Skip to content

perf-sentinel chart v0.2.25

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 May 11:21
· 575 commits to main since this release
chart-v0.2.25
b485cba

What's new in chart-v0.2.25

This is a daemon-version-only chart bump: appVersion advances from 0.5.21 to 0.5.22, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.5.22, and the artifacthub.io/images annotation is updated in lockstep so the Artifact Hub listing advertises the matching image. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret. The chart-v0.2.24 surface is preserved byte-for-byte.

The 0.5.22 daemon image bundles a new perf-sentinel ack CLI subcommand for the runtime ack API introduced in v0.5.20: perf-sentinel ack create --signature <SIG> --reason <TEXT> [--expires 7d], perf-sentinel ack revoke --signature <SIG>, perf-sentinel ack list [--output text|json]. From a chart perspective this means operators with shell access to the daemon pod can drive ack creation and revocation interactively (kubectl exec deploy/perf-sentinel -- perf-sentinel ack list) or from a runbook script in a sidecar, without rebuilding the curl pipeline that v0.5.20 required. The HTTP API surface is byte-for-byte unchanged from v0.5.20 / v0.5.21, so external scrapers, the v0.5.21 Prometheus counters, the loopback-default --listen-address posture, and the optional [daemon.ack] api_key plus X-API-Key auth scheme all keep their prior contracts.

Changed

  • appVersion bumped from 0.5.21 to 0.5.22, default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.5.22. The artifacthub.io/images annotation tracks the bump.
  • No chart-level config change. values.yaml, every template, the ServiceMonitor rendering, the NetworkPolicy rendering, the optional [daemon.ack] ConfigMap-and-Secret plumbing, and the ack-toml-baseline mount are byte-for-byte identical to the previous chart release.

Behavior

  • The new CLI ships inside the existing daemon image. No second image, no separate sidecar deployment. Operators run the CLI via kubectl exec against the running pod, or bake it into a Job / runbook container that uses the same ghcr.io/robintra/perf-sentinel:0.5.22 reference.
  • No HTTP-shape change on the daemon side. The three ack endpoints (POST / DELETE /api/findings/{signature}/ack and GET /api/acks), the v0.5.21 /metrics counters, and every other route keep their v0.5.21 status codes and JSON shapes. Scrapers, ServiceMonitor rules, and existing automation continue to work without adjustment.
  • No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged. A helm upgrade from chart-v0.2.24 keeps the daemon's existing acks.jsonl intact, the daemon replays and atomically rewrites it at startup as it did before.
  • Auth resolution for the in-pod CLI. When [daemon.ack] api_key is set, the CLI inside the pod resolves the key in priority order: PERF_SENTINEL_DAEMON_API_KEY env var (which can be sourced from the existing chart-rendered Secret), then --api-key-file <path> (with O_NOFOLLOW and a TTY-gated permission warning), then a no-echo prompt if a 401 is received and stdin is a TTY. There is no --api-key <SECRET> flag, by design. Operators driving the CLI through kubectl exec -i -t get the prompt path, those running it in a Job / CronJob get the env-var path against the same Secret the daemon already mounts.
  • Default --daemon URL targets http://localhost:4318 which matches the chart-rendered Service port for OTLP_HTTP. In-pod invocations need no --daemon flag.

Install

helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.25

Upgrade an existing release:

helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.25

Drive the new CLI from a running pod:

kubectl exec -it deploy/perf-sentinel -- perf-sentinel ack list
kubectl exec -it deploy/perf-sentinel -- perf-sentinel ack create \
  --signature "n_plus_one_sql:order-svc:_api_orders:0123456789abcdef" \
  --reason "deferred to next sprint" \
  --expires 7d

The matching daemon release is v0.5.22, see those release notes for the application-side changes (the new perf-sentinel ack CLI surface in detail, the --daemon URL hardening, the --api-key-file symlink-refusal posture, the new fetch_with_body helper, and the new docs/CLI.md and docs/ACK-WORKFLOW.md reference pages).

View this release on Artifact Hub.

Assets 4
Loading