PoC/WIP: Add cert-manager-proxy scaffolding

[sebrandon1]

I'm trying to build a proof-of-concept for the HTTP01Proxy as partially described in:

• CNF-13731: Add HTTP01ChallengeProxy api#2434
• CNF-13731: Cert Manager HTTP01 Proxy enhancements#1773

Changes:

• Add new CRD and API type HTTP01Proxy (http01proxies.operator.openshift.io/v1alpha1).
• Add minimal http01proxy controller and wire it into the controller-runtime manager.
• Include sample CR at config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml.
• No functional proxy logic yet; this is scaffolding for the PoC.

Usage:

kubectl apply -f config/crd/bases/operator.openshift.io_http01proxies.yaml
Then install the operator with make local-run.
kubectl apply -f config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml

Note: This is a no-op scaffold. It adds the HTTP01Proxy CRD, a sample CR, and wires a minimal controller into the operator’s controller-runtime manager. It does not deploy any new operand/image, does not change routing, and has no functional proxy logic yet. Potential follow-up commits will add RBAC and reconcile behavior to watch Challenges and manage Routes.

[coderabbitai]

Warning

Rate limit exceeded

@sebrandon1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 6 minutes and 16 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 30353a5 and 941be60.

📒 Files selected for processing (22)

• api/operator/v1alpha1/http01proxy_types.go (1 hunks)
• api/operator/v1alpha1/zz_generated.deepcopy.go (2 hunks)
• config/crd/bases/operator.openshift.io_http01proxies.yaml (1 hunks)
• config/rbac/role.yaml (2 hunks)
• config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml (1 hunks)
• pkg/controller/http01proxy/controller.go (1 hunks)
• pkg/operator/applyconfigurations/internal/internal.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxyspec.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxystatus.go (1 hunks)
• pkg/operator/applyconfigurations/utils.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go (2 hunks)
• pkg/operator/informers/externalversions/generic.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/interface.go (2 hunks)
• pkg/operator/listers/operator/v1alpha1/expansion_generated.go (1 hunks)
• pkg/operator/listers/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/setup_manager.go (2 hunks)

Walkthrough

Adds a new namespaced v1alpha1 HTTP01Proxy CRD, its API types and deepcopy helpers, RBAC entries, sample manifest, controller scaffold, clientset (typed and fake), informers, listers, apply-configuration support, and integrates the controller into the operator manager; includes scheme registration, status subresource, and singleton name validation.

