[kubernetes] User-selectable cluster version #1191
Conversation
WalkthroughThis change updates Kubernetes app versions and introduces a new configurable Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant HelmChart
participant _versions_tpl
participant versions_yaml
User->>HelmChart: Set .Values.version (e.g., v1.32)
HelmChart->>_versions_tpl: include "kubernetes.versionMap"
_versions_tpl->>versions_yaml: Load version map from file
_versions_tpl-->>HelmChart: Return full patch version (e.g., v1.32.4)
HelmChart-->>User: Deploy cluster with resolved version
Suggested labels
Suggested reviewers
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (7)
packages/apps/kubernetes/values.yaml (1)
6-10: Consider a less generic key thanversionThe top-level field name
versioncan easily be confused with the chart’s own.Chart.Versioninside templates and with Helm’s built-inVersionconcept. A more explicit key such askubernetesVersionwould remove that ambiguity without affecting UX (end-users still type one extra word).packages/apps/kubernetes/values.schema.json (1)
130-142: Schema update correct, but keep it DRY with Makefile/_versions.tplThe enum/default match the values file – good. However, as pointed out in the Makefile review, maintaining the same list in three locations will quickly drift. Please refactor to source the list from a single definition.
packages/apps/kubernetes/README.md (1)
84-90: Clarify allowed values and patch-level resolution forversion.The description only states “vMAJOR.MINOR”. Because the chart silently expands that value to a full patch version through
templates/_versions.tpl, users might be confused whyv1.32becomesv1.32.6, or whyv1.27is rejected.
Consider adding a short note such as:Only
v1.28–v1.33are currently supported and will automatically be resolved to the latest patch (see_versions.tpl).This keeps the docs self-contained and avoids a support round-trip.
packages/apps/kubernetes/templates/_versions.tpl (2)
1-7: Externalise the hard-coded map to ease future upgrades.Keeping the map inside the template means every patch bump requires editing this file, regenerating the schema enum, and bumping chart/app versions.
A tiny refactor would pull the map intovalues.yaml(or a dedicatedvalues.versions.yaml) and iterate over it here. The Makefile could then read the same source of truth when regenerating the JSON schema.Advantages:
• single place to update
• no Helm diff noise in rendered manifests
• easier to back-port security patch versionsNot blocking, but worth considering as version cadence accelerates.
3-5: Minor UX: sort supported versions in the failure message.
keys $versionMapreturns a random order. A deterministic, sorted list is nicer for the user.-{{- printf `Kubernetes version %s is not supported, allowed versions are %s` . (keys $versionMap) | fail }} +{{- $allowed := keys $versionMap | sortAlpha }} +{{- printf `Kubernetes version %s is not supported, allowed versions are %s` . $allowed | fail }}packages/apps/kubernetes/templates/cluster.yaml (2)
150-155: Quote the rendered version to appease YAML/Helm linters.Unquoted plain scalars like
v1.32.6are technically legal YAML, yet several linters flag them as ambiguous. Quoting avoids future CI noise.- version: {{ include "kubernetes.versionMap" $.Values.version }} + version: "{{ include "kubernetes.versionMap" $.Values.version }}"
289-294: Repeat the quoting fix for worker templates.Same rationale as above – keep manifest style consistent.
- version: {{ include "kubernetes.versionMap" $.Values.version }} + version: "{{ include "kubernetes.versionMap" $.Values.version }}"
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (8)
packages/apps/kubernetes/Chart.yaml(1 hunks)packages/apps/kubernetes/Makefile(1 hunks)packages/apps/kubernetes/README.md(1 hunks)packages/apps/kubernetes/templates/_versions.tpl(1 hunks)packages/apps/kubernetes/templates/cluster.yaml(2 hunks)packages/apps/kubernetes/values.schema.json(1 hunks)packages/apps/kubernetes/values.yaml(1 hunks)packages/apps/versions_map(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
packages/apps/kubernetes/Makefile (1)
Learnt from: NickVolynkin
PR: cozystack/cozystack#1117
File: packages/apps/mysql/Makefile:8-8
Timestamp: 2025-06-26T04:29:24.830Z
Learning: The cozystack project uses yq v4+ on their CI runner, so yq v4 syntax (-o json --indent 4) is compatible and version checks are not needed.
🔇 Additional comments (2)
packages/apps/kubernetes/Chart.yaml (1)
19-25: Chart & app version bump looks goodThe semantic-version bump (
0.25.0 → 0.26.0) together with the appVersion patch upgrade is consistent with the new user-visible feature. No further issues spotted here.packages/apps/versions_map (1)
57-58: Pinned commit verified & HEAD pointer is correct
The70f82667commit exists in the repo (no errors fromgit cat-file -e). Keepingkubernetes 0.26.0atHEADfollows our current convention—just remember to freeze it to a specific commit hash when the chart is officially released.
| readme-generator -v values.yaml -s values.schema.json -r README.md | ||
| yq -o json -i '.properties.version.enum = ["v1.28","v1.29","v1.30","v1.31","v1.32","v1.33"]' values.schema.json | ||
| yq -o json -i '.properties.addons.properties.ingressNginx.properties.exposeMethod.enum = ["Proxied","LoadBalancer"]' values.schema.json |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Version list duplicated in multiple places – centralise it
The hard-coded enum appears here, in values.schema.json, and again inside _versions.tpl. This triple duplication is error-prone. Instead, store the list once (e.g. in a YAML fragment or variable) and have:
_versions.tplread it viarequired/include.yqpull it from the same source when patching the schema.
Benefit: one-line change to add v1.34 in the future.
- yq -o json -i '.properties.version.enum = ["v1.28","v1.29","v1.30","v1.31","v1.32","v1.33"]' values.schema.json
+ # Example: pull enum from a dedicated file to avoid duplication
+ yq -o json -i '.properties.version.enum = load("k8s_versions.yaml")' values.schema.jsonCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In packages/apps/kubernetes/Makefile around lines 8 to 10, the version list is
duplicated in the Makefile, values.schema.json, and _versions.tpl, which is
error-prone. To fix this, centralize the version list by storing it once in a
YAML fragment or variable. Modify _versions.tpl to read the version list using
required/include functions, and update the yq command in the Makefile to pull
the version enum from this centralized source instead of hardcoding it. This
will allow adding new versions by changing only one place.
| @@ -0,0 +1,7 @@ | |||
| {{- define "kubernetes.versionMap" }} | |||
| {{- $versionMap := dict `v1.28` `v1.28.15` `v1.29` `v1.29.15` `v1.30` `v1.30.14` `v1.31` `v1.31.10` `v1.32` `v1.32.6` `v1.33` `v1.33.2` }} | |||
There was a problem hiding this comment.
nit: It would be nice to support upgrading this via make update
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
hack/e2e-apps/kubernetes.bats (1)
66-66: Enhanced test validation - good improvement.The updated wait condition now properly validates that the specified version "v1.30" appears in the kamajicontrolplane status, ensuring the version selection feature is working correctly. This is a more robust test than simply checking for resource existence.
Consider adding a comment explaining what the grep is looking for, to improve test maintainability:
+ # Wait for the control plane to show the specified version timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-test | grep -q "v1.30"; do sleep 1; done'
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
hack/e2e-apps/kubernetes.bats(1 hunks)
🔇 Additional comments (1)
hack/e2e-apps/kubernetes.bats (1)
63-63: LGTM! Version field addition aligns with feature requirements.The addition of the
versionfield with value "v1.30" correctly implements the user-selectable cluster version feature in the test manifest, following the expectedvMAJOR.MINORformat.
b917bdd to
f6cb69e
Compare
hack/e2e-apps/kubernetes.bats
Outdated
| EOF | ||
| kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active | ||
| timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-test; do sleep 1; done' | ||
| timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-test | grep -q "v1.30"; do sleep 1; done' |
There was a problem hiding this comment.
This line checks that a KamajiControlPlane was created with a specific value in the spec.version field. What's needed is a check that you have a functional Kubernetes API that reports its version as the one requested.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
packages/apps/kubernetes/templates/_versions.tpl (1)
3-3: Consider caching the version map for better performance.The
files/versions.yamlfile is loaded and parsed every time this template is called. If this template is invoked multiple times within the same chart render, this could lead to redundant file I/O operations.Consider caching the parsed version map in a variable at the chart level or documenting that this template should only be called once per render.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
packages/apps/kubernetes/Makefile(1 hunks)packages/apps/kubernetes/files/versions.yaml(1 hunks)packages/apps/kubernetes/templates/_versions.tpl(1 hunks)packages/apps/kubernetes/templates/cluster.yaml(2 hunks)
✅ Files skipped from review due to trivial changes (1)
- packages/apps/kubernetes/files/versions.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
- packages/apps/kubernetes/Makefile
- packages/apps/kubernetes/templates/cluster.yaml
🔇 Additional comments (3)
packages/apps/kubernetes/templates/_versions.tpl (3)
1-2: LGTM: Template definition and context capture.The template definition follows Helm best practices with proper naming and context capture using the
$ := .pattern.
4-6: Excellent error handling with helpful user feedback.The validation logic properly checks for version existence and provides a clear error message that includes all available versions. This greatly improves the user experience when an invalid version is specified.
7-7: LGTM: Clean version lookup implementation.The
indexfunction correctly retrieves the mapped version value from the version map.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
hack/e2e-apps/kubernetes-latest-version.bats (3)
4-4: Version extraction assumes ordered keys in YAML file.The
yq 'keys | .[-1]'command assumes that the keys inversions.yamlare ordered and that the last key represents the latest version. This approach is fragile if the YAML file structure changes or if keys are not semantically ordered.Consider using a more explicit version selection approach:
-LATEST_K8S_VERSION=$(yq 'keys | .[-1]' ../packages/apps/kubernetes/files/versions.yaml) +LATEST_K8S_VERSION=$(yq 'keys | sort_by(.) | .[-1]' ../packages/apps/kubernetes/files/versions.yaml)Or better yet, if the
versions.yamlfile has a specific field for the latest version, use that instead of relying on key ordering.
93-93: Port forwarding runs in background without proper cleanup.The port forwarding command runs in the background with a 40-second timeout, but there's no explicit cleanup of the background process. This could lead to port conflicts in subsequent test runs.
