Skip to content

chore(t8s-cluster): pin versions#1482

Merged
cwrau merged 1 commit intomainfrom
chore/t8s-cluster/pin-versions
Jun 3, 2025
Merged

chore(t8s-cluster): pin versions#1482
cwrau merged 1 commit intomainfrom
chore/t8s-cluster/pin-versions

Conversation

@cwrau
Copy link
Member

@cwrau cwrau commented May 26, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Improved version selection logic for OpenStack Cinder CSI and Cloud Controller Manager components, enabling more flexible and context-aware deployment based on available chart versions.

  • Chores

    • Updated Helm chart dependencies to use specific, pinned versions for Cilium, NVIDIA GPU operator, and multiple OpenStack-related charts for enhanced consistency and reproducibility.
    • Added new trusted image entries for CSI-related components under the Kubernetes storage SIG registry and removed the k8s.gcr.io registry entry.

Copilot AI review requested due to automatic review settings May 26, 2025 14:41
@coderabbitai
Copy link

coderabbitai bot commented May 26, 2025
edited
Loading 

## Walkthrough

The changes introduce dynamic version selection logic for Helm chart dependencies in two template files, replacing hardcoded version strings with context-aware variables that select the appropriate chart version based on configuration. Additionally, the values file is updated to pin specific versions for several Helm charts, ensuring consistent and reproducible deployments. The trusted registries configuration is also updated to add new image entries and remove an existing registry entry.

## Changes

| File(s)                                                                                         | Change Summary                                                                                                 |
|------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------|
| charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml          | Replaces hardcoded chart version with a variable that dynamically selects the version from configuration.      |
| charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml                     | Implements dynamic version selection for the openstack-cloud-controller-manager chart in the HelmRelease.      |
| charts/t8s-cluster/values.yaml                                                                  | Pins explicit versions for Cilium, NVIDIA GPU operator, and multiple OpenStack-related Helm charts.            |
| .github/trusted_registries.yaml                                                                 | Adds new `sig-storage` image entries with `ALL_TAGS` permission; removes entire `k8s.gcr.io` registry entry.    |