Changes

Cohort / File(s)	Summary of changes
API types and registration api/operator/v1alpha1/http01proxy_types.go	Introduces HTTP01Proxy, HTTP01ProxySpec, HTTP01ProxyStatus, and HTTP01ProxyList with deepcopy implementations and init() registering types with the scheme; CRD markers for defaults, validation (singleton name), and status subresource.
Generated deepcopy updates api/operator/v1alpha1/zz_generated.deepcopy.go	Adds DeepCopy() methods for HTTP01ProxySpec and HTTP01ProxyStatus; adjusts runtime import to k8s.io/apimachinery/pkg/runtime.
CRD manifest config/crd/bases/operator.openshift.io_http01proxies.yaml	Adds HTTP01Proxy CRD (namespaced) with OpenAPI v3 schema for spec/status, status subresource, printer column, and a validation enforcing .metadata.name == "default".
RBAC config/rbac/role.yaml	Grants http01proxies, http01proxies/status, and http01proxies/finalizers verbs to the manager-role ClusterRole.
Sample resource config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml	Adds a sample HTTP01Proxy manifest (metadata.name: "default") with enabled=true, namespace selector, and cleanupTTLSeconds.
Controller scaffold pkg/controller/http01proxy/controller.go	Adds Reconciler type, New constructor, Reconcile (no-op), SetupWithManager, RBAC markers, event helper, and ControllerName constant.
Apply configurations (generator output) pkg/operator/applyconfigurations/internal/internal.go, pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go, .../http01proxyspec.go, .../http01proxystatus.go, pkg/operator/applyconfigurations/utils.go	Adds apply-configuration types and builders for HTTP01Proxy, HTTP01ProxySpec, and HTTP01ProxyStatus; extraction helpers; updates ForKind to include new kinds; internal schema updated (adds HTTP01Proxy type, removes IstioCSR and sentinel types).
Typed clientset pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go, .../operator_client.go, .../generated_expansion.go	Adds typed client interfaces and implementation for HTTP01Proxy with CRUD, watch, patch, server-side apply, status methods, and exposes getter on the v1alpha1 client; adds empty expansion interface.
Fake client pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go, .../fake_operator_client.go	Adds fake client implementation for HTTP01Proxy backed by generic list/apply and exposes namespaced accessor on the fake client.
Informers pkg/operator/informers/externalversions/generic.go, .../operator/v1alpha1/http01proxy.go, .../operator/v1alpha1/interface.go	Adds informer implementation and wiring for HTTP01Proxy, generic ForResource case, and v1alpha1 accessor.
Listers pkg/operator/listers/operator/v1alpha1/http01proxy.go, .../expansion_generated.go	Adds lister and namespace-lister for HTTP01Proxy and empty lister expansion interfaces.
Operator manager integration pkg/operator/setup_manager.go	Imports and wires http01proxy controller setup into manager startup flow with error handling and adds kubebuilder scaffold marker.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 73.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "PoC/WIP: Add cert-manager-proxy scaffolding" succinctly and accurately describes the primary change in the PR — adding proof-of-concept scaffolding for a cert-manager HTTP01 proxy. It directly reflects the main changeset (new CRD, API types, sample CR, and a minimal controller) and is concise and readable. The "PoC/WIP" prefix clearly signals the work-in-progress status to reviewers.
Description Check	✅ Passed	The PR description accurately summarizes the changes (new HTTP01Proxy CRD and API, a minimal controller wired into the manager, and a sample manifest), provides usage instructions, and explicitly states that this is a no-op scaffold with no functional proxy logic yet, which matches the files changed in the diff. The description is directly related to the changeset and not off-topic.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (11)

config/rbac/role.yaml (2)

215-223: Scope verbs for http01proxies to least privilege (read‑only for the main resource).

For the PoC scaffold, consider removing write verbs for the primary resource and keeping writes only on status/finalizers. This avoids unnecessary privileges until reconcile logic needs them.

Apply within this rule:

-  - http01proxies
+  # http01proxies moved to a dedicated read-only rule below

Add a dedicated rule (outside this block):

- apiGroups:
  - operator.openshift.io
  resources:
  - http01proxies
  verbs: ["get", "list", "watch"]

---

228-231: Finalizers permission: keep only if you’ll actually set finalizers.

If the controller doesn’t add finalizers yet, you can temporarily drop this to reduce RBAC surface.

Would you confirm whether the HTTP01Proxy controller currently adds a finalizer?

config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml (1)

1-11: Add explicit namespace in the sample for clarity.

Resource is namespaced; making it explicit reduces surprises during quick tests.

 metadata:
   name: default
+  # namespace: default  # or your target namespace

pkg/operator/setup_manager.go (1)

75-82: Add a startup log for the new controller (and optionally gate behind a flag).

A brief log improves observability during bring‑up. Optional: gate wiring behind an env/flag while the feature is PoC.

Apply this diff:

   // http01proxy controller
+  setupLog.Info("wiring controller", "controller", http01proxy.ControllerName)
   rh, err := http01proxy.New(mgr)

pkg/controller/http01proxy/controller.go (2)

19-22: Wire an EventRecorder and make recordEventf actually emit events.

Preps future reconcile logic and avoids dead code. Also prefer client.Object in signatures.

 import (
 	"context"
-	"fmt"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 type Reconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
+	Recorder record.EventRecorder
 }
 
 func New(mgr ctrl.Manager) (*Reconciler, error) {
-	return &Reconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()}, nil
+	return &Reconciler{
+		Client:   mgr.GetClient(),
+		Scheme:   mgr.GetScheme(),
+		Recorder: mgr.GetEventRecorderFor(ControllerName),
+	}, nil
 }
 
 // helper to record events (future use)
-func (r *Reconciler) recordEventf(obj runtime.Object, eventtype, reason, messageFmt string, args ...interface{}) {
-	_ = fmt.Sprintf(messageFmt, args...)
-	// intentionally no-op for now; will wire an EventRecorder when we add logic
-	_ = corev1.EventTypeNormal
+func (r *Reconciler) recordEventf(obj client.Object, eventtype, reason, messageFmt string, args ...interface{}) {
+	if r.Recorder == nil || obj == nil {
+		return
+	}
+	// eventtype should be corev1.EventTypeNormal or corev1.EventTypeWarning
+	r.Recorder.Eventf(obj, eventtype, reason, messageFmt, args...)
 }

Also applies to: 24-26, 48-53, 3-13

---

42-46: Filter to the singleton name to reduce reconcile noise.

The CR is singleton (name must be "default"). Filter events accordingly.

 func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&operatorv1alpha1.HTTP01Proxy{}).
-		Complete(r)
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&operatorv1alpha1.HTTP01Proxy{}).
+		WithEventFilter(ctrl.PredicateFuncs{
+			CreateFunc: func(e ctrl.Event) bool { o, ok := e.Object.(client.Object); return ok && o.GetName() == "default" },
+			UpdateFunc: func(e ctrl.UpdateEvent) bool { return e.ObjectNew.GetName() == "default" },
+			DeleteFunc: func(e ctrl.DeleteEvent) bool { return e.Object.GetName() == "default" },
+			GenericFunc: func(e ctrl.GenericEvent) bool { return e.Object.GetName() == "default" },
+		}).
+		Complete(r)
 }

Alternatively, use predicate.NewPredicateFuncs with a small helper.

api/operator/v1alpha1/http01proxy_types.go (2)

47-54: Spec is marked Required but tagged omitempty; drop omitempty for clarity.

Keeps API consistent with k8s conventions for required, non-pointer Spec fields.

-	Spec HTTP01ProxySpec `json:"spec,omitempty"`
+	Spec HTTP01ProxySpec `json:"spec"`

---

19-23: ListMeta usually uses ,omitempty; minor consistency tweak.

-	metav1.ListMeta `json:"metadata"`
+	metav1.ListMeta `json:"metadata,omitempty"`

config/crd/bases/operator.openshift.io_http01proxies.yaml (3)

117-119: Fix copy/paste: “istio-csr” references in descriptions.

These descriptions should reference HTTP01Proxy, not istio-csr.

Apply this diff:

-                    description: labels to apply to all resources created for istio-csr
-                      agent deployment.
+                    description: labels to apply to all resources created by the HTTP01Proxy
+                      controller.
@@
-                description: conditions holds information of the current state of
-                  the istio-csr agent deployment.
+                description: conditions holds information about the current state of
+                  HTTP01Proxy reconciliation.

Also applies to: 136-138

---

17-21: Add a printer column for .spec.enabled.

Helps quickly see whether the proxy is on for a namespace.

   - additionalPrinterColumns:
+    - jsonPath: .spec.enabled
+      name: Enabled
+      type: boolean
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date

---

24-31: Tighten wording on singleton + scope (optional).

Minor clarity: emphasize singleton-per-namespace behavior in the description.

-          HTTP01Proxy describes configuration for a cluster-managed HTTP-01 challenge proxy.
-          The name must be `default` to make it a singleton per namespace.
+          HTTP01Proxy configures a namespaced, operator-managed HTTP-01 challenge proxy.
+          Only one instance is allowed per namespace; the resource name must be `default`.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between baafb49 and 969c3e3.

