✨ Add schema CRD and platform CRs.

[jortel]

Add Schema CRD.
Add Cloud Foundry schemas.

Add platform tasks and addons. The addons share the same image.
Tasks:

• platform

Addons:

• platform

Schemas:

• cloudfoundry-coordinates
• cloudfoundry-filter

Summary by CodeRabbit

• New Features

  • Introduced support for the "Platform Addon" component, including deployment and configuration options.
  • Added new Kubernetes custom resources for schema management, specifically for Cloud Foundry coordinates and filters.
  • Extended Helm and Ansible configurations to support the new platform addon and schema resources.

• Improvements

  • Updated operator SDK version to v1.35.0 for improved compatibility and features.
  • Enhanced RBAC permissions to support the new schema resources.

• Chores

  • Updated release and build workflows to include the new platform addon component.

[coderabbitai]

Walkthrough

This update introduces a new "platform" addon component to the deployment process, including its image configuration, resource defaults, and Kubernetes manifests. It also adds a new "Schema" CRD and two initial schema custom resources. The release workflow, Helm values, RBAC, and operator metadata are updated accordingly, and the Operator SDK version is bumped to v1.35.0.

Changes

File(s)	Change Summary
.github/workflows/create-release.yml	Added release steps for tackle2-addon-platform, including Docker image pull/wait logic.
helm/templates/crds/tackle.konveyor.io_schemas.yaml, bundle/manifests/konveyor-operator.clusterserviceversion.yaml	Introduced new Schema CRD and registered it in operator CSV with RBAC permissions.
helm/values.yaml, roles/tackle/defaults/main.yml	Added image config and resource defaults for the platform addon.
roles/tackle/templates/customresource-addon-platform.yml.j2	New template for the Platform Addon and its Task custom resources.
roles/tackle/templates/customresource-schema.yml.j2	New template defining two initial schema CRs for CloudFoundry coordinates and filter.
roles/tackle/tasks/main.yml	Added tasks to create Platform Addon and schema CRs before Hub deployment.
helm/templates/rbac/role.yaml	Extended Role to include permissions for the new schemas resource.
bundle.Dockerfile, bundle/metadata/annotations.yaml, Makefile	Updated Operator SDK version from v1.28.1 to v1.35.0 in build files and metadata.
helm/templates/deployment.yaml	Added environment variable for the platform addon image in operator deployment container.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant AnsibleRole
    participant KubernetesAPI
    participant Operator

    User->>AnsibleRole: Deploy stack
    AnsibleRole->>KubernetesAPI: Create Platform Addon CR
    AnsibleRole->>KubernetesAPI: Create Schema CRs
    KubernetesAPI->>Operator: Notify of new CRs (Addon, Schema)
    Operator->>KubernetesAPI: Manage Addon/Task and Schema resources

Loading

Possibly related PRs

• ✨ Add kai solution server to release pipeline #449: Adds a new component (kai) to the release workflow, similar to how this PR adds tackle2-addon-platform, both modifying .github/workflows/create-release.yml for new release steps.

Poem

A platform hops in, so bright and new,
With schemas to guide what CloudFoundry can do.
Addons and tasks, all ready to play,
In YAML fields, they now find their way.
Operator SDK gets a shiny upgrade—
Hip-hop, hooray! The release parade!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b294230 and 9684444.

📒 Files selected for processing (2)

• bundle/manifests/konveyor-operator.clusterserviceversion.yaml (6 hunks)
• helm/templates/deployment.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• helm/templates/deployment.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• bundle/manifests/konveyor-operator.clusterserviceversion.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-operator-bundle

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (4)

helm/templates/crds/tackle.konveyor.io_schemas.yaml (1)

17-84: Consider adding discoverability & usability metadata to the CRD

The structural schema is solid; however, without shortNames, categories, or meaningful additionalPrinterColumns, users will find the new Schema objects hard to discover and inspect (kubectl get).

