Remove helmify / kustomize, switch to helm-chart only.

[notandy]

This PR removes the helmify step and removes kustomize as an option to
render the manager/rbacs/crd.
Helmify took a lot of work creating a helm-chart based on the
boilerplate generated by kubebuilder. But ultimatively, it imposes too
many constraints to the outcome of the helm-chart and makes it hard to
implement custom renditions (like using .AppVersion as a image tag).

Thus this PR is removing the kustomize files, leaving only the generated
CRDs in the config directory (which don't need any templating) and
symlinks it to the helm chart.

Summary by CodeRabbit

Release Notes

• New Features

  • Added Helm chart OCI publishing workflow for automated distribution to container registry.

• Refactor

  • Refactored deployment configuration and CRD management structure for improved chart-based deployments.

• Removed Features

  • Removed Migration and Hypervisor custom resources from the system.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 47777074-ffc0-4478-8a03-93747cbaaf9c

📥 Commits

Reviewing files that changed from the base of the PR and between d60a800 and 23bf2b7.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (38)

• .github/workflows/checks.yaml
• .github/workflows/helm-oci-package-ghcr.yaml
• .github/workflows/publish-helm.yml
• .pre-commit-config.yaml
• Makefile
• Makefile.maker.yaml
• charts/kvm-node-agent/crds/kvm.cloud.sap_migrations.yaml
• charts/kvm-node-agent/crds/migration-crd.yaml
• charts/kvm-node-agent/values.yaml
• config/crd/bases/kvm.cloud.sap_hypervisors.yaml
• config/crd/kustomization.yaml
• config/crd/kustomizeconfig.yaml
• config/default/kustomization.yaml
• config/default/manager_metrics_patch.yaml
• config/default/metrics_service.yaml
• config/manager/kustomization.yaml
• config/manager/manager.yaml
• config/manager/manager_node_selector_patch.yaml
• config/prometheus/kustomization.yaml
• config/prometheus/monitor.yaml
• config/rbac/hypervisor_editor_role.yaml
• config/rbac/hypervisor_viewer_role.yaml
• config/rbac/kustomization.yaml
• config/rbac/leader_election_role.yaml
• config/rbac/leader_election_role_binding.yaml
• config/rbac/metrics_auth_role.yaml
• config/rbac/metrics_auth_role_binding.yaml
• config/rbac/metrics_reader_role.yaml
• config/rbac/migration_editor_role.yaml
• config/rbac/migration_viewer_role.yaml
• config/rbac/role.yaml
• config/rbac/role_binding.yaml
• config/rbac/service_account.yaml
• config/samples/kustomization.yaml
• config/samples/kvm_v1alpha1_hypervisor.yaml
• config/samples/kvm_v1alpha1_migration.yaml
• internal/controller/suite_test.go
• internal/evacuation/suite_test.go

💤 Files with no reviewable changes (31)

• charts/kvm-node-agent/values.yaml
• config/prometheus/kustomization.yaml
• config/manager/manager_node_selector_patch.yaml
• config/rbac/metrics_reader_role.yaml
• config/rbac/hypervisor_editor_role.yaml
• config/samples/kustomization.yaml
• .pre-commit-config.yaml
• config/rbac/leader_election_role.yaml
• config/rbac/hypervisor_viewer_role.yaml
• config/rbac/migration_viewer_role.yaml
• config/default/kustomization.yaml
• config/rbac/kustomization.yaml
• config/crd/kustomization.yaml
• config/default/metrics_service.yaml
• config/prometheus/monitor.yaml
• config/rbac/service_account.yaml
• config/manager/kustomization.yaml
• config/samples/kvm_v1alpha1_hypervisor.yaml
• config/rbac/leader_election_role_binding.yaml
• config/rbac/migration_editor_role.yaml
• config/manager/manager.yaml
• config/rbac/role_binding.yaml
• .github/workflows/publish-helm.yml
• config/rbac/metrics_auth_role.yaml
• config/crd/bases/kvm.cloud.sap_hypervisors.yaml
• charts/kvm-node-agent/crds/migration-crd.yaml
• config/rbac/role.yaml
• config/rbac/metrics_auth_role_binding.yaml
• config/samples/kvm_v1alpha1_migration.yaml
• config/default/manager_metrics_patch.yaml
• config/crd/kustomizeconfig.yaml

✅ Files skipped from review due to trivial changes (2)

• internal/controller/suite_test.go
• .github/workflows/checks.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• internal/evacuation/suite_test.go
• Makefile
• Makefile.maker.yaml

---

📝 Walkthrough

Walkthrough

This pull request migrates the deployment configuration from traditional Kubernetes manifests to a Helm chart-based approach. CRD definitions, RBAC, manager, and monitoring configurations are removed from config/ directories in favor of being managed through the Helm chart. Test suites are updated to reference CRDs in the new chart location, and a new GitHub Actions workflow is added to package and push the Helm chart as OCI artifacts.

