feat: New akvorado, clickhouse and kafka chart #72
Conversation
WalkthroughAdds three new Helm charts (akvorado, clickhouse, kafka) with chart metadata, values, templates (Deployments, Services, PV/PVCs, ConfigMaps, Secrets, CRs) and helper templates; includes README and .helmignore files and initContainer wait logic in several Deployments. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Exporter as Flow Exporters
participant Inlet as Akvorado Inlet
participant Orch as Akvorado Orchestrator
participant Kafka as Kafka (Strimzi)
participant CH as ClickHouse
participant Console as Console
participant Redis as Redis
participant GeoIP as GeoIP Sidecar
note over Inlet,Orch: Startup ordering
Inlet->>Orch: init wait for orchestrator:8080
Orch->>Kafka: init wait for kafka-external:9094
note over Exporter,Inlet: Ingest
Exporter-->>Inlet: NetFlow/sFlow
Inlet->>Orch: metadata/register
Inlet->>Kafka: produce flows
note over Kafka,CH: Storage pipeline
Kafka-->>CH: consume/ingest
Orch->>CH: manage schema/writes (via config)
note over Console,Redis: Query path
Console->>Orch: API requests
Console->>Redis: cache reads
Orch->>CH: read analytics
CH-->>Orch: results
Orch-->>Console: responses
sequenceDiagram
autonumber
participant User as helm/kubectl
participant K8s as Kubernetes
participant CM as ConfigMap
participant PV as SeaweedFS PV/PVC
participant Deploys as Deployments/CRs
User->>K8s: helm install charts (akvorado/clickhouse/kafka)
K8s-->>CM: create orchestrator ConfigMap and related config
K8s-->>PV: create PV/PVCs (console/inlet/geoip)
K8s-->>Deploys: create Deployments and CRs (orchestrator, inlet, console, redis, clickhouse, keeper, kafka)
Estimated code review effort🎯 4 (Complex) | ⏱️ ~70 minutes Suggested reviewers
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 27
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
kubernetes/akvorado/Chart.yaml (1)
1-30: Fix CRLF newlines (YAML lint failing).YAMLlint reports “wrong new line character: expected \n”. Convert file EOLs to LF to unblock CI.
kubernetes/kafka/Chart.yaml (1)
1-30: Fix CRLF newlines (YAML lint failing).Convert to LF; current EOLs cause YAMLlint error.
🧹 Nitpick comments (59)
kubernetes/akvorado/Chart.yaml (3)
27-29: Use a clearer SemVer constraint for dependencies.Prefer ^1 or >=1.0.0 <2.0.0 over 1.x.x for compatibility with Helm’s Masterminds/semver.
dependencies: - name: common repository: https://svtechnmaa.github.io/charts/artifacthub/ - version: 1.x.x + version: ^1.0.0
20-24: Confirm appVersion reflects the deployed Akvorado version.If this charts an Akvorado release, align appVersion with the actual image/tag used. If not known, omit or set accurately.
1-3: Add chart metadata for installability and cataloging.kubeVersion gate + metadata (home, sources, maintainers, keywords) improves UX and Artifact Hub listing.
apiVersion: v2 name: akvorado description: A Helm chart for Kubernetes +type: application +kubeVersion: ">=1.25.0-0" +home: https://akvorado.net/ +sources: + - https://github.com/akvorado/akvorado +keywords: + - netflow + - ipfix + - sflow +maintainers: + - name: svtechnmaa + email: noreply@example.comkubernetes/akvorado/.helmignore (2)
1-24: Normalize EOL to LF.Same CRLF issue as other files; keep LF for Helm packaging.
19-23: Harden .helmignore with common Helm artifacts.Avoid packaging nested charts, locks, and archives.
*.tmproj .vscode/ +charts/ +Chart.lock +tmp/ +*.tgzkubernetes/clickhouse/.helmignore (1)
1-24: Add standard Helm ignores and normalize EOL.Mirror additions made in akvorado/.helmignore; ensure LF newlines.
*.tmproj .vscode/ +charts/ +Chart.lock +tmp/ +*.tgzkubernetes/kafka/.helmignore (1)
1-24: Add standard Helm ignores and normalize EOL.Same as other charts; add charts/, Chart.lock, tmp/, *.tgz and use LF.
*.tmproj .vscode/ +charts/ +Chart.lock +tmp/ +*.tgzkubernetes/kafka/Chart.yaml (3)
27-29: Tighten dependency version constraint.- name: common repository: https://svtechnmaa.github.io/charts/artifacthub/ - version: 1.x.x + version: ^1.0.0
20-24: Set appVersion to the actual target (Kafka or Strimzi).“1.16.0” looks like the helm create default. If this installs Strimzi CRs, appVersion should match the Strimzi operator (or Kafka) version used by the templates/images.
