Fix RBAC configuration and YAML document separator

[archsyscall]

#3

[gemini-code-assist]

Hello @archsyscall, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request focuses on improving the Helm chart for the restart-operator. The changes include updating the chart version, adding annotations to the CRD and RBAC configurations for Helm hooks, ensuring proper YAML document separation, and fixing RBAC configurations.

Highlights

• Chart Version Update: The chart version in Chart.yaml has been bumped from 0.1.0 to 0.1.1.
• Helm Hook Annotations: Annotations for Helm hooks (pre-install, pre-upgrade, and hook-weight) have been added to crd.yaml and rbac.yaml to manage the installation and upgrade process.
• YAML Document Separator: A YAML document separator (---) was added in rbac.yaml to ensure proper parsing of multiple YAML documents.
• RBAC Configuration Fixes: RBAC configurations in rbac.yaml have been updated with annotations for Helm hooks to manage the installation and upgrade process.

Changelog

• charts/restart-operator/Chart.yaml
  • Updated chart version from 0.1.0 to 0.1.1.
• charts/restart-operator/templates/crd.yaml
  • Added annotations for Helm hooks (pre-install, pre-upgrade, hook-weight) to manage the installation and upgrade process.
• charts/restart-operator/templates/rbac.yaml
  • Added annotations for Helm hooks (pre-install, pre-upgrade, hook-weight) to manage the installation and upgrade process.
  • Added a YAML document separator (---) to ensure proper parsing of multiple YAML documents.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A chart's version ascends,
Hooks now managed, it transcends,
YAML's form precise,
RBAC now concise,
A smoother install extends.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request addresses the RBAC configuration and YAML document separation in the Helm chart. The changes involve updating the chart version, adding Helm hooks to ensure resources are installed in the correct order, and adding a YAML document separator in the RBAC template. These changes improve the robustness and correctness of the Helm chart deployment.

Summary of Findings

• Helm Hook Annotations: The addition of helm.sh/hook and helm.sh/hook-weight annotations to the CRD, ClusterRole, ClusterRoleBinding, and RoleBinding resources is a good practice to ensure these resources are installed/updated in the correct order during Helm operations. This helps prevent potential issues where dependent resources are created before the necessary permissions or definitions are in place.
• YAML Document Separator: Adding the --- separator between the ClusterRoleBinding and RoleBinding in rbac.yaml is the standard way to define multiple Kubernetes resources within a single YAML file. This improves the clarity and parsability of the template.
• Chart Version Update: Incrementing the chart version in Chart.yaml is appropriate given the changes made to the chart templates.
• Maintainer Email Address: The maintainer email address in Chart.yaml uses an example domain (example.com). While not a critical issue, it might be better to use a real contact email or remove it if not intended for public contact. (Note: This is a low severity finding and is included here for completeness based on the review settings, but no specific review comment was added for it.)

Merge Readiness

The changes in this pull request are well-implemented and address important aspects of the Helm chart's deployment reliability and structure. No critical or high severity issues were found during the review. The code appears ready to be merged. As per my instructions, I am unable to approve the pull request directly; please have other reviewers approve this code before merging.