operator: fix authentication spec api

[mangelajo]

Authentication was duplicated in two places:

• spec.controller.authentication
• spec.authentication

The original intent of the design was using just spec.authentication for the overall auth
config, but it got duplicated and implemented on spec.controller

This fixes the problem before we release this in 0.8.0

Summary by CodeRabbit

• Breaking Changes

  • Authentication configuration has been relocated from controller-level to top-level specification. Update existing Jumpstarter configurations to reference the new top-level authentication path instead of controller-scoped settings.

• Bug Fixes

  • Improved script compatibility for non-Linux environments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@mangelajo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 30 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

This change refactors authentication configuration in the Jumpstarter operator by removing the Authentication field from the controller-scoped ControllerConfig struct and migrating authentication sources to top-level spec fields in the CRD. The controller logic, CRD manifests, and tests are updated accordingly to reflect this structural reorganization. A Linux-only system check is added to the installation utilities.

Changes

Cohort / File(s)	Summary
Type Definitions & Generated Code controller/deploy/operator/api/v1alpha1/jumpstarter_types.go, controller/deploy/operator/api/v1alpha1/zz_generated.deepcopy.go	Removed Authentication AuthenticationConfig field from ControllerConfig struct and removed corresponding DeepCopyInto call.
CRD Base Schemas controller/deploy/operator/config/crd/bases/operator.jumpstarter.dev_jumpstarters.yaml, controller/deploy/operator/bundle/manifests/operator.jumpstarter.dev_jumpstarters.yaml	Removed entire spec.controller.authentication section including internal, JWT, and Kubernetes authentication configurations (381 lines each).
Controller Logic controller/deploy/operator/internal/controller/jumpstarter/jumpstarter_controller.go	Migrated authentication field sources in buildConfig from Controller.Authentication.* paths to top-level Spec.Authentication.* paths; added nil-guard for JWT initialization.
Tests & Configuration controller/deploy/operator/test/e2e/e2e_test.go	Moved internal authentication configuration from gRPC scope to top-level Jumpstarter spec.
Operator Manifest controller/deploy/operator/bundle/manifests/jumpstarter-operator.clusterserviceversion.yaml	Updated metadata creation timestamp.
Installation Utilities controller/hack/utils	Added Linux-conditional check for ip_tables module to prevent errors on non-Linux systems.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Hop, hop! Authentication takes flight,
From deep in the controller, now nested just right,
To the top of the spec where it shines in the sun,
The rabbits rejoice—refactoring's done! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: fixing the authentication specification API by removing duplication and consolidating to the intended spec.authentication location.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mangelajo]

the pytest matrix does not detect the skips, and requires to run it seems, meeh https://github.com/orgs/community/discussions/44490 we may see ourselves running them all...

[mangelajo]

@evakhoni can you have an eye on this one? thanks thanks! :D

[evakhoni]

@mangelajo LGTM
the only thing i can think of, is if anybody already using the operator with the old spec, it will probably be just discarded silently by the operator, and defaults will be applied, without any warning for the user. but I guess at this point there are no one besides our devs so probably not an issue.

[mangelajo]

@mangelajo LGTM the only thing i can think of, is if anybody already using the operator with the old spec, it will probably be just discarded silently by the operator, and defaults will be applied, without any warning for the user. but I guess at this point there are no one besides our devs so probably not an issue.

yep, I think I am the only user of that so far %)

and I have one instance configured like that, so I am ready to switch it when necessary :D
but yes :)