Address minor extraneous config, debug logging, and OpenShift values. (#1063)

RoddieKieley · RoddieKieley · commit 7177140bbac3 · 2025-08-13T20:30:49.000-02:30
* Removed extraneous Transport set.
    * Bumped configureContainer debug logging to actual Debugf logging.
    * Reverted helm chart values and added separate adjusted values-openshift.yaml.

Signed-off-by: Roddie Kieley &lt;rkieley@redhat.com&gt;
diff --git a/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go b/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go
@@ -378,9 +378,8 @@ func TestDeploymentNeedsUpdateServiceAccount(t *testing.T) {
 			Namespace: "default",
 		},
 		Spec: mcpv1alpha1.MCPServerSpec{
-			Image:     "test-image",
-			Port:      8080,
-			Transport: "stdio",
+			Image: "test-image",
+			Port:  8080,
 		},
 	}
 
@@ -639,7 +638,6 @@ func TestDeploymentNeedsUpdateToolsFilter(t *testing.T) {
 				Spec: mcpv1alpha1.MCPServerSpec{
 					Image:       "test-image",
 					Port:        8080,
-					Transport:   "stdio",
 					ToolsFilter: tt.initialToolsFilter,
 				},
 			}
diff --git a/deploy/charts/operator/values-openshift.yaml b/deploy/charts/operator/values-openshift.yaml
@@ -0,0 +1,179 @@
+# -- Override the name of the chart
+nameOverride: ""
+# -- Provide a fully-qualified name override for resources
+fullnameOverride: "toolhive-operator"
+
+# -- All values for the operator deployment and associated resources
+operator:
+
+  # -- Number of replicas for the operator deployment
+  replicaCount: 1
+
+  # -- List of image pull secrets to use
+  imagePullSecrets: []
+  # -- Container image for the operator
+  image: ghcr.io/stacklok/toolhive/operator:v0.2.0
+  # -- Image pull policy for the operator container
+  imagePullPolicy: IfNotPresent
+
+  # -- Image to use for Toolhive runners
+  toolhiveRunnerImage: ghcr.io/stacklok/toolhive/proxyrunner:v0.2.0
+
+  # -- Host for the proxy deployed by the operator
+  proxyHost: 0.0.0.0
+
+  # -- Environment variables to set in the operator container
+  env: {}
+
+  # -- List of ports to expose from the operator container
+  ports:
+  - containerPort: 8080
+    name: metrics
+    protocol: TCP
+  - containerPort: 8081
+    name: health
+    protocol: TCP
+
+  # -- Annotations to add to the operator pod
+  podAnnotations: {}
+  # -- Labels to add to the operator pod
+  podLabels: {}
+
+  # -- Pod security context settings
+  podSecurityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+
+  # -- Container security context settings for the operator
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    capabilities:
+      drop:
+      - ALL
+
+  # -- Liveness probe configuration for the operator
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: health
+    initialDelaySeconds: 15
+    periodSeconds: 20
+  # -- Readiness probe configuration for the operator
+  readinessProbe:
+    httpGet:
+      path: /readyz
+      port: health
+    initialDelaySeconds: 5
+    periodSeconds: 10
+
+  # -- Configuration for horizontal pod autoscaling
+  autoscaling:
+    # -- Enable autoscaling for the operator
+    enabled: false
+    # -- Minimum number of replicas
+    minReplicas: 1
+    # -- Maximum number of replicas
+    maxReplicas: 100
+    # -- Target CPU utilization percentage for autoscaling
+    targetCPUUtilizationPercentage: 80
+    # -- Target memory utilization percentage for autoscaling (uncomment to enable)
+    # targetMemoryUtilizationPercentage: 80
+
+  # -- Resource requests and limits for the operator container
+  resources:
+    limits:
+      cpu: 500m
+      memory: 384Mi
+    requests:
+      cpu: 10m
+      memory: 192Mi
+
+  # -- RBAC configuration for the operator
+  rbac:
+    # -- Scope of the RBAC configuration.
+    # - cluster: The operator will have cluster-wide permissions via ClusterRole and ClusterRoleBinding.
+    # - namespace: The operator will have permissions to manage resources in the namespaces specified in `allowedNamespaces`.
+    #   The operator will have a ClusterRole and RoleBinding for each namespace in `allowedNamespaces`.
+    scope: cluster
+    # -- List of namespaces that the operator is allowed to have permissions to manage.
+    # Only used if scope is set to "namespace".
+    allowedNamespaces: []
+
+  # -- Service account configuration for the operator
+  serviceAccount:
+    # -- Specifies whether a service account should be created
+    create: true
+    # -- Automatically mount a ServiceAccount's API credentials
+    automountServiceAccountToken: true
+    # -- Annotations to add to the service account
+    annotations: {}
+    # -- Labels to add to the service account
+    labels: {}
+    # -- The name of the service account to use. If not set and create is true, a name is generated.
+    name: "toolhive-operator"
+
+  # -- Leader election role configuration
+  leaderElectionRole:
+    # -- Name of the role for leader election
+    name: toolhive-operator-leader-election-role
+    binding:
+      # -- Name of the role binding for leader election
+      name: toolhive-operator-leader-election-rolebinding
+    # -- Rules for the leader election role
+    rules:
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+    - apiGroups:
+      - coordination.k8s.io
+      resources:
+      - leases
+      verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - create
+      - patch
+
+  # -- Additional volumes to mount on the operator pod
+  volumes: []
+  # - name: foo
+  #   secret:
+  #     secretName: mysecret
+  #     optional: false
+
+  # -- Additional volume mounts on the operator container
+  volumeMounts: []
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+
+  # -- Node selector for the operator pod
+  nodeSelector: {}
+
+  # -- Tolerations for the operator pod
+  tolerations: []
+
+  # -- Affinity settings for the operator pod
+  affinity: {}
diff --git a/deploy/charts/operator/values.yaml b/deploy/charts/operator/values.yaml
@@ -42,14 +42,13 @@ operator:
   # -- Pod security context settings
   podSecurityContext:
     runAsNonRoot: true
-    seccompProfile:
-      type: RuntimeDefault
 