Consider adding explicit cleanup for the port forwarding process:
# Set up port forwarding to the Kubernetes API server for a 40 second timeout -bash -c 'timeout 40s kubectl port-forward service/kubernetes-test-latest -n tenant-test '"${TEMPORAL_TENANT_PORT}"':6443 > /dev/null 2>&1 &' +PORT_FORWARD_PID=$(bash -c 'timeout 40s kubectl port-forward service/kubernetes-test-latest -n tenant-test '"${TEMPORAL_TENANT_PORT}"':6443 > /dev/null 2>&1 & echo $!')And add cleanup before the final resource deletion:
+# Clean up port forwarding +kill $PORT_FORWARD_PID 2>/dev/null || true + # Clean up by deleting the Kubernetes resource
96-96: Version verification could be more robust.The version verification uses
grepto match the server version, but this approach might be fragile if the output format changes. Consider using more specific JSON output parsing.-timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep "Server Version: $LATEST_K8S_VERSION"; do sleep 5; done' +timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version -o json 2>/dev/null | jq -r ".serverVersion.gitVersion" | grep -q "^$LATEST_K8S_VERSION"; do sleep 5; done'hack/e2e-apps/kubernetes-previous-version.bats (2)
4-5: Misleading comment about version extraction.The comment states "Get latest version of k8s from gcr" but the code actually extracts the previous version (second-to-last key) from the local
versions.yamlfile.-# Get latest version of k8s from gcr -PREVIOUS_K8S_VERSION=$(yq 'keys | .[-2]' ../packages/apps/kubernetes/files/versions.yaml) +# Get previous version of k8s from versions.yaml +PREVIOUS_K8S_VERSION=$(yq 'keys | .[-2]' ../packages/apps/kubernetes/files/versions.yaml)
5-5: Version extraction assumes at least two versions exist.The
yq 'keys | .[-2]'command assumes there are at least two versions in theversions.yamlfile. This could fail if only one version is defined.Consider adding validation to ensure at least two versions exist:
-PREVIOUS_K8S_VERSION=$(yq 'keys | .[-2]' ../packages/apps/kubernetes/files/versions.yaml) +VERSION_COUNT=$(yq 'keys | length' ../packages/apps/kubernetes/files/versions.yaml) +if [ "$VERSION_COUNT" -lt 2 ]; then + echo "Error: At least two versions required in versions.yaml for previous version test" + exit 1 +fi +PREVIOUS_K8S_VERSION=$(yq 'keys | sort_by(.) | .[-2]' ../packages/apps/kubernetes/files/versions.yaml)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
hack/e2e-apps/kubernetes-latest-version.bats(1 hunks)hack/e2e-apps/kubernetes-previous-version.bats(1 hunks)hack/e2e-apps/kubernetes.bats(0 hunks)
💤 Files with no reviewable changes (1)
- hack/e2e-apps/kubernetes.bats
| roles: | ||
| - ingress-nginx | ||
| storageClass: replicated | ||
| version: "$LATEST_K8S_VERSION" |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify version variable expansion in YAML.
The version: "$LATEST_K8S_VERSION" line relies on shell variable expansion within the here-doc. Ensure this expands correctly and consider adding validation.
🏁 Script executed:
#!/bin/bash
# Verify that the version variable expansion works correctly in the YAML manifest
echo "Testing version variable expansion..."
LATEST_K8S_VERSION="v1.32.0"
echo "version: \"$LATEST_K8S_VERSION\"" | grep -E '^version: "v[0-9]+\.[0-9]+\.[0-9]+"$'Length of output: 209
Version variable expansion verified; add validation
- Confirmed that
version: "$LATEST_K8S_VERSION"expands correctly (e.g.v1.32.0). - Still recommend guarding against empty or malformed values before rendering the manifest.
Suggested fix (in hack/e2e-apps/kubernetes-latest-version.bats around line 66):
# Ensure LATEST_K8S_VERSION is set and follows vMAJOR.MINOR.PATCH
if [[ -z "$LATEST_K8S_VERSION" || ! "$LATEST_K8S_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: LATEST_K8S_VERSION must be a non-empty semver string (got '$LATEST_K8S_VERSION')" >&2
exit 1
fi
cat <<EOF >k8s-manifest.yaml
apiVersion: v1
kind: Pod
metadata:
name: example
spec:
version: "$LATEST_K8S_VERSION"
EOFThis will fail fast on invalid or missing versions.
🤖 Prompt for AI Agents
In hack/e2e-apps/kubernetes-latest-version.bats at line 66, add a validation
check before rendering the manifest to ensure the LATEST_K8S_VERSION variable is
set and matches the semantic version pattern vMAJOR.MINOR.PATCH. Implement a
conditional that exits with an error message if LATEST_K8S_VERSION is empty or
malformed, preventing the script from proceeding with invalid version data.
