-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patch 1 #2490
Patch 1 #2490
Conversation
Co-authored-by: Jagankumar <[email protected]>
* updated audit service in unified-UAT * Updated unified-uat.yaml --------- Co-authored-by: Jagankumar <[email protected]>
* added helm chart config for revision estimate * added values for estimate
* changed context path from health-mdms-v2 to egov-mdms-service * added in env SERVER_CONTEXT_PATH to egov-mdms-service * changed path to egov-mdms-service from health-mdms-v2
…#2154) * updated the hostname in boundary service to point to old mdms * Update values.yaml * Update unified-uat.yaml * Update values.yaml
* [DPG-2011] Added helm files for spring-cloud-gateway * Updated the spring gateway-k8-discovery
added csv and docs file formates to filestore
zip file added
WalkthroughThis update encompasses a broad restructuring of deployment and configuration management across various components, with a focus on enhancing clarity, consistency, and security. It includes a significant reorganization of the Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 42
Configuration used: CodeRabbit UI
Files ignored due to path filters (249)
config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.5.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.6.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.7.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-quickstart-v2.7.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/Sanitation/dependancy_chart-fsm-v1.2.1.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.2.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.3.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.4.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-quickstart-v2.4.yaml
is excluded by:!**/*.yaml
config-as-code/product-release-charts/iFix/dependancy_chart-mGramSeva-v1.0.yaml
is excluded by:!**/*.yaml
deploy-as-code/deployer/go.mod
is excluded by:!**/*.mod
deploy-as-code/deployer/go.sum
is excluded by:!**/*.sum
deploy-as-code/egov-deployer/go.mod
is excluded by:!**/*.mod
deploy-as-code/helm/charts/backbone-services/cert-manager/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/cert-manager-crds.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-certificaterequests.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-certificates.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-challenges.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-issuers.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-orders.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-config.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp-clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-rbac.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterissuer.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/controller-config.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/networkpolicy-egress.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/networkpolicy-webhooks.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/podmonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp-clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp-clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/rbac.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/servicemonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-job.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp-clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-rbac.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-config.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-mutating-webhook.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp-clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp-clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-rbac.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-validating-webhook.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-data-infra-v1-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-data-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-master-infra-v1-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-master-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/persistentvolume.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/secret-cert.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/secret.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/statefulset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/daemonset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-customconfig-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-customnodeport-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-extra-modules.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-headers-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-internal-lb-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-nodeport-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-podannotations-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-default-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-metrics-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-psp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-webhook-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-autoscaling-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-customconfig-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-customnodeport-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-default-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-headers-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-internal-lb-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-metrics-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-nodeport-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-podannotations-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-psp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-resources-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/cert-manager.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-addheaders.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-tcp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-udp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-daemonset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-hpa.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-ingressclass.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-keda.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-prometheusrules.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-role.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-internal.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-metrics.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-webhook.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-servicemonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-hpa.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-psp.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-role.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/dh-param-secret.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/jaeger/templates/query-deploy.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/jaeger/templates/spark-cronjob.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/jenkins/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-connect/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/config-secrets.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/pdb.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/statefulset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/svc-external-access.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/svc-headless.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/config-secrets.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/pdb.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/statefulset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/svc-external-access.