   # -- Container security context settings for the operator
   containerSecurityContext:
     allowPrivilegeEscalation: false
     readOnlyRootFilesystem: true
     runAsNonRoot: true
+    runAsUser: 1000
     capabilities:
       drop:
       - ALL
@@ -86,10 +85,10 @@ operator:
   resources:
     limits:
       cpu: 500m
-      memory: 384Mi
+      memory: 128Mi
     requests:
       cpu: 10m
-      memory: 192Mi
+      memory: 64Mi
 
   # -- RBAC configuration for the operator
   rbac:
diff --git a/pkg/container/kubernetes/client.go b/pkg/container/kubernetes/client.go
@@ -1027,14 +1027,14 @@ func configureContainer(
 	envVars []*corev1apply.EnvVarApplyConfiguration,
 	platform Platform,
 ) {
-	logger.Infof("Configuring container %s with image %s", *container.Name, image)
-	logger.Infof("Command: ")
+	logger.Debugf("Configuring container %s with image %s", *container.Name, image)
+	logger.Debugf("Command: ")
 	for _, arg := range command {
-		logger.Infof("Arg: %s", arg)
+		logger.Debugf("Arg: %s", arg)
 	}
-	logger.Infof("AttachStdio: %v", attachStdio)
+	logger.Debugf("AttachStdio: %v", attachStdio)
 	for _, envVar := range envVars {
-		logger.Infof("EnvVar: %s=%s", *envVar.Name, *envVar.Value)
+		logger.Debugf("EnvVar: %s=%s", *envVar.Name, *envVar.Value)
 	}
 
 	container.WithImage(image).
