feat: remove the config folder and generate rbac and crds with helm templating enabled

[Skarlso]

What this PR does / why we need it

Let's see what changed.

Kustomize is removed completely. The config folder and sync is no longer there either.

There are two main scripts that have been added.

• helm.generate.sh - this will create the necessary annotations and the webhook and the conversion settings
• rbac.generate.sh - this templates the RBAC file so kubebuilder annotation changes are still applied as you'd expect

New task targets have been updated to run the updates and the generations which are helm/generate-crds and helm/generate-rbac. These will run generators and validations. These have been added to the relevant release flows.

Marker changes will work and RBAC will be kept updated running the right tasks. Helm validation now detects stale CRDs and linting and schema and docs are all kept as well.

Further, Tilt has been removed as it's unused.

I checked most of the controllers that use and deal with generations and crds including ESO and found that these flows are kinda uniform in one way or another. Which is basically, let controller-gen generate its stuff and then post edit the outcome into the bundled CRDs. What we differ in is that some projects are manually keeping RBAC up-to-date where as I opted to still rely on kubebuilder markers because I didn't want our users to keep forgetting to add RBAC permissions for new objects.

Which issue(s) this PR fixes

Fixes open-component-model/ocm-project#1030

Testing

How to test the changes

Verification

• I have added/updated tests for my changes (see Test Requirements)
• Tests pass locally (task test and task test/integration if applicable)
• If touching multiple modules, go work is enabled (see go.work)
• My changes do not decrease test coverage
• I have tested the changes locally by running ocm

[netlify]

✅ Deploy Preview for ocm-website canceled.

Name	Link
🔨 Latest commit	7f5daea
🔍 Latest deploy log	https://app.netlify.com/projects/ocm-website/deploys/69e9bedb24920000085280f3

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR removes Kustomize-based manifests and samples, relocates controller-gen outputs to bin/gen, adds Helm-focused generation/validation tasks and two scripts to convert raw CRD/RBAC outputs into chart templates, updates CI to a consolidated Helm validate step, and adjusts tests/build references to use bin/gen outputs.

Changes

Cohort / File(s)	Summary
CI & env \.github/workflows/kubernetes-controller.yml, kubernetes/controller/.env, kubernetes/controller/Dockerfile	Replaced multiple Helm workflow steps with a single task helm/validate step; removed KUSTOMIZE_VERSION env var; updated Dockerfile comment to reference task docker-build.
Taskfile & Make wrappers kubernetes/controller/Taskfile.yml, kubernetes/controller/Makefile	Removed kustomize/kubebuilder vars/tasks and Makefile wrapper targets; manifests now emits into bin/gen/crd & bin/gen/rbac; added helm/generate-crds and helm/generate-rbac; updated helm/generate and helm/validate.
Generation scripts kubernetes/controller/hack/helm.generate.sh, kubernetes/controller/hack/rbac.generate.sh	Added scripts to convert controller-gen outputs into Helm chart templates (CRD wrapping, cert-manager/webhook injection, and templated manager-role name).
Helm chart templates & docs kubernetes/controller/chart/README.md, .../README.md.gotmpl, kubernetes/controller/chart/templates/crd/*, kubernetes/controller/chart/templates/rbac/manager-role.yaml	Reformatted CRD/RBAC templates (indentation/structure) and updated docs to describe new helm/generate flow and which RBAC artifacts are auto-generated vs manual.
Removed Kustomize manifests & samples kubernetes/controller/config/crd/*, kubernetes/controller/config/crd/kustomization.yaml, kubernetes/controller/config/crd/kustomizeconfig.yaml, kubernetes/controller/config/default/kustomization.yaml, kubernetes/controller/config/rbac/*, kubernetes/controller/config/samples/*, kubernetes/controller/config/samples/kustomization.yaml	Deleted Kustomize kustomizations, CRD base manifests, RBAC roles/bindings/serviceaccount, and sample resources previously used by Kustomize.
Local dev / Tilt / project metadata kubernetes/controller/Tiltfile, kubernetes/controller/tilt.dockerfile, kubernetes/controller/PROJECT	Removed Tilt configuration and tilt Dockerfile; removed helm.kubebuilder.io/v2-alpha plugin block from PROJECT.
Tests adjusted kubernetes/controller/internal/controller/*/suite_test.go	Updated envtest CRDDirectoryPaths to use bin/gen/crd; minor comment edits (referencing task test).

