[LFXV2-1256] Add local development support to lfx-platform Helm chart#114
Merged
[LFXV2-1256] Add local development support to lfx-platform Helm chart#114
Conversation
Adds a tracked values-local.yaml with reduced resource limits for local development installs, and updates the README with installation instructions using the bundled override file. Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
Updates values-local.yaml with single replica overrides for all services and disables externalSecretsOperator for local installs. Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds local-development Helm values and documentation, introduces an External Secrets dependency, reduces resource/replica defaults for local runs, updates multiple lfx-v2 subchart versions, and minor repo metadata/spelling and .gitignore changes. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Comment Tip CodeRabbit can approve the review once all CodeRabbit's comments are resolved.Enable the |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a dedicated local-development values override for the lfx-platform umbrella Helm chart and documents how to install the chart on resource-constrained local clusters (k3s/OrbStack, etc.), alongside updating several chart dependency versions.
Changes:
- Added
values-local.yamlwith reduced resource requests/limits and replica counts for local installs, plus disabling ExternalSecrets usage for select services. - Updated
charts/lfx-platform/README.mdwith local development installation instructions and an “install latest” OCI example. - Bumped multiple subchart dependency versions in
Chart.yamland refreshedChart.lock; updated.gitignoreto ignorevalues-secrets.yaml.
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| charts/lfx-platform/values-local.yaml | Introduces local dev overrides to reduce resource footprint and disable AWS-dependent secret integration for select services. |
| charts/lfx-platform/README.md | Documents OCI install and local dev installation using values-local.yaml. |
| charts/lfx-platform/Chart.yaml | Updates several dependency version constraints for LFX service subcharts. |
| charts/lfx-platform/Chart.lock | Regenerates dependency lock with updated versions/digest/timestamp. |
| .gitignore | Adds values-secrets.yaml to ignored local files. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
charts/lfx-platform/README.md (1)
35-37: Avoid floating a rawmainvalues file against a floating OCI chart.This example pulls two different moving targets: the chart from GHCR and
values-local.yamlfrom GitHubmain. That can drift between releases and break the override file unexpectedly. I’d recommend pinning the raw file to the same release tag, or showing ahelm pull --untarflow so both artifacts come from the same chart version.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/README.md` around lines 35 - 37, The README's helm install line uses a floating OCI chart (oci://ghcr.io/linuxfoundation/lfx-v2-helm/chart/lfx-platform) while referencing a floating values file (--values https://raw.githubusercontent.com/linuxfoundation/lfx-v2-helm/main/charts/lfx-platform/values-local.yaml), which can drift; update the example so both artifacts are tied to the same release—either pin the values URL to the matching release tag (replace main with the chart tag) or show a helm pull --untar flow (use helm pull --version <tag> then --values ./chart/values-local.yaml) so chart and values come from the same version and cannot diverge.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/lfx-platform/values-local.yaml`:
- Around line 18-23: The values-local.yaml currently sets
nats.config.cluster.replicas: 3 while the file and PR describe a single-replica
local setup; update the NATS replica count to 1 by changing the
nats.config.cluster.replicas value to 1 (or alternatively adjust the
local-profile documentation/claim to reflect 3 replicas) so the local profile
actually uses a single-node NATS cluster.