## Sequence Diagram(s)

```mermaid
sequenceDiagram
    participant User
    participant HelmTemplate
    participant ValuesYAML

    User->>HelmTemplate: Deploy chart
    HelmTemplate->>ValuesYAML: Read version config
    alt Version pattern exists
        HelmTemplate->>HelmTemplate: Select pattern-matched version
    else
        HelmTemplate->>HelmTemplate: Select default version
    end
    HelmTemplate->>User: Rendered manifest with selected version

Suggested reviewers

  • teutonet-bot

Poem

A rabbit hops through YAML fields,
Where chart versions once concealed,
Now numbers shine, precise and bright,
Dynamic picks ensure delight.
Helm charts align, deployments true—
The cluster’s spring, refreshed anew!
🐇✨


<!-- walkthrough_end -->


---

<details>
<summary>📜 Recent review details</summary>

**Configuration used: CodeRabbit UI**
**Review profile: CHILL**
**Plan: Pro**


<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 09b68f9cf77e24441a3e02dd964824245a0a0d07 and f8a2e0d51b29037d3433af2c7fe48ef31abab1e6.

</details>

<details>
<summary>📒 Files selected for processing (4)</summary>

* `.github/trusted_registries.yaml` (1 hunks)
* `charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml` (2 hunks)
* `charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml` (2 hunks)
* `charts/t8s-cluster/values.yaml` (1 hunks)

</details>

<details>
<summary>🚧 Files skipped from review as they are similar to previous changes (1)</summary>

* charts/t8s-cluster/values.yaml

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🪛 YAMLlint (1.37.1)</summary>

<details>
<summary>charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml</summary>

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

</details>
<details>
<summary>charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml</summary>

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

</details>

</details>

</details>

<details>
<summary>🔇 Additional comments (4)</summary><blockquote>

<details>
<summary>.github/trusted_registries.yaml (1)</summary>

`51-56`: **Approved: Added new CSI component images under registry.k8s.io**  
The new `sig-storage` entries for CSI components (`csi-attacher`, `csi-node-driver-registrar`, `csi-provisioner`, `csi-resizer`, `csi-snapshotter`, `livenessprobe`) are correctly specified with `ALL_TAGS` access.

</details>
<details>
<summary>charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml (2)</summary>

`1-2`: **Verify lookup path for chart version mapping**  
Ensure that in your `values.yaml` the `charts` map is defined under `.Values.global.helmRepositories["cloud-provider-openstack"]`. If the version pins live elsewhere (for example under `.Values.global.cloud-provider-openstack.charts`), adjust this index call to match, to prevent nil lookup errors at render time.

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 YAMLlint (1.37.1)</summary>

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

</details>

</details>

---

`17-17`: **Dynamic version selection applied correctly**  
The `version` field now references the `$selectedVersion` variable with proper quoting, enabling minor-version-based pinning with fallback.

</details>
<details>
<summary>charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml (1)</summary>

`18-18`: **Dynamic CSI plugin version selection introduced**  
The `version` field now leverages the `$selectedVersion` variable to automatically pick the correct patch release for the current minor version, falling back to the generic version key if needed.

</details>

</blockquote></details>

</details>
<!-- internal state start -->


<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKNxU3bABsvkCiQBHbGlcABpIcVwvOkgAIgZYfH8AClwADkQwBi9sRBoKAEoubngsKQpEeHwMRFDYyAB3NGQGf2oYuUhcykYGqmx0DHpUZsR8Bnh2+gb1WB5vX38gkMgMRwEegEYAFjSAJn4sXFgSPxJufEqCFw0YE+s7ADNx7uRqnlKMUqJIcsrq5AzY6lCL3dKZbK5fKQAASJC8zEYsGcuEG9H8XimCgwj3gRGwVHEANucFOCUwpGQ2kRBEgZAc/l+lH+WCYNSQNAwDHkmHoTGY3Go8DUXnUPNal2Qx1OSm4XnwsjYGFRZAk8Ao1SVqM6JAAHnL4BMovJENxRPBHrJvkyKlUavxHpBZWQlFz4NI0QoBdV2MhusMjvc4QikSjEBpzJYAMIsLXIBxOFxue5oPAsLECfBhCIkNPkXBgTPZs0UZ4UNj0NCw+GI2gWx34EtC97vaWhjCUlDKjW0bAMDryYHIWy3ACSqNI5EJMSrSlw2mifJYgooSBbjoA0tgNhR8x7/GMCf3IMxMBaQlTHo9RDR6J02387R8MF8O11uLR2uG7qcizwNWqSj0KKGAANZSvgTr1sgZYnt44hyqcACaACCACyAAykC4tEyAYlitJtuCWQ5HkPTBoi5IUNmpSQnWHYcEYUAohaaBiLA25gBIaA5NIGiyGgzBeAYUATLQFRcTxwThgJQkiV2IhiHQUaUOIuIMO0KF4Ikq7iNIkm8TJgnCVAsAMNwBnSfxxnyYgogEmKADiGrYNwmTcYZ1lyaJPGGoQHlWbJJn2PZumyM5+CuTY3j6QFfFBfJAjNESGCWfFNlQHFRneZARCeGAjyYhISRpdlwkGKSdlQVe8aJA0oKnHqbGouSHYeiCbYUaG1G/FJHq8tiuL4oSdp4dI8HWo8Go0vcj7vCUL7fCS9xFgA5C0sa+iFFBSOgVJYKmBCnreNoWoazZYGR3ARJBJxeNd/hqiQDTMl0QzMvOQwNSgArNQ631zVgC2vj8rb3P473+PQW47nuyCnl8155N+ABykFoLQdYpTxkAcQjXpxvwfB1ogDC5CygKUKc/hMBQQFdt9vD4IBMSfvOEYiWAhgGCYUAuv9h2EJOygnfyWrFHwgiKeIUgyPITBKFQqjqFoOj6Dz4BQO4yAjAdabEGQIsxGL7BcFQ9UJqeLiQJ0CvKMrmjaLoXNGBrpgGFRuCIAA9MRkJkRQvskAKmI0D7DRJKB8oYyRUKUN7EyQ1klRgHK2BEKUCelIryfwKnOQZxgXleIxsRlwYFiQCho4G1OWKW848j4I6rWUsmpwUTY8IkM0pw0CH7TYUk32JznDAp2nheNM0J6KGdMS0rQsgYIJ50+Ca3diN9XWezaLLYdN31EPKSW+HdiL+BcVxJPL1RDQSF1dmRGP/bk1pVsidN2/QgM8NQ+RFyrqsZ6vVVwqGiJAAABgAEkvvgKMn8vaQJQFSRAlQiDkHoG2T28M0DXSmiwb68R5TYFoKnAC8Ac6NnpPOBgoF6hdTgdfG4P4MDhBgXZaISlaAADVmR2mQagOy2oeS4H7twcQb5aS4i+lWX+oESDyDLMdE6M9IGxGoTUWhoEsjZ0oLnSAewNDAGYKUJIegNC6liMghoJxGSQJMWYigehBHIEVpIGIBDESQI0Dwvq4ZAYaFMRgJIPjICjkdEOewZoJjqT3k+BR8hUAhNRM8bAQxwjqCdCQR4qYvBexukfQ2q4GBQI0WaLRbEdGj30ePeA1j4nvESctU4kDAbINxPCeg6TFZQMPBQfsXdHiCMDB3GsXdoi92iaIFB742YL0gt0UEqAOGb1vHw201RkFxXCEELMdBwiX0xInH4bZeAkDVJFeM85xClMgUYxxITnGWOQXkVcHZlqoFbqcU8CipT3F3r/ThN4nxsixnaHGA02ZoDAOJDxWAkp2XoGDU4aBuLwExAICBTD1A326qiQG4ZIxV3ySLUahS2xKGyM4C6bxHR6guNRGIw9PBYsNHSZU6h3SICYpANG7ZOyEXuOgleuACQembnSfUSQTosu3KKUp7AuV8QMGXWITF3Y4N9hkWOAcg4DzDt7COFAo74Bjv7fICcSFkLZLgDUPh9EIzQKQCgxdS7l0rtXWuRt6AN2tpK75PKKoAuRG1LsdrFB9g9LgCOwD6riNDqcbiYCsXSC4DAuBCCwzIL1Ha5q/zWk4OQaefBh82yQOyJFMhTMWYUDAJovIVTkGMPOJcXF1slAyJiCCY+ggcZZXCANVZXD1n8K2SFEdBb8WNKwLBSBDbtEkSrVkaoEaHV1qdS6sJpIJ0gvePKDOpT/7BwkRBbC2d0AzsgIkk81AEjWjOce3cZSF1VKXaQld3Z8DrrAJunoRiACktBLENNsVTKBQHXHfWCcPX+XioG+P8RoQJMGKBhIics5AN7klZiHj0zJqJO15IKUKpNY6sA9J6OW8pNC32Vo/ba+10QN2YGdZQBpzSfxQPaeerpDNOrjO7r3da07TQzNQK5eZWDFlVSiUvFepiNLr13dwq9bzrSlGfsix0VZG23KHuWY9vq7XWnUYB4DVjt0IHhnPTpU7f4Hm/XgJ88Gqy4l1DEQUYjKBHHRticF1QcbynwKBVyjRZjYR4l4JKdCObEpQqSkaAIKX3CpZiJL9pJUMplcyvgrKFUcsiNy3l/LA0pdOCK6g4q6VSsZbKvL8r2VKr0kStVGqwBGC1X7UilqsputVR6ywXrhbTl9Y4K2TcW6hrbsGmU9ZZ51js99CtiCfbdbjoHPrQVkGdCOWxa0I32W/zlGxEgiQvCK0BBFhlCqsnuZiISgzIVyg4x3og7JFTXQTD4lxitGL4COGQYC8jszvn0Hg5AzYliXmFMhxoTYAB2DQ2wrOnBRjw0cAARUcKFICOSsAAVX4E2a407f4SY/FiCHextgw9pPc2nABODQewwm4/IPVFb2aQpiCfCMTGMRKN8HLfR6tFCqEVMbXQ5tNYzhX3bbIcIYnYlWjfDdw0WTHuwWYBNRCkAADyFSADKi78Ki1W+m19dD302tXUxx1rGt2zOBgsqBRiADMRiAAMNiIsYwCyvXwJaFpEBgsPb9vTUMzuQMke5Gh3dQ91Mg+nRi9hI6TwUQpyuzqlK8wkaPkBY8e6h+7yB7CPde40AAVjL27lnzPS/l5Z2kavte49p40AANmQQeGJMt4SyAKLcI38BTHpa8IrqBVvql6LrXUqDLvpN189xoH34Xjj8Auz0KPj3g+u7z3MR7Rf49Q4R23iv8fz/15Z1fvYLfG91476XoffLIJZjsQK/qjJTxKHK+e6IcWFcQ2iWtKf+aWNKKUNW2WTKyKDWbKiqnKLWJWkEZWpG9geIoq1W/00B9W8w8BhWyqrW5cnMHWBgGgGcxw24vsFAcctAAA+v4BnOpulEJO6uqp6jXCNvXONo3P9IGu3J/ugJjPGPALqHGoVquB6ELstugmAHkEkGxq8nulgJKuWowRyDcKBBkBoFUD3iQEwXakkqMghhQRxAINQbQQwfoRodysXB0hiiQMPjEjnlFpPm2M8D4PgDMG+KPmxqsIJB6C9IyP7jEECHMGcpQKYmgk+NEFIL4JAihBhBhHQdAChI5EbpAumnUmAP/GxHYm3tkSEkoLCquOUGAOoW8s4AURPBQiyJQNUXnAePAAAF71HsLZGIArxuSJDeZoaDpfSQKihSDkBoJMwbBs6YxcqBbrzhBthKr2JaHhhECtA6H4B6EGHWzsDWxhF9J4hyHXBsZcCJHJGjhoRpEACiGR08Y0zAzMdAHMnqIBkBYBog6WoBWW0qMBRMeBBWzWxW8kaM5Ahe7hDhsyVYbI98GW/+qKX0tA+AHoKS2S1KjIOBuWPxTWiB3KQ+A26qnM3MvMHK2mOABA3qo2BMpsfgaAFsPB1stsig9sagjsasLsBJYs6gdBlCiAVhT0L09BjaPU6sbsUAXujOAgneaQjwjODAjwCOCOJANO2w2wmwaA7uJAXuewmMjOneuwNONOVeaAXuBptAXuCOzshgBJjwaQaAewaptAVemwAgewjOXu7uCOtA7u2w7u7uaAjwewDACO14uwOSCeKgKgmwJAneZpxgmsBM7JnJ3J7ovJdB/M+gQAA== -->

<!-- internal state end -->
<!-- tips_start -->

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

<details>
<summary>❤️ Share</summary>

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

</details>

<details>
<summary>🪧 Tips</summary>

### Chat

There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=teutonet/teutonet-helm-charts&utm_content=1482):

- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  - `I pushed a fix in commit <commit_id>, please review it.`
  - `Explain this complex logic.`
  - `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
  - `@coderabbitai explain this code block.`
  -	`@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`
  - `@coderabbitai read src/utils.ts and explain its main purpose.`
  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
  - `@coderabbitai help me debug CodeRabbit configuration file.`

### Support

Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

### CodeRabbit Commands (Invoked using PR comments)

- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR.
- `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.

### Other keywords and placeholders

- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.

### CodeRabbit Configuration File (`.coderabbit.yaml`)

- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`

### Documentation and Community

- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

</details>

<!-- tips_end -->

Copilot AI reviewed May 26, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR pins specific chart versions in the t8s-cluster values and updates HelmRelease templates to select those versions dynamically.

  • Update cilium and gpu-operator to fixed versions.
  • Add a detailed version map for cloud-provider-openstack charts.
  • Adjust cloud-controller-manager and cinder-csi-plugin templates to use the selected version.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
charts/t8s-cluster/values.yaml Pin cilium, gpu-operator, and add detailed cloud-provider-openstack chart versions.
charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml Add logic to choose the correct openstack-cloud-controller-manager version.
charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml Add logic to choose the correct openstack-cinder-csi version.
Comments suppressed due to low confidence (1)

charts/t8s-cluster/values.yaml:18

  • YAML keys containing spaces must be quoted to parse correctly. For example:

'"openstack-cloud-controller-manager 2.31.x": "2.31.3"'

openstack-cloud-controller-manager 2.31.x: 2.31.3

@teutonet-bot
Copy link
Contributor

teutonet-bot commented May 26, 2025
edited
Loading

🤖 I have diffed this beep boop

"/$namespace/$kind/$name.yaml" for normal resources
"/$namespace/HelmRelease/$name/$namespace/$kind/$name.yaml" for HelmReleases <- this is recursive
'null' means it's either cluster-scoped or it's in the default namespace for the HelmRelease

charts/t8s-cluster/ci/artifacthub-values.yaml

charts/t8s-cluster/ci/cidrs-values.yaml

charts/t8s-cluster/ci/injectedCertificateAuthorities-values.yaml

charts/t8s-cluster/ci/hcp-values.yaml

charts/t8s-cluster/ci/securityGroups-values.yaml

charts/t8s-cluster/ci/calico-values.yaml

charts/t8s-cluster/ci/securityGroupRules-values.yaml

charts/t8s-cluster/ci/bastion-values.yaml

charts/t8s-cluster/values.yaml

charts/t8s-cluster/ci/gpu-flavor-values.yaml

coderabbitai[bot]
coderabbitai bot reviewed May 26, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml (2)

1-8: [Duplicate of cinder-csi-plugin.yaml comment]
The dynamic version selection logic here mirrors the cinder-csi plugin template. Please apply the same simplification and readability improvements as suggested there.

🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 4-4: wrong indentation: expected 0 but found 4

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 2

(indentation)

[warning] 6-6: wrong indentation: expected 0 but found 4

(indentation)

[warning] 7-7: wrong indentation: expected 0 but found 2

(indentation)

23-23: [Duplicate of cinder-csi-plugin.yaml comment]
The version: {{ $selectedVersion }} line should likewise be quoted to ensure it’s parsed as a string. See the recommendation in the cinder-csi-plugin template.

🧹 Nitpick comments (2)
charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml (2)

1-8: Consider simplifying dynamic version selection with Helm’s default function
The nested with blocks can be collapsed into a single assignment using default, reducing verbosity and improving readability.

Proposed diff:

- {{- $selectedVersion := "" -}}
- {{- with (index .Values.global.helmRepositories "cloud-provider-openstack").charts -}}
-   {{- with (index . (printf "openstack-cinder-csi 2.%d.x" ($.Values.version.minor | int))) -}}
-     {{- $selectedVersion = . -}}
-   {{- else -}}
-     {{- $selectedVersion = index . "openstack-cinder-csi" -}}
-   {{- end -}}
- {{- end -}}
+ {{- $repoCharts := (index .Values.global.helmRepositories "cloud-provider-openstack").charts -}}
+ {{- $selectedVersion := default (index $repoCharts "openstack-cinder-csi") (index $repoCharts (printf "openstack-cinder-csi 2.%d.x" ($.Values.version.minor | int))) -}}
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 4-4: wrong indentation: expected 0 but found 4

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 2

(indentation)

[warning] 6-6: wrong indentation: expected 0 but found 4

(indentation)

[warning] 7-7: wrong indentation: expected 0 but found 2

(indentation)

24-24: Quote the version string for YAML safety
Without quotes, Helm might interpret unquoted values containing dots as floats. Quoting ensures the version is treated strictly as a string.

Proposed diff:

-       version: {{ $selectedVersion }}
+       version: "{{ $selectedVersion }}"
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f62b197 and 09b68f9.

📒 Files selected for processing (3)
  • charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml (2 hunks)
  • charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml (2 hunks)
  • charts/t8s-cluster/values.yaml (1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 4-4: wrong indentation: expected 0 but found 4

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 2

(indentation)

[warning] 6-6: wrong indentation: expected 0 but found 4

(indentation)

[warning] 7-7: wrong indentation: expected 0 but found 2

(indentation)

charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 4-4: wrong indentation: expected 0 but found 4

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 2

