Added a short rebalancer README

[hector-vido]

Summary by CodeRabbit

• Documentation
  • Added user guide for the Rebalancer tool describing its purpose and behavior (rebalancing jobs across cluster profiles).
  • Provided step‑by‑step usage instructions and examples showing how to obtain an access token and run the rebalancer with selected profiles and a token path.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 42511c8 and 4bef0a3.

📒 Files selected for processing (1)

• cmd/rebalancer/README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• cmd/rebalancer/README.md

---

Walkthrough

Adds a new cmd/rebalancer/README.md that documents the Rebalancer CLI tool, its purpose (rebalancing jobs across cluster profiles), and provides an example showing how to obtain an oc token and run the tool with --profiles and --token-path flags.

Changes

Cohort / File(s)	Summary
Documentation cmd/rebalancer/README.md	New README added describing the Rebalancer tool, its intent (balancing jobs across cluster profiles), instructions for obtaining an oc token, and a sample command-line usage with --profiles and --token-path flags.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a README file for the rebalancer tool.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	The pull request only adds a README.md documentation file with no test code, test files, or test naming patterns present.
Test Structure And Quality	✅ Passed	PR contains only README.md documentation in cmd/rebalancer directory with no test files, making this check not applicable and passing by default.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/rebalancer/README.md`:
- Line 5: Replace the awkward sentence "This tool is needed when Boskos leases
are short in some profiles." with clearer wording such as "This tool is needed
when Boskos leases are in short supply for some profiles." by updating the
README sentence to the suggested phrasing.
- Around line 10-17: Replace the predictable /tmp/token usage with a secure
temporary file pattern: create a TOKEN_FILE using mktemp, restrict permissions
with chmod 600, register a cleanup via trap to rm -f "$TOKEN_FILE" on EXIT,
write the bearer token into TOKEN_FILE (used in both oc whoami and oc extract
variants), and update the final invocation of --prometheus-bearer-token-path to
point to TOKEN_FILE so the token is not left on disk in a predictable location.

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between c96dc28 and ee67981.

📒 Files selected for processing (1)

• cmd/rebalancer/README.md

[coderabbitai]

♻️ Duplicate comments (2)

cmd/rebalancer/README.md (2)

5-5: ⚠️ Potential issue | 🟡 Minor

Tighten wording on Line 5 for clarity.

Current phrasing is awkward (“leases are short”). Prefer: “This tool is needed when Boskos leases are in short supply for some profiles.”

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/rebalancer/README.md` at line 5, Replace the awkward sentence "This tool
is needed when Boskos leases are short in some profiles." in the README with the
clearer wording: "This tool is needed when Boskos leases are in short supply for
some profiles." — locate the sentence in the cmd/rebalancer README and update it
exactly to the suggested phrasing.

---

11-13: ⚠️ Potential issue | 🟠 Major

Avoid storing bearer tokens in predictable /tmp/token paths.

Line 11 and Line 13 persist credentials in a predictable location, which increases accidental exposure risk. Use a secure temp file, restrict permissions, and clean it up on exit.

Suggested hardened README snippet

 ```bash
-oc --context app.ci whoami -t > /tmp/token
+TOKEN_FILE="$(mktemp)"
+chmod 600 "$TOKEN_FILE"
+trap 'rm -f "$TOKEN_FILE"' EXIT
+
+oc --context app.ci whoami -t > "$TOKEN_FILE"
 # go to release repository folder and execute:
-/path/to/rebalancer --profiles='azure4,azure-2' --prometheus-bearer-token-path=/tmp/token
+/path/to/rebalancer --profiles='azure4,azure-2' --prometheus-bearer-token-path="$TOKEN_FILE"

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @cmd/rebalancer/README.md around lines 11 - 13, The README currently writes a
bearer token to a predictable /tmp/token; change the example to create a secure
temp file (use mktemp and store it in TOKEN_FILE), restrict permissions with
chmod 600, register a trap to rm -f "$TOKEN_FILE" on EXIT, write the oc
--context ... whoami -t output into TOKEN_FILE, and pass that variable to the
--prometheus-bearer-token-path flag so the token is not left in a predictable
location.

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @cmd/rebalancer/README.md:

• Line 5: Replace the awkward sentence "This tool is needed when Boskos leases
  are short in some profiles." in the README with the clearer wording: "This tool
  is needed when Boskos leases are in short supply for some profiles." — locate
  the sentence in the cmd/rebalancer README and update it exactly to the suggested
  phrasing.
• Around line 11-13: The README currently writes a bearer token to a predictable
  /tmp/token; change the example to create a secure temp file (use mktemp and
  store it in TOKEN_FILE), restrict permissions with chmod 600, register a trap to
  rm -f "$TOKEN_FILE" on EXIT, write the oc --context ... whoami -t output into
  TOKEN_FILE, and pass that variable to the --prometheus-bearer-token-path flag so
  the token is not left in a predictable location.

</details>

---

<details>
<summary>ℹ️ Review info</summary>

**Configuration used**: Repository: openshift/coderabbit/.coderabbit.yaml

**Review profile**: CHILL

**Plan**: Pro

**Cache: Disabled due to data retention organization setting**

**Knowledge base: Disabled due to data retention organization setting**

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between ee679814add16148048bbc07e82a5f11fdc9b09b and 0b65096fd00259a848e5578a7cdf3f800a9c5360.

</details>

<details>
<summary>📒 Files selected for processing (1)</summary>

* `cmd/rebalancer/README.md`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[deepsm007]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepsm007, hector-vido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [deepsm007,hector-vido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

Scheduling required tests:
/test e2e

[openshift-ci]

@hector-vido: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e	4bef0a3	link	true	/test e2e
ci/prow/breaking-changes	4bef0a3	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.