---
Nitpick comments:
In `@charts/lfx-platform/README.md`:
- Around line 35-37: The README's helm install line uses a floating OCI chart
(oci://ghcr.io/linuxfoundation/lfx-v2-helm/chart/lfx-platform) while referencing
a floating values file (--values
https://raw.githubusercontent.com/linuxfoundation/lfx-v2-helm/main/charts/lfx-platform/values-local.yaml),
which can drift; update the example so both artifacts are tied to the same
release—either pin the values URL to the matching release tag (replace main with
the chart tag) or show a helm pull --untar flow (use helm pull --version <tag>
then --values ./chart/values-local.yaml) so chart and values come from the same
version and cannot diverge.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a529eec2-a403-4e9e-9e32-651fd8560d02
⛔ Files ignored due to path filters (1)
charts/lfx-platform/Chart.lockis excluded by!**/*.lock
📒 Files selected for processing (4)
.gitignorecharts/lfx-platform/Chart.yamlcharts/lfx-platform/README.mdcharts/lfx-platform/values-local.yaml
Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
charts/lfx-platform/README.md (1)
44-61: Consider adding an example for obtaining values-local.yaml from a specific tag.The note on lines 44-47 correctly advises using a local copy from a specific tag/commit for strict reproducibility, but the subsequent example only shows a generic path. Consider adding a brief example showing how to obtain the file from a specific tag:
# Clone at a specific tag to match your chart version git clone --depth 1 --branch v1.2.3 https://github.com/linuxfoundation/lfx-v2-helm.git helm install -n lfx lfx-platform \ oci://ghcr.io/linuxfoundation/lfx-v2-helm/chart/lfx-platform \ --version 1.2.3 \ --values lfx-v2-helm/charts/lfx-platform/values-local.yaml🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/README.md` around lines 44 - 61, Add a concise example showing how to obtain values-local.yaml from a specific tag and use it with Helm: instruct to clone the repo at a given tag/branch (e.g. using git clone --branch <tag> --depth 1) and then run helm install with the matching --version and the local --values path (referencing the example helm install command in the README and the values-local.yaml file under charts/lfx-platform/values-local.yaml) so users can reproduce exact chart+values combinations.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/lfx-platform/README.md`:
- Line 223: Update the second step header in the "Using external PostgreSQL with
OpenFGA" section of charts/lfx-platform/README.md so its ordered list number is
"2." instead of "1."; locate the list item containing the text "Configure
OpenFGA in your values file:" and change its numeric prefix to 2 to correct the
sequence.
---
Nitpick comments:
In `@charts/lfx-platform/README.md`:
- Around line 44-61: Add a concise example showing how to obtain
values-local.yaml from a specific tag and use it with Helm: instruct to clone
the repo at a given tag/branch (e.g. using git clone --branch <tag> --depth 1)
and then run helm install with the matching --version and the local --values
path (referencing the example helm install command in the README and the
values-local.yaml file under charts/lfx-platform/values-local.yaml) so users can
reproduce exact chart+values combinations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: b30ecd2c-8e5d-4542-a57a-3f16e382ccab
📒 Files selected for processing (2)
charts/lfx-platform/README.mdcharts/lfx-platform/values-local.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
- charts/lfx-platform/values-local.yaml
…erride Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
andrest50
force-pushed
the
andrest50/local-development
branch
from
a8cd0c7 to
a617075
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (1)
charts/lfx-platform/values-local.yaml (1)
25-35: Consider setting GOMEMLIMIT below the memory limit to avoid OOM risk.
GOMEMLIMIT: 2GiBequals the container'smemory: 2Gilimit. GOMEMLIMIT controls heap, but Go also needs memory for stacks, runtime structures, and potential cgo allocations. Setting them equal leaves no headroom, which can trigger OOM kills under load.For local development this is low-risk, but 80-90% of the limit (~1.6-1.8GiB) is a safer default.
💡 Suggested adjustment
container: env: - GOMEMLIMIT: 2GiB + GOMEMLIMIT: 1800MiB🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/values-local.yaml` around lines 25 - 35, The GOMEMLIMIT is set equal to the container memory limit (GOMEMLIMIT: 2GiB vs resources.limits.memory: 2Gi), which can leave no headroom for stacks and runtime and risk OOMs; update the GOMEMLIMIT entry in values-local.yaml (container.env.GOMEMLIMIT) to a safer value around 80–90% of the memory limit (e.g., 1.6GiB–1.8GiB) and ensure this value is adjusted whenever container.resources.limits.memory is changed so heap cap stays below the container limit.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@charts/lfx-platform/values-local.yaml`:
- Around line 25-35: The GOMEMLIMIT is set equal to the container memory limit
(GOMEMLIMIT: 2GiB vs resources.limits.memory: 2Gi), which can leave no headroom
for stacks and runtime and risk OOMs; update the GOMEMLIMIT entry in
values-local.yaml (container.env.GOMEMLIMIT) to a safer value around 80–90% of
the memory limit (e.g., 1.6GiB–1.8GiB) and ensure this value is adjusted
whenever container.resources.limits.memory is changed so heap cap stays below