📒 Files selected for processing (22)

• api/operator/v1alpha1/http01proxy_types.go (1 hunks)
• api/operator/v1alpha1/zz_generated.deepcopy.go (2 hunks)
• config/crd/bases/operator.openshift.io_http01proxies.yaml (1 hunks)
• config/rbac/role.yaml (2 hunks)
• config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml (1 hunks)
• pkg/controller/http01proxy/controller.go (1 hunks)
• pkg/operator/applyconfigurations/internal/internal.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxyspec.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxystatus.go (1 hunks)
• pkg/operator/applyconfigurations/utils.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go (2 hunks)
• pkg/operator/informers/externalversions/generic.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/interface.go (2 hunks)
• pkg/operator/listers/operator/v1alpha1/expansion_generated.go (1 hunks)
• pkg/operator/listers/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/setup_manager.go (2 hunks)

🔇 Additional comments (22)

pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go (1)

7-8: Add HTTP01Proxy expansion point — LGTM

The empty expansion interface is consistent with client-gen patterns and enables future custom methods.

pkg/operator/informers/externalversions/generic.go (1)

42-43: Informer wiring for http01proxies — LGTM

Correct GVR and informer hookup via HTTP01Proxies().Informer().

pkg/operator/applyconfigurations/internal/internal.go (1)

36-45: Applyconfig generation for HTTP01Proxy verified — LGTM

HTTP01Proxy applyconfig types present (pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy*.go), ForKind wiring in pkg/operator/applyconfigurations/utils.go, and parser entry in pkg/operator/applyconfigurations/internal/internal.go exist.

config/rbac/role.yaml (1)

236-241: Status RBAC OK — controller doesn't appear to update HTTP01Proxy status; either update status via client.Status().Update/Patch or remove the status verbs.

No client.Status().Update or .Status().Patch found for HTTP01Proxy (pkg/controller/http01proxy/controller.go); IstioCSR uses Status().Update (pkg/controller/istiocsr/client.go); generated clientset exposes UpdateStatus/ApplyStatus (pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go).

pkg/operator/setup_manager.go (1)

24-24: Import looks correct; scheme already includes v1alpha1.

pkg/operator/informers/externalversions/operator/v1alpha1/interface.go (2)

13-15: New informer accessor — OK.

API surface consistent with other informers.

---

35-38: Backing informer type exists — no action required.
pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go declares HTTP01ProxyInformer (line 21) and hTTP01ProxyInformer (line 26), so the HTTP01Proxies() factory call is consistent.

pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go (1)

1-37: Fake HTTP01Proxy client scaffolding — LGTM.

Resource/kind, list/apply helpers, and pointer conversions look correct.

pkg/operator/listers/operator/v1alpha1/expansion_generated.go (1)

9-16: Lister expansion hooks added — OK.

Standard empty interfaces for future extensions.

pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go (2)

16-16: Interface extended with HTTP01ProxiesGetter — LGTM.

---

29-31: HTTP01Proxies accessor added — LGTM.

Namespace-scoped like IstioCSRs.

api/operator/v1alpha1/zz_generated.deepcopy.go (1)

26-26: Import style change is harmless.

Aligned with other generated files.

pkg/operator/applyconfigurations/utils.go (1)

37-42: Approve — HTTP01Proxy ForKind mappings present (LGTM).
Verified ApplyConfiguration types exist for object, spec, and status in pkg/operator/applyconfigurations/operator/v1alpha1.

pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go (1)

19-21: Approve — fake client parity for HTTP01Proxy confirmed. FakeOperatorV1alpha1.HTTP01Proxies(namespace string) is implemented in pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go and delegates to newFakeHTTP01Proxies; see pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go for the fake implementation — matches typed client shape and namespace scoping.

pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go (1)

1-75: Generated informer looks consistent with clients/listers; LGTM.

pkg/operator/listers/operator/v1alpha1/http01proxy.go (1)

1-55: Generated lister wiring is correct; LGTM.

pkg/operator/applyconfigurations/operator/v1alpha1/http01proxyspec.go (1)

12-16: Apply configuration matches Spec; LGTM.

pkg/operator/applyconfigurations/operator/v1alpha1/http01proxystatus.go (1)

26-34: Nil-guard panic in WithConditions is expected — no change required.
Matches upstream applyconfiguration-gen; ConditionalStatusApplyConfiguration confirmed at pkg/operator/applyconfigurations/operator/v1alpha1/conditionalstatus.go. Ensure callers never pass nil.

pkg/controller/http01proxy/controller.go (1)

28-33: Narrow RBAC for controller-owned CR (least privilege).

