feat: create harvester-upgrade-manager chart#492
Merged
starbops merged 7 commits intoharvester:masterfrom Mar 20, 2026
Merged
Conversation
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
There was a problem hiding this comment.
Pull request overview
Introduces a new harvester-upgrade Helm chart (harvester-upgrade-toolkit) with controller Deployment, RBAC, CRD templating, metrics/webhook resources, and CI support via stub CRDs for external dependencies.
Changes:
- Added a full Helm chart under
charts/harvester-upgrade/(templates, values, helpers, CRD, RBAC, webhook, metrics, ServiceMonitor). - Added CI-only “external stub CRDs” to allow chart-testing installs in a bare test cluster.
- Updated GitHub Actions CI workflow to create the new stub CRDs before
ct install.
Reviewed changes
Copilot reviewed 27 out of 27 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/harvester-upgrade-external-stub-crds.yaml | Adds minimal stub CRDs required for chart installation in CI. |
| charts/harvester-upgrade/Chart.yaml | New chart metadata/versioning for harvester-upgrade. |
| charts/harvester-upgrade/values.yaml | Default configuration for manager, CRDs, metrics, webhook, and helper RBAC. |
| charts/harvester-upgrade/.helmignore | Helm packaging ignore rules for the new chart. |
| charts/harvester-upgrade/templates/_helpers.tpl | Adds naming helpers, including truncation-safe resource name generation. |
| charts/harvester-upgrade/templates/NOTES.txt | Helm post-install notes for verifying install. |
| charts/harvester-upgrade/templates/manager/manager.yaml | Deploys the controller manager Deployment. |
| charts/harvester-upgrade/templates/crd/upgradeplans.management.harvesterhci.io.yaml | Templates the UpgradePlan CRD with optional Helm keep policy. |
| charts/harvester-upgrade/templates/webhook/webhook.yaml | Creates webhook TLS Secret and webhook configurations. |
| charts/harvester-upgrade/templates/webhook/webhook-service.yaml | Creates the Service backing the webhook endpoint. |
| charts/harvester-upgrade/templates/metrics/controller-manager-metrics-service.yaml | Service exposing the controller metrics endpoint. |
| charts/harvester-upgrade/templates/monitoring/servicemonitor.yaml | Optional Prometheus ServiceMonitor for scraping metrics. |
| charts/harvester-upgrade/templates/rbac/controller-manager.yaml | ServiceAccount for the controller manager. |
| charts/harvester-upgrade/templates/rbac/manager-role.yaml | ClusterRole granting controller permissions. |
| charts/harvester-upgrade/templates/rbac/manager-rolebinding.yaml | ClusterRoleBinding for controller manager permissions. |
| charts/harvester-upgrade/templates/rbac/leader-election-role.yaml | Role for leader election resources in the release namespace. |
| charts/harvester-upgrade/templates/rbac/leader-election-rolebinding.yaml | RoleBinding for leader election Role. |
| charts/harvester-upgrade/templates/rbac/metrics-auth-role.yaml | ClusterRole for TokenReview/SAR (metrics authn/authz). |
| charts/harvester-upgrade/templates/rbac/metrics-auth-rolebinding.yaml | Binds metrics auth ClusterRole to controller manager SA. |
| charts/harvester-upgrade/templates/rbac/metrics-reader.yaml | ClusterRole granting access to /metrics non-resource URL. |
| charts/harvester-upgrade/templates/rbac/version-viewer-role.yaml | Optional helper ClusterRole for read-only access to Version CRs. |
| charts/harvester-upgrade/templates/rbac/version-editor-role.yaml | Optional helper ClusterRole for edit access to Version CRs. |
| charts/harvester-upgrade/templates/rbac/version-admin-role.yaml | Optional helper ClusterRole for admin access to Version CRs. |
| charts/harvester-upgrade/templates/rbac/upgradeplan-viewer-role.yaml | Optional helper ClusterRole for read-only access to UpgradePlan CRs. |
| charts/harvester-upgrade/templates/rbac/upgradeplan-editor-role.yaml | Optional helper ClusterRole for edit access to UpgradePlan CRs. |
| charts/harvester-upgrade/templates/rbac/upgradeplan-admin-role.yaml | Optional helper ClusterRole for admin access to UpgradePlan CRs. |
| .github/workflows/ci.yaml | Creates the new stub CRDs before running chart-testing install. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
charts/harvester-upgrade/values.yaml
Outdated
|
|
||
| ## String to fully override chart.fullname template | ||
| ## | ||
| fullnameOverride: "harvester-upgrade-toolkit" |
| {{- end }} | ||
| {{- with .Values.manager.nodeSelector }} | ||
| nodeSelector: {{ toYaml . | nindent 16 }} | ||
| {{- end }} |
charts/harvester-upgrade/templates/rbac/version-viewer-role.yaml
Outdated
Show resolved
Hide resolved
charts/harvester-upgrade/templates/rbac/version-editor-role.yaml
Outdated
Show resolved
Hide resolved
charts/harvester-upgrade/templates/rbac/version-admin-role.yaml
Outdated
Show resolved
Hide resolved
Comment on lines
+11
to
+16
| {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace $secretName }} | ||
| {{- if and $existingSecret $existingSecret.data }} | ||
| {{- $ca = index $existingSecret.data "ca.crt" }} | ||
| {{- $cert = index $existingSecret.data "tls.crt" }} | ||
| {{- $key = index $existingSecret.data "tls.key" }} | ||
| {{- else }} |
Comment on lines
+39
to
+46
| - args: | ||
| {{- if .Values.metrics.enable }} | ||
| - --metrics-bind-address=:{{ .Values.metrics.port }} | ||
| {{- else }} | ||
| # Bind to :0 to disable the controller-runtime managed metrics server | ||
| - --metrics-bind-address=0 | ||
| {{- end }} | ||
| - --health-probe-bind-address=:8081 |
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
Signed-off-by: Zespre Chang <zespre.chang@suse.com>
starbops
changed the title
bk201
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem:
Solution:
harvester-upgrade-manager chart for upgrade v2
Related Issue(s):
harvester/harvester#7112
Test plan:
helm upgrade --install harvester-upgrade-manager ./charts/harvester-upgrade-manager \ --namespace=harvester-systemAdditional documentation or context