[tenant-k8s] change coredns #1362
Conversation
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughAdds CoreDNS as a managed addon: bumps Kubernetes chart to 0.28.0, registers addons.coredns in schema/docs/values, removes inline CoreDNS from cluster spec, adds a Flux HelmRelease to deploy cozy-coredns, and vendors the cozy-coredns Helm chart and tests under packages/system/coredns. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Admin
participant Flux as Flux Controller
participant HR as HelmRelease ({{ .Release.Name }}-coredns)
participant Repo as HelmRepository (cozystack-system)
participant Target as Target Cluster (kubeconfig secret)
Admin->>Flux: Deploy cozystack kubernetes chart (includes HelmRelease)
Flux->>HR: Reconcile HelmRelease
HR->>Repo: Resolve cozy-coredns/coredns (version >= 0.0.0-0)
Repo-->>HR: Chart artifact location
HR->>HR: Merge include "cozystack.defaultCoreDNSValues" + .Values.addons.coredns.valuesOverride
HR->>Target: Install/Upgrade rendered manifests (Service, Deployment, RBAC, ConfigMaps, etc.)
Target-->>HR: Resource status (Ready/Failure)
HR-->>Flux: Report status & revision
Note over HR,Target: dependsOn: base release (lookup) and cilium
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Tip 🔌 Remote MCP (Model Context Protocol) integration is now available!Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats. ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Summary of Changes
Hello @klinch0, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request significantly refactors the management of CoreDNS within the tenant-k8s application. It transitions from an inline, direct configuration approach to a more robust and maintainable Helm-based deployment. This change involves removing the hardcoded CoreDNS settings from the main cluster definition and introducing a new, dedicated Helm chart for CoreDNS, which is then deployed via a HelmRelease resource. This modernization improves modularity, simplifies future updates, and aligns CoreDNS management with standard Kubernetes packaging practices.
Highlights
- CoreDNS Configuration Removal: The previous direct configuration of CoreDNS within
cluster.yamlhas been removed, streamlining the cluster definition. - Helm-Based CoreDNS Deployment: CoreDNS is now deployed and managed using a dedicated HelmRelease resource, pointing to a newly introduced
cozy-corednsHelm chart. This shifts CoreDNS management to a more standardized and modular Helm-based approach. - New CoreDNS Helm Chart Introduction: A comprehensive new Helm chart for CoreDNS has been added, including all necessary Kubernetes resources (Deployments, Services, RBAC, etc.) and supporting features like autoscaling and Prometheus integration.
- Version Updates: The main Kubernetes chart version has been updated to 0.28.0, and the version mapping has been adjusted accordingly.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
6a1184c to
0c63eed
Compare
There was a problem hiding this comment.
Code Review
This pull request refactors the CoreDNS deployment for tenant Kubernetes clusters by moving it from an inline addon to its own standalone HelmRelease. This is a good architectural improvement that increases modularity. My review focuses on improving the stability and predictability of this new deployment by suggesting stricter version pinning for dependencies and a more robust remediation strategy for deployment failures.
| kind: HelmRepository | ||
| name: cozystack-system | ||
| namespace: cozy-system | ||
| version: '>= 0.0.0-0' |
There was a problem hiding this comment.
The version constraint '>= 0.0.0-0' is very permissive. It allows any version of the cozy-coredns chart to be installed, which could include breaking changes. For production stability, it's highly recommended to pin the chart version to a specific range, for example, locking it to a minor version.
version: '~0.1.0' # Pin to the chart's initial minor version| rm -rf charts | ||
| helm repo add cozy-coredns https://coredns.github.io/helm | ||
| helm repo update cozy-coredns | ||
| helm pull cozy-coredns/coredns --untar --untardir charts |
There was a problem hiding this comment.
The helm pull command in the update target doesn't specify a version for the coredns/coredns chart. This means running make update will always pull the latest version, which could introduce breaking changes from the upstream chart unexpectedly. To ensure stability and predictable builds, it's crucial to pin the chart to a specific version. The version currently being added is 1.43.2.
helm pull cozy-coredns/coredns --version 1.43.2 --untar --untardir charts
| install: | ||
| createNamespace: true | ||
| remediation: | ||
| retries: -1 |
There was a problem hiding this comment.
Using retries: -1 for install remediation means Flux will retry indefinitely on failure. This can hide persistent configuration issues and cause excessive log noise. Consider setting a finite number of retries (e.g., 5) to make permanent failures more visible and actionable.
retries: 5| retries: -1 | ||
| upgrade: | ||
| remediation: | ||
| retries: -1 |
There was a problem hiding this comment.
Using retries: -1 for upgrade remediation means Flux will retry indefinitely on failure. This can hide persistent configuration issues and cause excessive log noise. Consider setting a finite number of retries (e.g., 5) to make permanent failures more visible and actionable.
retries: 53ee047b to
a71a359
Compare
There was a problem hiding this comment.
Actionable comments posted: 21
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/apps/kubernetes/values.yaml (1)
45-124: Add missing schema entries and enable guard for coredns addon
- In packages/apps/kubernetes/values.schema.json under the “addons” object, add:
"coredns": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": false }, "valuesOverride": { "type": "object" } }, "additionalProperties": false }- In packages/apps/kubernetes/templates/helmreleases/coredns.yaml, wrap the entire HelmRelease resource in:
so the release is only created when{{- if .Values.addons.coredns.enabled }} …existing HelmRelease spec… {{- end }}.Values.addons.coredns.enabledis true.
♻️ Duplicate comments (3)
packages/system/coredns/Makefile (1)
10-10: Echoing prior feedback: pin the pulled chart version (1.43.2).
This avoids accidental upstream changes on rebuilds.packages/apps/kubernetes/templates/helmreleases/coredns.yaml (2)
29-32: Avoid infinite retry loopsSet finite retries to surface persistent failures.
install: createNamespace: true remediation: - retries: -1 + retries: 5 upgrade: remediation: - retries: -1 + retries: 5
19-19: Pin the chart version to a safe rangeAvoid unbounded upgrades from '>= 0.0.0-0'. Pin to a minor range.
- version: '>= 0.0.0-0' + version: '~0.1.0'
🧹 Nitpick comments (47)
packages/system/coredns/charts/coredns/.helmignore (2)
23-23: Reconsider*.tests; it’s non-standard and may be unnecessary.Helm tests are typically YAML under
templates/tests/. Unless you truly generate files with a.testsextension that must be excluded, drop this to avoid surprising ignores.-*.tests
1-23: Add common dev artifacts and chart archives to avoid bloating packages.Recommend ignoring common local/tooling files and prebuilt chart tarballs.
# Various IDEs .project .idea/ *.tmproj OWNERS -*.tests + +# Editors/IDEs +.vscode/ +*.iml + +# Local envs and deps +node_modules/ +venv/ +.venv/ +.env +.env.* +.envrc + +# Local override values +values.local.yaml +*.local.yaml + +# Avoid packaging previously built charts accidentally copied here +*.tgzpackages/apps/kubernetes/README.md (1)
142-143: Fix casing: CoreDNS.
Use the proper project casing for consistency with other addons.-| `addons.coredns` | Coredns | `object` | `{}` | +| `addons.coredns` | CoreDNS | `object` | `{}` |Optional: add a note that CoreDNS is required/always enabled (only valuesOverride is supported), to avoid confusion versus addons that have an
enabledflag.packages/system/coredns/charts/coredns/templates/NOTES.txt (2)
10-16: LoadBalancer: handle both IP and hostname.Some clouds expose
.hostnameinstead of.ip. Output both.- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "coredns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo $SERVICE_IP + export SERVICE_ADDR=$(kubectl -n {{ .Release.Namespace }} get svc {{ template "coredns.fullname" . }} \ + -o jsonpath='{.status.loadBalancer.ingress[0].ip}{"\n"}{.status.loadBalancer.ingress[0].hostname}') + echo $SERVICE_ADDR
4-6: Minor phrasing improvement for user output.Tighten the sentence.
-CoreDNS is now running in the cluster. -It can be accessed using the below endpoint +CoreDNS is now running in the cluster. +Use the following endpoint:packages/system/coredns/charts/coredns/README.md (3)
17-18: Fix typos and grammar in deployment modes.-... exposed outside the cluster by using using either the NodePort or LoadBalancer ... +... exposed outside the cluster by using either the NodePort or LoadBalancer ... -This is a sub case of 'external dns service' ... +This is a subcase of 'external DNS service' ... -This deployment mode as a dependency on `etcd-operator` chart, which needs to be pre-installed. +This deployment mode has a dependency on the `etcd-operator` chart, which must be pre-installed.
257-259: Correct typos and capitalization in autoscaler section.-... enabled for Coredns deployment. This can scale number of replicas based on meitrics ... +... enabled for CoreDNS deployment. This can scale the number of replicas based on metrics ...
275-276: Fix minor typos.-... ensure there are no changes/diffs.s If +... ensure there are no changes/diffs. If -... now under management of helm. +... now under management of Helm.packages/system/coredns/values.yaml (1)
1-3: Confirm Service CIDR compatibility and IP availability.Hardcoding
10.95.0.10requires tenant clusters’ Service CIDR to include and not already use this IP. Consider documenting the constraint inline.coredns: service: - clusterIP: "10.95.0.10" + # NOTE: Must be within the tenant cluster Service CIDR and free (not already allocated). + # Override per-tenant if your Service CIDR differs. + clusterIP: "10.95.0.10"packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml (1)
8-11: Nest customLabels under metadata.labels with nindent for predictable YAMLMake the structure explicit and avoid edge cases where indentation/newline trimming could misplace keys.
- labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} + labels: + {{- include "coredns.labels.autoscaler" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }}packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml (2)
7-10: Nest customLabels under metadata.labels with nindentSame rationale as the ServiceAccount: clearer structure and safer rendering.
- labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} + labels: + {{- include "coredns.labels.autoscaler" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }}
25-29: Update stale GitHub reference in commentThe project moved from kubernetes-incubator to kubernetes-sigs.
-# kubernetes-incubator/cluster-proportional-autoscaler#16 +# kubernetes-sigs/cluster-proportional-autoscaler#16packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml (2)
13-13: Remove trailing whitespaceMinor formatting cleanup to satisfy linters.
- pspEnable: true - + pspEnable: true
15-54: Optional: add a negative test for PSP rule when disabledGuard against regressions by asserting the PSP rule is absent when rbac.pspEnable=false on clusters >=1.25.
Example additional test case:
- it: should not include PSP rule when pspEnable is false set: rbac: pspEnable: false asserts: - isKind: of: ClusterRole - notContains: path: rules[2].resources content: podsecuritypoliciespackages/system/coredns/charts/coredns/tests/servicemonitor_test.yaml (2)
20-23: Nit: Drop unused isClusterService in this test.ServiceMonitor rendering usually doesn’t depend on isClusterService. Keeping only values that affect the template reduces cognitive load for future readers.
- isClusterService: true
28-65: Add a negative-path test for namespaceSelector omission.When prometheus.monitor.namespace equals .Release.Namespace, namespaceSelector should not be present. Add a second test to prevent accidental regressions.
+ - it: should omit namespaceSelector when monitor namespace equals release namespace + set: + deployment: + enabled: true + prometheus: + monitor: + enabled: true + namespace: default + asserts: + - notExists: + path: spec.namespaceSelectorpackages/system/coredns/charts/coredns/tests/clusterrolebinding_autoscaler_test.yaml (1)
7-16: Add “does not render” guards when flags are off.Ensure the template is gated by both autoscaler.enabled and rbac.create by adding two negative tests.
+ - it: should not render when autoscaler is disabled + set: + autoscaler: + enabled: false + rbac: + create: true + asserts: + - hasDocuments: + count: 0 + + - it: should not render when rbac.create is false + set: + autoscaler: + enabled: true + rbac: + create: false + asserts: + - hasDocuments: + count: 0packages/system/coredns/charts/coredns/tests/configmap_test.yaml (1)
6-42: Add a guard for skipConfig=true to avoid accidental ConfigMap renders.A negative test will ensure deployment.skipConfig effectively disables the ConfigMap.
+ - it: "should not render when skipConfig is true" + set: + deployment: + enabled: true + skipConfig: true + asserts: + - hasDocuments: + count: 0packages/system/coredns/charts/coredns/tests/deployment_test.yaml (2)
22-35: Strengthen tolerations assertion to verify content, not just existence.Validate that the provided toleration is included to catch template regressions.
asserts: - - exists: - path: spec.template.spec.tolerations + - contains: + path: spec.template.spec.tolerations + content: + key: CriticalAddonsOnly + operator: Exists
7-63: Add “deployment.enabled=false” guard test.Prevents accidental rendering when disabled.