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/svc-headless.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/extra-list.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/log4j-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-servicemonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-svc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/prometheusrule.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/servicemonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/svc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/network-policy/networkpolicy-egress.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/network-policy/networkpolicy-ingress.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/job.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/tls-secret.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/role.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/scripts-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/secrets.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/svc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/tls-secret.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-v2/templates/statefulset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/pv.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/pvc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/scripts-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/statefulset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/svc-headless.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/svc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana-v1/kibana-infra-v1-values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/configmap-helm-scripts.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/ingress.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-job.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-role.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/podsecuritypolicy.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/psp-clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/psp-clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/Chart.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/clusterrole.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/clusterrolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-daemonset.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-deployment.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-metrics-service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-prometheusrules.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-rolebinding.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-service.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-serviceaccount.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-servicemonitor.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/custom-headers.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/configmap.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/pv.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/pvc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/playground/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/templates/pv.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/templates/pvc.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/values.yaml
is excluded by:!**/*.yaml
deploy-as-code/helm/charts/backbone-services/prometheus-blackbox-exporter/Chart.yaml
is excluded by:!**/*.yaml
Files selected for processing (31)
- CODEOWNERS (1 hunks)
- config-as-code/product-release-charts/Sanitation/README.md (1 hunks)
- deploy-as-code/deployer/cmd/deploy.go (2 hunks)
- deploy-as-code/deployer/cmd/root.go (3 hunks)
- deploy-as-code/deployer/configs/deployment_configurator.go (1 hunks)
- deploy-as-code/deployer/full_installer.go (1 hunks)
- deploy-as-code/deployer/main.go (1 hunks)
- deploy-as-code/deployer/pkg/cmd/deployer/deployer.go (3 hunks)
- deploy-as-code/deployer/pkg/cmd/deployer/options.go (1 hunks)
- deploy-as-code/deployer/standalone_installer.go (1 hunks)
- deploy-as-code/helm/.sops.yaml (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/.gitignore (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/.helmignore (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/README.template.md (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/crds/README.md (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/signkey_annotation.txt (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/templates/NOTES.txt (1 hunks)
- deploy-as-code/helm/charts/backbone-services/cert-manager/templates/_helpers.tpl (1 hunks)
- deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/_helpers.tpl (2 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/.helmignore (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/CHANGELOG.md (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/OWNERS (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md.gotmpl (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog.md.gotmpl (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog/Changelog-4.5.2.md (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/NOTES.txt (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_helpers.tpl (1 hunks)
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_params.tpl (1 hunks)
- deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/NOTES.txt (1 hunks)
- deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl (1 hunks)
Files not summarized due to errors (2)
- deploy-as-code/deployer/configs/deployment_configurator.go: Error: Message exceeds token limit
- deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl: Error: Message exceeds token limit
Files skipped from review due to trivial changes (7)
- config-as-code/product-release-charts/Sanitation/README.md
- deploy-as-code/deployer/cmd/root.go
- deploy-as-code/deployer/main.go
- deploy-as-code/helm/charts/backbone-services/cert-manager/.gitignore
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/.helmignore
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/OWNERS
- deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog.md.gotmpl
Additional comments: 103
CODEOWNERS (1)
- 1-1: The addition of new code owners (
@shashwat-egov
,@nikhilmulinti-egov
,@sathishp-eGov
) is noted. Please ensure that these individuals are aware of their new responsibilities and have been granted the necessary permissions to fulfill their roles effectively.deploy-as-code/helm/charts/backbone-services/cert-manager/.helmignore (1)
- 23-27: The addition of specific files (
BUILD.bazel
,Chart.template.yaml
,README.template.md
,OWNERS
,cert-manager*.tgz
) to the.helmignore
file is appropriate. Please verify that these patterns accurately match the intended files and directories to be ignored during Helm packaging.deploy-as-code/helm/.sops.yaml (1)
- 6-6: The update to the
path_regex
pattern for environment secrets is noted. Please ensure that the regex pattern accurately matches the intended secrets file and that the encryption key is securely managed and has appropriate access controls.deploy-as-code/deployer/pkg/cmd/deployer/options.go (1)
- 4-4: The introduction of
ConfigDir
in place ofHelmDir
is a positive change towards a more generic and clear naming convention for configuration directories. Please ensure that all references to this variable throughout the codebase have been updated accordingly and that this change is communicated to the team to avoid confusion.deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog/Changelog-4.5.2.md (1)
- 1-13: The changelog for the ingress-nginx Helm Chart version 4.5.2 is clear and informative, documenting significant changes and improvements. Please ensure that the changelog is kept up-to-date with any future changes to maintain transparency and ease of understanding for users.