| #!/usr/bin/env bats | ||
|
|
||
| @test "Create a previous version tenant Kubernetes control plane" { | ||
| # Get latest version of k8s from gcr | ||
| PREVIOUS_K8S_VERSION=$(yq 'keys | .[-2]' ../packages/apps/kubernetes/files/versions.yaml) | ||
| TEMPORAL_TENANT_PORT=59992 | ||
|
|
||
| kubectl apply -f - <<EOF | ||
| apiVersion: apps.cozystack.io/v1alpha1 | ||
| kind: Kubernetes | ||
| metadata: | ||
| name: test-previous | ||
| namespace: tenant-test | ||
| spec: | ||
| addons: | ||
| certManager: | ||
| enabled: false | ||
| valuesOverride: {} | ||
| cilium: | ||
| valuesOverride: {} | ||
| fluxcd: | ||
| enabled: false | ||
| valuesOverride: {} | ||
| gatewayAPI: | ||
| enabled: false | ||
| gpuOperator: | ||
| enabled: false | ||
| valuesOverride: {} | ||
| ingressNginx: | ||
| enabled: true | ||
| hosts: [] | ||
| valuesOverride: {} | ||
| monitoringAgents: | ||
| enabled: false | ||
| valuesOverride: {} | ||
| verticalPodAutoscaler: | ||
| valuesOverride: {} | ||
| controlPlane: | ||
| apiServer: | ||
| resources: {} | ||
| resourcesPreset: small | ||
| controllerManager: | ||
| resources: {} | ||
| resourcesPreset: micro | ||
| konnectivity: | ||
| server: | ||
| resources: {} | ||
| resourcesPreset: micro | ||
| replicas: 2 | ||
| scheduler: | ||
| resources: {} | ||
| resourcesPreset: micro | ||
| host: "" | ||
| nodeGroups: | ||
| md0: | ||
| ephemeralStorage: 20Gi | ||
| gpus: [] | ||
| instanceType: u1.medium | ||
| maxReplicas: 10 | ||
| minReplicas: 0 | ||
| resources: | ||
| cpu: "" | ||
| memory: "" | ||
| roles: | ||
| - ingress-nginx | ||
| storageClass: replicated | ||
| version: "$PREVIOUS_K8S_VERSION" | ||
| EOF | ||
| # Wait for the tenant-test namespace to be active | ||
| kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active | ||
|
|
||
| # Wait for the Kamaji control plane to be created (retry for up to 10 seconds) | ||
| timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-test-previous; do sleep 1; done' | ||
|
|
||
| # Wait for the tenant control plane to be fully created (timeout after 4 minutes) | ||
| kubectl wait --for=condition=TenantControlPlaneCreated kamajicontrolplane -n tenant-test kubernetes-test-previous --timeout=4m | ||
|
|
||
| # Wait for Kubernetes resources to be ready (timeout after 2 minutes) | ||
| kubectl wait tcp -n tenant-test kubernetes-test-previous --timeout=2m --for=jsonpath='{.status.kubernetesResources.version.status}'=Ready | ||
|
|
||
| # Wait for all required deployments to be available (timeout after 4 minutes) | ||
| kubectl wait deploy --timeout=4m --for=condition=available -n tenant-test kubernetes-test-previous kubernetes-test-previous-cluster-autoscaler kubernetes-test-previous-kccm kubernetes-test-previous-kcsi-controller | ||
|
|
||
| # Wait for the machine deployment to scale to 2 replicas (timeout after 1 minute) | ||
| kubectl wait machinedeployment kubernetes-test-previous-md0 -n tenant-test --timeout=1m --for=jsonpath='{.status.replicas}'=2 | ||
|
|
||
| # Get the admin kubeconfig and save it to a file | ||
| kubectl get secret kubernetes-test-previous-admin-kubeconfig -ojsonpath='{.data.super-admin\.conf}' -n tenant-test | base64 -d > tenantkubeconfig | ||
|
|
||
| # Update the kubeconfig to use localhost for the API server | ||
| yq -i ".clusters[0].cluster.server = \"https://localhost:${TEMPORAL_TENANT_PORT}\"" tenantkubeconfig | ||
|
|
||
| # Set up port forwarding to the Kubernetes API server for a 40 second timeout | ||
| bash -c 'timeout 40s kubectl port-forward service/kubernetes-test-previous -n tenant-test '"${TEMPORAL_TENANT_PORT}"':6443 > /dev/null 2>&1 &' | ||
|
|
||
| # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds) | ||
| timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep "Server Version: $PREVIOUS_K8S_VERSION"; do sleep 5; done' | ||
|
|
||
| # Wait for all machine deployment replicas to be ready (timeout after 10 minutes) | ||
| kubectl wait machinedeployment kubernetes-test-previous-md0 -n tenant-test --timeout=10m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2 | ||
|
|
||
| # Clean up by deleting the Kubernetes resource | ||
| kubectl -n tenant-test delete kuberneteses.apps.cozystack.io test-previous | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Significant code duplication between test files.
Both test files contain nearly identical code with only minor differences in variable names, ports, and resource names. This makes maintenance difficult and increases the risk of inconsistencies.
Consider refactoring to use a shared function or parameterized approach:
#!/usr/bin/env bats
run_kubernetes_test() {
local version_expr="$1"
local test_name="$2"
local port="$3"
local k8s_version=$(yq "$version_expr" ../packages/apps/kubernetes/files/versions.yaml)
# Rest of the test logic using variables
# kubectl apply with parameterized resource name and version
# kubectl wait commands with parameterized resource names
# Version verification with parameterized version
# Cleanup with parameterized resource name
}
@test "Create a tenant Kubernetes control plane with latest version" {
run_kubernetes_test 'keys | sort_by(.) | .[-1]' 'test-latest' '59991'
}
@test "Create a tenant Kubernetes control plane with previous version" {
run_kubernetes_test 'keys | sort_by(.) | .[-2]' 'test-previous' '59992'
}🤖 Prompt for AI Agents
In hack/e2e-apps/kubernetes-previous-version.bats lines 1 to 104, the test code
is duplicated with only minor differences in variables like version, test name,
and port. Refactor by extracting the common logic into a reusable function that
accepts parameters for version expression, test name, and port. Replace
hardcoded values with these parameters throughout the test steps, then create
separate @test blocks that call this function with appropriate arguments for
latest and previous Kubernetes versions. This will reduce duplication and
improve maintainability.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
hack/e2e-apps/kubernetes.bats (1)
98-98: Potential shell escaping issue with version string in grep.The version string
${k8s_version}could contain characters that have special meaning in grep patterns. Consider usinggrep -F(fixed string) orfgrepfor literal matching.Apply this improvement:
- timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -q "Server Version: ${k8s_version}"; do sleep 5; done' + timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done'
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
hack/e2e-apps/kubernetes.bats(2 hunks)
🔇 Additional comments (6)
hack/e2e-apps/kubernetes.bats (6)
3-8: Function implementation looks good with proper parameter handling.The function correctly accepts the necessary parameters and uses
yqto dynamically retrieve the Kubernetes version from the versions.yaml file. The approach of using a version expression parameter allows for flexible version selection.
