrets/values.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: lint
• GitHub Check: publish-artifacts (Dockerfile.ubi, CGO_ENABLED=0 GOEXPERIMENT=boringcrypto, amd64 ppc64le, linux/... / Build and Publish
• GitHub Check: publish-artifacts (Dockerfile, CGO_ENABLED=0, amd64 arm64 s390x ppc64le, linux/amd64,linux/arm64,... / Build and Publish
• GitHub Check: publish-artifacts (Dockerfile.ubi, CGO_ENABLED=0, amd64 arm64 ppc64le, linux/amd64,linux/arm64,li... / Build and Publish
• GitHub Check: unit-tests
• GitHub Check: check-diff
• GitHub Check: Analyze project (go, autobuild)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[matheusmazzoni]

LGTM

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

deploy/charts/external-secrets/values.yaml (1)

58-69: Consider automating flag synchronization in future iterations.

While this documentation improvement helps users understand the requirement, manually keeping crds.create* and process* flags in sync is error-prone. The Helm chart could automatically set process* flags to match crds.create* flags, or the operator could defensively check for CRD existence before attempting to watch resources.

Example Helm template logic to auto-sync flags

In the deployment template, you could derive the process flags:

{{- $processClusterStore := .Values.processClusterStore }}
{{- if not .Values.crds.createClusterSecretStore }}
  {{- $processClusterStore = false }}
{{- end }}

This would prevent the misconfiguration scenario described in issue #5744.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d1fdacb and 0e0533c.

📒 Files selected for processing (1)

• deploy/charts/external-secrets/values.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: publish-artifacts (Dockerfile.ubi, CGO_ENABLED=0, amd64 arm64 ppc64le, linux/amd64,linux/arm64,li... / Build and Publish
• GitHub Check: publish-artifacts (Dockerfile, CGO_ENABLED=0, amd64 arm64 s390x ppc64le, linux/amd64,linux/arm64,... / Build and Publish
• GitHub Check: publish-artifacts (Dockerfile.ubi, CGO_ENABLED=0 GOEXPERIMENT=boringcrypto, amd64 ppc64le, linux/... / Build and Publish
• GitHub Check: unit-tests
• GitHub Check: lint
• GitHub Check: check-diff
• GitHub Check: Analyze project (go, autobuild)
• GitHub Check: Analyze project (actions, none)
• GitHub Check: lint-and-test

🔇 Additional comments (5)

deploy/charts/external-secrets/values.yaml (5)

58-59: LGTM! Clear documentation for ClusterExternalSecret.

The comment correctly references the processClusterExternalSecret flag (line 112) and provides clear guidance to users.

---

62-63: LGTM! Clear documentation for SecretStore.

The comment correctly references the processSecretStore flag (line 121).

---

64-65: LGTM! Clear documentation for ClusterGenerator.

The comment correctly references the processClusterGenerator flag (line 124).

---

66-67: LGTM! Clear documentation for ClusterPushSecret.

The comment correctly references the processClusterPushSecret flag (line 115).

---

68-69: LGTM! Clear documentation for PushSecret.

The comment correctly references the processPushSecret flag (line 127).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud