Replace SidecarSpec with corev1.Container for defining sidecars

[bittrance]

The only bit of SidecarSpec that meaningfully differed from corev1.Container is exposePort. While relevant in principle, it hardly defends forever chasing container features from the standard. Instead, we just expose whatever container ports are in the sidecar.

The concrete case that inspired this PR was that I needed to mount an SSH key in a sidecar, but there are many other bits of corev1.Contianier that a user may want to set, such as restartPolicy or imagePullPolicy.

This is obviously a breaking change. Tell me if this ought to be a bump of the schema version (persumably to v1alpha2).

[Copilot]

Pull request overview

This PR replaces the operator’s custom SidecarSpec with Kubernetes’ corev1.Container for defining sidecars, removing the bespoke exposePort field and instead exposing any declared containerPorts via the generated Service.

Changes:

• Switch .spec.sidecars from SidecarSpec to corev1.Container across the API, controller/resources code, and tests.
• Update Service generation to append sidecar containerPorts (and protocol) as Service ports.
• Refresh docs/examples/plugin output and CRD manifests to reflect the new ports-based configuration.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
test/e2e/e2e_test.go	Updates e2e YAML to use ports[].containerPort instead of exposePort.
README.md	Updates sidecar example and description to use ports.
plugin/tests/test_resources.py	Updates plugin tests to assert ports[].containerPort.
plugin/kubectl_marimo/resources.py	Updates generated sidecar dicts to include ports.
pkg/resources/service.go	Changes Service port exposure logic to use sidecar Ports.
pkg/resources/service_test.go	Updates unit tests for new sidecar container type/port exposure logic.
pkg/resources/pod.go	Updates sidecar handling to accept corev1.Container and prepend shared mounts.
pkg/resources/pod_test.go	Updates pod-related unit tests for corev1.Container sidecars.
internal/controller/marimonotebook_controller_test.go	Updates controller test to create sidecars as corev1.Container.
examples/ssh-sidecar/notebook.yaml	Updates example CR to use ports instead of exposePort.
docs/ARCHITECTURE.md	Updates documentation examples and operator flow notes for ports.
deploy/install.yaml	Updates the bundled install CRD schema for sidecars as full corev1.Container.
config/crd/bases/marimo.io_marimos.yaml	Updates the CRD base schema for sidecars as full corev1.Container.
api/v1alpha1/zz_generated.deepcopy.go	Regenerates deepcopy logic for sidecars as v1.Container.
api/v1alpha1/marimonotebook_types.go	Updates API type: .spec.sidecars is now []corev1.Container.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dmadisetti]

I think this makes sense, but it is breaking. Will get other changes in and then we can revisit. Are you using this yourself? Any more blockers?

[bittrance]

@dmadisetti I made this change to be able to mount secrets in sidecars. I think this change makes sense (another example is restart policy, see #12). However, it would be trivial to add volumeMounts to SidecarSpec as a first step. I would make it look identical to corev1.Container so a future switch would be backwards compatible. That way, you can keep this PR for a future collection of breaking changes. What do you think?

[dmadisetti]

I think I'll work on getting this in this week, initially I wanted sidecars to be a controlled subset of containers, but the asks for this project have clearly shown that a full definition is the way to go.

People are also welcome to pin to the version that seems to work best for them, so in that regard I am not as concerned.