refactor(manifests): extract shared patches into Kustomize Components

[ktdreyer]

Summary

• Split base/ into core/, rbac/, and platform/ sub-kustomizations so future overlays can selectively include only what they need
• Extract 10 duplicated patch files across 4 overlays into 4 reusable Kustomize Components: oauth-proxy, postgresql-rhel, ambient-api-server-db, postgresql-init-scripts
• Update production, local-dev, e2e, and kind overlays to reference components instead of maintaining their own copies of identical patches

Adding a new OpenShift overlay (like mpp-preprod) currently requires copying patch files from an existing overlay and hoping nothing was missed. With components, a new overlay composes the mixins it needs — no copy-paste required.

All 5 overlays produce identical oc kustomize output before and after this change.

Fixes #836

Test plan

• oc kustomize output diffed against pre-refactoring baselines for all 5 overlays (production, e2e, kind, kind-local, local-dev) — all identical
• CI overlay builds pass

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d9b3015b-47e2-4103-873b-afbd60a9090d

📥 Commits

Reviewing files that changed from the base of the PR and between 6954e1e and 62dbc57.

📒 Files selected for processing (41)

• components/manifests/base/core/agent-registry-configmap.yaml
• components/manifests/base/core/ambient-api-server-service.yml
• components/manifests/base/core/backend-deployment.yaml
• components/manifests/base/core/flags.json
• components/manifests/base/core/flags.json.example
• components/manifests/base/core/frontend-deployment.yaml
• components/manifests/base/core/kustomization.yaml
• components/manifests/base/core/minio-deployment.yaml
• components/manifests/base/core/models.json
• components/manifests/base/core/operator-deployment.yaml
• components/manifests/base/core/postgresql-deployment.yaml
• components/manifests/base/core/public-api-deployment.yaml
• components/manifests/base/core/unleash-deployment.yaml
• components/manifests/base/core/workspace-pvc.yaml
• components/manifests/base/kustomization.yaml
• components/manifests/base/platform/ambient-api-server-db.yml
• components/manifests/base/platform/ambient-api-server-secrets.yml
• components/manifests/base/platform/kustomization.yaml
• components/manifests/base/platform/namespace.yaml
• components/manifests/components/ambient-api-server-db/ambient-api-server-db-json-patch.yaml
• components/manifests/components/ambient-api-server-db/ambient-api-server-init-db-patch.yaml
• components/manifests/components/ambient-api-server-db/kustomization.yaml
• components/manifests/components/oauth-proxy/frontend-oauth-deployment-patch.yaml
• components/manifests/components/oauth-proxy/frontend-oauth-service-patch.yaml
• components/manifests/components/oauth-proxy/kustomization.yaml
• components/manifests/components/postgresql-init-scripts/kustomization.yaml
• components/manifests/components/postgresql-init-scripts/postgresql-init-scripts-patch.yaml
• components/manifests/components/postgresql-init-scripts/postgresql-init-scripts.yaml
• components/manifests/components/postgresql-rhel/kustomization.yaml
• components/manifests/components/postgresql-rhel/postgresql-json-patch.yaml
• components/manifests/components/postgresql-rhel/unleash-init-db-patch.yaml
• components/manifests/overlays/e2e/kustomization.yaml
• components/manifests/overlays/kind/kustomization.yaml
• components/manifests/overlays/kind/postgresql-init-scripts-patch.yaml
• components/manifests/overlays/kind/postgresql-init-scripts.yaml
• components/manifests/overlays/local-dev/kustomization.yaml
• components/manifests/overlays/production/ambient-api-server-db-json-patch.yaml
• components/manifests/overlays/production/ambient-api-server-init-db-patch.yaml
• components/manifests/overlays/production/kustomization.yaml
• components/manifests/overlays/production/postgresql-json-patch.yaml
• components/manifests/overlays/production/unleash-init-db-patch.yaml

💤 Files with no reviewable changes (6)