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/NOTES.txt (1)
- 1-15: The deployment success information provided in
NOTES.txt
for cert-manager is clear and helpful, offering users guidance on next steps, such as setting up a ClusterIssuer or Issuer resource. This enhances the user experience by providing actionable information post-deployment.deploy-as-code/helm/charts/backbone-services/cert-manager/crds/README.md (1)
- 1-18: The README for the CRDs source directory is clear and effectively communicates its purpose for development only. This documentation is important for guiding developers on how to use the files within this directory correctly and avoiding misuse by end-users.
deploy-as-code/deployer/cmd/deploy.go (1)
- 50-53: The update to the
helm-dir
path and the addition of a print statement foroptions.ConfigDir
are positive changes that enhance clarity and aid in debugging. Please ensure that the new path (../../config-as-code
) is correct, accessible, and communicated to the team. The print statement adds transparency to the deployment process, which is beneficial for troubleshooting.deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_params.tpl (1)
- 1-65: The template parameters defined in
_params.tpl
for the ingress-nginx Helm chart are comprehensive and provide a wide range of configuration options. This flexibility allows for customization to meet various deployment needs while emphasizing the importance of secure defaults. Please ensure that the parameters are reviewed for security implications and best practices are followed to maintain a secure and efficient deployment.deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/_helpers.tpl (4)
- 11-15: The template for generating Elasticsearch roles is straightforward and correctly iterates over the roles defined in the values file. This approach allows for flexible role assignment based on deployment needs.
- 20-34: The
elasticsearch.gen-certs
template introduces a mechanism to generate certificates if the secret doesn't already exist. This is a valuable addition for environments where automatic certificate management is not available. However, ensure that the certificate generation (genCA
andgenSignedCert
) functions are secure and generate certificates with appropriate attributes (e.g., validity period, usage constraints).
- Verify that the certificate generation logic adheres to security best practices.
- Confirm that the generated certificates meet the requirements for Elasticsearch and any interfacing systems.
- 36-50: The template for determining the Elasticsearch master service name is well-structured, offering flexibility through various overrides (
fullnameOverride
,nameOverride
,clusterName
). This ensures that the master service name can be customized to fit different deployment scenarios. It's important to document these options clearly for users of the chart to understand how to use them effectively.- 68-68: Updating the Elasticsearch version to 8 in the
elasticsearch.esMajorVersion
template is a significant change that aligns with the latest Elasticsearch versions. Ensure that all dependent configurations, plugins, and integrations are compatible with Elasticsearch 8 to avoid runtime issues.deploy-as-code/helm/charts/backbone-services/cert-manager/templates/_helpers.tpl (15)
- 14-29: The logic for generating the full name of the cert-manager incorporates environment-specific overrides, which is a good practice for flexibility across different deployments. However, ensure that the environment-specific values are validated to prevent any potential injection vulnerabilities when used in templates.
- 34-40: The service account name generation for cert-manager correctly checks if a service account should be created and applies the appropriate name. This is a good example of conditional logic in Helm templates.
- 51-53: The
webhook.name
template hardcodes the name to "webhook" for compatibility reasons. While this approach works, consider documenting the reason for such hardcoded values to maintain clarity for future maintainers.- 60-63: The
webhook.fullname
template correctly generates a fully qualified name, ensuring it stays within the Kubernetes name field limits. This is a crucial detail for maintaining compatibility across Kubernetes versions.- 72-78: The
webhook.serviceAccountName
template follows a similar pattern to the cert-manager service account name generation, which is consistent and maintainable. Good use of Helm template functions.- 89-91: The
cainjector.name
template, like the webhook, hardcodes its name for compatibility. Again, ensure this is documented for clarity.- 98-101: The
cainjector.fullname
template logic is consistent with other fullname templates, ensuring compatibility and maintainability.- 106-112: The service account name generation for cainjector is consistent with the pattern used in other components, which is good for maintainability.