the container limit.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 5714797f-d99d-41df-9abf-2cc346011f50
📒 Files selected for processing (2)
charts/lfx-platform/README.mdcharts/lfx-platform/values-local.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
- charts/lfx-platform/README.md
- Rename values-local.yaml to values.local.example.yaml to match the values.local.yaml (gitignored) override pattern - Add Secrets setup section to README documenting required Kubernetes secrets per subchart with kubectl commands and 1Password reference - Add Prerequisites table listing which subcharts require secrets - Restructure README installing section: namespace creation moved up, local values section covers both OCI and source installs - Update stale values.yaml comments referencing values-secrets.yaml - Update .gitignore: replace values-secrets.yaml with tmp/ Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
Replace stale parameter tables with subchart reference tables linking to upstream documentation for infrastructure subcharts and to each service repo's Helm chart folder for LFX service subcharts. Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
- Add external-secrets operator as a Helm dependency (enabled by default) - Enable voting, survey, meeting, and mailing-list service subcharts - Add "Developing a service locally" section to README - Add External Secrets Operator row to infrastructure subcharts table in README - Update Chart.lock with new dependency digest Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (3)
charts/lfx-platform/values.yaml (1)
569-571: Consider whetherexternal-secretsshould be enabled by default.The
external-secretschart is now enabled by default invalues.yaml. However, the PR objective mentions disabling ESO for local installs because IRSA/OIDC isn't available on local clusters. Consider whetherenabled: falsewould be more appropriate as the default, with users opting in when needed.If keeping it enabled, note that
installCRDs: trueis appropriate for standalone installs but may conflict with existing CRD installations in some environments.💡 Alternative: disable by default
external-secrets: - enabled: true + enabled: false installCRDs: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/values.yaml` around lines 569 - 571, The external-secrets default should be disabled for local installs: change the external-secrets block so enabled is false by default (external-secrets.enabled) to avoid requiring IRSA/OIDC on local clusters, and review installCRDs (external-secrets.installCRDs) so it is only set true when installing standalone CRDs to avoid CRD conflicts in environments with existing CRDs; update documentation or values comment to indicate users can opt-in by setting external-secrets.enabled: true and enabling installCRDs when appropriate.charts/lfx-platform/values.local.example.yaml (1)
86-87: MissingexternalSecretsOperatorconfig forlfx-v2-meeting-service.In
values.yaml,lfx-v2-meeting-servicehasexternalSecretsOperator.enabled: false, but this example file doesn't include it. For consistency with other services that disable ESO (mailing-list, survey, voting), consider adding the same block here.📝 Suggested addition
lfx-v2-meeting-service: replicaCount: 1 + externalSecretsOperator: + enabled: false🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/values.local.example.yaml` around lines 86 - 87, Add the missing externalSecretsOperator block for lfx-v2-meeting-service to match other services: locate the lfx-v2-meeting-service section and add an externalSecretsOperator entry with enabled: false (and any other properties used in the examples for mailing-list, survey, voting) so the example mirrors values.yaml and disables ESO for this service; reference the lfx-v2-meeting-service key and the externalSecretsOperator.enabled flag when making the change.charts/lfx-platform/README.md (1)
159-161: Minor: Relative path may not resolve correctly.The reference to
[values.yaml](charts/lfx-platform/values.yaml)uses a relative path that assumes the reader is viewing from the repository root. When viewing the README from within thecharts/lfx-platform/directory (e.g., on GitHub), this link will be broken.📝 Suggested fix
-is the inline comments in [`values.yaml`](charts/lfx-platform/values.yaml). +is the inline comments in [`values.yaml`](./values.yaml).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/README.md` around lines 159 - 161, The README anchor to charts/lfx-platform/values.yaml uses a repo-root relative path which breaks when viewing README.md from within charts/lfx-platform; update the link in README.md to a directory-relative path (e.g., ./values.yaml or simply values.yaml) so it resolves correctly when the file is viewed from the charts/lfx-platform directory and still works from the repo root; edit the reference in README.md that mentions values.yaml to use the new relative path.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/lfx-platform/README.md`:
- Line 188: The README table and the chart values disagree about the External
Secrets Operator default; reconcile them by either updating the README table row
for "External Secrets Operator | `external-secrets`" to show `true` or by
changing the chart values entry `external-secrets` so its `enabled` key is
`false`; locate the chart's values.yaml entry labeled `external-secrets` (the
one containing `enabled: true`) and make the change so the README table and the
`external-secrets.enabled` value are consistent.
