feat(helm): add option to enable automatic certificate hot-reloading

[miguelvr]

Summary

Adds Helm chart configuration for MongoDB certificate hot-reloading.

Type of Change

• 🐛 Bug fix
• ✨ New feature
• 💥 Breaking change
• 📚 Documentation
• 🔧 Refactoring
• 🔨 Build/CI

Component(s) Affected

• Core Services
• Documentation/CI
• Fault Management
• Health Monitors
• Janitor
• Other: ____________

Testing

• Tests pass locally
• Manual testing completed
• No breaking changes (or documented)

Checklist

• Self-review completed
• Documentation updated (if needed)
• Ready for review

Summary by CodeRabbit

• Configuration
  • Added configurable certificate rotation support for MongoDB deployments. Users can now enable or disable certificate rotation behavior for MongoDB datastores in Kubernetes environments through a new global configuration setting. Sensible defaults are provided for both production and development deployments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

These changes add support for MongoDB certificate rotation by introducing a new global configuration flag (certificateRotationEnabled). The flag is defined in the base values with a default of false, overridden to true in Tilt values for testing, and conditionally injected as an environment variable (MONGODB_ENABLE_CERT_ROTATION) into the ConfigMap for MongoDB deployments.

Changes

Cohort / File(s)	Summary
MongoDB Certificate Rotation Configuration distros/kubernetes/nvsentinel/values.yaml, distros/kubernetes/nvsentinel/values-tilt-mongodb.yaml	Added certificateRotationEnabled boolean flag under global config (defaults to false in base values; set to true in Tilt values for hot-reload testing)
ConfigMap Environment Variable distros/kubernetes/nvsentinel/templates/configmap-datastore.yaml	Added conditional MONGODB_ENABLE_CERT_ROTATION environment variable for MongoDB provider, sourced from the new certificateRotationEnabled flag

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A certificate hops, a rotation does bloom,
MongoDB sighs with less cryptic gloom,
New flags unfurl, both true and false,
Through Tilt and values, a waltz—
Hot reloads now dance, our certs break no rules! 🔐

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a Helm configuration option to enable automatic certificate hot-reloading for MongoDB, which matches the primary focus of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5c07522 and bea35ed.

📒 Files selected for processing (3)

• distros/kubernetes/nvsentinel/templates/configmap-datastore.yaml
• distros/kubernetes/nvsentinel/values-tilt-mongodb.yaml
• distros/kubernetes/nvsentinel/values.yaml

🧰 Additional context used

📓 Path-based instructions (1)

**/values.yaml

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/values.yaml: Document all values in Helm chart values.yaml with inline comments
Include examples for non-obvious configurations in Helm chart documentation
Note truthy value requirements in Helm chart documentation where applicable

Files:

• distros/kubernetes/nvsentinel/values.yaml

🔇 Additional comments (3)

distros/kubernetes/nvsentinel/values-tilt-mongodb.yaml (1)

30-31: LGTM! Testing configuration is properly documented.

The addition of certificateRotationEnabled: true for the Tilt development environment is well-documented and appropriate for testing the certificate hot-reload functionality.

distros/kubernetes/nvsentinel/values.yaml (1)

36-40: LGTM! Excellent documentation following coding guidelines.

The certificateRotationEnabled flag is well-documented with inline comments that clearly explain:

• The scope (MongoDB only)
• The behavior (certificate rotation without pod restarts)
• The implementation mechanism (controller-runtime's certwatcher)

The default value of false provides safe behavior. As per coding guidelines, the inline documentation is comprehensive for this configuration value.

distros/kubernetes/nvsentinel/templates/configmap-datastore.yaml (1)

75-79: LGTM! Clean implementation with proper guards.

The environment variable MONGODB_ENABLE_CERT_ROTATION is correctly implemented:

• Properly guarded to only apply when provider == "mongodb"
• Safe default value handling with | default false
• Well-commented to explain the feature
• Correctly quoted for environment variable usage

The implementation ensures the feature only activates for MongoDB deployments and provides safe fallback behavior.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}