Sequence Diagram(s)

sequenceDiagram
    participant CI as CI / Task runner
    participant ControllerGen as controller-gen
    participant BinGen as bin/gen (raw outputs)
    participant Scripts as hack/*.sh
    participant HelmChart as chart/templates

    rect rgba(200,150,100,0.5)
    CI->>ControllerGen: run controller-gen (manifests)
    ControllerGen-->>BinGen: emit raw CRD & RBAC YAML to bin/gen
    end

    rect rgba(100,150,200,0.5)
    CI->>Scripts: run helm/generate-crds & helm/generate-rbac
    Scripts->>BinGen: read raw YAML files
    Scripts->>HelmChart: write templated outputs (templates/crd/, templates/rbac/manager-role.yaml)
    CI->>HelmChart: run task helm/validate (generate → lint/schema/docs/template → drift check)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(913)!: object in status field #2008 — touches the Resource CRD/templates; directly overlaps CRD template changes.
• feat: sovereign reference scenario #1733 — modifies the same GitHub Actions workflow file; CI changes may overlap.
• chore!: remove interval field from resource CR #2116 — related CRD/controller changes affecting Resource schema and generation handling.

Suggested reviewers

• fabianburth
• frewilhelm

Poem

🐰
I chewed old kustomize down to bits,
Wove Helm from scratch with nimble wits,
CRDs hopped from bin into chart,
Scripts sang builds and tests took part,
A rabbit claps — a tidy dev blitz!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	All changes are within scope of removing Kustomize and config folder while adding Helm-based CRD/RBAC generation. However, removal of sample manifests, test suite CRD paths, Dockerfile comments, and Tiltfile appear tangential to the core objective of eliminating Kustomize.	Clarify whether deletions of sample resources, test configuration updates, and Tilt/Docker comments are necessary prerequisites for the Kustomize removal, or if they represent secondary cleanup that could be separated into a follow-up PR.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and specifically describes the main change: removing the config folder and generating RBAC and CRDs with Helm templating enabled.
Description check	✅ Passed	The PR description is comprehensive and directly related to the changeset, explaining what was removed (Kustomize, config folder, Tilt), what was added (two scripts and new task targets), and the rationale behind the changes.
Linked Issues check	✅ Passed	The PR addresses issue #1030's core requirements: removes the Kustomization folder [PASS], provides CRD templating via new scripts [PASS], updates task targets and validation workflow [PASS], and includes verification checklist. Test coverage updates and documentation references are mentioned but marked as incomplete in the checklist.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

kubernetes/controller/hack/rbac.generate.sh (1)

36-40: Consider validating the yq step and constraining the sed substitution.

Two small robustness improvements:

1. The pipeline yq ... | sed ... > "${OUT}" won't fail if yq errors out silently (only the last command's exit status is propagated by default without pipefail being enough on its own here — actually set -o pipefail does cover this, so this is fine). Ignore this point.
2. The sed replacement is unanchored, so if OCM_K8S_TOOLKIT_MANAGER_ROLE_NAME ever appeared elsewhere in the source (e.g., in a future comment or label), it would also be rewritten. Anchoring to the name: line makes the intent explicit:

🛡️ Optional tightening

-"${YQ}" eval ".metadata.name = \"${NAME_SENTINEL}\"" "${SRC}" \
-    | sed "s|${NAME_SENTINEL}|${NAME_TPL}|" > "${OUT}"
+"${YQ}" eval ".metadata.name = \"${NAME_SENTINEL}\"" "${SRC}" \
+    | sed "s|^\(\s*name:\s*\)${NAME_SENTINEL}\s*\$|\1${NAME_TPL}|" > "${OUT}"

Non-blocking; current behavior is correct for the controller-gen output shape.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kubernetes/controller/hack/rbac.generate.sh` around lines 36 - 40, Ensure the
yq transformation succeeded before piping to sed (e.g., run yq and check its
exit status or write yq output to a temp file and verify it) so failures from
"${YQ}" are caught rather than masked, and tighten the sed substitution so it
only replaces the sentinel on the metadata name line (anchor to a line matching
optional whitespace + "name:" containing NAME_SENTINEL) instead of a global
unanchored replace of NAME_SENTINEL; locate the pipeline using "${YQ}" eval
".metadata.name = \"${NAME_SENTINEL}\"" "${SRC}" | sed ... > "${OUT}" and change
it to validate yq success then perform an anchored sed that targets only the
metadata name field replacing NAME_SENTINEL with NAME_TPL.

kubernetes/controller/Taskfile.yml (1)

193-208: Consider running generators before lint/template in helm/validate.

Currently helm/lint and helm/template run against the committed (potentially stale) chart templates, and helm/generate-crds / helm/generate-rbac execute afterward only to feed the git diff check. If a newly added API type produces an invalid CRD template or the regenerated manager-role.yaml breaks rendering, the failure is only caught on the next validate run after the diff has been committed. Regenerating first makes the same run verify that the fresh output passes both lint and template.

♻️ Proposed reordering

   helm/validate:
     desc: "Validate the Helm chart (lint, template, and verify CRDs/RBAC/schema/docs are in sync)"
     silent: true
     cmds:
-      - task: helm/lint
-      - task: helm/template
-      - task: helm/schema
-      - task: helm/docs
       - task: helm/generate-crds
       - task: helm/generate-rbac
+      - task: helm/schema
+      - task: helm/docs
+      - task: helm/lint
+      - task: helm/template
       - |
         if ! git diff --quiet chart/templates/crd chart/templates/rbac/manager-role.yaml chart/values.schema.json chart/README.md; then
           echo "ERROR: CRDs, manager-role, schema or docs are out of sync. Run 'task helm/generate' (and helm/schema / helm/docs as needed) and commit the changes."
           git diff chart/templates/crd chart/templates/rbac/manager-role.yaml chart/values.schema.json chart/README.md
           exit 1
         fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kubernetes/controller/Taskfile.yml` around lines 193 - 208, In the
helm/validate Taskfile target, run the generators before linting and templating
so the validators operate on freshly generated artifacts: move
helm/generate-crds and helm/generate-rbac (and optionally helm/schema/helm/docs
if they affect outputs) to execute before helm/lint and helm/template, then keep
the existing git diff check against chart/templates/crd,
chart/templates/rbac/manager-role.yaml, chart/values.schema.json and
chart/README.md to fail when generators produce changes that aren't committed;
update the task order in helm/validate accordingly so helm/lint and
helm/template run on the generated output.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@kubernetes/controller/hack/helm.generate.sh`:
- Around line 35-38: The loop that sets plural and group using YQ (variables
plural, group) can produce empty or "null" values leading to bad filenames;
after calling plural=$("${YQ}" e '.spec.names.plural' "${src}") and
group=$("${YQ}" e '.spec.group' "${src}"), validate both variables (e.g., check
for empty string or the literal "null") and either skip that source file or fail
fast with a clear error; update the loop that writes out
out="${TARGET_DIR}/${plural}.${group}.yaml" to only run when both plural and
group are non-empty and not "null", and log which src was skipped/failing so the
chart generation isn’t silently producing malformed filenames.