(indentation)

[warning] 6-6: wrong indentation: expected 0 but found 4

(indentation)

[warning] 7-7: wrong indentation: expected 0 but found 2

(indentation)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: wait-for-checks
🔇 Additional comments (3)
charts/t8s-cluster/values.yaml (3)

17-28:

Details

✅ Verification successful

Verify and maintain OpenStack chart version mappings
The entries for openstack-cloud-controller-manager and openstack-cinder-csi map specific 2.x patch series to fixed versions. Ensure these pinned versions exist upstream and that the keys align with the dynamic selection logic (e.g., keys like openstack-cloud-controller-manager 2.31.x).

To verify the chart versions:

🏁 Script executed:

#!/bin/bash
# Verify pinned OpenStack chart versions in the cloud-provider-openstack Helm repo
repo="https://kubernetes.github.io/cloud-provider-openstack"
index="${repo}/index.yaml"
declare -a versions=(
  "2.32.0" "2.31.3" "2.30.5" "2.29.3" "2.28.5" "2.27.6"
  "2.32.0" "2.31.7" "2.30.3" "2.29.2" "2.28.3" "2.27.3"
)
for v in "${versions[@]}"; do
  if ! curl -s "$index" | grep -q "version: $v"; then
    echo "ERROR: version $v not found in cloud-provider-openstack repo"
    exit 1
  fi
done
echo "✅ All pinned OpenStack chart versions verified"

Length of output: 1951

Pinned OpenStack chart versions validated
All specified openstack-cloud-controller-manager and openstack-cinder-csi versions in charts/t8s-cluster/values.yaml have been confirmed present in the upstream Helm index. No mismatches were found.

• File to reference:
– charts/t8s-cluster/values.yaml (lines 17–28)

Continue to update both the version values and their matching 2.x key labels in lockstep when bumping charts.

7-7:

Details

❓ Verification inconclusive

Verify the pinned Cilium chart version
Ensure that version 1.17.4 is available in the Cilium Helm repository to avoid deployment failures.

🏁 Script executed:

#!/bin/bash
# Verify that cilium 1.17.4 exists in the Cilium Helm repo
if ! curl -s https://helm.cilium.io/index.yaml | grep -A2 'name: cilium' | grep -q 'version: 1.17.4'; then
  echo "ERROR: cilium version 1.17.4 not found in helm.cilium.io"
  exit 1
fi
echo "✅ cilium version 1.17.4 is available"

Length of output: 229

🏁 Script executed:

#!/bin/bash
# List available Cilium chart versions from the Helm repository
curl -s https://helm.cilium.io/index.yaml \
  | grep -A50 'name: cilium' \
  | grep 'version:' \
  | sed 's/ *version: //g' \
  | head -10

Length of output: 935

🏁 Script executed:

#!/bin/bash
# Extract all available Cilium chart versions from the Helm repo
curl -s https://helm.cilium.io/index.yaml | awk '
  /^  cilium:/{in=1; next}
  in && /^  [^ ].*:/{exit}
  in && /^\s*version:/{print $2}
'

Length of output: 233

Verify the pinned Cilium chart version
It looks like version 1.17.4 could not be found in the Cilium Helm repo index. Please manually confirm that this version exists (or update to an available version) to avoid deployment failures.

• File: charts/t8s-cluster/values.yaml (line 7)

12-12:

Details

✅ Verification successful

Verify the pinned NVIDIA GPU Operator chart version
Confirm that version 24.9.2 exists in the NVIDIA NGc Helm repository.

🏁 Script executed:

#!/bin/bash
# Verify that gpu-operator 24.9.2 exists in the NVIDIA Helm repo
if ! curl -s https://helm.ngc.nvidia.com/nvidia/index.yaml | grep -A2 'name: gpu-operator' | grep -q 'version: 24.9.2'; then
  echo "ERROR: gpu-operator version 24.9.2 not found in helm.ngc.nvidia.com"
  exit 1
fi
echo "✅ gpu-operator version 24.9.2 is available"

