Add conditional TLS support to Ingress in Helm chart

[NicolasBoulard]

This PR adds conditional TLS support to the Helm chart's Ingress resource. The TLS block is rendered only if the ingress.tlsSecret value is defined, allowing users to enable HTTPS by specifying a Kubernetes TLS secret.

Motivation:

This enhancement improves flexibility and security for users deploying pgAdmin4 in Kubernetes environments with HTTPS requirements.

Closes #9345

Summary by CodeRabbit

Release Notes

• New Features
  • Added TLS support for ingress resources via a new tlsSecret configuration option, enabling you to specify a Kubernetes secret containing TLS certificates for HTTPS-enabled ingress communication. TLS configuration automatically applies when this value is provided.

[dpage]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

The changes add TLS configuration support to the Helm chart's Ingress resource. A new ingress.tlsSecret value is introduced to allow users to specify a Kubernetes secret for TLS, which is conditionally applied to the Ingress spec when provided. Documentation is updated accordingly.

Changes

Cohort / File(s)	Summary
TLS Configuration Support pkg/helm/README.md, pkg/helm/templates/ingress.yaml, pkg/helm/values.yaml	Adds conditional TLS support to Ingress: new ingress.tlsSecret field in values triggers TLS block in template with hostname and secret reference; README documentation updated with new configuration entry.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify that the TLS conditional block logic in ingress.yaml is correctly templated and aligns with Kubernetes Ingress spec standards
• Confirm that the new ingress.tlsSecret field in values.yaml is properly scoped and documented in README.md

Poem

🐇 A secret for TLS, encrypted with care,
Hostnames and settings, securely they pair,
Conditional magic in Helm templates bright,
Ingress now fortified, secure and just right! 🔐

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding conditional TLS support to the Helm chart's Ingress resource.
Linked Issues check	✅ Passed	All objectives from issue #9345 are met: TLS configuration support via Helm values, conditional rendering of TLS block, configurable user deployment, and matching the provided template implementation.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing conditional TLS support for the Ingress resource as specified in issue #9345; no extraneous modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60c56b3 and e4e840e.

📒 Files selected for processing (3)

• pkg/helm/README.md (1 hunks)
• pkg/helm/templates/ingress.yaml (1 hunks)
• pkg/helm/values.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: run-python-tests-pg (ubuntu-22.04, 14)
• GitHub Check: run-python-tests-pg (ubuntu-22.04, 16)
• GitHub Check: run-python-tests-pg (ubuntu-22.04, 17)
• GitHub Check: run-python-tests-pg (ubuntu-22.04, 18)
• GitHub Check: run-python-tests-pg (ubuntu-22.04, 15)
• GitHub Check: run-python-tests-pg (ubuntu-22.04, 13)
• GitHub Check: run-python-tests-pg (macos-latest, 17)
• GitHub Check: build-tarball
• GitHub Check: build-python-package
• GitHub Check: run-feature-tests-pg (16)
• GitHub Check: run-feature-tests-pg (18)
• GitHub Check: run-feature-tests-pg (13)
• GitHub Check: run-feature-tests-pg (15)
• GitHub Check: run-feature-tests-pg (17)
• GitHub Check: run-feature-tests-pg (14)
• GitHub Check: build-container
• GitHub Check: build-docs
• GitHub Check: run-javascript-tests (ubuntu-22.04)
• GitHub Check: run-javascript-tests (macos-latest)
• GitHub Check: run-javascript-tests (windows-latest)

🔇 Additional comments (3)

pkg/helm/README.md (1)

42-42: Documentation update is consistent and clear.

The new ingress.tlsSecret entry is properly formatted and logically placed within the Important Values table, following the existing conventions.

pkg/helm/values.yaml (1)

101-102: Helm value addition is correctly positioned and configured.

The new tlsSecret field is properly nested under the ingress section with a clear comment explaining its purpose. The empty default makes TLS opt-in, which aligns with the PR objective of keeping TLS configurable.

pkg/helm/templates/ingress.yaml (1)

24-29: TLS block implementation is correct and follows Kubernetes Ingress API spec.