- 123-125: The
startupapicheck.name
template hardcodes its name, similar to other components. Ensure reasons for such decisions are documented.- 132-135: The
startupapicheck.fullname
template follows the established pattern for generating fully qualified names, maintaining consistency across the chart.- 140-146: The service account name generation for startupapicheck follows the consistent pattern seen in other components, ensuring maintainability and clarity.
- 151-153: The
chartName
template generates a name and version label for the chart, which is useful for tracking deployed versions. Ensure that the version naming follows semantic versioning to avoid potential confusion.- 158-167: The
labels
template correctly adds version and management labels to resources. Including a check for global common labels is a good practice for flexibility in labeling.- 177-179: The
cert-manager.namespace
template provides a flexible way to specify the namespace, defaulting to the Helm release namespace if not specified. This flexibility is important for deployments across different environments.- 187-192: The
image
template provides a standardized way to generate image URLs, which is crucial for consistency across deployments. Ensure that the registry and repository names are validated to prevent injection vulnerabilities.deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_helpers.tpl (13)
- 20-31: The logic for generating the full name of the ingress-nginx follows a similar pattern to the cert-manager chart, ensuring consistency across charts. This is good practice for maintainability.
- 37-51: The
controller.containerSecurityContext
template allows for a default security context to be applied if not specified in the values. This is a crucial aspect for ensuring the security of the deployed containers. However, ensure that the default security settings align with the security policies of your deployment environment.- 57-63: The
ingress-nginx.image
andingress-nginx.imageDigest
templates provide flexibility in handling images and their digests, including support for chroot environments. This flexibility is important for deployments across different environments and requirements.- 84-86: The
ingress-nginx.controller.fullname
template ensures that the controller name stays within Kubernetes name field limits, which is important for compatibility across Kubernetes versions.- 92-96: The
ingress-nginx.controller.electionID
template allows for a default electionID to be generated or overridden, providing flexibility in configuring the ingress controller.- 107-111: The
ingress-nginx.controller.publishServicePath
template provides a mechanism for specifying or overriding the publish-service path, which is important for custom deployments.- 117-119: The
ingress-nginx.defaultBackend.fullname
template follows the established pattern for generating fully qualified names, maintaining consistency across the chart.- 124-135: The
ingress-nginx.labels
andingress-nginx.selectorLabels
templates correctly add labels to resources, ensuring that resources are properly categorized and managed. Including checks for common labels is a good practice for flexibility.- 148-154: The service account name generation for the ingress-nginx controller and default backend follows a consistent pattern, ensuring maintainability and clarity.
- 170-176: The
podSecurityPolicy.apiGroup
template dynamically selects the appropriate API group based on the Kubernetes version, which is crucial for compatibility across different Kubernetes versions.- 181-185: The
isControllerTagValid
template ensures that the ingress controller version tag meets a minimum version requirement. This is an important check for maintaining compatibility and security. However, ensure that the version requirement is kept up-to-date with the latest stable releases.- 190-195: The
ingressClass.parameters
template provides a way to specify extra parameters for the ingress class, which is important for customizing the ingress behavior.- 200-212: The
extraModules
template allows for the definition of additional modules, including their security context and volume mounts. This flexibility is important for extending the functionality of the ingress controller. Ensure that the security context for these modules is appropriately configured for your deployment environment.deploy-as-code/deployer/pkg/cmd/deployer/deployer.go (3)
- 23-26: The use of
filepath.FromSlash
for constructingenvOverrideFile
andenvSecretFile
paths is a good practice for ensuring path compatibility across different operating systems.- 122-122: In the
deployClusterConfigs
function, the use ofconfigDir
to construct paths is consistent with the rest of the code. However, ensure that any user input that might influence these paths is properly sanitized to prevent path traversal vulnerabilities.- 151-159: The logic for handling
.sops.yaml
and decrypting secrets withsops
is a crucial part of managing sensitive configurations securely. Ensure that thesops
command and its parameters are securely managed to prevent injection vulnerabilities.deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/NOTES.txt (3)
- 1-3: The header information is clear and provides essential details about the chart, version, and app version.