Controllers must not modify their own Spec — restrict http01proxies to get,list,watch; keep status/finalizers update; add events RBAC only if emitting events.

-//+kubebuilder:rbac:groups=operator.openshift.io,resources=http01proxies,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=operator.openshift.io,resources=http01proxies,verbs=get;list;watch
 //+kubebuilder:rbac:groups=operator.openshift.io,resources=http01proxies/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=operator.openshift.io,resources=http01proxies/finalizers,verbs=update
+
+// If/when emitting Events:
+//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+//+kubebuilder:rbac:groups=events.k8s.io,resources=events,verbs=create;patch

Verification: search of config/ returned no matches; unable to confirm manifests reflect this change.

api/operator/v1alpha1/http01proxy_types.go (1)

36-40: Add explicit kubebuilder resource scope: Namespaced

Make the CRD scope explicit in generated manifests.

File: api/operator/v1alpha1/http01proxy_types.go (around lines 36–40)

 // +kubebuilder:object:root=true
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 // +kubebuilder:validation:XValidation:rule="self.metadata.name == 'default'",message="http01proxy is a singleton, .metadata.name must be 'default'"
+// +kubebuilder:resource:scope=Namespaced
 // +operator-sdk:csv:customresourcedefinitions:displayName="HTTP01Proxy"

Verify generated CRD scope with:

rg -nA2 'kind:\s*CustomResourceDefinition' config/crd/bases/*.yaml
rg -n 'scope:\s*Namespaced' config/crd/bases/*.yaml || true

pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go (1)

17-21: Approve — HTTP01Proxies getter and scheme registration verified

Verified: OperatorV1alpha1Client.HTTP01Proxies is implemented (pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go) and operatorv1alpha1.AddToScheme is registered (pkg/operator/clientset/versioned/scheme/register.go).

pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1)

34-68: Apply extractors: path mapping and ForKind coverage verified. ManagedFields extraction targets the internal HTTP01Proxy type; WithKind/WithAPIVersion are set. utils.ForKind includes a case returning HTTP01ProxyApplyConfiguration.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

api/operator/v1alpha1/http01proxy_types.go (2)

90-99: Bound status values

Consider enforcing non-negative for ActiveChallenges to prevent accidental underflow on status updates.

Apply this diff:

-    // +kubebuilder:validation:Optional
+    // +kubebuilder:validation:Optional
+    // +kubebuilder:validation:Minimum:=0
     // +optional
     ActiveChallenges int32 `json:"activeChallenges,omitempty"`

Optional: add a max length to LastError (e.g., 1024) to keep status size bounded.

---

129-146: Use generated DeepCopy for ControllerConfig

ControllerConfig already has generated DeepCopyInto/DeepCopy (api/operator/v1alpha1/zz_generated.deepcopy.go:232–249); replace the manual shallow copy in HTTP01ProxySpec.DeepCopyInto (api/operator/v1alpha1/http01proxy_types.go:129–146) with either out.ControllerConfig = in.ControllerConfig.DeepCopy() or allocate out.ControllerConfig and call in.ControllerConfig.DeepCopyInto(out.ControllerConfig).

pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1)

95-102: Avoid WithGenerateName for this singleton CR

GenerateName won’t satisfy the XValidation requiring name "default". Recommend not using WithGenerateName for HTTP01Proxy.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 969c3e3 and 30353a5.