1-3: Add kubeVersion and metadata.Improves UX and discovery.
apiVersion: v2 name: kafka description: A Helm chart for Kubernetes +type: application +kubeVersion: ">=1.25.0-0" +home: https://strimzi.io/ +sources: + - https://github.com/strimzi/strimzi-kafka-operator +keywords: + - kafka + - strimzi +maintainers: + - name: svtechnmaa + email: noreply@example.comkubernetes/akvorado/README.md (3)
31-36: Fix grammar in parameters table.Minor wording/grammar issues; tighten phrasing.
-| `global.kafka.topic` | Define Kafka topic, must defined in global to reuse in another charts (like kafka,...) | "" | -| `global.kafka.partition` | Define Kafka partition, must defined in global to reuse in another charts (like kafka,...) | 1 | -| `global.kafka.replicationFactor` | Define Kafka replication factor, must defined in global to reuse in another charts (like kafka,...) | 1 | -| `inlet.config.providers` | Define device subnet and community for collecting additional information | `::/0-public` | -| `geoip.env` | Define ipinfo db for getting geoip data and update time | {} | -| `clickhouse` | Define clickhouse cluster for connecting database | {} | +| `global.kafka.topic` | Kafka topic (set under `global` for reuse by other charts, e.g., Kafka) | "" | +| `global.kafka.partition` | Kafka partitions (set under `global` for reuse by other charts) | 1 | +| `global.kafka.replicationFactor` | Kafka replication factor (set under `global` for reuse by other charts) | 1 | +| `inlet.config.providers` | Device subnet and community for enrichment | `::/0-public` | +| `geoip.env` | GeoIP-related environment (e.g., provider token, update schedule) | {} | +| `clickhouse` | ClickHouse connection/cluster configuration | {} |
14-16: Call out required CRDs/operators in prerequisites.Mention the Strimzi (Kafka) and ClickHouse Operator CRDs must be installed first.
- Kafka cluster - ClickHouse cluster +- Strimzi Kafka Operator installed (CRDs present) +- ClickHouse Operator installed (CRDs present)
39-45: Show a values override install example.Add an example with a user-provided values file and dependency update.
helm install akvorado /opt/charts/kubernetes/akvorado \ --namespace akvorado \ --create-namespace + +# Alternatively with overrides: +# helm dependency update /opt/charts/kubernetes/akvorado +# helm upgrade --install akvorado /opt/charts/kubernetes/akvorado \ +# --namespace akvorado --create-namespace -f my-values.yamlkubernetes/akvorado/templates/_helpers.tpl (1)
1-15: Emit a proper YAML list with toYaml; simplify loops and validate inputs.Avoid manual hyphens/newlines and ensure indentation is handled at the call site.
-{{- define "generate_clickhouse_list" -}} -{{- $clusterName := .clusterName -}} -{{- $replicaCount := .replicaCount | int -}} -{{- $shardCount := .shardCount | int -}} -{{- $releaseName := .releaseName -}} - -{{- range $i, $ := until $shardCount }} - {{- range $j, $ := until $replicaCount }} - {{- printf "- chi-%s-clickhouse-%s-%d-%d:9000" $releaseName $clusterName $i $j -}} - {{- if not (and (eq $i (sub $shardCount 1)) (eq $j (sub $replicaCount 1))) }} - {{- printf "\n" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} +{{- define "generate_clickhouse_list" -}} +{{- $clusterName := .clusterName -}} +{{- $replicaCount := int .replicaCount -}} +{{- $shardCount := int .shardCount -}} +{{- $releaseName := .releaseName -}} +{{- if or (lt $replicaCount 1) (lt $shardCount 1) -}} +{{- fail "generate_clickhouse_list: shardCount and replicaCount must be >= 1" -}} +{{- end -}} +{{- $servers := list -}} +{{- range $i := until $shardCount -}} + {{- range $j := until $replicaCount -}} + {{- $servers = append $servers (printf "chi-%s-clickhouse-%s-%d-%d:9000" $releaseName $clusterName $i $j) -}} + {{- end -}} +{{- end -}} +{{- toYaml $servers -}} +{{- end -}}Confirm port 9000 is the intended ClickHouse native port for Akvorado in your setup; expose it as a value if customization is needed.
kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml (1)
14-21: Be explicit with volumeMode and normalize line endings.
- Explicit volumeMode improves clarity for CSI drivers.