+ - it: should not render deployment when disabled + set: + deployment: + enabled: false + template: templates/deployment.yaml + asserts: + - hasDocuments: + count: 0packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml (1)
4-7: Add optional metadata.annotations for consistency with other resources.Other templates/tests support customAnnotations; mirror that here to keep RBAC resources consistent.
metadata: name: {{ template "coredns.clusterRoleName" . }} labels: {{- include "coredns.labels" . | nindent 4 }} + {{- with .Values.customAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }}packages/system/coredns/charts/coredns/tests/clusterrolebinding_test.yaml (1)
20-52: Good, focused assertions.Covers kind, naming, roleRef, and subject wiring. Consider adding one label assertion (e.g., app.kubernetes.io/name) to catch regressions in helper labels.
packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml (2)
7-14: Use nindent for customLabels and keep annotations block consistent.Minor templating polish: prefer nindent for deterministic leading newline; matches the style used for included labels and annotations.
Apply:
- labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} + labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | nindent 4 }} +{{- end }}
1-3: YAMLLint false-positive on Go template preamble.The error at Line 1 is expected for unrendered templates. Exclude chart templates from yamllint or use a relaxed rule-set for Helm templates to avoid noise.
packages/system/coredns/charts/coredns/tests/serviceaccount_autoscaler_test.yaml (1)
24-48: Solid coverage of name/ns/labels/annotations/pullSecrets.Add a negative test ensuring the SA does not render when autoscaler.enabled=false (same values minus the flag).
packages/system/coredns/charts/coredns/tests/service-metrics_test.yaml (1)
33-82: Nice validation of selector override and metadata.Optional: assert Service type (defaults to ClusterIP) to catch future accidental changes.
packages/system/coredns/charts/coredns/templates/service-metrics.yaml (3)
35-38: Prefer named targetPort to decouple from container port numbers.If the container port is named "metrics", target the name for resilience to numeric changes.
ports: - name: metrics port: 9153 - targetPort: 9153 + targetPort: metrics
12-23: Annotation merge guard is fine; keep style consistent.Good use of or-gate. Consider using nindent consistently (already used) and keep this pattern across templates for readability.
1-1: YAMLLint warning is a template parsing false-positive.Same as other templates: configure yamllint to ignore Helm templates or apply a Helm-aware linter (helm lint/chart-testing) to avoid spurious failures.
packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml (1)
18-23: Nit: normalize indentation undermatchLabels.Keys under
matchLabelsare indented with 8 spaces; the rest of the chart typically uses 2-space steps. Align for consistency.- matchLabels: - app.kubernetes.io/instance: {{ .Release.Name | quote }} - {{- if .Values.isClusterService }} - k8s-app: {{ template "coredns.k8sapplabel" . }} - {{- end }} - app.kubernetes.io/name: {{ template "coredns.name" . }} + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- if .Values.isClusterService }} + k8s-app: {{ template "coredns.k8sapplabel" . }} + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }}packages/system/coredns/charts/coredns/templates/servicemonitor.yaml (1)
18-22: RendernamespaceSelectoronly when an override is set.With
nealone, a nilmonitor.namespacestill triggers a selector to the release namespace. Harmless but noisy; guard with existence.- {{- if ne .Values.prometheus.monitor.namespace .Release.Namespace }} + {{- if and .Values.prometheus.monitor.namespace (ne .Values.prometheus.monitor.namespace .Release.Namespace) }} namespaceSelector: matchNames: - {{ .Release.Namespace }} {{- end }}packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml (2)
8-41: Add assertions for apiGroups and verbs to harden RBAC expectationsStrengthen the positive case by asserting the empty apiGroup and verbs for the first rule.
- equal: path: rules[0].resources value: ["nodes"] + - equal: + path: rules[0].apiGroups + value: [""] + - equal: + path: rules[0].verbs + value: ["list", "watch"]
62-62: Add a trailing newlineFixes the YAMLlint warning.
- count: 0 + count: 0 +packages/apps/kubernetes/templates/helmreleases/coredns.yaml (1)
38-44: Verify lookup-based conditional dependsOn won’t flapConditional inclusion of a dependency via lookup can change the rendered spec across reconciliations. If stability matters, consider making the dependency explicit or guarding with a chart value.
Would you like me to refactor this to a values-gated toggle (e.g., addons.core.kubernetesDep.enabled) so dependsOn is deterministic?
packages/apps/kubernetes/values.schema.json (1)
104-121: Nit: capitalize “CoreDNS” in descriptionsAlign with upstream naming used elsewhere.
- "description": "Coredns", + "description": "CoreDNS",packages/system/coredns/charts/coredns/tests/hpa_test.yaml (2)
41-47: Assert autoscaling API version explicitly.Add an assertion for apiVersion (autoscaling/v2) to avoid regressions if the template switches versions.
- isKind: of: HorizontalPodAutoscaler + - equal: + path: apiVersion + value: autoscaling/v2
60-67: Consider covering scaleDown behavior too.If your template supports behavior.scaleDown, add at least one assertion to catch accidental omissions.
packages/system/coredns/charts/coredns/tests/deployment-autoscaler_test.yaml (1)
18-30: Also verify rollout checksum and serviceAccountName.These are easy to regress; add assertions for the configmap checksum annotation and serviceAccountName.
asserts: - isKind: of: Deployment - equal: path: metadata.name value: RELEASE-NAME-coredns-autoscaler + - exists: + path: spec.template.metadata.annotations.checksum/configmap + - equal: + path: spec.template.spec.serviceAccountName + value: RELEASE-NAME-coredns-autoscaler - equal: path: spec.template.spec.containers[0].image value: autoscaler:v1.0.0 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresentpackages/system/coredns/charts/coredns/tests/service_test.yaml (2)
66-73: Optional: validate at least one port.If the service template exposes DNS, assert one port exists to catch accidental removals.
- equal: path: spec.clusterIP value: 10.96.0.10 + - exists: + path: spec.ports[0]
102-109: TrafficDistribution is version-sensitive.This field is gated by cluster version/feature gates. Consider templating it only when set AND the cluster version supports it; add a unit test that omits it and ensures the field is absent.
packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml (1)
45-66: Optional hardening: add pod/container security contexts.Consider setting runAsNonRoot and seccompProfile to align with cluster-baseline standards.
spec: serviceAccountName: {{ template "coredns.fullname" . }}-autoscaler + securityContext: + seccompProfile: + type: RuntimeDefault {{- $priorityClassName := default .Values.priorityClassName .Values.autoscaler.priorityClassName }} @@ containers: - name: autoscaler + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + readOnlyRootFilesystem: truepackages/system/coredns/charts/coredns/values.yaml (1)
282-287: Clarify label/annotation scope.The note says these apply “Including autoscaler if enabled.” Ensure templates consistently include customLabels/customAnnotations on autoscaler ConfigMap and Deployment metadata/pod template. From the Deployment they’re applied; double-check ConfigMap coverage and add tests if missing.
packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml (2)
8-11: Simplify labels/annotations blocks with with; fixes indentation noise and keeps structure tightUse with blocks to avoid duplicated ifs and reduce YAMLlint noise around indentation under labels/annotations.
- labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} - {{- if .Values.customLabels }} - {{- toYaml .Values.customLabels | nindent 4 }} - {{- end }} + labels: + {{- include "coredns.labels.autoscaler" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} - {{- if or .Values.autoscaler.configmap.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - {{- if .Values.autoscaler.configmap.annotations -}} - {{ toYaml .Values.autoscaler.configmap.annotations | nindent 4 }} - {{- end }} - {{- end }} + {{- if or .Values.autoscaler.configmap.annotations .Values.customAnnotations }} + annotations: + {{- with .Values.customAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.autoscaler.configmap.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }}Also applies to: 12-20
7-7: Nit: remove extra space after colonMinor whitespace polish; keeps diffs cleaner.
- namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace }}packages/system/coredns/charts/coredns/templates/service.yaml (1)
8-11: Align labels/annotations structureRender labels/annotations under metadata with with blocks for clarity and consistent indentation.
- labels: {{- include "coredns.labels" . | nindent 4 }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} + labels: + {{- include "coredns.labels" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} - {{- if or .Values.service.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - {{- end }} + {{- if or .Values.service.annotations .Values.customAnnotations }} + annotations: + {{- with .Values.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.customAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }}Also applies to: 12-20
packages/system/coredns/charts/coredns/templates/deployment.yaml (1)
55-57: Remove deprecated scheduler.alpha.kubernetes.io/tolerations annotationThis annotation is long-deprecated and has no effect on modern clusters; it can be dropped to reduce noise.
- {{- if .Values.isClusterService }} - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' - {{- end }}If you still need CriticalAddonsOnly semantics, rely on PriorityClass and tolerations fields instead.
packages/system/coredns/charts/coredns/templates/_helpers.tpl (1)
66-133: Map mutation style is correct but overuses :=; streamline to avoid shadowingset mutates in place; repeated := rebinds new locals and is confusing. Using = (or calling set without reassignment) is clearer.
Example refactor (pattern):
-{{- $ports := set $ports $port (dict "istcp" false "isudp" false "serviceport" $serviceport) -}} +{{- $ports = set $ports $port (dict "istcp" false "isudp" false "serviceport" $serviceport) -}}Apply similarly to later $ports/$innerdict reassignments in both servicePorts and containerPorts.
Also applies to: 138-214
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (46)
packages/apps/kubernetes/Chart.yaml(1 hunks)packages/apps/kubernetes/README.md(1 hunks)packages/apps/kubernetes/templates/cluster.yaml(0 hunks)packages/apps/kubernetes/templates/helmreleases/coredns.yaml(1 hunks)packages/apps/kubernetes/values.schema.json(3 hunks)packages/apps/kubernetes/values.yaml(1 hunks)packages/apps/versions_map(1 hunks)packages/system/coredns/Chart.yaml(1 hunks)packages/system/coredns/Makefile(1 hunks)packages/system/coredns/charts/coredns/.helmignore(1 hunks)packages/system/coredns/charts/coredns/Chart.yaml(1 hunks)packages/system/coredns/charts/coredns/README.md(1 hunks)packages/system/coredns/charts/coredns/templates/NOTES.txt(1 hunks)packages/system/coredns/charts/coredns/templates/_helpers.tpl(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrole.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/configmap.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/deployment.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/hpa.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/service-metrics.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/service.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/serviceaccount.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/servicemonitor.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrolebinding_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrolebinding_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/configmap_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/configmap_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/deployment-autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/deployment_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/hpa_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/poddisruptionbudget_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/service-metrics_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/service_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/serviceaccount_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/serviceaccount_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/servicemonitor_test.yaml(1 hunks)packages/system/coredns/charts/coredns/values.yaml(1 hunks)packages/system/coredns/values.yaml(1 hunks)
💤 Files with no reviewable changes (1)
- packages/apps/kubernetes/templates/cluster.yaml
🧰 Additional context used
🪛 YAMLlint (1.37.1)
packages/system/coredns/charts/coredns/templates/clusterrole.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/configmap.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/deployment.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml
[error] 13-13: trailing spaces
(trailing-spaces)
packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml
[error] 62-62: no new line character at the end of file
(new-line-at-end-of-file)
packages/system/coredns/charts/coredns/templates/hpa.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/servicemonitor.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 9-9: wrong indentation: expected 2 but found 4
(indentation)
[warning] 10-10: wrong indentation: expected 2 but found 4
(indentation)
[warning] 11-11: wrong indentation: expected 2 but found 4
(indentation)
packages/system/coredns/charts/coredns/templates/serviceaccount.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/apps/kubernetes/templates/helmreleases/coredns.yaml
[error] 4-4: syntax error: expected , but found ''
(syntax)
packages/system/coredns/charts/coredns/templates/service-metrics.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/service.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
🪛 LanguageTool
packages/system/coredns/charts/coredns/templates/NOTES.txt
[grammar] ~1-~1: There might be a mistake here.
Context: {{- if .Values.isClusterService }} CoreDNS is now running in the cluster as...
(QB_NEW_EN)
[grammar] ~2-~2: There might be a mistake here.
Context: ...ing in the cluster as a cluster-service. {{- else }} CoreDNS is now running in th...
(QB_NEW_EN)
[grammar] ~19-~19: There might be a mistake here.
Context: ..." from within the cluster {{- end }} {{- end }} It can be tested with the fo...
(QB_NEW_EN)
packages/system/coredns/charts/coredns/README.md
[grammar] ~16-~16: There might be a mistake here.
Context: ...he default mode and CoreDNS is deployed as cluster-service in kube-system namespac...
(QB_NEW_EN)
[grammar] ~16-~16: There might be a mistake here.
Context: ... CoreDNS is deployed as cluster-service in kube-system namespace. This mode is cho...
(QB_NEW_EN)
[grammar] ~17-~17: There might be a mistake here.
Context: ...be exposed outside the cluster by using using either the NodePort or LoadBalancer typ...
(QB_NEW_EN)
[grammar] ~18-~18: There might be a mistake here.
Context: ...ub case of 'external dns service' which uses etcd plugin for CoreDNS backend. This d...