Changes

Cohort / File(s)	Summary
Pre-commit & Build Configuration .pre-commit-config.yaml, Makefile, Makefile.maker.yaml	Removed helmify and go-build pre-commit hooks; updated Makefile to apply CRDs directly from charts/kvm-node-agent/crds/ instead of kustomizing config/crd; updated CRD output path in Makefile.maker.yaml and added pushHelmChartToGhcr configuration.
CRD Definitions Removed config/crd/bases/kvm.cloud.sap_hypervisors.yaml, charts/kvm-node-agent/crds/migration-crd.yaml, config/crd/kustomization.yaml, config/crd/kustomizeconfig.yaml	Deleted Hypervisor and Migration CustomResourceDefinition manifests and related kustomization files that previously managed CRD configuration and webhook substitution.
Manager & Namespace Configuration Removed config/manager/manager.yaml, config/manager/kustomization.yaml, config/manager/manager_node_selector_patch.yaml, config/default/kustomization.yaml, config/default/manager_metrics_patch.yaml	Removed DaemonSet deployment manifests, Kustomize configurations for namespace/naming, and manager metrics patches that previously defined controller manager deployment.
RBAC Configuration Removed config/rbac/service_account.yaml, config/rbac/role.yaml, config/rbac/role_binding.yaml, config/rbac/leader_election_*, config/rbac/metrics_*, config/rbac/hypervisor_*, config/rbac/migration_*, config/rbac/kustomization.yaml	Deleted ServiceAccount, ClusterRoles, ClusterRoleBindings, and associated RBAC configurations for controller manager, metrics, and custom resource management permissions.
Monitoring Configuration Removed config/prometheus/kustomization.yaml, config/prometheus/monitor.yaml, config/default/metrics_service.yaml	Removed ServiceMonitor and Prometheus service configuration that previously exposed controller manager metrics for scraping.
Sample Resources Removed config/samples/kvm_v1alpha1_*.yaml, config/samples/kustomization.yaml	Deleted sample Hypervisor and Migration custom resource manifests and their kustomization reference.
Test Suite Updates internal/controller/suite_test.go, internal/evacuation/suite_test.go	Updated envtest CRDDirectoryPaths from config/crd/bases to charts/kvm-node-agent/crds to load CRDs from chart location.
Helm Chart Configuration charts/kvm-node-agent/values.yaml	Removed explicit controllerManager.image.tag: latest to allow default image tag resolution from chart defaults.
GitHub Actions Workflows .github/workflows/helm-oci-package-ghcr.yaml, .github/workflows/publish-helm.yml	Added new OCI-based Helm chart packaging and publishing workflow (triggered on push/tag/dispatch) that packages and pushes chart to GHCR; removed legacy Helm release workflow.
Shell Script Minor Fix .github/workflows/checks.yaml	Added quoting around command substitution in shellcheck deletion step for improved shell safety.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 Konfiguration hops to the Helm chart home,
No more scattered manifests to roam,
RBAC and CRDS take their new place,
Packaged and pushed with OCI grace,
A cleaner deployment, oh what a race! 🚀

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: removing helmify and kustomize while switching to a Helm chart-only approach, which aligns with the comprehensive file deletions and Makefile modifications across the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch remove-kustomize_helmify

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/container-registry-ghcr.yaml (1)

48-48: Remove unnecessary QEMU setup for single-platform amd64 build.

This workflow builds only linux/amd64 and runs on an amd64 runner (large_runner_16core_64gb). QEMU is only needed for multi-platform or cross-architecture builds, not for native platform builds. Removing the setup-qemu-action@v4 step on line 48 will reduce unnecessary build time overhead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/container-registry-ghcr.yaml at line 48, Remove the
unnecessary QEMU setup step that uses "docker/setup-qemu-action@v4" from the
workflow since the job targets only linux/amd64 and runs on an amd64 runner
(large_runner_16core_64gb); delete the entire step block referencing
docker/setup-qemu-action@v4 and verify no subsequent steps depend on QEMU before
committing the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile.maker.yaml`:
- Line 10: The CRD generation path (crdOutputPath: charts/kvm-node-agent/crds)
and the install step path (install-crds using config/crd/*.yaml) are
inconsistent; update the install target so it reads CRDs from the generated
location or change crdOutputPath to match the installer. Locate the
crdOutputPath setting and the install-crds rule/target that references
config/crd/*.yaml and make them identical (e.g., point install-crds to
charts/kvm-node-agent/crds/*.yaml or set crdOutputPath to config/crd) so
generated CRDs are the ones applied.