---

Nitpick comments:
In `@kubernetes/controller/hack/rbac.generate.sh`:
- Around line 36-40: Ensure the yq transformation succeeded before piping to sed
(e.g., run yq and check its exit status or write yq output to a temp file and
verify it) so failures from "${YQ}" are caught rather than masked, and tighten
the sed substitution so it only replaces the sentinel on the metadata name line
(anchor to a line matching optional whitespace + "name:" containing
NAME_SENTINEL) instead of a global unanchored replace of NAME_SENTINEL; locate
the pipeline using "${YQ}" eval ".metadata.name = \"${NAME_SENTINEL}\"" "${SRC}"
| sed ... > "${OUT}" and change it to validate yq success then perform an
anchored sed that targets only the metadata name field replacing NAME_SENTINEL
with NAME_TPL.

In `@kubernetes/controller/Taskfile.yml`:
- Around line 193-208: In the helm/validate Taskfile target, run the generators
before linting and templating so the validators operate on freshly generated
artifacts: move helm/generate-crds and helm/generate-rbac (and optionally
helm/schema/helm/docs if they affect outputs) to execute before helm/lint and
helm/template, then keep the existing git diff check against
chart/templates/crd, chart/templates/rbac/manager-role.yaml,
chart/values.schema.json and chart/README.md to fail when generators produce
changes that aren't committed; update the task order in helm/validate
accordingly so helm/lint and helm/template run on the generated output.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 77456240-1a13-4c29-b598-f7a4a1de8e02

📥 Commits

Reviewing files that changed from the base of the PR and between 0498da6 and 5d676cb.

📒 Files selected for processing (48)

• .github/workflows/kubernetes-controller.yml
• kubernetes/controller/.env
• kubernetes/controller/Dockerfile
• kubernetes/controller/Makefile
• kubernetes/controller/PROJECT
• kubernetes/controller/Taskfile.yml
• kubernetes/controller/Tiltfile
• kubernetes/controller/chart/README.md
• kubernetes/controller/chart/README.md.gotmpl
• kubernetes/controller/chart/templates/crd/components.delivery.ocm.software.yaml
• kubernetes/controller/chart/templates/crd/deployers.delivery.ocm.software.yaml
• kubernetes/controller/chart/templates/crd/repositories.delivery.ocm.software.yaml
• kubernetes/controller/chart/templates/crd/resources.delivery.ocm.software.yaml
• kubernetes/controller/chart/templates/rbac/manager-role.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_components.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_deployers.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_repositories.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_resources.yaml
• kubernetes/controller/config/crd/kustomization.yaml
• kubernetes/controller/config/crd/kustomizeconfig.yaml
• kubernetes/controller/config/default/kustomization.yaml
• kubernetes/controller/config/rbac/component_editor_role.yaml
• kubernetes/controller/config/rbac/component_viewer_role.yaml
• kubernetes/controller/config/rbac/deployer_editor_role.yaml
• kubernetes/controller/config/rbac/deployer_viewer_role.yaml
• kubernetes/controller/config/rbac/kustomization.yaml
• kubernetes/controller/config/rbac/leader_election_role.yaml
• kubernetes/controller/config/rbac/leader_election_role_binding.yaml
• kubernetes/controller/config/rbac/replication_editor_role.yaml
• kubernetes/controller/config/rbac/replication_viewer_role.yaml
• kubernetes/controller/config/rbac/repository_editor_role.yaml
• kubernetes/controller/config/rbac/repository_viewer_role.yaml
• kubernetes/controller/config/rbac/resource_editor_role.yaml
• kubernetes/controller/config/rbac/resource_viewer_role.yaml
• kubernetes/controller/config/rbac/role.yaml
• kubernetes/controller/config/rbac/role_binding.yaml
• kubernetes/controller/config/rbac/service_account.yaml
• kubernetes/controller/config/samples/components.delivery.ocm.software_sample.yaml
• kubernetes/controller/config/samples/delivery_v1alpha1_component.yaml
• kubernetes/controller/config/samples/delivery_v1alpha1_ocmdeployer.yaml
• kubernetes/controller/config/samples/delivery_v1alpha1_ocmrepository.yaml
• kubernetes/controller/config/samples/delivery_v1alpha1_resource.yaml
• kubernetes/controller/config/samples/kustomization.yaml
• kubernetes/controller/config/samples/repository.delivery.ocm.software_sample.yaml
• kubernetes/controller/config/samples/resource.delivery.ocm.software_sample.yaml
• kubernetes/controller/hack/helm.generate.sh
• kubernetes/controller/hack/rbac.generate.sh
• kubernetes/controller/tilt.dockerfile