• components/manifests/overlays/production/ambient-api-server-init-db-patch.yaml
• components/manifests/overlays/kind/postgresql-init-scripts.yaml
• components/manifests/overlays/production/postgresql-json-patch.yaml
• components/manifests/overlays/kind/postgresql-init-scripts-patch.yaml
• components/manifests/overlays/production/ambient-api-server-db-json-patch.yaml
• components/manifests/overlays/production/unleash-init-db-patch.yaml

---

Walkthrough

The changes restructure the Kustomize configuration to eliminate patch duplication by extracting shared platform-specific capabilities into reusable Kustomize Components. A new base/core layer defines core deployments, and new components for oauth-proxy, postgresql-rhel, postgresql-init-scripts, and ambient-api-server-db encapsulate their respective patches. Overlays now compose these components instead of maintaining independent patch copies.

Changes

Cohort / File(s)	Summary
New Core/Platform Base components/manifests/base/core/kustomization.yaml, components/manifests/base/platform/kustomization.yaml	Introduced new base structure: core layer defines deployments, services, PVCs, and CRDs; platform layer references namespace and core resources to provide a foundation for overlays.
New Kustomize Components components/manifests/components/oauth-proxy/kustomization.yaml, components/manifests/components/postgresql-rhel/kustomization.yaml, components/manifests/components/postgresql-init-scripts/kustomization.yaml, components/manifests/components/ambient-api-server-db/kustomization.yaml	Created four reusable Kustomize Components that encapsulate platform-specific patches (OAuth proxy frontend, RHEL PostgreSQL configuration, init scripts, API server database initialization).
Base Kustomization Update components/manifests/base/kustomization.yaml	Refactored to reference platform component instead of explicit resources; removed inline ConfigMap generators; introduced images block for container image configuration.
Production Overlay Update components/manifests/overlays/production/kustomization.yaml	Added components section referencing oauth-proxy, postgresql-rhel, and ambient-api-server-db; removed duplicate patches now managed by components.
Local Dev Overlay Update components/manifests/overlays/local-dev/kustomization.yaml	Added components section referencing postgresql-rhel and ambient-api-server-db; removed related patches; expanded images section for local development.
Kind and E2E Overlay Updates components/manifests/overlays/kind/kustomization.yaml, components/manifests/overlays/e2e/kustomization.yaml	Migrated postgresql-init-scripts from direct patch/resource to component-based inclusion under new components section.
Removed Production Patches components/manifests/overlays/production/ambient-api-server-db-json-patch.yaml, components/manifests/overlays/production/ambient-api-server-init-db-patch.yaml, components/manifests/overlays/production/postgresql-json-patch.yaml, components/manifests/overlays/production/unleash-init-db-patch.yaml	Deleted patch files that configure RHEL PostgreSQL image, environment variables, and init-database logic; now consolidated into reusable components.
Removed Kind Patches and Resources components/manifests/overlays/kind/postgresql-init-scripts-patch.yaml, components/manifests/overlays/kind/postgresql-init-scripts.yaml	Removed inline patch for init-scripts volume and ConfigMap resource; functionality now provided by postgresql-init-scripts component.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main refactoring effort: extracting duplicated patches into reusable Kustomize Components, which is the primary change across the changeset.
Description check	✅ Passed	The description comprehensively explains the refactoring rationale, specific changes (split base, 4 new components, 5 overlays updated), benefits for new overlays, and test verification results.
Linked Issues check	✅ Passed	The PR fully addresses issue #836: extracts shared patches into Kustomize Components (oauth-proxy, postgresql-rhel, ambient-api-server-db, postgresql-init-scripts), eliminates duplication across 4 overlays, enables composition instead of copy-paste, and reorganizes base into sub-kustomizations.
Out of Scope Changes check	✅ Passed	All changes align with the stated objectives: new components correspond to identified duplicates, overlay updates reference these components, and base reorganization supports selective composition—no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch kdreyer/refactor-kustomize

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can customize the high-level summary generated by CodeRabbit.

Configure the reviews.high_level_summary_instructions setting to provide custom instructions for generating the high-level summary.