(QB_NEW_EN)
[grammar] ~18-~18: There might be a mistake here.
Context: ...nal dns service' which uses etcd plugin for CoreDNS backend. This deployment mode a...
(QB_NEW_EN)
[grammar] ~127-~127: There might be a mistake here.
Context: ... | "" | | prometheus.monitor.interval ...
(QB_NEW_EN)
[grammar] ~142-~142: There might be a mistake here.
Context: ... | false | | isClusterService ...
(QB_NEW_EN)
[grammar] ~151-~151: There might be a mistake here.
Context: ... | 5 | | livenessProbe.successThreshold ...
(QB_NEW_EN)
[grammar] ~157-~157: There might be a mistake here.
Context: ... | 5 | | readinessProbe.successThreshold ...
(QB_NEW_EN)
[grammar] ~204-~204: There might be a mistake here.
Context: ... | 3 | | `autoscaler.livenessProbe.successThresh...
(QB_NEW_EN)
[grammar] ~205-~205: There might be a mistake here.
Context: ... | | autoscaler.extraContainers ...
(QB_NEW_EN)
[grammar] ~206-~206: There might be a mistake here.
Context: ... | | deployment.enabled ...
(QB_NEW_EN)
[grammar] ~207-~207: There might be a mistake here.
Context: ... | true | | deployment.name ...
(QB_NEW_EN)
[grammar] ~236-~236: There might be a mistake here.
Context: ...GCE" or "Azure container service" cannot create external loadbalancers with both ...
(QB_NEW_EN)
[grammar] ~238-~238: There might be a mistake here.
Context: ...erviceType="LoadBalancer"` on such cloud environments, make sure you do not attem...
(QB_NEW_EN)
[grammar] ~239-~239: There might be a mistake here.
Context: ...ttempt to use both protocols at the same time. ## Autoscaling By setting `autos...
(QB_NEW_EN)
[grammar] ~244-~244: There might be a mistake here.
Context: ...By setting autoscaler.enabled = true a [cluster-proportional-autoscaler](https:...
(QB_NEW_EN)
[grammar] ~245-~245: There might be a mistake here.
Context: ...cubator/cluster-proportional-autoscaler) will be deployed. This will default to a...
(QB_NEW_EN)
[grammar] ~246-~246: There might be a mistake here.
Context: ... coredns replica for every 256 cores, or 16 nodes in the cluster. These can be ch...
(QB_NEW_EN)
[grammar] ~248-~248: There might be a mistake here.
Context: ...licaandautoscaler.nodesPerReplica`. When cluster is using large nodes (with more...
(QB_NEW_EN)
[grammar] ~248-~248: There might be a mistake here.
Context: ... cluster is using large nodes (with more cores), coresPerReplica should dominat...
(QB_NEW_EN)
[grammar] ~249-~249: There might be a mistake here.
Context: ...should dominate. If using small nodes,nodesPerReplica` should dominate. This...
(QB_NEW_EN)
[grammar] ~252-~252: There might be a mistake here.
Context: ... ClusterRole, and ClusterRoleBinding for the autoscaler deployment. `replicaCoun...
(QB_NEW_EN)
[grammar] ~257-~257: There might be a mistake here.
Context: ...n-application/horizontal-pod-autoscale/) is enabled for Coredns deployment. This ...
(QB_NEW_EN)
[grammar] ~258-~258: There might be a mistake here.
Context: ...nabled for Coredns deployment. This can scale number of replicas based on meitrics li...
(QB_NEW_EN)
[grammar] ~258-~258: Ensure spelling is correct
Context: ...s can scale number of replicas based on meitrics like CpuUtilization, MemoryUtilization o...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~259-~259: Ensure spelling is correct
Context: ...mber of replicas based on meitrics like CpuUtilization, MemoryUtilization or Custom ones. ## ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~275-~275: There might be a mistake here.
Context: ...o ensure there are no changes/diffs.s If you have been careful this should not di...
(QB_NEW_EN)
[grammar] ~276-~276: There might be a mistake here.
Context: ...ve all the resources unmodified and now under management of helm. Some values to inv...
(QB_NEW_EN)
[grammar] ~280-~280: There might be a mistake here.
Context: ...Helm release are: - k8sAppLabelOverride - service.name - customLabels In some cas...
(QB_NEW_EN)
[grammar] ~281-~281: There might be a mistake here.
Context: ...e: - k8sAppLabelOverride - service.name - customLabels In some cases, you will ne...
(QB_NEW_EN)
[grammar] ~290-~290: Ensure spelling is correct
Context: ...ill delete the deployment and leave the replicaset to ensure no downtime in the cluster. Y...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 checkmake (0.2.2)
packages/system/coredns/Makefile
[warning] 1-1: Missing required phony target "all"
(minphony)
[warning] 1-1: Missing required phony target "clean"
(minphony)
[warning] 1-1: Missing required phony target "test"
(minphony)
🔇 Additional comments (35)
packages/system/coredns/charts/coredns/.helmignore (1)
1-22: Solid baseline; covers the usual VCS/backup/IDE clutter.Good starting set for clean chart packaging.
packages/apps/versions_map (1)
72-73: Approve Kubernetes version mapping.
Chart.yaml (0.28.0) aligns with the versions_map entries, commit 6cd5e74 for 0.27.0 exists, and only 0.28.0 is set to HEAD.packages/apps/kubernetes/Chart.yaml (1)
19-19: Chart bump to 0.28.0 — LGTM.
Matches versions_map update; no other changes needed here.packages/system/coredns/charts/coredns/Chart.yaml (1)
5-11: LGTM on chart metadata; versions look coherent.
appVersion: 1.12.3withversion: 1.43.2is consistent with upstream charting. No functional issues spotted.packages/system/coredns/charts/coredns/README.md (1)
134-136: Verify default for service.externalTrafficPolicy.Table shows
[](array) for a string field; typical values areClusterorLocal. Please correct after verifying the actual default.packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml (3)
12-15: LGTM: annotations blockAnnotations are correctly scoped under metadata and conditionally rendered.
16-19: LGTM: imagePullSecrets placementimagePullSecrets are correctly attached to the ServiceAccount and properly indented.
1-2: Yamllint error is a false positive for Helm templatesThe leading template control line and document separator routinely trip yamllint when run on unrendered templates. Safe to ignore.
packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml (2)
16-24: RBAC rule set looks correct for cluster-proportional-autoscalernodes list/watch and scale subresource permissions align with common deployments; dual extensions/apps groups cover older clusters.
1-2: Yamllint error is a false positive for Helm templatesUnrendered Helm control structures often confuse yamllint. Safe to ignore.
packages/system/coredns/charts/coredns/tests/serviceaccount_test.yaml (2)
45-47: LGTM: imagePullSecrets assertionAsserting the first pull secret name is sufficient and stable.
7-18: ServiceAccount template consumes .Values.image.pullSecrets as expected
Verified thattemplates/serviceaccount.yamluses.Values.image.pullSecretsforimagePullSecrets, not.Values.autoscaler.image.pullSecrets.packages/system/coredns/charts/coredns/tests/poddisruptionbudget_test.yaml (2)
7-21: LGTM: value setup is minimal and preciseThe test enables only what’s needed and exercises maxUnavailable plus label/annotation paths.
51-61: LGTM: selectors match helpers and cluster-service semanticsAsserting app labels and k8s-app when isClusterService=true is appropriate.
packages/system/coredns/charts/coredns/tests/servicemonitor_test.yaml (1)
28-65: Good, well-scoped assertions for ServiceMonitor.Covers kind, naming, namespaces, labels/annotations, selector, and endpoints (port/interval). Looks consistent with typical ServiceMonitor expectations.
packages/system/coredns/charts/coredns/tests/clusterrolebinding_autoscaler_test.yaml (1)
20-61: Solid coverage of RBAC binding fields.Validates name, labels/annotations, roleRef, and subject triple (kind/name/namespace). Good use of default release name semantics.
packages/system/coredns/charts/coredns/tests/configmap_test.yaml (1)
6-42: Nice Corefile and zone-file assertions.Regex checks for zone stanza, forward plugin, and zone file content are precise and readable. Annotation assertion is a good touch.
packages/system/coredns/charts/coredns/tests/deployment_test.yaml (3)
7-21: Image assertion is clear and minimal.Direct equality on the container image keeps this from being brittle.
36-46: Checksum assertion is appropriate.Regex on a 64-char hex digest is a pragmatic way to assert presence without coupling to exact value.
47-63: Good: securityContext and priority class are validated.Covers two common drift points; nicely parameterized via values.
packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml (2)
1-15: Template is correct and safely gated.RBAC binding targets the expected ClusterRole and ServiceAccount; gating on deployment.enabled and rbac.create is appropriate.
1-1: YAMLLint warning is a false positive on Helm trim markers.The “expected node content, but found '-'” at Line 1 is from yamllint parsing Helm’s {{- ... -}}. Prefer linting rendered output (helm template) or excluding templated files from yamllint.
Run this to lint rendered manifests instead of raw templates (no helm binary in CI? render via your pipeline’s Helm step, then yamllint on the output dir):
#!/bin/bash # Render and lint only this template for a smoke check (example values) cat > /tmp/values.yaml <<'YAML' deployment: enabled: true rbac: create: true YAML # Expected: yamllint exits 0 on rendered manifest helm template test ./packages/system/coredns/charts/coredns -f /tmp/values.yaml \ --show-only templates/clusterrolebinding.yaml > /tmp/out.yaml yamllint -d '{extends: default, rules: {document-start: disable}}' /tmp/out.yamlpackages/system/coredns/charts/coredns/tests/clusterrolebinding_test.yaml (1)
7-19: Remove or update invalid clusterrolebinding test
The chart doesn’t include aclusterrolebinding.yamltemplate (only autoscaler variants). Adjusttests/clusterrolebinding_test.yamlto referenceclusterrolebinding-autoscaler.yamlor remove outdated assertions.Likely an incorrect or invalid review comment.
packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml (1)
1-1: FYI: YAMLlint error is a false positive on Helm templates.
{{- ... }}at BOF confuses plain YAML linters. Rendered manifests are valid.packages/system/coredns/charts/coredns/templates/configmap.yaml (1)
1-1: FYI: YAMLlint error is a false positive on Helm templates.Top-level
{{- if ... }}is fine post-render.packages/system/coredns/charts/coredns/tests/configmap_autoscaler_test.yaml (1)
1-76: Good coverage and assertions.Tests validate metadata merge and all autoscaler knobs via regex; looks solid.
packages/system/coredns/charts/coredns/templates/servicemonitor.yaml (1)
1-1: FYI: YAMLlint error is a false positive on Helm templates.Expected with Go templating at file start.
packages/system/coredns/charts/coredns/templates/hpa.yaml (1)
1-1: FYI: YAMLlint error is a false positive on Helm templates.The leading
{{- if ... }}is fine after render.packages/system/coredns/charts/coredns/templates/serviceaccount.yaml (1)
20-23: LGTM: imagePullSecrets placementimagePullSecrets sits at the correct level for a ServiceAccount.
packages/apps/kubernetes/values.schema.json (1)
16-18: Defaults wiring for addons.coredns looks consistentMatches the cilium/verticalPodAutoscaler pattern.
packages/system/coredns/charts/coredns/templates/clusterrole.yaml (1)
25-36: PSP rule is safely gatedGated behind rbac.pspEnable; compatible with clusters >=1.25 where PSP is absent.
packages/system/coredns/charts/coredns/tests/deployment-autoscaler_test.yaml (2)
32-55: LGTM on scheduling knobs.PriorityClassName and tolerations coverage looks good and matches values layout.
68-77: Strong negative cases.Good guards ensuring no Deployment when autoscaler is disabled or HPA is enabled.
packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml (1)
1-1: Exclude Helm templates from yamllint
The.yamllintignore entry (packages/system/coredns/charts/coredns/templates/**/*.yaml) is effective, preventing false-positive control-line errors.packages/system/coredns/charts/coredns/values.yaml (1)
310-315: HPA defaults align.Good to ship disabled with sane min/max. Pair this with the apiVersion assertion in tests.
| ## @field addons.coredns {coredns} Coredns | ||
| ## | ||
| coredns: | ||
| ## @field coredns.valuesOverride {object} Custom values to override | ||
| ## | ||
| valuesOverride: {} | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Add an enabled flag for coredns addon for consistency and control.
All other addons expose enabled; CoreDNS should too.
coredns:
+ ## @field coredns.enabled {bool} Enable CoreDNS addon.