💤 Files with no reviewable changes (36)

• kubernetes/controller/.env
• kubernetes/controller/tilt.dockerfile
• kubernetes/controller/config/samples/kustomization.yaml
• kubernetes/controller/PROJECT
• kubernetes/controller/config/samples/delivery_v1alpha1_ocmrepository.yaml
• kubernetes/controller/config/rbac/deployer_viewer_role.yaml
• kubernetes/controller/config/rbac/leader_election_role.yaml
• kubernetes/controller/config/crd/kustomization.yaml
• kubernetes/controller/config/rbac/service_account.yaml
• kubernetes/controller/config/rbac/replication_viewer_role.yaml
• kubernetes/controller/config/default/kustomization.yaml
• kubernetes/controller/config/rbac/repository_viewer_role.yaml
• kubernetes/controller/config/samples/delivery_v1alpha1_ocmdeployer.yaml
• kubernetes/controller/Makefile
• kubernetes/controller/config/samples/delivery_v1alpha1_component.yaml
• kubernetes/controller/config/rbac/role_binding.yaml
• kubernetes/controller/config/rbac/resource_viewer_role.yaml
• kubernetes/controller/config/rbac/component_editor_role.yaml
• kubernetes/controller/config/samples/repository.delivery.ocm.software_sample.yaml
• kubernetes/controller/config/rbac/component_viewer_role.yaml
• kubernetes/controller/config/rbac/resource_editor_role.yaml
• kubernetes/controller/config/rbac/leader_election_role_binding.yaml
• kubernetes/controller/config/samples/resource.delivery.ocm.software_sample.yaml
• kubernetes/controller/config/rbac/deployer_editor_role.yaml
• kubernetes/controller/config/crd/kustomizeconfig.yaml
• kubernetes/controller/Tiltfile
• kubernetes/controller/config/samples/delivery_v1alpha1_resource.yaml
• kubernetes/controller/config/samples/components.delivery.ocm.software_sample.yaml
• kubernetes/controller/config/rbac/repository_editor_role.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_resources.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_components.yaml
• kubernetes/controller/config/rbac/replication_editor_role.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_repositories.yaml
• kubernetes/controller/config/crd/bases/delivery.ocm.software_deployers.yaml
• kubernetes/controller/config/rbac/role.yaml
• kubernetes/controller/config/rbac/kustomization.yaml

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

kubernetes/controller/Taskfile.yml (1)

172-176: Optional: collapse duplication in helm/validate.

helm/validate (lines 197–198) invokes helm/generate-crds and helm/generate-rbac separately, duplicating the composition that helm/generate already does. You could just call task: helm/generate there to keep a single source of truth for the generation sequence. Purely cosmetic; feel free to ignore.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kubernetes/controller/Taskfile.yml` around lines 172 - 176, The helm/validate
target duplicates the composition already defined by helm/generate (which runs
helm/generate-crds and helm/generate-rbac); update the helm/validate task to
call the helm/generate task instead of invoking helm/generate-crds and
helm/generate-rbac directly so the generation sequence is maintained in one
place (edit the helm/validate entry to replace the two task entries with a
single "task: helm/generate").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@kubernetes/controller/Taskfile.yml`:
- Around line 203-208: The helm/validate step in Taskfile.yml currently uses
"git diff --quiet" which misses newly created untracked files; replace that
check with a git status --porcelain invocation against the same paths
(chart/templates/crd, chart/templates/rbac/manager-role.yaml,
chart/values.schema.json, chart/README.md) so both modified and untracked files
are detected, and update the conditional that calls echo/git diff/exit to run
when git status --porcelain returns any output; locate the block around the if !
git diff --quiet ... fi and change it to run git status --porcelain -- <paths>
and fail when the output is non-empty.