- File has CRLF and trailing space; switch repo to LF to avoid lint errors.
spec: capacity: storage: {{ .Values.inlet.sharedPersistenceVolume.storageSize }} csi: driver: seaweedfs-csi-driver @@ persistentVolumeReclaimPolicy: Retain storageClassName: {{ $namespace }}-{{ .Values.inlet.sharedPersistenceVolume.storageClass }} + volumeMode: FilesystemAdd a repo-wide .gitattributes to ensure LF:
* text=auto eol=lf *.sh text eol=lf *.yaml text eol=lf *.yml text eol=lfkubernetes/clickhouse/Chart.yaml (1)
28-28: Add newline at end of file.Small formatting nit; some tooling expects a trailing newline.
- repository: https://svtechnmaa.github.io/charts/artifacthub/ \ No newline at end of file + repository: https://svtechnmaa.github.io/charts/artifacthub/ +kubernetes/akvorado/templates/akvorado-inlet-service.yaml (2)
10-19: Use descriptive port names.Numeric names are allowed but not descriptive; prefer well-known names.
- - name: "2055" + - name: "netflow-2055" @@ - - name: "6343" + - name: "sflow-6343" @@ - - name: "10179" + - name: "ipfix-10179"
24-27: Preserve client source IP for flow telemetry.For LoadBalancer/NodePort, set externalTrafficPolicy: Local.
type: {{ .Values.inlet.service.type }} {{- if and (eq .Values.inlet.service.type "LoadBalancer") (not (empty .Values.global.backendVip)) }} loadBalancerIP: {{ .Values.global.backendVip }} {{- end }} + {{- if or (eq .Values.inlet.service.type "LoadBalancer") (eq .Values.inlet.service.type "NodePort") }} + externalTrafficPolicy: Local + {{- end }}Confirm your LB/ingress stack supports UDP on these ports (e.g., MetalLB).
kubernetes/akvorado/values.yaml (3)
78-81: Avoid :latest for container images. Pin the GeoIP image to a version.image: repository: ghcr.io/akvorado/ipinfo-geoipupdate - tag: latest + tag: "vX.Y.Z" # pin a tested, immutable tag pullPolicy: IfNotPresent
98-100: Don’t hardcode cluster IPs for ClickHouse; use stable DNS.ClusterIP addresses change. Prefer service DNS from your ClickHouse operator/CRD.
servers: - - 10.98.5.221:9000 - - 10.98.5.222:9000 - - 10.98.5.223:9000 + - clickhouse-0.clickhouse.<namespace>.svc.cluster.local:9000 + - clickhouse-1.clickhouse.<namespace>.svc.cluster.local:9000 + - clickhouse-2.clickhouse.<namespace>.svc.cluster.local:9000If you already expose a headless service, align with that FQDN pattern.
1-103: Normalize line endings and strip trailing spaces.CRLFs and trailing spaces break linters/CI (yaml-lint flags at Line 18 and Line 43). Enforce LF via .gitattributes and run a whitespace cleanup.
kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml (3)
31-38: Release-safe service naming: prefer Release.Name (or fullname) for DNS targets.Using
.Chart.Namecollides across multiple releases in the same namespace.- until nc -zvw5 {{ .Chart.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local 8080; do echo "Waiting for Orchestrator..."; sleep 2; done + until nc -zvw5 {{ .Release.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local 8080; do echo "Waiting for Orchestrator..."; sleep 2; done @@ - - http://{{ .Chart.Name }}-orchestrator:8080 + - http://{{ .Release.Name }}-orchestrator:8080If you have a
common.names.fullname, use that instead.
43-49: Expose ports via values to make the chart environment-agnostic.Hardcoding NetFlow/sFlow ports limits reuse.
Example (requires adding to values.yaml and the Service template too):
- - containerPort: 2055 + - containerPort: {{ .Values.inlet.ports.netflow }} protocol: UDP - - containerPort: 6343 + - containerPort: {{ .Values.inlet.ports.sflow }} protocol: UDP - - containerPort: 10179 + - containerPort: {{ .Values.inlet.ports.tcp }} protocol: TCP
34-53: Add liveness/readiness probes for the inlet.Improves rollout safety and detection of stuck receivers.