- 5-23: The diagnostic mode instructions are comprehensive, providing users with clear steps on how to access and debug the deployed pods. It's good practice to include such detailed instructions for diagnostic purposes.
- 25-332: General deployment instructions, security warnings, and external access configurations are well-documented, offering users guidance on accessing Kafka within and outside the cluster, configuring security settings, and handling different service types (NodePort, LoadBalancer, ClusterIP). The inclusion of security warnings for LoadBalancer without authentication is particularly noteworthy, emphasizing the importance of security considerations in deployment configurations.
deploy-as-code/helm/charts/backbone-services/ingress-nginx/CHANGELOG.md (17)
- 27-27: The entry "- Support for Kubernetes v1.19.0 was removed" is clear and concise.
- 92-92: The entry "- 8286 Fix OpenTelemetry sidecar image build" correctly references OpenTelemetry, which is a specific technology.
- 165-165: The entry "- [8061] docs(charts): using helm-docs for chart kubernetes/ingress-nginx#8061 Using helm-docs to populate values table in README.md" is clear and indicates an improvement in documentation practices.
- 169-169: The entry "- [8008] Add relabelings in controller-servicemonitor.yaml kubernetes/ingress-nginx#8008 Add relabelings in controller-servicemonitor.yaml" is clear and concise.
- 177-177: The entry "- [7873] Making Kube service appProtocol field optional kubernetes/ingress-nginx#7873 Makes the appProtocol field optional." is clear and indicates an improvement in flexibility.
- 181-181: The entry "- [7964] Release updates for v1.1.0 kubernetes/ingress-nginx#7964 Update controller version to v1.1.0" is straightforward and indicates a version update.
- 185-185: The entry "- [6992] [Helm] Add labels to resources kubernetes/ingress-nginx#6992 Add ability to specify labels for all resources" enhances configurability and is clearly stated.
- 195-195: The entry "- [7651] Support ipFamilyPolicy and ipFamilies fields in Helm Chart kubernetes/ingress-nginx#7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart" correctly introduces support for new Kubernetes fields.
- 201-201: The entry "- [7740] Prepare for v1.0.3 release kubernetes/ingress-nginx#7740 Release v1.0.3 of ingress-nginx" is clear and indicates a new release.
- 205-205: The entry "- [7707] Tag release v1.0.2 kubernetes/ingress-nginx#7707 Release v1.0.2 of ingress-nginx" is straightforward and indicates a new release.
- 209-209: The entry "- [7681] preparing release v1.0.1 kubernetes/ingress-nginx#7681 Release v1.0.1 of ingress-nginx" is clear and indicates a new release.
- 213-213: The entry "- [7535] release v1.0.0 kubernetes/ingress-nginx#7535 Release v1.0.0 ingress-nginx" is clear and marks a significant version release.
- 217-217: The entry "- [7256] added namespace field in the namespace scoped resource templates of helm chart kubernetes/ingress-nginx#7256 Add namespace field in the namespace scoped resource templates" improves clarity in resource templates.
- 221-221: The entry "- [7164] Update nginx to mitigate CVE-2021-23017 kubernetes/ingress-nginx#7164 Update nginx to v1.20.1" is straightforward and indicates an important update.
- 225-225: The entry "- [7117] Adding annotations for HPA kubernetes/ingress-nginx#7117 Add annotations for HPA" enhances configurability for Horizontal Pod Autoscaling.
- 229-229: The entry "- [7137] Add support for custom probes kubernetes/ingress-nginx#7137 Add support for custom probes" introduces flexibility in health checking.
- 233-233: The entry "- #7092 Removes the possibility of using localhost in ExternalNames as endpoints" enhances security by preventing the use of localhost in ExternalNames.
deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md (10)
- 5-5: The version badges provide clear information about the chart and application versions. However, ensure that these versions are up-to-date with the latest releases of ingress-nginx to maintain compatibility and access to new features.
