HYPERFLEET-610: Add OCI/OKE deployment targets

[vkareh]

Add make install-all-oci target that deploys HyperFleet on Oracle Kubernetes Engine with in-cluster RabbitMQ, quay.io v0.2.0 images, and adapter1. GCP-specific PodMonitoring CRDs are disabled via a sentinel values-oci.yaml overlay.

Pin sentinel chart to v0.2.0 tag for OCI deployments to match the v0.2.0 binary config format.

Summary

• HYPERFLEET-610: Implement OCI provider support across HyperFleet components to orchestrate cluster provisioning on Oracle Cloud Infrastructure.

Test Plan

• Unit tests added/updated
• make test-all passes
• make lint passes
• Helm chart changes validated with make test-helm (if applicable)
• Deployed to a development cluster and verified (if Helm/config changes)
• E2E tests passed (if cross-component or major changes)

Summary by CodeRabbit

• New Features

  • Added support for OCI/OKE deployment with new installation targets: install-all-oci, install-hyperfleet-oci, and uninstall-all-oci.
  • Introduced configurable extra arguments for Sentinel cluster installation via SENTINEL_EXTRA_ARGS.

• Chores

  • Added OCI-specific configuration file for Sentinel cluster values.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ciaranroche for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

The changes add OCI/OKE-specific deployment orchestration to the Makefile and introduce a corresponding Helm values configuration file. A new variable SENTINEL_EXTRA_ARGS is introduced to allow passing additional arguments to Sentinel Helm installations. Three new phony targets are defined: install-hyperfleet-oci (composes three installation targets), install-all-oci (sets OCI-specific image repositories, tags, and configuration, then executes infrastructure and hyperfleet setup), and uninstall-all-oci (reverses installations in sequence). A new Helm values file provides OCI/OKE-specific overrides for Sentinel configuration, specifying hyperfleet API connectivity, RabbitMQ broker settings, and disabling monitoring outputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: adding OCI/OKE deployment targets, which matches the core objective of introducing install-all-oci, install-hyperfleet-oci, and uninstall-all-oci targets.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch platform-oci

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Makefile (1)

280-293: Add OCI config path to dry-run Helm validation.

The new OCI flow (SENTINEL_CHART_REF=v0.2.0 + values-oci.yaml) is not explicitly exercised by current dry-run validation, so schema/value drift can slip through CI.

Suggested follow-up diff

 .PHONY: validate-helm-charts
 validate-helm-charts: check-helm ## Render all Helm charts with helm template (no cluster required)
@@
 	$(call validate-chart,sentinel-clusters,$(SENTINEL_CHART_REF),\
 		--set hyperfleet-sentinel.broker.type=$(BROKER_TYPE) \
 		$(if $(REGISTRY),--set hyperfleet-sentinel.image.registry=$(REGISTRY)) \
 		$(if $(SENTINEL_REPOSITORY),--set hyperfleet-sentinel.image.repository=$(SENTINEL_REPOSITORY)) \
-		--set hyperfleet-sentinel.image.tag=$(SENTINEL_IMAGE_TAG))
+		--set hyperfleet-sentinel.image.tag=$(SENTINEL_IMAGE_TAG) \
+		$(SENTINEL_EXTRA_ARGS))
@@
 .PHONY: ci-dry-run
 ci-dry-run: ci-validate ## Layer 2: Static + dry-run validation (no credentials required)
 	$(MAKE) validate-helm-charts BROKER_TYPE=rabbitmq
 	$(MAKE) validate-helm-charts BROKER_TYPE=googlepubsub
+	$(MAKE) validate-helm-charts \
+		BROKER_TYPE=rabbitmq \
+		SENTINEL_CHART_REF=v0.2.0 \
+		SENTINEL_EXTRA_ARGS="--values $(HELM_DIR)/sentinel-clusters/values-oci.yaml"

As per coding guidelines, "-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 280 - 293, The dry-run Helm validation is not
including the OCI-specific values file used by install-all-oci; update the Helm
dry-run/validation target to pass the OCI values path (the same file referenced
by SENTINEL_EXTRA_ARGS / values-oci.yaml) and the OCI chart ref
(SENTINEL_CHART_REF=v0.2.0) so the dry-run exercises the OCI flow; locate the
Helm dry-run/validation recipe (the target that performs helm template/helm
install --dry-run/--validate) and add the --values
$(HELM_DIR)/sentinel-clusters/values-oci.yaml (or include
$(SENTINEL_EXTRA_ARGS)) and ensure it uses $(SENTINEL_CHART_REF) when validating
sentinel charts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@helm/sentinel-clusters/values-oci.yaml`:
- Around line 13-18: The OCI overlay is hardcoding RabbitMQ credentials and
topic (broker.rabbitmq.url = amqp://guest:guest@rabbitmq:5672/ and broker.topic
= hyperfleet-clusters) which can override generated RABBITMQ_URL/namespace
settings; remove these hardcoded values from values-oci.yaml so the overlay does
not set broker.rabbitmq.url or broker.topic (or set them to
empty/null/placeholders) and allow the Makefile-generated RABBITMQ_URL and
namespace-derived broker settings to take precedence; change the broker block
(broker.type, broker.rabbitmq) to omit the url and topic keys or replace them
with non-overriding placeholders so non-default deployments aren’t broken.

---

Nitpick comments:
In `@Makefile`:
- Around line 280-293: The dry-run Helm validation is not including the
OCI-specific values file used by install-all-oci; update the Helm
dry-run/validation target to pass the OCI values path (the same file referenced
by SENTINEL_EXTRA_ARGS / values-oci.yaml) and the OCI chart ref
(SENTINEL_CHART_REF=v0.2.0) so the dry-run exercises the OCI flow; locate the
Helm dry-run/validation recipe (the target that performs helm template/helm
install --dry-run/--validate) and add the --values
$(HELM_DIR)/sentinel-clusters/values-oci.yaml (or include
$(SENTINEL_EXTRA_ARGS)) and ensure it uses $(SENTINEL_CHART_REF) when validating
sentinel charts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 54a2d12b-ba43-49c3-bd6e-b33b7f0146ae

📥 Commits

Reviewing files that changed from the base of the PR and between 1c40e1a and d8ed508.

📒 Files selected for processing (2)

• Makefile
• helm/sentinel-clusters/values-oci.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Remove hardcoded RabbitMQ credentials/topic from OCI overlay.

Line 17 hardcodes guest:guest, and this OCI file is applied after generated values (Makefile Line 187-Line 188), so it can override RABBITMQ_URL/namespace-derived broker settings and break non-default deployments.

Proposed fix

 hyperfleet-sentinel:
   config:
@@
-  broker:
-    type: rabbitmq
-    topic: hyperfleet-clusters
-    rabbitmq:
-      url: amqp://guest:guest@rabbitmq:5672/
-      exchangeType: topic
-
   monitoring:
     podMonitoring:
       enabled: false

As per coding guidelines, "-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	broker:
	type: rabbitmq
	topic: hyperfleet-clusters
	rabbitmq:
	url: amqp://guest:guest@rabbitmq:5672/
	exchangeType: topic

🧰 Tools

🪛 Checkov (3.2.513)

[medium] 17-18: Basic Auth Credentials

(CKV_SECRET_4)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@helm/sentinel-clusters/values-oci.yaml` around lines 13 - 18, The OCI overlay
is hardcoding RabbitMQ credentials and topic (broker.rabbitmq.url =
amqp://guest:guest@rabbitmq:5672/ and broker.topic = hyperfleet-clusters) which
can override generated RABBITMQ_URL/namespace settings; remove these hardcoded
values from values-oci.yaml so the overlay does not set broker.rabbitmq.url or
broker.topic (or set them to empty/null/placeholders) and allow the
Makefile-generated RABBITMQ_URL and namespace-derived broker settings to take
precedence; change the broker block (broker.type, broker.rabbitmq) to omit the
url and topic keys or replace them with non-overriding placeholders so
non-default deployments aren’t broken.