feat(helm): add nodeport access type support to Helm chart

[styx0r]

Summary

The Skupper controller already has full support for nodeport as a RouterAccess access type (including validation, SKUPPER_CLUSTER_HOST env var reading, etc.), but the Helm chart had no way to configure the required controller env vars. This PR closes that gap.

Changes:

• scripts/skupper-helm-chart-generator.sh: adds three new values to the generated values.yaml (clusterHost, enabledAccessTypes, defaultAccessType) and injects Helm conditional env-var blocks into both the cluster and namespace deployment templates, immediately before the SKUPPER_KUBE_ADAPTOR_IMAGE env var (used as a stable anchor).
• charts/skupper/README.md: documents the three new values in a new "Access Type Configuration" section, with a concrete "Using NodePort" example.
• Bonus fix: replaces all sed -i 'pattern' calls (GNU-only) with the portable sed 'pattern' file > file.tmp && mv file.tmp file pattern, fixing a pre-existing breakage on macOS where BSD sed requires sed -i ''.

Behaviour

Users who do not set any of the new values see zero change — the controller's own defaults apply as before (local,loadbalancer,route).

To deploy with nodeport:

helm install skupper oci://quay.io/skupper/helm/skupper \
  --set clusterHost=<NODE_IP> \
  --set "enabledAccessTypes=local,loadbalancer,route,nodeport" \
  --set defaultAccessType=nodeport

Test plan

• Run make generate-skupper-helm-chart and verify charts/skupper/values.yaml contains the three new values
• Inspect generated templates for the Helm conditional blocks ({{- if .Values.clusterHost }}, etc.)
• helm lint charts/skupper passes
• Dry-run with --set clusterHost=... --set enabledAccessTypes=... --set defaultAccessType=nodeport renders env vars in the deployment
• Dry-run without those flags renders no new env vars
• Deploy on a real cluster, create a Site + RouterAccess with accessType: nodeport, verify RouterAccess status shows the node IP and high ports

Assisted by Claude Code

[styx0r]

Tested end-to-end on a real Kubernetes cluster:

1. Deployed the controller with helm install using --set clusterHost=
   --set "enabledAccessTypes=local,loadbalancer,route,nodeport" --set defaultAccessType=nodeport
2. Created a Site and RouterAccess with accessType: nodeport
3. RouterAccess status resolved with the node IP and Nodeports
4. Created an AccessGrant and redeemed it on a second cluster using an AccessToken
5. kubectl get link -A on the second cluster shows Ready / OK
6. Cross-cluster link is established and stable over nodeport.

[fgiorgetti]

A couple of minor suggestions. But overall, it looks good to me.

[fgiorgetti]

Thank you for your contribution!
It looks good to me.

@ajssmith @AryanP123 @JPadovano1483 @nluaces I would like to get your thoughts here as well,
Thanks.

[styx0r]

Thank you very much for your efforts. I hope this small addition helps others as well.

[AryanP123]

LGTM. One note: the README says enabledAccessTypes defaults to local,loadbalancer,route when empty, but the chart generator sets it to that string explicitly. Should the generator use "" instead so the controller’s default in config.go is the single source of truth?

Let me know what you think.

[fgiorgetti]

LGTM. One note: the README says enabledAccessTypes defaults to local,loadbalancer,route when empty, but the chart generator sets it to that string explicitly. Should the generator use "" instead so the controller’s default in config.go is the single source of truth?

Let me know what you think.

Actually, if the SKUPPER_ENABLED_ACCESS_TYPES environment variable is set with an empty value, no access types will be enabled. So I believe it is safer to keep them declared explicitly.