70-87: Comprehensive resource readiness checks implemented.The sequential wait operations properly ensure that all components are ready before proceeding. The timeouts are reasonable and the conditions being checked are appropriate for each resource type.
88-96: Kubeconfig setup and port forwarding implemented correctly.The approach of extracting the admin kubeconfig, modifying it for localhost access, and setting up port forwarding is sound. The 40-second timeout for port forwarding should be sufficient for the test duration.
98-98: Version verification addresses the past review comment effectively.This implementation correctly verifies that the Kubernetes API server reports the expected version, which directly addresses the past review comment about checking for "a functional Kubernetes API that reports its version as the one requested."
108-117: Well-structured test cases with clear differentiation.The two test cases effectively test different Kubernetes versions using descriptive names and different ports. The delimiter output helps with test result clarity.
104-104: Fix the resource name typo in cleanup.The resource name appears to have a typo:
kuberneteses.apps.cozystack.ioshould bekubernetes.apps.cozystack.io.Apply this fix:
- kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name + kubectl -n tenant-test delete kubernetes.apps.cozystack.io $test_name⛔ Skipped due to learnings
Learnt from: lllamnyp PR: cozystack/cozystack#1130 File: hack/e2e-apps/kubernetes.bats:101-101 Timestamp: 2025-07-11T06:11:25.438Z Learning: In cozystack, the plural form for the Kubernetes custom resource is `kuberneteses.apps.cozystack.io`, not `kubernetes.apps.cozystack.io`. This is defined in the API schema even though it's not grammatically perfect.
6f6872d to
33b6de2
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (9)
packages/apps/postgres/values.yaml (2)
90-95: Remove trailing whitespace & align example indentationLine 95 has trailing spaces flagged by yamllint and should be trimmed.
While touching the block, consider indenting the example keys two more spaces so they are siblings ofcpu/memoryunderresources:(current comment implies that but indentation shows them as top-level).# resources: -# cpu: 4000m -# memory: 4Gi␠ +# cpu: 4000m +# memory: 4Gi
96-97: Ensure allowed preset values are schema-validatedThe comment now enumerates the permitted presets. Double-check that
values.schema.json(or_helpers.tplvalidation) constrainsresourcesPresetto the same list to prevent typos sneaking through Helm.
If such validation does not yet exist, consider adding it.packages/apps/mysql/values.yaml (1)
58-65: Remove trailing whitespace to satisfy YAMLlint
The blank line after the commented example (current line 63) contains stray spaces flagged by YAMLlint (trailing-spaces).- # memory: 4Gi␠␠ + # memory: 4Gi +.github/workflows/tags.yaml (3)
115-121: Prefer using the built-inGITHUB_TOKENor disable credential persistence when injecting a PATEmbedding
${GH_PAT}directly in the remote URL works, but it introduces a second long-lived secret into the workflow.
Unless you need scopes that the short-livedGITHUB_TOKENcannot provide (e.g. pushing to protected branches), you can drop the PAT entirely and rely onGITHUB_TOKENwith the already-declaredcontents: writepermission.If keeping the PAT is truly required, add
persist-credentials: falseto the earlieractions/checkoutstep so the default token isn’t written to.git/config, avoiding accidental credential mix-ups:- - name: Checkout code + - name: Checkout code if: steps.check_release.outputs.skip == 'false' uses: actions/checkout@v4 with: fetch-depth: 0 fetch-tags: true + persist-credentials: false # avoid storing the default token
195-201: Duplicate git-config boilerplate – consider a reusable composite actionThe user name / email configuration and the remote-URL overwrite are repeated here and in the “Commit release artifacts” step.
Encapsulating this into a small composite action (or at least a reusable YAML step viauses: ./.github/actions/git-bot-setup) removes duplication and keeps future updates in one place.
210-211: PAT scopes checkSwitching the
github-tokeninput to${{ secrets.GH_PAT }}gives the script full PAT permissions.
Double-check that the token is repository-scoped and limited to the minimal scopes required for PR creation (repo,workflowif needed) to reduce blast radius if it leaks.packages/apps/vpn/README.md (3)
3-4: Add missing article for grammatical correctnessThe phrase “deployment and management of VPN server” is missing the article “a”.
-Managed VPN Service simplifies the deployment and management of VPN server, enabling you to establish secure connections with ease. +Managed VPN Service simplifies the deployment and management of a VPN server, enabling you to establish secure connections with ease.
6-6: Replace bare URL with a Markdown linkStops the markdown-lint MD034 warning and keeps formatting consistent.
-- VPN client applications: https://shadowsocks5.github.io/en/download/clients.html +- [VPN client applications](https://shadowsocks5.github.io/en/download/clients.html)
10-13: Consolidate sentences and add canonical link to Outline ServerThe four short sentences read a bit staccato. Merging them, adding a link to the upstream project, and removing the redundant “Internally known as” clause improves flow and clarity.