- 7-7: The instruction to use
ingressClassName: nginx
or the annotationkubernetes.io/ingress.class: nginx
is clear and concise, guiding users on how to specify the ingress controller for their Ingress resources.- 83-84: The note about the PodDisruptionBudget (PDB) being defined only if
replicaCount
is greater than one is an important detail for planning deployments. It helps ensure high availability while allowing node evacuations. This explanation is clear and informative.- 91-91: The explanation on enabling Prometheus metrics and annotations for the metrics service is detailed and helpful. However, ensure that the documentation is updated if there are changes to the configuration options or if additional metrics capabilities are introduced in future versions of ingress-nginx.
- 103-103: The section on ExternalDNS service configuration is clear and provides a straightforward example of how to add an annotation to the LoadBalancer service. This is valuable for users looking to integrate ExternalDNS for dynamic DNS management.
- 131-131: The instructions for configuring the LoadBalancer service with the route53-mapper addon are clear and provide a practical example. It's important for users leveraging AWS and Route 53 for DNS management to have this information readily available.
- 153-153: The note about the internal load balancer deployment requiring both
controller.service.internal.enabled
andcontroller.service.internal.annotations
is crucial for users planning to use internal load balancers. It helps avoid confusion and ensures that the necessary configurations are in place.- 215-218: The section on Ingress Admission Webhooks provides valuable information on preventing bad ingress configurations. It's important to ensure that the documentation reflects any changes or enhancements to this feature in future versions of ingress-nginx.
- 235-245: The explanation of the Helm error related to
spec.clusterIP
and the solution to setxxxx.service.omitClusterIP
totrue
is helpful for users encountering this issue during upgrades. It's important to keep this section updated if there are changes to how Helm or Kubernetes handle service upgrades in the future.- 255-522: The comprehensive list of configuration options in the
values.yaml
file provides users with the flexibility to customize the ingress-nginx deployment to their needs. It's crucial to ensure that this section is kept up-to-date with all available configuration options and that any deprecated options are clearly marked or removed.deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl (29)
- 11-13: The helper
kafka.name
correctly defines a template for generating the Kafka release name, ensuring it adheres to Kubernetes naming constraints.- 19-26: The helper
kafka.zookeeper.fullname
correctly handles the override logic for Zookeeper's full name, providing flexibility in naming conventions.- 31-37: The
kafka.serviceAccountName
helper properly handles the conditional creation of a service account name based on the.Values.serviceAccount.create
flag.- 43-60: The
common.storage.class
helper effectively abstracts the logic for determining the appropriate storage class, considering both local and global configurations.- 67-74: The
common.warnings.rollingTag
helper provides a valuable warning mechanism for detecting rolling tags in image repositories, which is crucial for ensuring stable and predictable deployments in production environments.- 79-81: The
kafka.image
helper correctly abstracts the image definition logic, allowing for centralized management of image sources and versions.- 86-88: The
kafka.externalAccess.autoDiscovery.image
helper is well-defined, supporting the configuration of the auto-discovery image for external access.- 93-95: The
kafka.volumePermissions.image
helper is correctly implemented, facilitating the configuration of the volume permissions image.- 100-102: The
kafka.metrics.kafka.image
helper properly abstracts the Kafka exporter image configuration, enhancing modularity.- 107-109: The
kafka.metrics.jmx.image
helper is correctly implemented, allowing for easy configuration of the JMX exporter image.- 114-116: The
kafka.imagePullSecrets
helper effectively consolidates the logic for defining image pull secrets, considering both local and global configurations.- 1574-1595: The validation logic for listener protocols (
kafka.validateValues.listener.protocols
) correctly ensures that only supported authentication protocols are used, which is crucial for security and compatibility.- 1598-1607: The validation for the node port list length in the controller configuration (
kafka.validateValues.controller.nodePortListLength
) correctly ensures that the number of node ports matches the number of replicas, which is essential for consistent external access configuration.- 1611-1619: Similarly, the validation for the broker node port list length (
kafka.validateValues.broker.nodePortListLength