Example enhancement:

     names:
       kind: Schema
       listKind: SchemaList
       plural: schemas
       singular: schema
+      shortNames:
+        - sch
+      categories:
+        - konveyor
+        - tackle
...
+    additionalPrinterColumns:
+      - name: Domain
+        type: string
+        jsonPath: .spec.domain
+      - name: Subject
+        type: string
+        jsonPath: .spec.subject
+      - name: Variant
+        type: string
+        jsonPath: .spec.variant

These purely additive fields improve UX and do not affect the controller logic.

helm/values.yaml (1)

22-22: Pin a specific tag instead of latest for reproducible releases

Using latest couples chart installs to whatever was pushed most recently, defeating repeatability and making rollbacks harder.
Prefer the semver ({{ .Chart.AppVersion }}) you release in the workflow.

-  addon_platform: quay.io/konveyor/tackle2-addon-platform:latest
+  addon_platform: quay.io/konveyor/tackle2-addon-platform:{{ .Chart.AppVersion }}

roles/tackle/templates/customresource-addon-platform.yml.j2 (2)

1-70: Remove duplication by iterating in Jinja

The three Addon definitions are structurally identical aside from {name, task}.
A small loop will cut ~60 lines, lower the maintenance burden, and eliminate drift.

{% for comp in ['manifest', 'importer', 'generator'] %}
---
kind: Addon
apiVersion: tackle.konveyor.io/v1alpha1
metadata:
  name: {{ ('platform_' ~ comp) }}
  namespace: {{ app_namespace }}
  labels:
    app.kubernetes.io/name: {{ platform_service_name }}
    app.kubernetes.io/component: {{ platform_component_name }}
    app.kubernetes.io/part-of: {{ app_name }}
spec:
  task: {{ ('platform_' ~ comp) }}
  container:
    name: {{ platform_component_name }}
    image: {{ platform_fqin }}
    imagePullPolicy: {{ image_pull_policy }}
    resources:
      limits:
        cpu: {{ platform_container_limits_cpu }}
        memory: {{ platform_container_limits_memory }}
      requests:
        cpu: {{ platform_container_requests_cpu }}
        memory: {{ platform_container_requests_memory }}
{% endfor %}

---

14-23: Harden the container spec with a securityContext

The addon pods currently run without explicit security settings.
Consider adding at least:

    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
      allowPrivilegeEscalation: false

Helps satisfy common hardening baselines (NSA, CIS) and avoids future audit findings.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between af596c8 and a1cf9ac.

📒 Files selected for processing (6)

• .github/workflows/create-release.yml (1 hunks)
• helm/templates/crds/tackle.konveyor.io_schemas.yaml (1 hunks)
• helm/values.yaml (1 hunks)
• roles/tackle/defaults/main.yml (1 hunks)
• roles/tackle/templates/customresource-addon-platform.yml.j2 (1 hunks)
• roles/tackle/templates/customresource-schema-cloudfoundry.yml.j2 (1 hunks)

🔇 Additional comments (2)

.github/workflows/create-release.yml (1)

127-142: Bundle build steps still miss the new platform image – risk of broken CSV

You correctly release and wait for the image here, but build-bundle later passes explicit image arguments (lines 228-236). addon_platform is not among them, so the CSV will not get its digest substituted, leading to an unresolved image pull at install time.

Action item: add the argument in the make-bundle step:

         addon_discovery: quay.io/konveyor/tackle2-addon-discovery:${{ inputs.version }}
+        addon_platform: quay.io/konveyor/tackle2-addon-platform:${{ inputs.version }}

Validate that make-bundle target consumes addon_platform similarly to the others.

roles/tackle/templates/customresource-addon-platform.yml.j2 (1)

71-95: Confirm Task action values against the operator’s expectations

We couldn’t find any local definitions or usages of spec.action in this repo, so please double-check that the values fetch, import, and generate match what the Tackle Operator’s reconciliation logic actually supports. If these verbs aren’t recognized, your Tasks will be ignored and the Addon will stay in Pending.

Suggested verification steps:

• Clone the upstream operator and search its Go types and constants:

  gh repo clone konveyor/tackle-operator
  rg -n "type TaskSpec" -A5 -B2 tackle-operator/
  rg -n "Action" -A3 -B1 tackle-operator/

• Alternatively, consult the operator’s documentation or CRD (kubectl explain Task.spec.action) to see the list of valid action values.

[jmontleon]

ACK