-The VPN Service is powered by the Outline Server, an advanced and user-friendly VPN solution. -Internally known as "Shadowbox", which simplifies the process of setting up and sharing Shadowsocks servers. -It operates by launching Shadowsocks instances on demand. -Furthermore, Shadowbox is compatible with standard Shadowsocks clients, providing flexibility and ease of use for your VPN requirements. +The VPN service is powered by [Outline Server](https://github.com/Jigsaw-Code/outline-server) (internally called **Shadowbox**). +Shadowbox spins up Shadowsocks instances on demand and is fully compatible with any standard Shadowsocks client, giving you maximum flexibility.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (63)
.github/workflows/pull-requests.yaml(2 hunks).github/workflows/tags.yaml(3 hunks)hack/e2e-apps/kubernetes.bats(2 hunks)packages/apps/clickhouse/README.md(2 hunks)packages/apps/clickhouse/images/clickhouse-backup.tag(1 hunks)packages/apps/clickhouse/values.schema.json(1 hunks)packages/apps/clickhouse/values.yaml(1 hunks)packages/apps/ferretdb/README.md(2 hunks)packages/apps/ferretdb/values.schema.json(4 hunks)packages/apps/ferretdb/values.yaml(4 hunks)packages/apps/http-cache/README.md(2 hunks)packages/apps/http-cache/images/nginx-cache.tag(1 hunks)packages/apps/http-cache/values.schema.json(2 hunks)packages/apps/http-cache/values.yaml(1 hunks)packages/apps/kafka/README.md(1 hunks)packages/apps/kafka/values.schema.json(2 hunks)packages/apps/kafka/values.yaml(1 hunks)packages/apps/kubernetes/Chart.yaml(1 hunks)packages/apps/kubernetes/Makefile(1 hunks)packages/apps/kubernetes/README.md(2 hunks)packages/apps/kubernetes/files/versions.yaml(1 hunks)packages/apps/kubernetes/images/cluster-autoscaler.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-cloud-provider.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-csi-driver.tag(1 hunks)packages/apps/kubernetes/templates/_versions.tpl(1 hunks)packages/apps/kubernetes/templates/cluster.yaml(2 hunks)packages/apps/kubernetes/values.schema.json(5 hunks)packages/apps/kubernetes/values.yaml(3 hunks)packages/apps/mysql/README.md(3 hunks)packages/apps/mysql/images/mariadb-backup.tag(1 hunks)packages/apps/mysql/values.schema.json(2 hunks)packages/apps/mysql/values.yaml(2 hunks)packages/apps/nats/README.md(1 hunks)packages/apps/nats/values.schema.json(1 hunks)packages/apps/nats/values.yaml(1 hunks)packages/apps/postgres/README.md(4 hunks)packages/apps/postgres/values.schema.json(1 hunks)packages/apps/postgres/values.yaml(1 hunks)packages/apps/rabbitmq/README.md(1 hunks)packages/apps/rabbitmq/values.schema.json(1 hunks)packages/apps/rabbitmq/values.yaml(1 hunks)packages/apps/redis/README.md(1 hunks)packages/apps/redis/values.schema.json(1 hunks)packages/apps/redis/values.yaml(1 hunks)packages/apps/tcp-balancer/README.md(1 hunks)packages/apps/tcp-balancer/values.schema.json(1 hunks)packages/apps/tcp-balancer/values.yaml(1 hunks)packages/apps/versions_map(1 hunks)packages/apps/vpn/README.md(2 hunks)packages/apps/vpn/values.schema.json(2 hunks)packages/apps/vpn/values.yaml(3 hunks)packages/core/installer/values.yaml(1 hunks)packages/core/testing/values.yaml(1 hunks)packages/extra/bootbox/images/matchbox.tag(1 hunks)packages/extra/monitoring/images/grafana.tag(1 hunks)packages/system/bucket/images/s3manager.tag(1 hunks)packages/system/cozystack-api/values.yaml(1 hunks)packages/system/cozystack-controller/values.yaml(1 hunks)packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml(1 hunks)packages/system/dashboard/values.yaml(2 hunks)packages/system/kamaji/values.yaml(1 hunks)packages/system/kubeovn-webhook/values.yaml(1 hunks)packages/system/kubeovn/values.yaml(1 hunks)
✅ Files skipped from review due to trivial changes (45)
- packages/apps/http-cache/images/nginx-cache.tag
- packages/apps/clickhouse/images/clickhouse-backup.tag
- .github/workflows/pull-requests.yaml
- packages/extra/monitoring/images/grafana.tag
- packages/system/kubeovn-webhook/values.yaml
- packages/apps/mysql/images/mariadb-backup.tag
- packages/system/kamaji/values.yaml
- packages/core/testing/values.yaml
- packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
- packages/system/cozystack-controller/values.yaml
- packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
- packages/extra/bootbox/images/matchbox.tag
- packages/apps/kubernetes/images/kubevirt-csi-driver.tag
- packages/apps/kubernetes/images/cluster-autoscaler.tag
- packages/apps/http-cache/README.md
- packages/core/installer/values.yaml
- packages/apps/postgres/values.schema.json
- packages/apps/rabbitmq/values.schema.json
- packages/system/cozystack-api/values.yaml
- packages/apps/tcp-balancer/values.schema.json
- packages/apps/tcp-balancer/values.yaml
- packages/apps/nats/values.schema.json
- packages/system/kubeovn/values.yaml
- packages/apps/nats/README.md
- packages/apps/clickhouse/values.schema.json
- packages/apps/ferretdb/values.schema.json
- packages/apps/ferretdb/README.md
- packages/apps/kafka/values.schema.json
- packages/apps/kafka/README.md
- packages/apps/http-cache/values.yaml
- packages/apps/tcp-balancer/README.md
- packages/apps/vpn/values.yaml
- packages/apps/redis/README.md
- packages/apps/postgres/README.md
- packages/apps/rabbitmq/README.md
- packages/apps/mysql/README.md
- packages/apps/clickhouse/README.md
- packages/apps/http-cache/values.schema.json
- packages/apps/clickhouse/values.yaml
- packages/system/bucket/images/s3manager.tag