---

Nitpick comments:
In @.github/workflows/container-registry-ghcr.yaml:
- Line 48: Remove the unnecessary QEMU setup step that uses
"docker/setup-qemu-action@v4" from the workflow since the job targets only
linux/amd64 and runs on an amd64 runner (large_runner_16core_64gb); delete the
entire step block referencing docker/setup-qemu-action@v4 and verify no
subsequent steps depend on QEMU before committing the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f5179a0-ebdc-4546-8eea-f6c8600f0e28

📥 Commits

Reviewing files that changed from the base of the PR and between 9223a83 and 913cfdb.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (35)

• .github/workflows/container-registry-ghcr.yaml
• .pre-commit-config.yaml
• Makefile
• Makefile.maker.yaml
• charts/kvm-node-agent/crds/kvm.cloud.sap_migrations.yaml
• charts/kvm-node-agent/crds/migration-crd.yaml
• charts/kvm-node-agent/values.yaml
• config/crd/bases/kvm.cloud.sap_hypervisors.yaml
• config/crd/kustomization.yaml
• config/crd/kustomizeconfig.yaml
• config/default/kustomization.yaml
• config/default/manager_metrics_patch.yaml
• config/default/metrics_service.yaml
• config/manager/kustomization.yaml
• config/manager/manager.yaml
• config/manager/manager_node_selector_patch.yaml
• config/prometheus/kustomization.yaml
• config/prometheus/monitor.yaml
• config/rbac/hypervisor_editor_role.yaml
• config/rbac/hypervisor_viewer_role.yaml
• config/rbac/kustomization.yaml
• config/rbac/leader_election_role.yaml
• config/rbac/leader_election_role_binding.yaml
• config/rbac/metrics_auth_role.yaml
• config/rbac/metrics_auth_role_binding.yaml
• config/rbac/metrics_reader_role.yaml
• config/rbac/migration_editor_role.yaml
• config/rbac/migration_viewer_role.yaml
• config/rbac/role_binding.yaml
• config/rbac/service_account.yaml
• config/samples/kustomization.yaml
• config/samples/kvm_v1alpha1_hypervisor.yaml
• config/samples/kvm_v1alpha1_migration.yaml
• internal/controller/suite_test.go
• internal/evacuation/suite_test.go

💤 Files with no reviewable changes (29)

• config/samples/kustomization.yaml
• config/rbac/metrics_reader_role.yaml
• config/rbac/hypervisor_viewer_role.yaml
• config/manager/kustomization.yaml
• config/rbac/kustomization.yaml
• config/default/manager_metrics_patch.yaml
• config/samples/kvm_v1alpha1_hypervisor.yaml
• config/rbac/migration_viewer_role.yaml
• charts/kvm-node-agent/values.yaml
• config/rbac/leader_election_role.yaml
• config/rbac/leader_election_role_binding.yaml
• config/rbac/service_account.yaml
• config/rbac/metrics_auth_role.yaml
• config/crd/bases/kvm.cloud.sap_hypervisors.yaml
• charts/kvm-node-agent/crds/migration-crd.yaml
• config/rbac/migration_editor_role.yaml
• config/rbac/hypervisor_editor_role.yaml
• config/prometheus/kustomization.yaml
• config/prometheus/monitor.yaml
• config/crd/kustomizeconfig.yaml
• config/samples/kvm_v1alpha1_migration.yaml
• .pre-commit-config.yaml
• config/default/kustomization.yaml
• config/crd/kustomization.yaml
• config/manager/manager_node_selector_patch.yaml
• config/default/metrics_service.yaml
• config/rbac/metrics_auth_role_binding.yaml
• config/manager/manager.yaml
• config/rbac/role_binding.yaml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/helm-oci-package-ghcr.yaml:
- Line 23: The workflow uses an invalid runner label "large_runner_16core_64gb"
which fails actionlint; update the runs-on entry (the runs-on key in the
helm-oci-package-ghcr workflow) to a CI-approved label such as "ubuntu-latest"
or, if you intend to use a self-hosted runner, change runs-on to the label-array
form (e.g. ["self-hosted","large_runner_16core_64gb"]) and ensure actionlint is
configured to accept your custom labels.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8bd2e6a0-52f9-4a2c-87cd-172a417d594a

📥 Commits

Reviewing files that changed from the base of the PR and between 913cfdb and d60a800.

📒 Files selected for processing (6)

• .github/workflows/checks.yaml
• .github/workflows/helm-oci-package-ghcr.yaml
• .github/workflows/publish-helm.yml
• Makefile
• Makefile.maker.yaml
• config/rbac/role.yaml

💤 Files with no reviewable changes (2)

• .github/workflows/publish-helm.yml
• config/rbac/role.yaml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/checks.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• Makefile.maker.yaml

[github-actions]

Merging this branch will decrease overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/cobaltcore-dev/kvm-node-agent/internal/controller	56.77% (-0.52%)	👎
github.com/cobaltcore-dev/kvm-node-agent/internal/evacuation	20.69% (ø)

---

Coverage by file

Changed unit test files

• github.com/cobaltcore-dev/kvm-node-agent/internal/controller/suite_test.go
• github.com/cobaltcore-dev/kvm-node-agent/internal/evacuation/suite_test.go