) ensures consistency between the number of brokers and the configured node ports, which is crucial for external access.- 1624-1633: The validation for external IP list length (
kafka.validateValues.controller.externalIPListLength
) correctly checks the alignment between the number of replicas and the length of the external IPs list, ensuring proper external access configuration.- 1637-1645: The validation for the broker external IP list length (
kafka.validateValues.broker.externalIPListLength
) performs a similar check for brokers, ensuring that the external IP configuration matches the number of broker replicas.- 1650-1658: The validation for domain specification (
kafka.validateValues.domainSpecified
) when the service type isClusterIP
correctly ensures that a domain is provided, which is necessary for proper DNS configuration.- 1662-1670: The validation for the external access service type (
kafka.validateValues.externalAccessServiceType
) ensures that only supported service types are used for external access, which is crucial for network configuration.- 1674-1681: The validation for RBAC settings when auto-discovery is enabled (
kafka.validateValues.externalAccessAutoDiscoveryRBAC
) correctly highlights the need for RBAC resources, ensuring that the auto-discovery feature can operate securely.- 1685-1694: The validation for LoadBalancerIPs or LoadBalancerNames when auto-discovery is disabled (
kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames
) correctly ensures that necessary information is provided for LoadBalancer services, which is essential for external access.- 1708-1714: The validation for the external access service list (
kafka.validateValues.externalAccessServiceList
) correctly ensures that the length of service-related lists matches the number of replicas, which is crucial for consistent service configuration.- 1724-1732: The validation for SASL mechanisms (
kafka.validateValues.saslMechanisms
) ensures that SASL mechanisms are correctly configured when SASL is enabled, which is vital for secure communication.- 1741-1748: The validation for the TLS secret (
kafka.validateValues.tlsSecret
) correctly ensures that a secret containing TLS certificates is provided when TLS is enabled, which is crucial for secure communication.- 1754-1758: The validation for provisioning TLS passwords (
kafka.validateValues.provisioning.tlsPasswords
) correctly highlights the need for specifying a secret when TLS passwords are used, ensuring secure handling of sensitive information.- 1765-1768: The validation for Kraft mode (
kafka.validateValues.kraftMode
) correctly ensures that Kraft and Zookeeper modes are not used simultaneously without migration mode enabled, which is crucial for a consistent cluster configuration.- 1773-1776: The validation for missing controllers in Kraft mode (
kafka.validateValues.kraftMissingControllers
) correctly ensures that at least one controller is configured when Kraft mode is enabled, which is necessary for cluster operation.- 1781-1783: The validation for missing brokers in Zookeeper mode (
kafka.validateValues.zookeeperMissingBrokers
) correctly ensures that at least one broker is configured, which is necessary for the Kafka cluster to function.- 1789-1791: The validation for controller nodes in Zookeeper mode (
kafka.validateValues.zookeeperNoControllers
) correctly ensures that controller nodes are not configured in Zookeeper mode unless migration mode is enabled, preventing configuration conflicts.- 1797-1800: The validation for mode settings (
kafka.validateValues.modeEmpty
) correctly ensures that either Kraft or Zookeeper mode is enabled, which is crucial for the Kafka cluster to operate.
head := parts[0] | ||
args := parts[1:len(parts)] | ||
// Format the command | ||
cmd := exec.Command(head, args...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use of exec.Command
with dynamic input poses a security risk, as it can lead to command injection vulnerabilities if the input is not properly sanitized. Ensure that inputs to exec.Command
are validated or derived from trusted sources.
- cmd := exec.Command(head, args...)
+ // Ensure `head` and `args` are from trusted sources or sanitized to prevent command injection
+ cmd := exec.Command(head, args...)
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
cmd := exec.Command(head, args...) | |
// Ensure `head` and `args` are from trusted sources or sanitized to prevent command injection | |
cmd := exec.Command(head, args...) |
|
||
## Install Chart | ||
|
||
**Important:** only helm3 is supported |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's mentioned that "only helm3 is supported," which is crucial information. To enhance clarity, consider explicitly stating the incompatibility with previous Helm versions and providing a link to Helm 3 documentation or installation guide for users who may need to upgrade.
