feat(helm-ee)!: add worker pools and extraDeploy hook + major bump chart to v9.0.0

[Gabriel-Ladzaretti]

Summary

This PR adds worker pool support to the EE Helm chart and introduces a minimal, vendor neutral extraDeploy extension point for custom
manifests (for example, KEDA), while keeping default rendering unchanged when pools are not used.

Versioning

Important

This is a major chart version bump because pod template annotation/checksum calculation changed.
That changes rendered pod template metadata and can trigger rollout behavior differences on upgrade.

• EE chart bumped to 9.0.0.

What Changed

• Added renovateWorker.pools support:
  • One worker Deployment is rendered per pool.
  • Pool values are merged over root renovateWorker (via mustMergeOverwrite).
  • Added optional per pool createDeployment control.
• Added reusable helpers:
  • mend-renovate.worker-pod-spec: renders the worker pod inner template.spec for reuse across worker Deployment and custom manifests
    (for example via extraDeploy).
  • mend-renovate.worker-for-pool: builds merged worker values for a specific pool.
• Added generic extraDeploy with templating support (via tpl) for rendering additional arbitrary manifests.
• Wired new worker settings:
  • mendRnvWorkerQueues
  • mendRnvSingleJobWorker
  • restartPolicy as a first-class worker value.

Summary by CodeRabbit

• New Features

  • Worker pools: per-architecture worker Deployments with per-pool ConfigMaps/Secrets, queue targeting, per-pool overrides, optional skip of per-pool Deployment, and per-pool merged settings.
  • Extra deploys: render additional Kubernetes manifests via templated values.
  • Worker options: queue list, single-job mode, and configurable restart policy.

• Documentation

  • Added Helm example and docs for multi-architecture worker pools and validation guidance.

• Chores

  • Helm chart version bumped to 9.0.0.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9ccb57d0-3a2a-4bb0-bae9-d4d791355fc9

📥 Commits

Reviewing files that changed from the base of the PR and between 80e9bcd and 0c91e37.

📒 Files selected for processing (1)

• docs/worker-queues.md

✅ Files skipped from review due to trivial changes (1)

• docs/worker-queues.md

---

📝 Walkthrough

Walkthrough

Adds per-pool worker support to the Mend Renovate EE Helm chart and docs: introduces renovateWorker.pools in values with merge semantics and per-pool createDeployment, mendRnvWorkerQueues, and nodeSelector options; adds extraDeploy and worker queue/restart settings in values; adds Helm helpers for pool-scoped names and validation; refactors templates to emit ConfigMaps, Secrets, Deployments, pod spec, and extraConfigMaps per pool (including checksum, naming, and deduplication changes); adds an extra-deploy template; updates docs with a "Helm Example: main and arm64 pools"; bumps Chart.yaml version to 9.0.0.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(ee): add tls template configuration support #700: Modifies worker pod/Deployment environment and hostname/HTTPS logic also touched by the new per-pool pod rendering.
• feat: add extra ConfigMap support for file mounts and env #689: Changes extra ConfigMaps and deployment checksum handling that this PR extends to pool-scoped extraConfigMaps and deduplication.
• docs: add worker-queue documentation #835: Modifies the same docs page (docs/worker-queues.md) and is related to the new Helm example additions.

Suggested reviewers

• nabeelsaabna
• jamietanna
• OBITOONDEADO1MZ

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main changes: worker pools feature, extraDeploy hook, and major version bump to 9.0.0 for the Helm chart.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/helm/worker_pools

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@helm-charts/mend-renovate-ee/templates/worker-deployment.yaml`:
- Around line 82-83: The shared helper mend-renovate.worker-pod-spec emits
.worker.restartPolicy unconditionally which causes invalid Deployments when
pools set restartPolicy: Never; fix by making the helper controller-aware or
enforcing Allowed values on the Deployment path: update the include call where
you render the Deployment (the include of "mend-renovate.worker-pod-spec") to
pass a controller flag (e.g., add "controller": "deployment" to the dict) and
change the helper logic in mend-renovate.worker-pod-spec to only emit
restartPolicy when controller != "deployment" or when the value is "Always"
(otherwise omit or coerce to "Always"); alternatively, add a validation branch
in the Deployment template that rejects/nullifies non-"Always"
.worker.restartPolicy before calling the helper.
- Around line 7-20: Update the Helm helper mend-renovate.validate-worker-pools
(in templates/_helpers.tpl) to validate each pool name against Kubernetes
DNS-1123 subdomain rules: ensure renovateWorker.name is present, lowercase, only
alphanumeric and hyphens, does not start or end with a hyphen, and is <= 63
characters; use required plus regexMatch to enforce the pattern and length and
fail with a clear message (e.g., "renovateWorker.pools[].name must be a valid
DNS-1123 subdomain: lowercase alphanumerics and '-' only, max 63 chars") so
invalid names like "ARM_64" or overly long names are rejected during helm
template/validate.

In `@helm-charts/mend-renovate-ee/templates/worker-extra-configmaps.yaml`:
- Around line 6-10: The duplicate-detection currently uses only metadata.name
(variable $extraConfigMapName and map $seenConfigMapNames) which wrongly treats
same-named ConfigMaps in different namespaces as duplicates; change the key to
namespace-qualified form by reading metadata.namespace (defaulting to
$.Release.Namespace) and constructing a combined key like "<namespace>/<name>"
when setting and checking $seenConfigMapNames in the root loop that processes
renovateWorker.extraConfigMaps and likewise in the pool loop that processes
pool.extraConfigMaps so both loops use the same namespace-scoped keying for
duplicate detection.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 674b7e0d-73e6-458f-bb15-1181068d4cbd

📥 Commits

Reviewing files that changed from the base of the PR and between d5ac119 and e0f7505.

📒 Files selected for processing (10)

• docs/worker-queues.md
• helm-charts/mend-renovate-ee/Chart.yaml
• helm-charts/mend-renovate-ee/templates/_helpers.tpl
• helm-charts/mend-renovate-ee/templates/_worker-pod.tpl
• helm-charts/mend-renovate-ee/templates/configmap.yaml
• helm-charts/mend-renovate-ee/templates/extra-deploy.yaml
• helm-charts/mend-renovate-ee/templates/secret.yaml
• helm-charts/mend-renovate-ee/templates/worker-deployment.yaml
• helm-charts/mend-renovate-ee/templates/worker-extra-configmaps.yaml
• helm-charts/mend-renovate-ee/values.yaml

[jamietanna]

Otherwise LGTM