+ enabled: false
## @field coredns.valuesOverride {object} Custom values to override
##
valuesOverride: {}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## @field addons.coredns {coredns} Coredns | |
| ## | |
| coredns: | |
| ## @field coredns.valuesOverride {object} Custom values to override | |
| ## | |
| valuesOverride: {} | |
| ## @field addons.coredns {coredns} Coredns | |
| ## | |
| coredns: | |
| ## @field coredns.enabled {bool} Enable CoreDNS addon. | |
| enabled: false | |
| ## @field coredns.valuesOverride {object} Custom values to override | |
| ## | |
| valuesOverride: {} |
🤖 Prompt for AI Agents
In packages/apps/kubernetes/values.yaml around lines 125 to 131, add an enabled
flag to the coredns addon so it matches other addons and can be toggled; insert
a boolean field (e.g. enabled: true) at the coredns top level (above or before
valuesOverride) and ensure the default is set to true to preserve current
behavior while allowing users to disable CoreDNS via values.
| apiVersion: v2 | ||
| name: cozy-coredns | ||
| version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Pin CoreDNS dependency to ensure reproducible builds.
Add an explicit dependency on the vendored subchart with a fixed version to complement the Makefile pin.
apiVersion: v2
name: cozy-coredns
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
+description: Umbrella chart for CoreDNS in tenant clusters
+type: application
+dependencies:
+ - name: coredns
+ version: 1.43.2
+ repository: "file://charts/coredns"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| apiVersion: v2 | |
| name: cozy-coredns | |
| version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process | |
| apiVersion: v2 | |
| name: cozy-coredns | |
| version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process | |
| description: Umbrella chart for CoreDNS in tenant clusters | |
| type: application | |
| dependencies: | |
| - name: coredns | |
| version: 1.43.2 | |
| repository: "file://charts/coredns" |
🤖 Prompt for AI Agents
In packages/system/coredns/Chart.yaml around lines 1-3, the chart lacks an
explicit pinned dependency entry for the vendored CoreDNS subchart; add a
dependencies section that declares the vendored subchart with a fixed semantic
version (and repository pointing to the local vendored path, e.g.
file://.../vendor or file://charts/<subchart>), so the Chart.yaml explicitly
pins the subchart version to match the Makefile pin; after adding the dependency
entry update the chart.lock (or run helm dependency update) to lock the version.
| $ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.38.0 | ||
| ``` | ||
|
|
||
| The command deploys the `1.38.0` version of CoreDNS on the Kubernetes cluster in the default configuration. | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Version mismatch with this vendored chart.
OCI example pins 1.38.0, but this chart declares version: 1.43.2 and appVersion: 1.12.3. Update or avoid pinning to prevent confusion.
-$ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.38.0
+# Pin to the version vendored in this repo (1.43.2) or omit to get latest:
+$ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.43.2📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| $ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.38.0 | |
| ``` | |
| The command deploys the `1.38.0` version of CoreDNS on the Kubernetes cluster in the default configuration. | |
| # Pin to the version vendored in this repo (1.43.2) or omit to get latest: | |
| $ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.43.2 |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/README.md around lines 42 to 46, the
helm install example pins --version 1.38.0 which conflicts with this vendored
chart's Chart.yaml (version: 1.43.2, appVersion: 1.12.3); update the README to
either use --version 1.43.2 to match the vendored chart or remove the --version
pin altogether and add a short note recommending using the chart's declared
version (or set the desired version) to avoid confusion.
| {{/* Fetch port from the configuration if the prometheus section exists */}} | ||
| {{- range .plugins -}} | ||
| {{- if eq .name "prometheus" -}} | ||
| {{- $prometheus_addr := toString .parameters -}} | ||
| {{- $prometheus_addr_list := regexSplit ":" $prometheus_addr -1 -}} | ||
| {{- $prometheus_port := index $prometheus_addr_list 1 -}} | ||
| {{- $ports := set $ports $prometheus_port (dict "istcp" true "isudp" false) -}} | ||
| {{- end -}} | ||
| {{- end -}} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Prometheus port parsing can panic on single-segment values
If parameters is just "9153", index $prometheus_addr_list 1 is out-of-range and template rendering fails. Make parsing len-safe.
- {{- range .plugins -}}
- {{- if eq .name "prometheus" -}}
- {{- $prometheus_addr := toString .parameters -}}
- {{- $prometheus_addr_list := regexSplit ":" $prometheus_addr -1 -}}
- {{- $prometheus_port := index $prometheus_addr_list 1 -}}
- {{- $ports := set $ports $prometheus_port (dict "istcp" true "isudp" false) -}}
- {{- end -}}
- {{- end -}}
+ {{- range .plugins -}}
+ {{- if eq .name "prometheus" -}}
+ {{- $prometheus_addr := toString .parameters -}}
+ {{- $parts := regexSplit ":" $prometheus_addr -1 -}}
+ {{- $p := "" -}}
+ {{- if ge (len $parts) 2 -}}
+ {{- $p = index $parts 1 -}}
+ {{- else -}}
+ {{- $p = index $parts 0 -}}
+ {{- end -}}
+ {{- $ports = set $ports $p (dict "istcp" true "isudp" false) -}}
+ {{- end -}}
+ {{- end -}}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{/* Fetch port from the configuration if the prometheus section exists */}} | |
| {{- range .plugins -}} | |
| {{- if eq .name "prometheus" -}} | |
| {{- $prometheus_addr := toString .parameters -}} | |
| {{- $prometheus_addr_list := regexSplit ":" $prometheus_addr -1 -}} | |
| {{- $prometheus_port := index $prometheus_addr_list 1 -}} | |
| {{- $ports := set $ports $prometheus_port (dict "istcp" true "isudp" false) -}} | |
| {{- end -}} | |
| {{- end -}} | |
| {{/* Fetch port from the configuration if the prometheus section exists */}} | |
| {{- range .plugins -}} | |
| {{- if eq .name "prometheus" -}} | |
| {{- $prometheus_addr := toString .parameters -}} | |
| {{- $parts := regexSplit ":" $prometheus_addr -1 -}} | |
| {{- $p := "" -}} | |
| {{- if ge (len $parts) 2 -}} | |
| {{- $p = index $parts 1 -}} | |
| {{- else -}} | |
| {{- $p = index $parts 0 -}} | |
| {{- end -}} | |
| {{- $ports = set $ports $p (dict "istcp" true "isudp" false) -}} | |
| {{- end -}} | |
| {{- end -}} |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/_helpers.tpl around lines
185 to 193, the template assumes the prometheus parameters split on ":" has at
least two segments and directly indexes [1], which panics for single-segment
values like "9153"; update the logic to check the length of
$prometheus_addr_list before indexing (e.g., if len $prometheus_addr_list gt 1
then use index 1 else use index 0 or a safe default), and only call set $ports
with a validated port string so template rendering cannot fail on single-segment
or malformed parameters.
| verbs: | ||
| - list | ||
| - watch | ||
| - apiGroups: | ||
| - discovery.k8s.io | ||
| resources: | ||
| - endpointslices | ||
| verbs: | ||
| - list | ||
| - watch |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Add 'get' to verbs for core resources
Many clusters require get in addition to list/watch for initial reads. Add it for endpoints/services/pods/namespaces and endpointslices.
verbs:
- - list
+ - get
+ - list
- watch
...
verbs:
- - list
+ - get
+ - list
- watch📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - discovery.k8s.io | |
| resources: | |
| - endpointslices | |
| verbs: | |
| - list | |
| - watch | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - discovery.k8s.io | |
| resources: | |
| - endpointslices | |
| verbs: | |
| - get | |
| - list | |
| - watch |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/clusterrole.yaml around
lines 15 to 24, the RBAC verbs for core resources only include list and watch
(and endpointslices only list/watch); update each verbs list for endpoints,
services, pods, namespaces and endpointslices to include "get" in addition to
"list" and "watch" so initial reads work across clusters; modify the YAML so
every relevant rule's verbs array is ["get","list","watch"] for those resources.
| {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }} | ||
| annotations: | ||
| {{- if .Values.customAnnotations }} | ||
| {{- toYaml .Values.customAnnotations | nindent 4 }} | ||
| {{- end }} | ||
| {{- if .Values.serviceAccount.annotations }} | ||
| {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Merge annotations to avoid duplicate keys and control precedence
Rendering two blocks can duplicate keys. Build a merged map first.
- {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }}
- annotations:
- {{- if .Values.customAnnotations }}
- {{- toYaml .Values.customAnnotations | nindent 4 }}
- {{- end }}
- {{- if .Values.serviceAccount.annotations }}
- {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
- {{- end }}
- {{- end }}
+ {{- $ann := dict -}}
+ {{- with .Values.customAnnotations }}{{- $_ := merge $ann . -}}{{- end }}
+ {{- with .Values.serviceAccount.annotations }}{{- $_ := merge $ann . -}}{{- end }}
+ {{- if $ann }}
+ annotations:
+ {{- toYaml $ann | nindent 4 }}
+ {{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }} | |
| annotations: | |
| {{- if .Values.customAnnotations }} | |
| {{- toYaml .Values.customAnnotations | nindent 4 }} | |
| {{- end }} | |
| {{- if .Values.serviceAccount.annotations }} | |
| {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} | |
| {{- end }} | |
| {{- end }} | |
| {{- $ann := dict -}} | |
| {{- with .Values.customAnnotations }}{{- $_ := merge $ann . -}}{{- end }} | |
| {{- with .Values.serviceAccount.annotations }}{{- $_ := merge $ann . -}}{{- end }} | |
| {{- if $ann }} | |
| annotations: | |
| {{- toYaml $ann | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/serviceaccount.yaml around
lines 11-19, the template renders two separate annotation blocks which can
produce duplicate keys; instead build a single merged map and render it once.
Create a merged annotations map (merge base .Values.serviceAccount.annotations
with .Values.customAnnotations, choosing which should take precedence — e.g.,
have customAnnotations override serviceAccount.annotations), check if the merged
map is non-empty, and then output it with a single toYaml | nindent 4 call so
keys aren’t duplicated and precedence is controlled.
| path: metadata.annotations.custom-annotation | ||
| value: yes |
There was a problem hiding this comment.
Quote “yes” to avoid boolean coercion
Unquoted yes parses as a boolean true; the template emits a string. This assertion will otherwise fail.
- value: yes
+ value: "yes"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| path: metadata.annotations.custom-annotation | |
| value: yes | |
| path: metadata.annotations.custom-annotation | |
| value: "yes" |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/tests/serviceaccount_test.yaml around
lines 38 to 39, the test sets value: yes which YAML-parses as a boolean true
while the template emits a string; update the assertion to quote the value
(value: "yes") so it remains a string and the assertion matches the template
output.
| ## Configue a cluster-proportional-autoscaler for coredns | ||
| # See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler | ||
| autoscaler: | ||
| # Enabled the cluster-proportional-autoscaler | ||
| enabled: false | ||
|
|
There was a problem hiding this comment.
Fix typos and grammar in comments.
Minor doc polish improves professionalism.
-## Configue a cluster-proportional-autoscaler for coredns
+## Configure a cluster-proportional-autoscaler for CoreDNS
@@
- # Enabled the cluster-proportional-autoscaler
- enabled: false
+ # Enable the cluster-proportional-autoscaler
+ enabled: false
@@
- ## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler.
+ ## Optionally specify extra flags to pass to cluster-proportional-autoscaler.Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/values.yaml around lines 316 to 321,
fix the comment typos and grammar: change "Configue a
cluster-proportional-autoscaler for coredns" to "Configure a
cluster-proportional-autoscaler for CoreDNS" and change "Enabled the
cluster-proportional-autoscaler" to "Enable the cluster-proportional-autoscaler"
(or "Enable the cluster-proportional-autoscaler." as a short sentence) so the
comments are spelled correctly and grammatically consistent.
packages/system/coredns/values.yaml
Outdated
| @@ -0,0 +1,3 @@ | |||
| coredns: | |||
| service: | |||
| clusterIP: "10.95.0.10" | |||
There was a problem hiding this comment.
Let's move these values definition to coredns helmchart resources in kubernetes application, we might want to reuse this helm chart later for management cluster as well.
There was a problem hiding this comment.
Please also add coredns to the deletion job hook
aab524f to
7f4b72d
Compare
Signed-off-by: kklinch0 <kklinch0@gmail.com>
7f4b72d to
6b5af37
Compare
There was a problem hiding this comment.
Actionable comments posted: 12
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
packages/apps/kubernetes/templates/helmreleases/delete.yaml (2)
74-86: Missing permission for gateway-api-crds in Role.resourceNames.