// Format the command | ||
|
||
log.Println(string(Blue), " ==> "+command) | ||
cmd := exec.Command(head, args...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use of exec.Command
with variable input poses a security risk due to potential command injection vulnerabilities. Ensure that inputs to commands are sanitized or use safer alternatives to dynamically construct command strings.
- cmd := exec.Command(head, args...)
+ // Ensure `head` and `args` are sanitized or derived from trusted sources to mitigate command injection risks.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
cmd := exec.Command(head, args...) | |
// Ensure `head` and `args` are sanitized or derived from trusted sources to mitigate command injection risks. |
var err error | ||
sshPreFix := fmt.Sprintf("ssh %s@%s -i %s \"%s\" ", user, ip, sshFileLocation, command) | ||
|
||
cmd := exec.Command("sh", "-c", sshPreFix) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to the previous comment, the use of exec.Command
with variable input here also poses a security risk. It's crucial to validate or sanitize inputs to prevent command injection vulnerabilities.
- cmd := exec.Command("sh", "-c", sshPreFix)
+ // Validate or sanitize `sshPreFix` to prevent potential command injection.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
cmd := exec.Command("sh", "-c", sshPreFix) | |
// Validate or sanitize `sshPreFix` to prevent potential command injection. |
func execSingleCommand(command string) error { | ||
var err error | ||
|
||
cmd := exec.Command("sh", "-c", command) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use of exec.Command
with dynamically constructed command strings can lead to security vulnerabilities. Consider validating inputs to ensure they are safe before executing commands.
- cmd := exec.Command("sh", "-c", command)
+ // Ensure `command` is from a trusted source or sanitized to prevent command injection.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
cmd := exec.Command("sh", "-c", command) | |
// Ensure `command` is from a trusted source or sanitized to prevent command injection. | |
cmd := exec.Command("sh", "-c", command) |
|
||
### 4.1.2 | ||
|
||
- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entry "- 8587 Add CAP_SYS_CHROOT to DS/PSP when needed" uses abbreviations "DS" and "PSP" which might not be clear to all readers. Consider expanding these for clarity.
Consider expanding abbreviations for clarity.
|
||
### 4.0.15 | ||
|
||
- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entry "- [8120] kubernetes/ingress-nginx#8120 Update go in runner and release v1.1.1" has extra spaces before "Update". Consider removing the extra spaces for consistency.
- - [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1
+ - [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 | |
- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 |
|
||
### 4.0.12 | ||
|
||
- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entry "- [7978] kubernetes/ingress-nginx#7979 Support custom annotations in admissions Jobs" has a mismatch in the pull request number in the text and the URL. It should be consistent.
- - [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
+ - [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs | |
- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs |
### 4.0.7 | ||
|
||
- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx | ||
- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entry "- [7806] kubernetes/ingress-nginx#7806 Choice option for internal/external loadbalancer type service" introduces flexibility in loadbalancer configuration. Consider specifying "Choice of" for clarity.
Consider rephrasing for clarity.
|
||
### 3.29.0 | ||
|
||
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entry "- [X] #6945 Add option to specify job label for ServiceMonitor" incorrectly references pull request #7020 instead of #6945.
- - [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
+ - [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/6945) Add option to specify job label for ServiceMonitor
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor | |
- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/6945) Add option to specify job label for ServiceMonitor |
Summary by CodeRabbit
New Features
ingress-nginx
Helm chart with new features, including support for disabling probes and setting security contexts.cert-manager
, including installation instructions and certificate management.ingress-nginx
andelasticsearch
in Helm charts.cert-manager
andkafka-kraft
.Documentation
Refactor
CODEOWNERS
file.Style
.gitignore
and.helmignore
files to ignore specific patterns in Helm chart directories.Chores
.sops.yaml
.