---

Nitpick comments:
In `@kubernetes/controller/Taskfile.yml`:
- Around line 172-176: The helm/validate target duplicates the composition
already defined by helm/generate (which runs helm/generate-crds and
helm/generate-rbac); update the helm/validate task to call the helm/generate
task instead of invoking helm/generate-crds and helm/generate-rbac directly so
the generation sequence is maintained in one place (edit the helm/validate entry
to replace the two task entries with a single "task: helm/generate").

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ce254b47-a62d-4c47-8e19-1b33b6b9fba2

📥 Commits

Reviewing files that changed from the base of the PR and between 5d676cb and 7cbbc07.

📒 Files selected for processing (7)

• .github/workflows/kubernetes-controller.yml
• kubernetes/controller/Taskfile.yml
• kubernetes/controller/hack/helm.generate.sh
• kubernetes/controller/internal/controller/component/suite_test.go
• kubernetes/controller/internal/controller/deployer/suite_test.go
• kubernetes/controller/internal/controller/repository/suite_test.go
• kubernetes/controller/internal/controller/resource/suite_test.go

✅ Files skipped from review due to trivial changes (1)

• kubernetes/controller/internal/controller/resource/suite_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/kubernetes-controller.yml
• kubernetes/controller/hack/helm.generate.sh

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@kubernetes/controller/Taskfile.yml`:
- Around line 43-47: The controller-gen invocation in the Taskfile currently
includes the webhook generator but only redirects CRD and RBAC outputs to
bin/gen; update that command in Taskfile.yml (the line containing
"{{.CONTROLLER_GEN}} rbac:roleName=manager-role crd webhook ...") to either
remove the webhook generator entirely or redirect its output to bin/gen by
adding an artifacts redirect (e.g.
output:webhook:artifacts:config=bin/gen/webhook) so webhook manifests aren’t
written to config/webhook after config/ is removed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 61495af2-cf46-46bc-9364-e00619222865

📥 Commits

Reviewing files that changed from the base of the PR and between 7cbbc07 and b530007.

📒 Files selected for processing (1)

• kubernetes/controller/Taskfile.yml

[matthiasbruns]

e2e tests etc work fine - just a few comments and a gif :D

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@kubernetes/controller/Taskfile.yml`:
- Around line 43-47: The task currently creates bin/gen directories but doesn't
remove stale files; update the Taskfile task cmds (replace or augment the
existing mkdir -p bin/gen/crd bin/gen/rbac command and the controller-gen
invocation) to first remove old generated artifacts (e.g., rm -rf bin/gen/* or
rm -rf bin/gen/crd/* bin/gen/rbac/*) and then recreate directories before
running the controller-gen command so stale CRD/RBAC YAML cannot persist between
runs; ensure the exact cmd string containing "{{.CONTROLLER_GEN}} ...
output:rbac:artifacts:config=bin/gen/rbac
output:crd:artifacts:config=bin/gen/crd" remains unchanged except for the
directory-clean step inserted before it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a368751a-fb27-4bd3-9295-6fe467b73094

📥 Commits

Reviewing files that changed from the base of the PR and between b530007 and 3f37f0b.

📒 Files selected for processing (1)

• kubernetes/controller/Taskfile.yml

[frewilhelm]

nice