You patch {{ .Release.Name }}-gateway-api-crds (Line 33) but the Role lacks that resourceName, causing Forbidden on patch.Apply:
- {{ .Release.Name }}-cilium + - {{ .Release.Name }}-gateway-api-crds - {{ .Release.Name }}-csi - {{ .Release.Name }}-cert-manager - {{ .Release.Name }}-cert-manager-crds - {{ .Release.Name }}-vertical-pod-autoscaler - {{ .Release.Name }}-vertical-pod-autoscaler-crds - {{ .Release.Name }}-ingress-nginx - {{ .Release.Name }}-fluxcd-operator - {{ .Release.Name }}-fluxcd - {{ .Release.Name }}-gpu-operator - {{ .Release.Name }}-velero - {{ .Release.Name }}-coredns
28-46: Loop kubectl patch for each HelmRelease
kubectl patch only accepts a single resource name per invocation (kubectl synopsis:kubectl patch (-f FILENAME | TYPE NAME)) (kubernetes.io) — wrap the command in a shell loop to suspend each HelmRelease individually.- kubectl - --namespace={{ .Release.Namespace }} - patch - helmrelease - {{ .Release.Name }}-cilium - {{ .Release.Name }}-gateway-api-crds - {{ .Release.Name }}-csi - {{ .Release.Name }}-cert-manager - {{ .Release.Name }}-cert-manager-crds - {{ .Release.Name }}-vertical-pod-autoscaler - {{ .Release.Name }}-vertical-pod-autoscaler-crds - {{ .Release.Name }}-ingress-nginx - {{ .Release.Name }}-fluxcd-operator - {{ .Release.Name }}-fluxcd - {{ .Release.Name }}-gpu-operator - {{ .Release.Name }}-velero - {{ .Release.Name }}-coredns - -p '{"spec": {"suspend": true}}' - --type=merge --field-manager=flux-client-side-apply || true + for hr in \ + {{ .Release.Name }}-cilium \ + {{ .Release.Name }}-gateway-api-crds \ + {{ .Release.Name }}-csi \ + {{ .Release.Name }}-cert-manager \ + {{ .Release.Name }}-cert-manager-crds \ + {{ .Release.Name }}-vertical-pod-autoscaler \ + {{ .Release.Name }}-vertical-pod-autoscaler-crds \ + {{ .Release.Name }}-ingress-nginx \ + {{ .Release.Name }}-fluxcd-operator \ + {{ .Release.Name }}-fluxcd \ + {{ .Release.Name }}-gpu-operator \ + {{ .Release.Name }}-velero \ + {{ .Release.Name }}-coredns; do + kubectl --namespace={{ .Release.Namespace }} patch helmrelease "$hr" \ + -p '{"spec": {"suspend": true}}' \ + --type=merge --field-manager=flux-client-side-apply || true + done
♻️ Duplicate comments (20)
packages/system/coredns/charts/coredns/README.md (1)
41-46: Version mismatch with vendored chart (use 1.43.2 or omit pin).The OCI example pins 1.38.0, but the vendored Chart.yaml declares version 1.43.2 (appVersion 1.12.3). Align to avoid confusion.
-```console -$ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.38.0 -``` - -The command deploys the `1.38.0` version of CoreDNS on the Kubernetes cluster in the default configuration. +```console +$ helm --namespace=kube-system install coredns oci://ghcr.io/coredns/charts/coredns --version 1.43.2 +``` + +The command deploys the `1.43.2` version of CoreDNS on the Kubernetes cluster in the default configuration.Alternatively, drop
--versionand add a note that it pulls the latest.packages/system/coredns/Makefile (1)
6-10: Pin chart version, add PHONY/all/clean/test, and make update idempotent.Prevents surprise upgrades, satisfies checkmake warnings, and avoids failures if the repo already exists.
+SHELL := bash +.PHONY: all update clean test +CHART_NAME ?= coredns +CHART_REPO ?= cozy-coredns +CHART_REPO_URL ?= https://coredns.github.io/helm +CHART_VERSION ?= 1.43.2 + export NAME=coredns export NAMESPACE=coredns include ../../../scripts/package.mk -update: - rm -rf charts - helm repo add cozy-coredns https://coredns.github.io/helm - helm repo update cozy-coredns - helm pull cozy-coredns/coredns --untar --untardir charts +all: update + +update: + rm -rf charts + -helm repo add $(CHART_REPO) $(CHART_REPO_URL) + helm repo update + helm pull $(CHART_REPO)/$(CHART_NAME) --version $(CHART_VERSION) --untar --untardir charts + +clean: + rm -rf charts + +test: + helm lint .packages/apps/kubernetes/templates/helmreleases/delete.yaml (1)
44-45: Added CoreDNS to suspend list – resolved.
Including {{ .Release.Name }}-coredns in the pre-delete patch list addresses earlier feedback.packages/system/coredns/charts/coredns/templates/NOTES.txt (1)
6-19: Use exact equality for serviceType, and drop namespace on kubectl get nodes.
Avoid substring matches and fix cluster-scoped resource query.-{{- if contains "NodePort" .Values.serviceType }} +{{- if eq .Values.serviceType "NodePort" }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "coredns.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}") echo "$NODE_IP:$NODE_PORT" -{{- else if contains "LoadBalancer" .Values.serviceType }} +{{- else if eq .Values.serviceType "LoadBalancer" }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl get svc -w {{ template "coredns.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "coredns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo $SERVICE_IP -{{- else if contains "ClusterIP" .Values.serviceType }} +{{- else if eq .Values.serviceType "ClusterIP" }} "{{ template "coredns.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local" from within the clusterpackages/apps/kubernetes/templates/helmreleases/coredns.yaml (2)
35-38: Avoid infinite remediation retries.
Use finite retries to surface persistent failures.- remediation: - retries: -1 + remediation: + retries: 5 --- - upgrade: - remediation: - retries: -1 + upgrade: + remediation: + retries: 5
25-25: Chart version constraint is too permissive; pin to a safe range.
Avoid accidental breaking upgrades.- version: '>= 0.0.0-0' + version: '~0.1.x'packages/system/coredns/charts/coredns/templates/_helpers.tpl (1)
185-193: Prometheus port parsing can panic; make it len-safe and numeric-only.
Current code indexes [1] unconditionally; fails for "9153" or malformed values.- {{- range .plugins -}} - {{- if eq .name "prometheus" -}} - {{- $prometheus_addr := toString .parameters -}} - {{- $prometheus_addr_list := regexSplit ":" $prometheus_addr -1 -}} - {{- $prometheus_port := index $prometheus_addr_list 1 -}} - {{- $ports := set $ports $prometheus_port (dict "istcp" true "isudp" false) -}} - {{- end -}} - {{- end -}} + {{- range .plugins -}} + {{- if eq .name "prometheus" -}} + {{- $addr := toString .parameters -}} + {{- $parts := regexSplit ":" $addr -1 -}} + {{- $p := "" -}} + {{- if ge (len $parts) 2 -}} + {{- $p = index $parts 1 -}} + {{- else -}} + {{- $p = index $parts 0 -}} + {{- end -}} + {{- if regexMatch "^[0-9]+$" $p -}} + {{- $ports = set $ports $p (dict "istcp" true "isudp" false) -}} + {{- end -}} + {{- end -}} + {{- end -}}packages/system/coredns/charts/coredns/templates/hpa.yaml (1)
27-32: Guard empty metrics block; baremetrics:yields invalid YAML when unset.Wrap
metrics:emission in a conditional. This mirrors the prior review comment.- metrics: -{{ toYaml .Values.hpa.metrics | indent 4 }} +{{- if .Values.hpa.metrics }} + metrics: +{{ toYaml .Values.hpa.metrics | indent 4 }} +{{- end }}packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml (2)
1-1: Gate on the boolean flag, not map existence.Render only when podDisruptionBudget.enabled is true.
-{{- if and .Values.deployment.enabled .Values.podDisruptionBudget -}} +{{- if and .Values.deployment.enabled (.Values.podDisruptionBudget.enabled | default false) -}}
15-25: Do not emit unsupported keys; omit enabled/selector from spec map.Avoid duplicating selector and leaking enabled into spec.
spec: {{- if not .Values.podDisruptionBudget.selector }} selector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name | quote }} {{- if .Values.isClusterService }} k8s-app: {{ template "coredns.k8sapplabel" . }} {{- end }} app.kubernetes.io/name: {{ template "coredns.name" . }} {{- end }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- toYaml (omit .Values.podDisruptionBudget "enabled" "selector") | indent 2 }}packages/system/coredns/charts/coredns/templates/configmap.yaml (2)
19-21: Deterministic ordering for extraConfig (avoid map iteration nondeterminism).Sort keys to stabilize Corefile and tests.
- {{- range $name, $conf := .Values.extraConfig }} - {{ $name }}{{ if $conf.parameters }} {{ $conf.parameters }}{{ end }} - {{- end }} + {{- range $name := keys .Values.extraConfig | sortAlpha }} + {{- $conf := index $.Values.extraConfig $name -}} + {{ $name }}{{ if $conf.parameters }} {{ $conf.parameters }}{{ end }} + {{- end }}
33-35: Emit zoneFiles as block scalars to preserve multiline content.Prevents malformed YAML.
- {{- range .Values.zoneFiles }} - {{ .filename }}: {{ toYaml .contents | indent 4 }} - {{- end }} + {{- range .Values.zoneFiles }} + {{ .filename }}: |- +{{ .contents | nindent 4 }} + {{- end }}packages/system/coredns/charts/coredns/templates/serviceaccount.yaml (2)
7-10: customLabels must be nested under metadata.labels.Same issue previously flagged.
- labels: {{- include "coredns.labels" . | nindent 4 }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels | indent 4 }} -{{- end }} + labels: + {{- include "coredns.labels" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }}
11-19: Merge annotations once to avoid duplicate keys and define precedence.Build a single map (custom overrides SA annotations).
- {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} + {{- $ann := dict -}} + {{- with .Values.serviceAccount.annotations }}{{- $_ := merge $ann . -}}{{- end }} + {{- with .Values.customAnnotations }}{{- $_ := merge $ann . -}}{{- end }} + {{- if $ann }} + annotations: + {{- toYaml $ann | nindent 4 }} + {{- end }}packages/system/coredns/charts/coredns/templates/clusterrole.yaml (2)
15-24: Add 'get' to verbs for core resources.Commonly required for initial reads; improves portability.
verbs: - - list - - watch + - get + - list + - watch
23-24: Add 'get' to verbs for endpointslices.Align with core resources.
verbs: - - list - - watch + - get + - list + - watchpackages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml (1)
39-41: Remove deprecated scheduler.alpha tolerations annotation.This legacy annotation is long-deprecated; rely on spec.tolerations only.
annotations: checksum/configmap: {{ include (print $.Template.BasePath "/configmap-autoscaler.yaml") . | sha256sum }} - {{- if .Values.isClusterService }} - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' - {{- end }} {{- with .Values.autoscaler.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }}packages/system/coredns/charts/coredns/templates/service.yaml (2)
54-54: Prefer .Values.service.type with fallback to serviceType for schema consistency.Coalesce to the new location while retaining backward compatibility.
- type: {{ default "ClusterIP" .Values.serviceType }} + type: {{ default "ClusterIP" (coalesce .Values.service.type .Values.serviceType) }}
58-61: Bug: trafficDistribution is rendered outside Service.spec and outside the guard.Move inside spec and before the closing end.
-{{- end }} - {{- if .Values.service.trafficDistribution }} - trafficDistribution: {{ .Values.service.trafficDistribution }} - {{- end }} + {{- if .Values.service.trafficDistribution }} + trafficDistribution: {{ .Values.service.trafficDistribution }} + {{- end }} +{{- end }}packages/system/coredns/charts/coredns/templates/deployment.yaml (1)
169-169: Fix defaultMode for secret volume (decimal vs octal).Kubernetes expects decimal for file modes; 400 is interpreted as 0620. Use 256 (0400) or 420 (0644). Recommend 256 for secrets.
- defaultMode: {{ default 400 .defaultMode }} + defaultMode: {{ default 256 .defaultMode }}
🧹 Nitpick comments (26)
packages/system/coredns/charts/coredns/README.md (11)
16-19: Fix grammar/clarity in deployment modes.Tighten wording, fix duplication, and minor grammar.
- CoreDNS as a cluster dns service and a drop-in replacement for Kube/SkyDNS. This is the default mode and CoreDNS is deployed as cluster-service in kube-system namespace. This mode is chosen by setting `isClusterService` to true. + CoreDNS as a cluster DNS service and a drop-in replacement for kube-dns/SkyDNS. This is the default mode and CoreDNS is deployed as a cluster service in the kube-system namespace. Enable by setting `isClusterService` to true. - CoreDNS as an external dns service. In this mode CoreDNS is deployed as any kubernetes app in user specified namespace. The CoreDNS service can be exposed outside the cluster by using using either the NodePort or LoadBalancer type of service. This mode is chosen by setting `isClusterService` to false. + CoreDNS as an external DNS service. In this mode, CoreDNS is deployed like any Kubernetes app in a user‑specified namespace. Expose it via a Service of type NodePort or LoadBalancer. Enable by setting `isClusterService` to false. - CoreDNS as an external dns provider for kubernetes federation. This is a sub case of 'external dns service' which uses etcd plugin for CoreDNS backend. This deployment mode as a dependency on `etcd-operator` chart, which needs to be pre-installed. + CoreDNS as an external DNS provider for Kubernetes federation. This is a special case of “external DNS service” that uses the etcd plugin as a backend. This deployment mode has a dependency on an etcd operator/cluster, which must be pre‑installed.