In `@charts/lfx-platform/values.yaml`:
- Around line 359-370: GOMEMLIMIT is set to 2GiB which equals
merge.resources.limits.memory (2Gi) and exceeds the comment's ~80%
recommendation; change GOMEMLIMIT to roughly 80% of the container memory limit
(e.g., set GOMEMLIMIT to 1600Mi) and ensure it stays in sync with
merge.resources.limits.memory and merge.resources.requests.memory if those
values change so the Go runtime can trigger GC before hitting the limit.
---
Nitpick comments:
In `@charts/lfx-platform/README.md`:
- Around line 159-161: The README anchor to charts/lfx-platform/values.yaml uses
a repo-root relative path which breaks when viewing README.md from within
charts/lfx-platform; update the link in README.md to a directory-relative path
(e.g., ./values.yaml or simply values.yaml) so it resolves correctly when the
file is viewed from the charts/lfx-platform directory and still works from the
repo root; edit the reference in README.md that mentions values.yaml to use the
new relative path.
In `@charts/lfx-platform/values.local.example.yaml`:
- Around line 86-87: Add the missing externalSecretsOperator block for
lfx-v2-meeting-service to match other services: locate the
lfx-v2-meeting-service section and add an externalSecretsOperator entry with
enabled: false (and any other properties used in the examples for mailing-list,
survey, voting) so the example mirrors values.yaml and disables ESO for this
service; reference the lfx-v2-meeting-service key and the
externalSecretsOperator.enabled flag when making the change.
In `@charts/lfx-platform/values.yaml`:
- Around line 569-571: The external-secrets default should be disabled for local
installs: change the external-secrets block so enabled is false by default
(external-secrets.enabled) to avoid requiring IRSA/OIDC on local clusters, and
review installCRDs (external-secrets.installCRDs) so it is only set true when
installing standalone CRDs to avoid CRD conflicts in environments with existing
CRDs; update documentation or values comment to indicate users can opt-in by
setting external-secrets.enabled: true and enabling installCRDs when
appropriate.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 18897e89-c552-4a0f-8a28-2f0c9ce213c2
⛔ Files ignored due to path filters (1)
charts/lfx-platform/Chart.lockis excluded by!**/*.lock
📒 Files selected for processing (5)
.gitignorecharts/lfx-platform/Chart.yamlcharts/lfx-platform/README.mdcharts/lfx-platform/values.local.example.yamlcharts/lfx-platform/values.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
- .gitignore
- Add GROUPSIO to cspell word list - Fix dead link: use relative path values.yaml instead of charts/lfx-platform/values.yaml - Correct External Secrets Operator default in README table to true Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
charts/lfx-platform/README.md (1)
238-238:⚠️ Potential issue | 🟡 MinorFix ordered list numbering in OpenFGA external PostgreSQL steps.
This is the second step, so it should be
2.instead of1..📝 Proposed fix
-1. Configure OpenFGA in your values file: +2. Configure OpenFGA in your values file:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/README.md` at line 238, Update the ordered list number for the OpenFGA external PostgreSQL steps under the section starting with "Configure OpenFGA in your values file:" so the second step reads "2." instead of "1."; locate the list item in README.md that currently starts with "1." and change it to "2." to correct the ordered numbering.
🧹 Nitpick comments (1)
charts/lfx-platform/README.md (1)
35-69: Use a namespace placeholder instead of hardcodinglfxin secret commands.These snippets will fail or create secrets in the wrong namespace when users install into a different namespace. Consider using
<namespace>consistently in allkubectl create secret ... -n ...examples.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/README.md` around lines 35 - 69, Replace the hardcoded namespace "lfx" with a namespace placeholder in all secret examples so users installing to a different namespace won't fail; update each kubectl create secret line for the secrets named lfx-v2-voting-service, lfx-v2-survey-service, meeting-secrets and lfx-v2-mailing-list-service to use a consistent placeholder like <namespace> (or mention using an env var such as NAMESPACE) instead of -n lfx, and ensure the README text around those examples references the placeholder consistently.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/lfx-platform/README.md`:
- Around line 112-121: The README currently conflicts about where local defaults
live; update the paragraph to clearly state that charts/lfx-platform/values.yaml
contains the upstream/default configuration while
charts/lfx-platform/values.local.example.yaml is a template for local overrides
and charts/lfx-platform/values.local.yaml (gitignored) is where users put their
environment-specific overrides; adjust the explanatory sentence and the cp
example text to reflect that values.local.example.yaml supplies local override
defaults (not values.yaml) and ensure wording consistently refers to "default
values in values.yaml" vs "local overrides in values.local.yaml".