📒 Files selected for processing (22)

• api/operator/v1alpha1/http01proxy_types.go (1 hunks)
• api/operator/v1alpha1/zz_generated.deepcopy.go (2 hunks)
• config/crd/bases/operator.openshift.io_http01proxies.yaml (1 hunks)
• config/rbac/role.yaml (2 hunks)
• config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml (1 hunks)
• pkg/controller/http01proxy/controller.go (1 hunks)
• pkg/operator/applyconfigurations/internal/internal.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxyspec.go (1 hunks)
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxystatus.go (1 hunks)
• pkg/operator/applyconfigurations/utils.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go (2 hunks)
• pkg/operator/informers/externalversions/generic.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/informers/externalversions/operator/v1alpha1/interface.go (2 hunks)
• pkg/operator/listers/operator/v1alpha1/expansion_generated.go (1 hunks)
• pkg/operator/listers/operator/v1alpha1/http01proxy.go (1 hunks)
• pkg/operator/setup_manager.go (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (17)

• pkg/operator/applyconfigurations/utils.go
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxystatus.go
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_operator_client.go
• config/rbac/role.yaml
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go
• pkg/operator/listers/operator/v1alpha1/expansion_generated.go
• config/crd/bases/operator.openshift.io_http01proxies.yaml
• api/operator/v1alpha1/zz_generated.deepcopy.go
• pkg/controller/http01proxy/controller.go
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go
• pkg/operator/informers/externalversions/generic.go
• pkg/operator/setup_manager.go
• config/samples/operator.openshift.io_v1alpha1_http01proxy.yaml
• pkg/operator/applyconfigurations/operator/v1alpha1/http01proxyspec.go
• pkg/operator/clientset/versioned/typed/operator/v1alpha1/fake/fake_http01proxy.go
• pkg/operator/informers/externalversions/operator/v1alpha1/interface.go
• pkg/operator/listers/operator/v1alpha1/http01proxy.go

🔇 Additional comments (4)

pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go (1)

7-8: LGTM — HTTP01ProxyExpansion is present and embedded

HTTP01ProxyInterface (pkg/operator/clientset/versioned/typed/operator/v1alpha1/http01proxy.go) includes HTTP01ProxyExpansion; pkg/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go defines type HTTP01ProxyExpansion interface{}.

pkg/operator/applyconfigurations/internal/internal.go (1)

36-45: HTTP01Proxy added to applyconfig schema — LGTM

Type path matches the extractor in applyconfigurations and sentinel types are present. No action.

pkg/operator/informers/externalversions/operator/v1alpha1/http01proxy.go (1)

39-62: Informer wiring looks correct

List/Watch use the typed client, default indexer is Namespace, and tweakListOptions is honored. Good to go.

pkg/operator/applyconfigurations/operator/v1alpha1/http01proxy.go (1)

25-32: Builder defaults are correct; ensure name='default'

Kind/APIVersion are set properly. Since the CR enforces name == "default", callers should pass name "default" here.

[coderabbitai]

⚠️ Potential issue

Make spec truly required (drop omitempty)

You’ve marked Spec as required, but json:",omitempty" can cause clients to omit it when zero-valued, leading to CRD validation failures. Remove omitempty.

Apply this diff:

-    // +kubebuilder:validation:Required
-    // +required
-    Spec HTTP01ProxySpec `json:"spec,omitempty"`
+    // +kubebuilder:validation:Required
+    // +required
+    Spec HTTP01ProxySpec `json:"spec"`

🤖 Prompt for AI Agents

In api/operator/v1alpha1/http01proxy_types.go around lines 47 to 51, the Spec
field is marked required but the struct tag uses `json:"spec,omitempty"`, which
allows omission; remove `omitempty` so the JSON tag is `json:"spec"` to ensure
the field is always serialized and CRD validation works as intended. Update the
struct tag accordingly and run `make generate`/rebuild CRDs if your project uses
codegen to propagate the change.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign mytreya-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@sebrandon1: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	941be60	link	true	/test verify
ci/prow/e2e-operator	941be60	link	true	/test e2e-operator
ci/prow/e2e-operator-tech-preview	941be60	link	false	/test e2e-operator-tech-preview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.