28-31: Clarify local (vendored) vs remote install to avoid confusion.Since this chart is vendored in-repo, add an explicit example for installing from the local path.
The chart can be installed as follows: ```console $ helm repo add coredns https://coredns.github.io/helm $ helm --namespace=kube-system install coredns coredns/coredns
+Alternatively, from this repository’s vendored chart:
+
+console +$ cd packages/system/coredns/charts/coredns +$ helm --namespace=kube-system install coredns . +--- `37-43`: **Rename section and fix OCI example heading.** Small wording tweak. ```diff -## OCI installing +## Installing from OCI
63-77: Make helm-unittest invocation path-agnostic.Use “.” so commands work when run from the chart directory.
-Run all unit tests in the chart folder (e.g., `./coredns`): +Run all unit tests in the chart folder: ```bash -helm unittest ./coredns +helm unittest .To output results in JUnit XML format:
mkdir -p test-results helm unittest --strict \ --output-type JUnit \ --output-file test-results/helm-unittest-report.xml \ - ./coredns + .--- `83-88`: **Template command works better with “.” from chart root.** ```diff -helm template ./coredns --debug +helm template . --debug
167-170: Minor formatting/copyedit in Configuration table.-| `env` | Optional array of environment variables for CoreDNS container | [] | +| `env` | Optional array of environment variables for the CoreDNS container | [] | -| `customAnnotations` | Optional annotations for Deployment(s), Pod, Service, ServiceMonitor objects | +| `customAnnotations` | Optional annotations for Deployment(s), Pod, Service, ServiceMonitor objects | {} |Note: Add
{}default for consistency if values.yaml defines it.
242-260: Fix typos and casing in Autoscaling section.-By setting `autoscaler.enabled = true` a +By setting `autoscaler.enabled = true`, a @@ -This will default to a coredns replica for every 256 cores, or +This defaults to a CoreDNS replica for every 256 cores, or @@ -and `autoscaler.nodesPerReplica`. When cluster is using large nodes (with more -cores), `coresPerReplica` should dominate. If using small nodes, +and `autoscaler.nodesPerReplica`. When the cluster is using large nodes (with more +cores), `coresPerReplica` should dominate. If using small nodes, `nodesPerReplica` should dominate. @@ -By setting `hpa.enabled = true` a [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) -is enabled for Coredns deployment. This can scale number of replicas based on meitrics -like CpuUtilization, MemoryUtilization or Custom ones. +By setting `hpa.enabled = true`, a [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) +is enabled for the CoreDNS deployment. This can scale the number of replicas based on metrics +like CPUUtilization, MemoryUtilization, or custom metrics.
229-231: Fix values.yaml link to work in this repo.Absolute “/charts/…” likely 404s here. Use a relative link.
-> **Tip**: You can use the default [values.yaml](/charts/coredns/values.yaml) +> **Tip**: You can use the default [values.yaml](./values.yaml)
275-283: Fix typo and tighten wording in adoption notes.-Once you have annotated and labeled all the resources this chart specifies, you may need to locally template the chart and compare against existing manifest to ensure there are no changes/diffs.s If -you have been careful this should not diff and leave all the resources unmodified and now under management of helm. +Once you have annotated and labeled all resources this chart specifies, locally template the chart and compare against existing manifests to ensure there are no diffs. If +you have been careful, this should not change resources and they will now be managed by Helm.
290-291: Kubernetes kind capitalization.-This will delete the deployment and leave the replicaset to ensure no downtime in the cluster. You will need to manually delete the replicaset AFTER Helm has released a new deployment. +This deletes the Deployment and leaves the ReplicaSet to ensure no downtime in the cluster. Manually delete the ReplicaSet after Helm has created a new Deployment.
7-10: Optional: Explicitly note Flux/HelmRelease usage in this repo.Given this repo deploys via Flux HelmRelease, add a short note so readers don’t assume manual helm install is the primary path.
```console $ helm repo add coredns https://coredns.github.io/helm $ helm --namespace=kube-system install coredns coredns/coredns
+Note: In CozyStack, CoreDNS is deployed via Flux using a HelmRelease; manual helm commands here are for local testing only.
</blockquote></details> <details> <summary>packages/system/coredns/Makefile (2)</summary><blockquote> `1-2`: **Prefer overridable vars for NAME/NAMESPACE.** Keeps defaults while allowing `make NAME=...`. ```diff -export NAME=coredns -export NAMESPACE=coredns +NAME ?= coredns +NAMESPACE ?= coredns +export NAME NAMESPACE
10-10: Optional: enable provenance verification of the pulled chart.Gate
--verifybehind a flag.+VERIFY ?= @@ - helm pull $(CHART_REPO)/$(CHART_NAME) --version $(CHART_VERSION) --untar --untardir charts + helm pull $(CHART_REPO)/$(CHART_NAME) --version $(CHART_VERSION) $(VERIFY) --untar --untardir chartspackages/apps/kubernetes/templates/helmreleases/coredns.yaml (1)
1-5: Move template define into helpers to avoid YAML lint errors and reuse.
Place cozystack.defaultCoreDNSValues in a helpers tpl; keep this file pure YAML.-{{- define "cozystack.defaultCoreDNSValues" -}} -coredns: - service: - clusterIP: "10.95.0.10" -{{- end }} +And add to a helpers file (e.g., packages/apps/kubernetes/templates/helmreleases/_helpers.tpl):
{{- define "cozystack.defaultCoreDNSValues" -}} coredns: service: clusterIP: "10.95.0.10" {{- end -}}Confirm 10.95.0.10 is inside the tenant cluster Service CIDR and does not collide with existing Services.
packages/system/coredns/charts/coredns/templates/_helpers.tpl (1)
227-236: Comment header mismatch (cluster role vs service account).
Minor docs fix to avoid confusion.-{{/* -Create the name of the service account to use -*/}} +{{/* +Create the name of the ClusterRole to use +*/}}packages/system/coredns/charts/coredns/templates/service-metrics.yaml (1)
35-38: Parameterize metrics port to avoid hard-coding 9153.Expose overrides and keep 9153 as default. Also allow changing targetPort independently.
ports: - name: metrics - port: 9153 - targetPort: 9153 + port: {{ default 9153 .Values.prometheus.service.port }} + targetPort: {{ default 9153 .Values.prometheus.service.targetPort }}packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml (2)
12-15: Support merging annotations from serviceAccount scope; keep custom last.Align with common chart conventions: merge
.Values.serviceAccount.annotations(or an autoscaler-scoped variant) with.Values.customAnnotations, with custom taking precedence.-{{- with .Values.customAnnotations }} - annotations: -{{- toYaml . | nindent 4 }} -{{- end }} +{{- $ann := dict -}} +{{- if .Values.serviceAccount.annotations -}} +{{- $ann = merge $ann .Values.serviceAccount.annotations -}} +{{- end -}} +{{- if .Values.customAnnotations -}} +{{- $ann = merge $ann .Values.customAnnotations -}} +{{- end -}} +{{- if $ann }} + annotations: +{{ toYaml $ann | nindent 4 }} +{{- end }}
6-7: Allow overriding SA name for autoscaler.Make the autoscaler ServiceAccount name configurable.
- name: {{ template "coredns.fullname" . }}-autoscaler + name: {{ default (printf "%s-autoscaler" (include "coredns.fullname" .)) .Values.autoscaler.serviceAccount.name }}packages/system/coredns/charts/coredns/tests/poddisruptionbudget_test.yaml (1)
25-62: Add negative and toggle tests to harden coverage.Include cases for: disabled deployment (no PDB rendered) and when
podDisruptionBudget.maxUnavailableis unset (no PDB or default behavior).packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml (3)
13-13: Remove trailing whitespace.Line 13 contains trailing spaces. Drop them to satisfy linters.
- +
36-53: PSP assertions are brittle across Kubernetes versions; guard by capability or split tests.PSP is removed since Kubernetes 1.25. If the template rightly gates PSP RBAC by capability, this test should either:
- set capabilities to include PodSecurityPolicy, or
- move PSP checks to a separate test gated by a value like rbac.pspEnable and/or cluster capabilities.
Otherwise this suite will fail on modern clusters despite correct templates.
18-22: Also assert apiVersion for RBAC resources.Add an apiVersion assertion to tighten the contract.
- isKind: of: ClusterRole + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml (1)
4-15: LGTM; consider adding optional annotations and merging customLabels under metadata.labels (parity with other templates).Current rendering is correct. For consistency with autoscaler resources and to allow per-install labeling/annotations, merge customLabels into labels and add optional annotations.
metadata: name: {{ template "coredns.clusterRoleName" . }} - labels: {{- include "coredns.labels" . | nindent 4 }} + labels: + {{- include "coredns.labels" . | nindent 4 }} + {{- with .Values.customLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.customAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }}packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml (1)
62-62: Add trailing newline.Keeps linters and some tooling happy.
- count: 0 + count: 0 +packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml (1)
71-73: Guard empty resources to avoid rendering an empty/null map.Avoid emitting a dangling "resources:" when values are unset.
- resources: -{{ toYaml .Values.autoscaler.resources | indent 10 }} + {{- if .Values.autoscaler.resources }} + resources: +{{ toYaml .Values.autoscaler.resources | indent 10 }} + {{- end }}packages/system/coredns/charts/coredns/templates/deployment.yaml (1)
61-94: Optional: guard empty resources to prevent dangling keys.Minor hygiene improvement; consistent with autoscaler suggestion.
- resources: -{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- end }}
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (46)
packages/apps/kubernetes/Chart.yaml(1 hunks)packages/apps/kubernetes/README.md(1 hunks)packages/apps/kubernetes/templates/cluster.yaml(0 hunks)packages/apps/kubernetes/templates/helmreleases/coredns.yaml(1 hunks)packages/apps/kubernetes/templates/helmreleases/delete.yaml(2 hunks)packages/apps/kubernetes/values.schema.json(3 hunks)packages/apps/kubernetes/values.yaml(1 hunks)packages/apps/versions_map(1 hunks)packages/system/coredns/Chart.yaml(1 hunks)packages/system/coredns/Makefile(1 hunks)packages/system/coredns/charts/coredns/.helmignore(1 hunks)packages/system/coredns/charts/coredns/Chart.yaml(1 hunks)packages/system/coredns/charts/coredns/README.md(1 hunks)packages/system/coredns/charts/coredns/templates/NOTES.txt(1 hunks)packages/system/coredns/charts/coredns/templates/_helpers.tpl(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrole.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/configmap.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/deployment.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/hpa.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/service-metrics.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/service.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/serviceaccount.yaml(1 hunks)packages/system/coredns/charts/coredns/templates/servicemonitor.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrolebinding_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/clusterrolebinding_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/configmap_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/configmap_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/deployment-autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/deployment_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/hpa_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/poddisruptionbudget_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/service-metrics_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/service_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/serviceaccount_autoscaler_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/serviceaccount_test.yaml(1 hunks)packages/system/coredns/charts/coredns/tests/servicemonitor_test.yaml(1 hunks)packages/system/coredns/charts/coredns/values.yaml(1 hunks)
💤 Files with no reviewable changes (1)
- packages/apps/kubernetes/templates/cluster.yaml
🚧 Files skipped from review as they are similar to previous changes (19)
- packages/system/coredns/charts/coredns/tests/clusterrolebinding_autoscaler_test.yaml
- packages/apps/kubernetes/README.md
- packages/system/coredns/charts/coredns/tests/deployment_test.yaml
- packages/system/coredns/charts/coredns/Chart.yaml
- packages/system/coredns/charts/coredns/tests/serviceaccount_test.yaml
- packages/system/coredns/charts/coredns/tests/configmap_autoscaler_test.yaml
- packages/system/coredns/charts/coredns/tests/configmap_test.yaml
- packages/system/coredns/charts/coredns/tests/deployment-autoscaler_test.yaml
- packages/system/coredns/charts/coredns/tests/serviceaccount_autoscaler_test.yaml
- packages/system/coredns/charts/coredns/tests/service_test.yaml
- packages/system/coredns/charts/coredns/tests/servicemonitor_test.yaml
- packages/apps/kubernetes/values.yaml
- packages/system/coredns/Chart.yaml
- packages/system/coredns/charts/coredns/tests/hpa_test.yaml
- packages/apps/versions_map
- packages/system/coredns/charts/coredns/.helmignore
- packages/apps/kubernetes/values.schema.json
- packages/system/coredns/charts/coredns/tests/service-metrics_test.yaml
- packages/system/coredns/charts/coredns/values.yaml
🧰 Additional context used
🪛 YAMLlint (1.37.1)
packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/configmap.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/tests/clusterrole_test.yaml
[error] 13-13: trailing spaces
(trailing-spaces)
packages/apps/kubernetes/templates/helmreleases/coredns.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrole.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/clusterrolebinding.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 9-9: wrong indentation: expected 2 but found 4
(indentation)
[warning] 10-10: wrong indentation: expected 2 but found 4
(indentation)
[warning] 11-11: wrong indentation: expected 2 but found 4
(indentation)
packages/system/coredns/charts/coredns/templates/deployment-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/deployment.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/hpa.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/service-metrics.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/service.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/serviceaccount-autoscaler.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/serviceaccount.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/templates/servicemonitor.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/system/coredns/charts/coredns/tests/clusterrole-autoscaler_test.yaml
[error] 62-62: no new line character at the end of file
(new-line-at-end-of-file)
🪛 checkmake (0.2.2)
packages/system/coredns/Makefile
[warning] 1-1: Missing required phony target "all"
(minphony)
[warning] 1-1: Missing required phony target "clean"
(minphony)
[warning] 1-1: Missing required phony target "test"
(minphony)
🪛 LanguageTool
packages/system/coredns/charts/coredns/README.md
[grammar] ~16-~16: There might be a mistake here.