---
Duplicate comments:
In `@charts/lfx-platform/README.md`:
- Line 238: Update the ordered list number for the OpenFGA external PostgreSQL
steps under the section starting with "Configure OpenFGA in your values file:"
so the second step reads "2." instead of "1."; locate the list item in README.md
that currently starts with "1." and change it to "2." to correct the ordered
numbering.
---
Nitpick comments:
In `@charts/lfx-platform/README.md`:
- Around line 35-69: Replace the hardcoded namespace "lfx" with a namespace
placeholder in all secret examples so users installing to a different namespace
won't fail; update each kubectl create secret line for the secrets named
lfx-v2-voting-service, lfx-v2-survey-service, meeting-secrets and
lfx-v2-mailing-list-service to use a consistent placeholder like <namespace> (or
mention using an env var such as NAMESPACE) instead of -n lfx, and ensure the
README text around those examples references the placeholder consistently.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: fbddf4e3-e0e9-4c05-9d38-7310027c0ed8
📒 Files selected for processing (2)
.cspell.jsoncharts/lfx-platform/README.md
bramwelt
requested changes
Mar 13, 2026
Contributor
bramwelt
left a comment
bramwelt
left a comment
There was a problem hiding this comment.
Just a minor nit, otherwise this looks good. Thanks for the updates!
charts/lfx-platform/values.yaml
Outdated
| additionalArgs: [--control-loop] | ||
|
|
||
| external-secrets: | ||
| enabled: true |
Contributor
There was a problem hiding this comment.
This should be disable by default, just like cert-manager and trust-manager.
- Set external-secrets.enabled to false in values.yaml - Bump openfga to 0.2.56, heimdall to 0.16.11 - Bump lfx-v2-meeting-service to 0.7.0 - Bump lfx-v2-mailing-list-service to 0.2.0 - Bump lfx-v2-voting-service to 0.2.1 - Bump lfx-v2-survey-service to 0.2.1 Generated with [Claude Code](https://claude.ai/claude-code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
bramwelt
approved these changes
Mar 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
values-local.yamlfile to the chart for local development installs, reducing resource requirements and disabling components that require AWS infrastructure unavailable outside of EKS. Also updates subchart dependency versions that were out of date.Changes
values-local.yaml— local development overridesAdded a tracked
values-local.yamlthat ships with the chart package. This file reduces resource limits and replica counts to make the chart installable on a local machine with limited RAM.The default
values.yamlis production-grade and requires significant memory — for example, NATS alone requests ~12Gi across 3 replicas with 8Gi limits each. On a local machine this causes pods to get stuck inPendingwithInsufficient memory. The local overrides bring this down to a manageable footprint:README.md— local development installation instructionsUpdated the OCI registry install section to omit
--versionso the latest chart version is always used, and added a local development subsection with install commands usingvalues-local.yaml— both via raw GitHub URL (no clone needed) and from a local file path.ExternalSecrets Operator disabled for local installs
Three services use AWS Secrets Manager via IRSA (IAM Roles for Service Accounts) —
lfx-v2-voting-service,lfx-v2-survey-service, andlfx-v2-mailing-list-service. This auth path requires an EKS OIDC provider and an annotated IAM role on the service account, neither of which exist on a local k3s/OrbStack cluster. Without this override the SecretStores fail withunable to create session: an IAM role must be associated with service account. The local values file disables the operator for these services.Chart.yaml/Chart.lock— subchart dependency updatesUpdated subchart dependency versions in
Chart.yamland regeneratedChart.lockto reflect versions that were out of date.Ticket
LFXV2-1256
🤖 Generated with Claude Code