- packages/apps/redis/values.schema.json
- packages/system/dashboard/values.yaml
- packages/apps/kafka/values.yaml
- packages/apps/vpn/values.schema.json
- packages/apps/ferretdb/values.yaml
🚧 Files skipped from review as they are similar to previous changes (10)
- packages/apps/versions_map
- packages/apps/kubernetes/files/versions.yaml
- packages/apps/kubernetes/Chart.yaml
- packages/apps/kubernetes/templates/_versions.tpl
- packages/apps/kubernetes/templates/cluster.yaml
- packages/apps/kubernetes/Makefile
- packages/apps/kubernetes/values.schema.json
- packages/apps/kubernetes/values.yaml
- packages/apps/kubernetes/README.md
- hack/e2e-apps/kubernetes.bats
🧰 Additional context used
🧠 Learnings (1)
packages/apps/nats/values.yaml (1)
Learnt from: NickVolynkin
PR: cozystack/cozystack#1120
File: packages/apps/clickhouse/README.md:60-67
Timestamp: 2025-07-03T05:54:51.264Z
Learning: The `cozy-lib.resources.sanitize` function in packages/library/cozy-lib/templates/_resources.tpl supports both standard Kubernetes resource format (with limits:/requests: sections) and flat format (direct resource specifications). The flat format takes priority over nested values. CozyStack apps include cozy-lib as a chart dependency through symlinks in packages/apps/*/charts/cozy-lib directories.
🪛 YAMLlint (1.37.1)
packages/apps/mysql/values.yaml
[error] 63-63: trailing spaces
(trailing-spaces)
packages/apps/nats/values.yaml
[error] 70-70: trailing spaces
(trailing-spaces)
packages/apps/postgres/values.yaml
[error] 95-95: trailing spaces
(trailing-spaces)
packages/apps/rabbitmq/values.yaml
[error] 48-48: trailing spaces
(trailing-spaces)
packages/apps/redis/values.yaml
[error] 20-20: trailing spaces
(trailing-spaces)
🪛 markdownlint-cli2 (0.17.2)
packages/apps/vpn/README.md
6-6: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (9)
packages/apps/nats/values.yaml (2)
65-66: Documentation tweak looks goodThe re-phrased description clearly explains fallback behaviour when
resourcesis empty. No functional impact.
71-72: Preset list clarification approvedEnumerating the allowed values without parentheses improves readability and matches other charts. 👍
packages/apps/redis/values.yaml (1)
21-22: Documentation tweak looks goodClearer wording and the explicit enumeration of allowed preset values improves usability.
packages/apps/rabbitmq/values.yaml (2)
43-44: Clearer parameter description looks goodThe re-worded comment now unambiguously explains the interaction between
resourcesandresourcesPreset.
49-50: Confirm the preset list stays in sync with chart helpersThe allowed values list in the comment is helpful, but please double-check that the actual helper template (usually
resources-preset.tpl) and schema still include the newnoneoption and the full set shown here.packages/apps/mysql/values.yaml (1)
40-48: Typo fix in backup description is correct
pereiodic➜periodicimproves documentation accuracy and consistency with other charts.packages/apps/mysql/values.schema.json (2)
28-32: Description correction looks good
Thebackup.enableddescription now reads “Enable periodic backups”, eliminating the typo and matching the values file.
70-78: Resource-related description improvements acknowledged
Clarifications forresourcesandresourcesPresetenhance user understanding; no schema changes required.packages/apps/vpn/README.md (1)
25-25: Double-check that the default replica count matchesvalues.yamlThe table states a default of
2replicas. If the Helm chart’svalues.yaml(or preset) still defaults to1, this will confuse users.Please verify and align the documentation or chart default accordingly.
| # resources: | ||
| # cpu: 4000m | ||
| # memory: 4Gi | ||
|
|
There was a problem hiding this comment.
Remove trailing whitespace to satisfy yamllint
yamllint flags an error on this blank line due to stray spaces. Helm chart CI pipelines often treat lint failures as blocking.
-
+📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
🧰 Tools
🪛 YAMLlint (1.37.1)
[error] 48-48: trailing spaces
(trailing-spaces)
🤖 Prompt for AI Agents
In packages/apps/rabbitmq/values.yaml at line 48, remove any trailing whitespace
characters on the blank line to comply with yamllint rules and prevent linting
errors in the Helm chart CI pipeline.
This patch adds a new version field to the kubernetes chart, letting end-users specify the version of kubernetes they want to deploy. [kubernetes] Let users specify desired version of tenant k8s cluster. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com> Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
…ubectl Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
…rabbit Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
33b6de2 to
d63aac7
Compare
Signed-off-by: IvanHunters <49371933+IvanHunters@users.noreply.github.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
hack/e2e-apps/kubernetes.bats (1)
70-106: Comprehensive test implementation addressing past feedback.The implementation addresses the previous review comment by verifying that the Kubernetes API reports the correct version (line 98). The test includes proper wait conditions, timeouts, and cleanup.
However, consider these improvements:
- Error handling: The test could benefit from better error handling for the port forwarding and version verification steps.
- Resource cleanup: Consider adding cleanup in a trap to ensure resources are cleaned up even if the test fails.