Context: ...he default mode and CoreDNS is deployed as cluster-service in kube-system namespac...
(QB_NEW_EN)
[grammar] ~16-~16: There might be a mistake here.
Context: ... CoreDNS is deployed as cluster-service in kube-system namespace. This mode is cho...
(QB_NEW_EN)
[grammar] ~17-~17: There might be a mistake here.
Context: ...be exposed outside the cluster by using using either the NodePort or LoadBalancer typ...
(QB_NEW_EN)
[grammar] ~18-~18: There might be a mistake here.
Context: ...ub case of 'external dns service' which uses etcd plugin for CoreDNS backend. This d...
(QB_NEW_EN)
[grammar] ~18-~18: There might be a mistake here.
Context: ...nal dns service' which uses etcd plugin for CoreDNS backend. This deployment mode a...
(QB_NEW_EN)
[grammar] ~127-~127: There might be a mistake here.
Context: ... | "" | | prometheus.monitor.interval ...
(QB_NEW_EN)
[grammar] ~142-~142: There might be a mistake here.
Context: ... | false | | isClusterService ...
(QB_NEW_EN)
[grammar] ~143-~143: There might be a mistake here.
Context: ...cifies whether chart should be deployed as cluster-service or normal k8s app. ...
(QB_NEW_EN)
[grammar] ~143-~143: There might be a mistake here.
Context: ...t should be deployed as cluster-service or normal k8s app. ...
(QB_NEW_EN)
[grammar] ~151-~151: There might be a mistake here.
Context: ... | 5 | | livenessProbe.successThreshold ...
(QB_NEW_EN)
[grammar] ~157-~157: There might be a mistake here.
Context: ... | 5 | | readinessProbe.successThreshold ...
(QB_NEW_EN)
[grammar] ~204-~204: There might be a mistake here.
Context: ... | 3 | | `autoscaler.livenessProbe.successThresh...
(QB_NEW_EN)
[grammar] ~205-~205: There might be a mistake here.
Context: ... | | autoscaler.extraContainers ...
(QB_NEW_EN)
[grammar] ~206-~206: There might be a mistake here.
Context: ... | | deployment.enabled ...
(QB_NEW_EN)
[grammar] ~207-~207: There might be a mistake here.
Context: ... | true | | deployment.name ...
(QB_NEW_EN)
[grammar] ~236-~236: There might be a mistake here.
Context: ...GCE" or "Azure container service" cannot create external loadbalancers with both ...
(QB_NEW_EN)
[grammar] ~238-~238: There might be a mistake here.
Context: ...erviceType="LoadBalancer"` on such cloud environments, make sure you do not attem...
(QB_NEW_EN)
[grammar] ~239-~239: There might be a mistake here.
Context: ...ttempt to use both protocols at the same time. ## Autoscaling By setting `autos...
(QB_NEW_EN)
[grammar] ~244-~244: There might be a mistake here.
Context: ...By setting autoscaler.enabled = true a [cluster-proportional-autoscaler](https:...
(QB_NEW_EN)
[grammar] ~245-~245: There might be a mistake here.
Context: ...cubator/cluster-proportional-autoscaler) will be deployed. This will default to a...
(QB_NEW_EN)
[grammar] ~246-~246: There might be a mistake here.
Context: ... coredns replica for every 256 cores, or 16 nodes in the cluster. These can be ch...
(QB_NEW_EN)
[grammar] ~248-~248: There might be a mistake here.
Context: ...licaandautoscaler.nodesPerReplica`. When cluster is using large nodes (with more...
(QB_NEW_EN)
[grammar] ~248-~248: There might be a mistake here.
Context: ... cluster is using large nodes (with more cores), coresPerReplica should dominat...
(QB_NEW_EN)
[grammar] ~249-~249: There might be a mistake here.
Context: ...should dominate. If using small nodes,nodesPerReplica` should dominate. This...
(QB_NEW_EN)
[grammar] ~252-~252: There might be a mistake here.
Context: ... ClusterRole, and ClusterRoleBinding for the autoscaler deployment. `replicaCoun...
(QB_NEW_EN)
[grammar] ~257-~257: There might be a mistake here.
Context: ...n-application/horizontal-pod-autoscale/) is enabled for Coredns deployment. This ...
(QB_NEW_EN)
[grammar] ~258-~258: There might be a mistake here.
Context: ...nabled for Coredns deployment. This can scale number of replicas based on meitrics li...
(QB_NEW_EN)
[grammar] ~258-~258: Ensure spelling is correct
Context: ...s can scale number of replicas based on meitrics like CpuUtilization, MemoryUtilization o...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~259-~259: Ensure spelling is correct
Context: ...mber of replicas based on meitrics like CpuUtilization, MemoryUtilization or Custom ones. ## ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~275-~275: There might be a mistake here.
Context: ...o ensure there are no changes/diffs.s If you have been careful this should not di...
(QB_NEW_EN)
[grammar] ~276-~276: There might be a mistake here.
Context: ...ve all the resources unmodified and now under management of helm. Some values to inv...
(QB_NEW_EN)
[grammar] ~280-~280: There might be a mistake here.
Context: ...Helm release are: - k8sAppLabelOverride - service.name - customLabels In some cas...
(QB_NEW_EN)
[grammar] ~281-~281: There might be a mistake here.
Context: ...e: - k8sAppLabelOverride - service.name - customLabels In some cases, you will ne...
(QB_NEW_EN)
[grammar] ~290-~290: Ensure spelling is correct
Context: ...ill delete the deployment and leave the replicaset to ensure no downtime in the cluster. Y...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
packages/system/coredns/charts/coredns/templates/NOTES.txt
[grammar] ~1-~1: There might be a mistake here.
Context: {{- if .Values.isClusterService }} CoreDNS is now running in the cluster as...
(QB_NEW_EN)
[grammar] ~2-~2: There might be a mistake here.
Context: ...ing in the cluster as a cluster-service. {{- else }} CoreDNS is now running in th...
(QB_NEW_EN)
[grammar] ~19-~19: There might be a mistake here.
Context: ..." from within the cluster {{- end }} {{- end }} It can be tested with the fo...
(QB_NEW_EN)
🔇 Additional comments (8)
packages/system/coredns/charts/coredns/README.md (1)
110-141: Table nits: fix a few defaults/types for accuracy.
- service.externalTrafficPolicy default looks like a list
[], but Kubernetes expects a string ("Cluster" or "Local") or empty string.- Minor capitalization consistency: “IfNotPresent” is fine; just ensure types match values.yaml.
Please confirm
service.externalTrafficPolicyin values.yaml and adjust the default in the table if needed. Suggested change if it’s a string:-| `service.externalTrafficPolicy` | Enable client source IP preservation | [] | +| `service.externalTrafficPolicy` | Enable client source IP preservation (set to `Local` to preserve client IP) | `""` |packages/apps/kubernetes/Chart.yaml (1)
19-19: Verify documentation references for v0.28.0
packages/apps/kubernetes/README.md contains no “0.28.0” references and no release-notes files were found; please confirm existing docs or add the necessary entries.packages/system/coredns/charts/coredns/templates/clusterrole-autoscaler.yaml (1)
27-29: Confirm ConfigMap verbs and scoping for autoscaler
- Verify whether your deployed autoscaler actually writes to its ConfigMap at runtime. Only add
"update"to theverbsif it modifies the ConfigMap; otherwise plan to remove the configmaps rule entirely once kubernetes-sigs/cluster-proportional-autoscaler#16 is resolved.- To lock the rule to a single ConfigMap, add an
autoscaler.configMapNamefield invalues.yamland reference it underresourceNames(e.g.resourceNames: - {{ default (printf "%s-autoscaler" (include "coredns.fullname" .)) .Values.autoscaler.configMapName }} ```)packages/system/coredns/charts/coredns/tests/clusterrolebinding_test.yaml (1)
20-52: Solid coverage and value overrides verified.Assertions cover name derivation, roleRef, and subject wiring with overrides; looks good.
packages/system/coredns/charts/coredns/templates/poddisruptionbudget.yaml (1)
1-26: Run helm-unittest locallyEnsure the helm-unittest plugin is installed and execute:
helm unittest packages/system/coredns/charts/corednsto confirm the PodDisruptionBudget and RBAC templates render as expected.
packages/system/coredns/charts/coredns/templates/servicemonitor.yaml (1)
23-34: ServiceMonitor selector matches the service-metrics Service labels
Theservice-metrics.yamlService includesapp.kubernetes.io/instance,app.kubernetes.io/nameandapp.kubernetes.io/component: metrics, so the default ServiceMonitor selector will correctly match it.packages/system/coredns/charts/coredns/templates/serviceaccount.yaml (1)
20-23: Confirm value path for imagePullSecrets.Using .Values.image.pullSecrets for a ServiceAccount is nonstandard; many charts use .Values.serviceAccount.imagePullSecrets. Ensure consumers set the intended path.
packages/system/coredns/charts/coredns/templates/configmap-autoscaler.yaml (1)
1-33: LGTM: ConfigMap shape and typed fields look correct.
| {{- toYaml (deepCopy .Values.addons.coredns.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCoreDNSValues" .))) | nindent 4 }} | ||
| dependsOn: |
There was a problem hiding this comment.
mergeOverwrite order reverses precedence; user overrides are lost.
Defaults must be merged first, then overridden by valuesOverride.
- {{- toYaml (deepCopy .Values.addons.coredns.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCoreDNSValues" .))) | nindent 4 }}
+ {{- toYaml ((fromYaml (include "cozystack.defaultCoreDNSValues" .)) | mergeOverwrite (deepCopy .Values.addons.coredns.valuesOverride)) | nindent 4 }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{- toYaml (deepCopy .Values.addons.coredns.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCoreDNSValues" .))) | nindent 4 }} | |
| dependsOn: | |
| {{- toYaml ((fromYaml (include "cozystack.defaultCoreDNSValues" .)) | mergeOverwrite (deepCopy .Values.addons.coredns.valuesOverride)) | nindent 4 }} | |
| dependsOn: |
🤖 Prompt for AI Agents
In packages/apps/kubernetes/templates/helmreleases/coredns.yaml around lines 40
to 41, the mergeOverwrite call currently passes the user valuesOverride first
which causes it to be overridden by the defaults; swap the merge arguments so
the defaults (fromYaml (include "cozystack.defaultCoreDNSValues" .)) are merged
first and then .Values.addons.coredns.valuesOverride is applied, preserving user
overrides when rendering toYaml.
| - Kubernetes 1.10 or later | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Validate minimum supported Kubernetes version.
“Kubernetes 1.10 or later” is likely outdated. Align with Chart.yaml’s kubeVersion.
If kubeVersion > 1.10, update the README accordingly.
🏁 Script executed:
#!/bin/bash
# Print kubeVersion and appVersion from this chart to align README claims
rg -nP '^(kubeVersion|version|appVersion):\s' -n packages/system/coredns/charts/coredns/Chart.yaml -N -n -C0 || trueLength of output: 150
Define and align minimum Kubernetes version in Chart.yaml and README.
Chart.yaml currently lacks a kubeVersion constraint while README.md still states “Kubernetes 1.10 or later.” Add an appropriate kubeVersion entry to packages/system/coredns/charts/coredns/Chart.yaml (e.g. >=1.10.0) and update or remove the hardcoded requirement in README.md to match.
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/README.md around lines 22-23 and
packages/system/coredns/charts/coredns/Chart.yaml, the README states "Kubernetes
1.10 or later" but Chart.yaml lacks a kubeVersion constraint; add a kubeVersion
field to Chart.yaml (for example kubeVersion: ">=1.10.0") and then update the
README.md to either remove the hardcoded version or change it to match the
Chart.yaml constraint so both files are aligned.
| ``` | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -euo pipefail | ||
|
|
||
| for kind in config service serviceAccount; do | ||
| echo "setting annotations and labels on $kind/coredns" | ||
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE | ||
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-namespace=kube-system | ||
| kubectl -n kube-system label --overwrite $kind coredns app.kubernetes.io/managed-by=Helm | ||
| done | ||
| ``` |
There was a problem hiding this comment.