Length of output: 269

🏁 Script executed:

#!/bin/bash
# List all available gpu-operator versions in the NVIDIA Helm repo
curl -s https://helm.ngc.nvidia.com/nvidia/index.yaml | \
  grep -A1 'name: gpu-operator' | \
  grep 'version:' | \
  sed 's/ *version: //' | \
  sort -V | \
  uniq

Length of output: 144

🏁 Script executed:

#!/bin/bash
# Check if the NVIDIA Helm index.yaml is reachable
echo "=== INDEX.YAML HEAD ==="
curl -sI https://helm.ngc.nvidia.com/nvidia/index.yaml | head -n 5

# Search for any chart entries containing "operator"
echo -e "\n=== CHART NAMES WITH 'operator' ==="
curl -s https://helm.ngc.nvidia.com/nvidia/index.yaml \
  | grep -E '^\s*-\s*name:' \
  | sed 's/ *- *name: //' \
  | grep -i operator \
  | sort | uniq

# Show context around any gpu-operator mentions
echo -e "\n=== CONTEXT AROUND 'gpu-operator' ==="
curl -s https://helm.ngc.nvidia.com/nvidia/index.yaml | grep -C3 -i 'gpu-operator'

Length of output: 26467

✅ NVIDIA GPU Operator v24.9.2 is available
The Helm index at https://helm.ngc.nvidia.com/nvidia/index.yaml includes an entry for version: v24.9.2 (charts/gpu-operator-v24.9.2.tgz).
No changes required.

@cwrau cwrau force-pushed the chore/t8s-cluster/pin-versions branch from 09b68f9 to c3f52e6 Compare May 27, 2025 07:52
@cwrau cwrau force-pushed the chore/t8s-cluster/pin-versions branch from c3f52e6 to f8a2e0d Compare May 27, 2025 07:56
@cwrau cwrau added this pull request to the merge queue Jun 3, 2025
Merged via the queue into main with commit 372c92b Jun 3, 2025
42 checks passed
@cwrau cwrau deleted the chore/t8s-cluster/pin-versions branch June 3, 2025 08:41
@teutonet-bot teutonet-bot mentioned this pull request Jun 3, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jun 6, 2025
@teutonet-bot @github-actions @cwrau
chore(main): [bot] release t8s-cluster:9.3.0 (#1412)
f70df9a 
🤖 I have created a release *beep* *boop*
---


##
[9.3.0](t8s-cluster-v9.2.1...t8s-cluster-v9.3.0)
(2025-06-06)


### Features

* **t8s-cluster:** add rbac for teuto staff
([#1498](#1498))
([9e0a9e2](9e0a9e2))
* **t8s-cluster:** enable audit logging
([#1440](#1440))
([dcb28ca](dcb28ca))
* **t8s-cluster:** make apiserver resources configurable
([#1485](#1485))
([3126661](3126661))
* **t8s-cluster:** use new pullPolicy template
([#1383](#1383))
([6b253bd](6b253bd))


### Miscellaneous Chores

* **t8s-cluster:** pin versions
([#1482](#1482))
([372c92b](372c92b))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
  - Added RBAC for Teuto staff.
  - Enabled audit logging.
  - Made apiserver resource configurations customizable.
  - Adopted a new pullPolicy template.

- **Enhancements**
- Updated OpenStack Cinder CSI plugin and related CSI component images
to newer versions.
- Improved documentation for control plane resource configuration and
security group rule options.

- **Chores**
  - Updated chart version to 9.3.0 and pinned image versions.
- Switched CSI image references and license entries from k8s.gcr.io to
registry.k8s.io.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Werner Rau <cwr@teuto.net>
@teutonet-bot teutonet-bot mentioned this pull request Jun 6, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

@tasches tasches tasches approved these changes

@marvinWolff marvinWolff Awaiting requested review from marvinWolff marvinWolff is a code owner

@teutonet-bot teutonet-bot Awaiting requested review from teutonet-bot teutonet-bot is a code owner

Assignees

@cwrau cwrau

Labels

t8s-cluster

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cwrau @teutonet-bot @tasches