+ # Add cleanup trap + cleanup() { + kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name --ignore-not-found=true + } + trap cleanup EXIT
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
hack/e2e-apps/kubernetes.bats(2 hunks)packages/apps/versions_map(4 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- packages/apps/versions_map
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build
- GitHub Check: pre-commit
🔇 Additional comments (4)
hack/e2e-apps/kubernetes.bats (4)
3-8: Good refactoring for version parameterization.The function parameters are well-designed to support testing multiple Kubernetes versions. The use of
yqwith a version expression allows for flexible version selection from the YAML file.
13-13: Appropriate test name parameterization.Using the test name parameter in the metadata ensures unique resource names for concurrent test execution.
68-68: Correct version specification implementation.The version field now properly uses the dynamically resolved
k8s_versionfrom the versions.yaml file, enabling user-selectable cluster versions as intended.
108-113: Well-structured test cases for version validation.The two test cases effectively validate both latest and previous Kubernetes versions with distinct names and ports to avoid conflicts. The use of
yqexpressions (keys | sort_by(.) | .[-1]andkeys | sort_by(.) | .[-2]) is clever for dynamic version selection.
| {{- $ := . }} | ||
|
|
||
| {{- if not (hasKey $ "cachedVersionMap") }} | ||
| {{- $versionMap := $.Files.Get "files/versions.yaml" | fromYaml }} | ||
| {{- $_ := set $ "cachedVersionMap" $versionMap }} | ||
| {{- end }} | ||
|
|
||
| {{- $versionMap := $.cachedVersionMap }} | ||
|
|
||
| {{- if not (hasKey $versionMap $.Values.version) }} | ||
| {{- printf `Kubernetes version %s is not supported, allowed versions are %s` $.Values.version (keys $versionMap) | fail }} | ||
| {{- end }} | ||
|
|
||
| {{- index $versionMap $.Values.version }} |
There was a problem hiding this comment.
Let's keep it simple.
| {{- $ := . }} | |
| {{- if not (hasKey $ "cachedVersionMap") }} | |
| {{- $versionMap := $.Files.Get "files/versions.yaml" | fromYaml }} | |
| {{- $_ := set $ "cachedVersionMap" $versionMap }} | |
| {{- end }} | |
| {{- $versionMap := $.cachedVersionMap }} | |
| {{- if not (hasKey $versionMap $.Values.version) }} | |
| {{- printf `Kubernetes version %s is not supported, allowed versions are %s` $.Values.version (keys $versionMap) | fail }} | |
| {{- end }} | |
| {{- index $versionMap $.Values.version }} | |
| {{- $versionMap := .Files.Get "files/versions.yaml" | fromYaml }} | |
| {{- if not (hasKey $versionMap .Values.version) }} | |
| {{- printf `Kubernetes version %s is not supported, allowed versions are %s` $.Values.version (keys $versionMap) | fail }} | |
| {{- end }} | |
| {{- index $versionMap .Values.version }} |
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
packages/apps/kubernetes/templates/_versions.tpl (2)
2-2: Consider removing unnecessary empty lines for cleaner formatting.The empty lines at lines 2 and 7 don't add significant value and could be removed for more compact formatting.
{{- define "kubernetes.versionMap" }} - {{- $versionMap := .Files.Get "files/versions.yaml" | fromYaml }} {{- if not (hasKey $versionMap .Values.version) }} {{- printf `Kubernetes version %s is not supported, allowed versions are %s` $.Values.version (keys $versionMap) | fail }} {{- end }} - {{- index $versionMap .Values.version }} {{- end }}Also applies to: 7-7
5-5: Verify the error message format for readability.The error message concatenates the version list directly, which may not be very readable for users. Consider formatting the allowed versions as a comma-separated list.
- {{- printf `Kubernetes version %s is not supported, allowed versions are %s` $.Values.version (keys $versionMap) | fail }} + {{- printf `Kubernetes version %s is not supported, allowed versions are: %s` $.Values.version (keys $versionMap | join ", ") | fail }}
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
packages/apps/kubernetes/templates/_versions.tpl(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
packages/apps/kubernetes/templates/_versions.tpl (1)
Learnt from: lllamnyp
PR: cozystack/cozystack#1160
File: packages/system/hetzner-robotlb/charts/robotlb/templates/role.yaml:6-8
Timestamp: 2025-07-11T06:28:13.696Z
Learning: In Helm templates, the `{{-` directive chomps all leading whitespace including newlines back to the previous content, so `{{- toYaml .Values.something | nindent 2 }}` will render correctly even with apparent indentation issues. However, for better style, it's cleaner to put the template directive on the same line as the parent key (e.g., `rules: {{- toYaml .Values.serviceAccount.permissions | nindent 2 }}`).
🔇 Additional comments (1)
packages/apps/kubernetes/templates/_versions.tpl (1)
1-10: Implementation matches the suggested approach from past reviews.The template implementation is exactly what was suggested in the past review comments and follows Helm best practices. The logic correctly:
- Reads and parses the version mapping file
- Validates the requested version exists
- Provides informative error messages
- Returns the mapped version value
Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
Follow-up to #1191 Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
Follow-up to #1191 Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated documentation to clarify that users can select Kubernetes patch versions ranging from 1.28 to 1.33 for tenant clusters. * Revised descriptions and comments to explicitly specify the supported Kubernetes version range (1.28–1.33) in relevant documentation and configuration files. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
What this PR does
This patch adds a new version field to the kubernetes chart, letting end-users specify the version of kubernetes they want to deploy.
Release note
Summary by CodeRabbit