Script bug: use correct Kubernetes kind “configmap”.
“config” is not a valid kind. Replace with “configmap”.
-for kind in config service serviceAccount; do
+for kind in configmap service serviceAccount; do
echo "setting annotations and labels on $kind/coredns"
kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE
kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-namespace=kube-system
kubectl -n kube-system label --overwrite $kind coredns app.kubernetes.io/managed-by=Helm
done📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ``` | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| for kind in config service serviceAccount; do | |
| echo "setting annotations and labels on $kind/coredns" | |
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE | |
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-namespace=kube-system | |
| kubectl -n kube-system label --overwrite $kind coredns app.kubernetes.io/managed-by=Helm | |
| done | |
| ``` | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| for kind in configmap service serviceAccount; do | |
| echo "setting annotations and labels on $kind/coredns" | |
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE | |
| kubectl -n kube-system annotate --overwrite $kind coredns meta.helm.sh/release-namespace=kube-system | |
| kubectl -n kube-system label --overwrite $kind coredns app.kubernetes.io/managed-by=Helm | |
| done |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/README.md around lines 296 to 307, the
shell loop uses an invalid Kubernetes kind "config" causing kubectl to fail;
change "config" to the correct kind "configmap" in the for loop so it iterates
over "configmap service serviceAccount", then update any related echo messages
if desired to reflect "configmap".
| labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} | ||
| {{- if .Values.customLabels }} | ||
| {{ toYaml .Values.customLabels | indent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Bug: customLabels are emitted at metadata root, not under metadata.labels.
This produces invalid object metadata and drops labels. Merge customLabels into labels.
-metadata:
- name: {{ template "coredns.fullname" . }}-autoscaler
- labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ labels:
+ {{- include "coredns.labels.autoscaler" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| labels: {{- include "coredns.labels.autoscaler" . | nindent 4 }} | |
| {{- if .Values.customLabels }} | |
| {{ toYaml .Values.customLabels | indent 4 }} | |
| {{- end }} | |
| metadata: | |
| name: {{ template "coredns.fullname" . }}-autoscaler | |
| labels: | |
| {{- include "coredns.labels.autoscaler" . | nindent 4 }} | |
| {{- with .Values.customLabels }} | |
| {{- toYaml . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
In
packages/system/coredns/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
around lines 7–10, customLabels are being emitted at the metadata root instead
of inside metadata.labels; move/merge the customLabels into the labels map so
they render under metadata.labels. Update the template so the labels block
includes both the output of the existing coredns.labels.autoscaler include and
the .Values.customLabels (merged or appended) and render .Values.customLabels
with the same indentation (nindent/indent) so they become child entries of
labels rather than top-level keys.
| labels: {{- include "coredns.labels" . | nindent 4 }} | ||
| {{- if .Values.customLabels }} | ||
| {{ toYaml .Values.customLabels | indent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
customLabels must be nested under metadata.labels.
They currently render as siblings. Fold them into labels.
- labels: {{- include "coredns.labels" . | nindent 4 }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
+ labels:
+ {{- include "coredns.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| labels: {{- include "coredns.labels" . | nindent 4 }} | |
| {{- if .Values.customLabels }} | |
| {{ toYaml .Values.customLabels | indent 4 }} | |
| {{- end }} | |
| labels: | |
| {{- include "coredns.labels" . | nindent 4 }} | |
| {{- with .Values.customLabels }} | |
| {{- toYaml . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/configmap.yaml around lines
9 to 12, customLabels are being rendered as sibling keys instead of nested under
metadata.labels; move the {{- if .Values.customLabels }} ... {{- end }} block so
it is inside the labels block and render the values with the same indentation
(use toYaml .Values.customLabels | nindent 4) so the custom labels are merged
under labels rather than at the top level.
| {{- if or .Values.prometheus.service.annotations .Values.service.annotations .Values.customAnnotations }} | ||
| annotations: | ||
| {{- if .Values.prometheus.service.annotations }} | ||
| {{- toYaml .Values.prometheus.service.annotations | nindent 4 }} | ||
| {{- end }} | ||
| {{- if .Values.service.annotations }} | ||
| {{- toYaml .Values.service.annotations | nindent 4 }} | ||
| {{- end }} | ||
| {{- if .Values.customAnnotations }} | ||
| {{- toYaml .Values.customAnnotations | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Unify and order annotation sources; avoid duplicate keys and wrong precedence.
Currently you emit three maps sequentially; last one wins, which makes generic service.annotations override the more specific prometheus.service.annotations. Merge with clear precedence instead (generic < prometheus-specific < custom), and render once.
- {{- if or .Values.prometheus.service.annotations .Values.service.annotations .Values.customAnnotations }}
- annotations:
- {{- if .Values.prometheus.service.annotations }}
- {{- toYaml .Values.prometheus.service.annotations | nindent 4 }}
- {{- end }}
- {{- if .Values.service.annotations }}
- {{- toYaml .Values.service.annotations | nindent 4 }}
- {{- end }}
- {{- if .Values.customAnnotations }}
- {{- toYaml .Values.customAnnotations | nindent 4 }}
- {{- end }}
- {{- end }}
+ {{- $ann := dict -}}
+ {{- if .Values.service.annotations -}}
+ {{- $ann = merge $ann .Values.service.annotations -}}
+ {{- end -}}
+ {{- if .Values.prometheus.service.annotations -}}
+ {{- $ann = merge $ann .Values.prometheus.service.annotations -}}
+ {{- end -}}
+ {{- if .Values.customAnnotations -}}
+ {{- $ann = merge $ann .Values.customAnnotations -}}
+ {{- end -}}
+ {{- if $ann }}
+ annotations:
+{{ toYaml $ann | indent 4 }}
+ {{- end }}Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/service-metrics.yaml around
lines 12–23, you currently render three annotation maps sequentially which
causes later maps to override earlier ones and can produce duplicate keys;
instead create a single merged map with the desired precedence (generic
service.annotations < prometheus.service.annotations < customAnnotations) and
render it once. Implement this by building a mergedAnnotations variable that
merges the maps in that order (ensuring nils are treated as empty maps), e.g.
merged := merge .Values.service.annotations
.Values.prometheus.service.annotations .Values.customAnnotations, then only emit
the annotations block if merged is non-empty and render with toYaml merged |
nindent 4 so keys are deterministic and precedence is correct.
| labels: {{- include "coredns.labels" . | nindent 4 }} | ||
| {{- if .Values.prometheus.monitor.additionalLabels }} | ||
| {{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Fold additionalLabels under metadata.labels (indent/structure bug).
Currently renders as sibling keys, breaking YAML. Merge into the labels map.
- labels: {{- include "coredns.labels" . | nindent 4 }}
- {{- if .Values.prometheus.monitor.additionalLabels }}
-{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
- {{- end }}
+ labels:
+ {{- include "coredns.labels" . | nindent 4 }}
+ {{- with .Values.prometheus.monitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| labels: {{- include "coredns.labels" . | nindent 4 }} | |
| {{- if .Values.prometheus.monitor.additionalLabels }} | |
| {{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} | |
| {{- end }} | |
| labels: | |
| {{- include "coredns.labels" . | nindent 4 }} | |
| {{- with .Values.prometheus.monitor.additionalLabels }} | |
| {{- toYaml . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/servicemonitor.yaml around
lines 9–12, the .Values.prometheus.monitor.additionalLabels block is being
rendered as a sibling key instead of merged under metadata.labels; update the
template so additionalLabels are emitted inside the existing labels map (i.e.,
render toYaml .Values.prometheus.monitor.additionalLabels with the same
indentation/nindent as the labels block or merge them before rendering), guard
the block with an if to avoid emitting empty content, and ensure final YAML
produces a single labels map containing both the included coredns.labels and any
additionalLabels.
| {{- if ne .Values.prometheus.monitor.namespace .Release.Namespace }} | ||
| namespaceSelector: | ||
| matchNames: | ||
| - {{ .Release.Namespace }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Guard namespaceSelector only when a distinct monitor namespace is set.
Avoid adding namespaceSelector when monitor.namespace is unset/same as Release.Namespace.
- {{- if ne .Values.prometheus.monitor.namespace .Release.Namespace }}
+ {{- if and .Values.prometheus.monitor.namespace (ne .Values.prometheus.monitor.namespace .Release.Namespace) }}
namespaceSelector:
- matchNames:
- - {{ .Release.Namespace }}
+ matchNames:
+ - {{ .Release.Namespace }}
{{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{- if ne .Values.prometheus.monitor.namespace .Release.Namespace }} | |
| namespaceSelector: | |
| matchNames: | |
| - {{ .Release.Namespace }} | |
| {{- end }} | |
| {{- if and .Values.prometheus.monitor.namespace (ne .Values.prometheus.monitor.namespace .Release.Namespace) }} | |
| namespaceSelector: | |
| matchNames: | |
| - {{ .Release.Namespace }} | |
| {{- end }} |
🤖 Prompt for AI Agents
In packages/system/coredns/charts/coredns/templates/servicemonitor.yaml around
lines 18-22, the template currently adds namespaceSelector whenever
.Values.prometheus.monitor.namespace != .Release.Namespace which still emits
namespaceSelector if monitor.namespace is unset/empty; change the conditional to
only render namespaceSelector when monitor.namespace is explicitly set AND is
different from .Release.Namespace (e.g. check that
.Values.prometheus.monitor.namespace is non-empty and then compare), so
namespaceSelector is omitted when monitor.namespace is unset or equals the
release namespace.
| update: | ||
| rm -rf charts | ||
| helm repo add cozy-coredns https://coredns.github.io/helm | ||
| helm repo update cozy-coredns | ||
| helm pull cozy-coredns/coredns --untar --untardir charts |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Sanity-check vendored chart version matches Makefile pin.
Prevent drift between vendored Chart.yaml and CHART_VERSION.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
file=packages/system/coredns/charts/coredns/Chart.yaml
mf=packages/system/coredns/Makefile
if [[ -f "$file" ]]; then
vend_ver=$(awk '/^version:/{print $2; exit}' "$file")
make_ver=$(sed -n 's/^CHART_VERSION[[:space:]]*?=[[:space:]]*//p' "$mf" | head -1)
echo "Vendored: $vend_ver | Makefile: $make_ver"
test "$vend_ver" = "$make_ver"
else
echo "Chart.yaml not present; run 'make update' first."
fiLength of output: 482
Define and pin CHART_VERSION in the Makefile to match vendored chart (1.43.2)
Add a CHART_VERSION = 1.43.2 variable and update the update target to use it (e.g. helm pull cozy-coredns/coredns --version $(CHART_VERSION)) so the vendored Chart.yaml and Makefile stay in sync.
🤖 Prompt for AI Agents
In packages/system/coredns/Makefile around lines 6 to 10, the Makefile currently
pulls the coredns chart without pinning a version which can drift from the
vendored Chart.yaml; add a variable CHART_VERSION = 1.43.2 at the top of the
Makefile and update the update target to use that variable (e.g. change the helm
pull invocation to include --version $(CHART_VERSION)) so the vendored chart and
Makefile stay in sync.
| helm repo add cozy-coredns https://coredns.github.io/helm | ||
| helm repo update cozy-coredns |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Make repo ops robust; confirm helm repo update syntax.
Use either a leading dash or --force-update to avoid failure on re-add; drop the repo arg for broader compatibility.
- helm repo add cozy-coredns https://coredns.github.io/helm
- helm repo update cozy-coredns
+ -helm repo add cozy-coredns https://coredns.github.io/helm
+ helm repo update🌐 Web query:
Does Helm 3 support specifying repository names as arguments to `helm repo update`, or is the documented form without arguments?
💡 Result:
Short answer: Helm 3 does support passing repository names to helm repo update — but that was added in v3.7.0. Older 3.x releases (e.g., v3.3.x) accepted no arguments. [1][2][3]
Sources:
- Official helm repo update docs (shows optional [REPO...] args). [1]
- GitHub issue tracking the feature and its fix. [2]
- Helm v3.7.0 release notes listing "helm repo update now accepts an optional repository name." [3]
Use --force-update on repo add and drop repo name from update for Helm <3.7 compatibility
packages/system/coredns/Makefile: lines 8-9
- helm repo add cozy-coredns https://coredns.github.io/helm
- helm repo update cozy-coredns
+ helm repo add --force-update cozy-coredns https://coredns.github.io/helm
+ helm repo update🤖 Prompt for AI Agents
In packages/system/coredns/Makefile around lines 8 to 9, the helm commands are
incompatible with Helm <3.7; change the repo add to include the --force-update
flag (e.g., helm repo add --force-update cozy-coredns
https://coredns.github.io/helm) and remove the repository name from the repo
update call so it becomes a simple helm repo update, ensuring Helm <3.7
compatibility.
What this PR does
Release note
Summary by CodeRabbit
New Features
Documentation
Tests
Chores