Skip to content

perf-sentinel chart v0.2.27

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 May 20:05
· 553 commits to main since this release
chart-v0.2.27
553e304

What's new in chart-v0.2.27

This is a daemon-version-only chart bump: appVersion advances from 0.5.23 to 0.5.24, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.5.24, and the artifacthub.io/images annotation is updated in lockstep so the Artifact Hub listing advertises the matching image. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret. The chart-v0.2.26 surface is preserved byte-for-byte.

The 0.5.24 daemon image closes the three-axis UX marathon over the v0.5.20 ack API. After the CLI helper landed in 0.5.22 and the HTML dual-mode in 0.5.23, the TUI ratatui inspector now supports interactive ack and revoke actions directly from perf-sentinel query inspect. Pressing a on a selected finding opens an acknowledgment modal (reason, expires, by) that posts to POST /api/findings/{sig}/ack, pressing u opens a revoke confirmation that submits a DELETE. The Findings panel renders an italic gray [acked by <user>] indicator next to acknowledged findings. Auth resolution mirrors the CLI ack helper: PERF_SENTINEL_DAEMON_API_KEY env var first, --api-key-file <path> flag fallback (new on query inspect), no interactive password prompt because raw mode plus alternate-screen entry are incompatible with rpassword TTY input.

From a chart perspective, this surface is entirely client-side. The TUI runs inside the operator's terminal against an externally exposed daemon Service (or via kubectl port-forward against the in-cluster ClusterIP), exactly the same posture as perf-sentinel ack (chart-v0.2.25) and perf-sentinel report --daemon-url (chart-v0.2.26). No new daemon endpoint, no new HTTP shape, no new metric, no new TOML knob. The boot fetch widens to GET /api/findings?include_acked=true&limit=1000 (was ?limit=10000 without include_acked); the daemon already capped at the same 1000 server-side, so wire payload size is unchanged, the only new field flowing through is acknowledged_by on the existing FindingResponse wrapper.

The HTTP API surface, the v0.5.21 Prometheus counters, the v0.5.23 [daemon.cors] config section, the ServiceMonitor rendering, the NetworkPolicy rendering, and the optional [daemon.ack] ConfigMap-and-Secret plumbing all keep their prior contracts. A helm upgrade from chart-v0.2.26 to chart-v0.2.27 is metadata-only.

Changed

  • appVersion bumped from 0.5.23 to 0.5.24, default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.5.24. The artifacthub.io/images annotation tracks the bump.
  • No chart-level config change. values.yaml, every template, the ServiceMonitor rendering, the NetworkPolicy rendering, the optional [daemon.ack] ConfigMap-and-Secret plumbing, the optional [daemon.cors] plumbing, and the ack-toml-baseline mount are byte-for-byte identical to chart-v0.2.26.

Behavior

  • No HTTP-shape change on the daemon side. The three ack endpoints (POST / DELETE /api/findings/{signature}/ack and GET /api/acks), the v0.5.21 /metrics counters, the /api/findings, /api/status, /api/correlations, /api/explain/*, /api/export/report routes, and every other route keep their v0.5.23 status codes and JSON shapes. Scrapers, ServiceMonitor rules, and existing automation continue to work without adjustment.
  • acknowledged_by on /api/findings. The field has been part of FindingResponse since v0.5.20 (returned when the request passes ?include_acked=true). v0.5.24 only widens the consumer side: the CLI now decodes the wrapper rather than stripping it. Existing scrapers that parse Vec<StoredFinding> continue to work because FindingResponse #[serde(flatten)]s StoredFinding and gates acknowledged_by behind #[serde(skip_serializing_if = "Option::is_none")]. Daemon-side wire output is unchanged.
  • No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged. A helm upgrade from chart-v0.2.26 keeps the daemon's existing acks.jsonl intact, the daemon replays and atomically rewrites it at startup as it did before.
  • [daemon.cors] opt-in surface is unchanged. The v0.5.23 layer scoping (only /api/*, never /v1/traces or /metrics or /health), the allow-list shape (methods GET, POST, DELETE, OPTIONS, headers Content-Type, X-API-Key), the 120-second max-age, and the daemon.api_enabled = false cross-section refusal all behave identically. Operators who whitelisted browser origins for chart-v0.2.26 keep the same posture.
  • [daemon.ack] opt-in surface is unchanged. enabled = true (default since v0.5.20), the api_key X-API-Key gate, the storage_path JSONL location, the v0.5.21 ack Prometheus counters, and the v0.5.20 cross-source ack precedence (TOML wins over JSONL) all keep their v0.5.23 contracts.
  • Per-finding cap on the boot fetch is honest. The CLI now asks for limit=1000, matching the daemon's MAX_FINDINGS_LIMIT cap that has truncated server-side since v0.5.17. The daemon's response size is unchanged. Operators relying on ?limit= higher than 1000 in their own automation continue to be silently capped at 1000, the v0.5.24 change is CLI-side honesty only.
  • TUI runs from outside the cluster. Operators launch perf-sentinel query --daemon <URL> inspect against the chart-rendered Service (LoadBalancer / Ingress / port-forward). The TUI does not touch in-cluster resources. a and u are no-op in batch mode (inspect --input against a local events file) since acknowledgment requires a running daemon to persist.
  • Synchronous HTTP from the TUI. The ack/revoke submit blocks the run loop for the duration of the round-trip (typically 100-300 ms on localhost, bounded by REQUEST_TIMEOUT = 10s shared with the CLI ack helper). The cluster sees a normal short-lived POST or DELETE request, no long-poll, no streaming.

Install

helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.27

Upgrade an existing release:

helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.27

Drive ack and revoke from the TUI against a port-forwarded daemon:

kubectl port-forward svc/perf-sentinel 4318:4318 &

# No daemon API key configured: just open the TUI.
perf-sentinel query --daemon http://localhost:4318 inspect

# Daemon configured with [daemon.ack] api_key: pass the key file.
echo -n "$(kubectl get secret perf-sentinel-ack -o jsonpath='{.data.api-key}' | base64 -d)" \
  > /tmp/ps-ack.key
chmod 600 /tmp/ps-ack.key
perf-sentinel query --daemon http://localhost:4318 inspect \
  --api-key-file /tmp/ps-ack.key

Inside the TUI, press a on a finding to acknowledge, u to revoke, q to quit. See docs/INSPECT.md for the full keybinding reference and the auth flow.

Marathon UX closed. This release ships the third and last surface above the daemon ack API: CLI helper (chart-v0.2.25 / v0.5.22), HTML dual-mode (chart-v0.2.26 / v0.5.23), TUI interactive (chart-v0.2.27 / v0.5.24). All three surfaces consume the same daemon endpoints with no daemon-side wire change across the marathon.

Full Changelog: chart-v0.2.26...chart-v0.2.27

Assets 4
Loading