The conditional TLS block is properly structured:

• Line 24: Condition correctly evaluates ingress.tlsSecret as truthy/falsy
• Lines 25-28: TLS section follows Kubernetes Ingress spec with hosts array and secretName
• Line 27: Reuses the same tpl templating approach as the ingress rule hostname (line 14) for consistency
• Indentation is correct for the spec-level block
• Empty secret name results in the TLS block being omitted, achieving the intended opt-in behavior

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dpage]

@coderabbitai configuration

[coderabbitai]

CodeRabbit configuration

language: en-US
tone_instructions: ''
early_access: false
enable_free_tier: true
reviews:
  profile: chill
  request_changes_workflow: false
  high_level_summary: true
  high_level_summary_placeholder: '@coderabbitai summary'
  high_level_summary_in_walkthrough: false
  auto_title_placeholder: '@coderabbitai'
  auto_title_instructions: ''
  review_status: true
  commit_status: true
  fail_commit_status: false
  collapse_walkthrough: false
  changed_files_summary: true
  sequence_diagrams: true
  estimate_code_review_effort: true
  assess_linked_issues: true
  related_issues: true
  related_prs: true
  suggested_labels: true
  labeling_instructions: []
  auto_apply_labels: false
  suggested_reviewers: true
  auto_assign_reviewers: false
  in_progress_fortune: true
  poem: true
  path_filters: []
  path_instructions: []
  abort_on_close: true
  disable_cache: false
  auto_review:
    enabled: true
    auto_incremental_review: true
    ignore_title_keywords: []
    labels: []
    drafts: false
    base_branches: []
    ignore_usernames: []
  finishing_touches:
    docstrings:
      enabled: true
    unit_tests:
      enabled: true
  pre_merge_checks:
    docstrings:
      mode: warning
      threshold: 80
    title:
      mode: warning
      requirements: ''
    description:
      mode: warning
    issue_assessment:
      mode: warning
    custom_checks: []
  tools:
    ast-grep:
      rule_dirs: []
      util_dirs: []
      essential_rules: true
      packages: []
    shellcheck:
      enabled: true
    ruff:
      enabled: true
    markdownlint:
      enabled: true
    github-checks:
      enabled: true
      timeout_ms: 90000
    languagetool:
      enabled: true
      enabled_rules: []
      disabled_rules: []
      enabled_categories: []
      disabled_categories: []
      enabled_only: false
      level: default
    biome:
      enabled: true
    hadolint:
      enabled: true
    swiftlint:
      enabled: true
    phpstan:
      enabled: true
      level: default
    phpmd:
      enabled: true
    phpcs:
      enabled: true
    golangci-lint:
      enabled: true
    yamllint:
      enabled: true
    gitleaks:
      enabled: true
    checkov:
      enabled: true
    detekt:
      enabled: true
    eslint:
      enabled: true
    flake8:
      enabled: true
    rubocop:
      enabled: true
    buf:
      enabled: true
    regal:
      enabled: true
    actionlint:
      enabled: true
    pmd:
      enabled: true
    clang:
      enabled: true
    cppcheck:
      enabled: true
    semgrep:
      enabled: true
    circleci:
      enabled: true
    clippy:
      enabled: true
    sqlfluff:
      enabled: true
    prismaLint:
      enabled: true
    pylint:
      enabled: true
    oxc:
      enabled: true
    shopifyThemeCheck:
      enabled: true
    luacheck:
      enabled: true
    brakeman:
      enabled: true
    dotenvLint:
      enabled: true
    htmlhint:
      enabled: true
    checkmake:
      enabled: true
    osvScanner:
      enabled: true
chat:
  art: true
  auto_reply: true
  integrations:
    jira:
      usage: auto
    linear:
      usage: auto
knowledge_base:
  opt_out: false
  web_search:
    enabled: true
  code_guidelines:
    enabled: true
    filePatterns: []
  learnings:
    scope: auto
  issues:
    scope: auto
  jira:
    usage: auto
    project_keys: []
  linear:
    usage: auto
    team_keys: []
  pull_requests:
    scope: auto
  mcp:
    usage: auto
    disabled_servers: []
code_generation:
  docstrings:
    language: en-US
    path_instructions: []
  unit_tests:
    path_instructions: []

[NicolasBoulard]

I pulled the latest changes from the master branch because the tests were failing, even though the failures were unrelated to the code I added. Is it possible to rerun the tests?