- args: - inlet - http://{{ .Release.Name }}-orchestrator:8080 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20Adjust paths/port to the inlet’s actual health endpoint.
kubernetes/akvorado/templates/akvorado-console-service.yaml (2)
3-8: Use Release.Name (or fullname) for the Service name to avoid cross-release clashes.- name: {{ .Chart.Name }}-console + name: {{ .Release.Name }}-console
16-19: Optionally preserve client IPs for LB traffic.If you need source IPs, set externalTrafficPolicy and healthCheckNodePort (MetalLB/Env dependent).
type: {{ .Values.console.service.type }} {{- if and (eq .Values.console.service.type "LoadBalancer") (not (empty .Values.global.frontendVip)) }} loadBalancerIP: {{ .Values.global.frontendVip }} {{- end }} + {{- if eq .Values.console.service.type "LoadBalancer" }} + externalTrafficPolicy: Local + {{- end }}kubernetes/akvorado/templates/akvorado-console-persistentvolumeclaim.yaml (1)
1-9: Minor: consider adding labels and volumeMode to PV.Helpful for ops, and explicit Filesystem mode.
kind: PersistentVolume metadata: name: {{ $namespace }}-{{ .Values.console.sharedPersistenceVolume.pvcName }}-pv annotations: helm.sh/resource-policy: keep + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/component: {{ .Chart.Name }}-console spec: + volumeMode: Filesystemkubernetes/akvorado/templates/akvorado-orchestrator-service.yaml (1)
4-4: Trim trailing whitespace on Line 4.- labels: + labels:kubernetes/kafka/values.yaml (4)
4-4: Avoid empty topic default.Empty string is easy to ship by accident; either provide a sensible default or fail fast if unset.
- topic: "" + # topic for producers/consumers; must be non-empty + topic: "netflow"Or add a required check in templates.
10-16: Kafka resource requests are too low for a broker.50Mi memory will likely OOM even at idle; consider ≥512Mi (often 2–4Gi) and higher cpu requests for stability.
Would you like me to propose sizing presets for dev vs prod?
25-33: Zookeeper: single replica with 3-broker cluster.OK for dev; for HA consider 3 replicas, or move to KRaft mode with Kafka 3.8 to eliminate ZK.
1-41: Normalize line endings to LF.YAML linter flagged CRLF; convert to LF to avoid CI diffs.
kubernetes/akvorado/templates/akvorado-redis-deployment.yaml (3)
15-17: Deployment strategy rendering can be invalid.Setting rollingUpdate: null is unnecessary and may confuse reviews. Only render when RollingUpdate.
- strategy: - type: {{ .Values.redis.updateStrategy }} - rollingUpdate: null + {{- if eq .Values.redis.updateStrategy "RollingUpdate" }} + strategy: + type: RollingUpdate + {{- else }} + strategy: + type: Recreate + {{- end }}
23-37: Missing resources and hardened securityContext.Add requests/limits and drop root caps.
containers: - env: @@ name: redis + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + securityContext: + fsGroup: 1001
1-38: Normalize line endings to LF.Resolve YAML lint “expected \n”.
kubernetes/clickhouse/README.md (3)
1-6: Fix grammar/typos and clarity in the intro.-# Clickhouse Chart -This chart defines Clickhouse DB Cluter as Kubernetes objects and it depend on the Clickhouse Operator, which is available at https://docs.altinity.com/clickhouse-operator -In detail: -- The ClickHouseKeeperInstallation Object is created to define Keeper (replicas, podTemplate, VolumeClaimTemplates). -- The ClickHouseInstallation Object is created to define the ClickHouse cluster (keeper, replicas, shards, podTemplate, VolumeClaimTemplates). -- The secret named clickhouse-credentials containt password that allow administrators to access to Clickhouse DB. +# ClickHouse Chart +This chart defines a ClickHouse DB cluster as Kubernetes objects and depends on the ClickHouse Operator (see operator docs). +In detail: +- A ClickHouseKeeperInstallation defines Keeper (replicas, podTemplate, volumeClaimTemplates). +- A ClickHouseInstallation defines the ClickHouse cluster (keeper, replicas, shards, podTemplate, volumeClaimTemplates). +- The Secret named `clickhouse-credentials` contains admin credentials for ClickHouse.
36-44: Avoid documenting real passwords in defaults.Replace the example with placeholders; recommend pre-hashed or external secret flow.
-| `global.clickhouse.users` | Define username-host-password for clickhouse | juniper-0.0.0.0/0-juniper@123 | +| `global.clickhouse.users` | Define users (name, networks, passwordSha256Hex) | juniper-0.0.0.0/0-<sha256> |
45-50: Add dependency build step before install.If the chart depends on common libs, ensure dependencies are pulled.
-helm install clickhouse /opt/charts/kubernetes/clickhouse \ +helm dependency build /opt/charts/kubernetes/clickhouse +helm install clickhouse /opt/charts/kubernetes/clickhouse \ --namespace clickhouse \ --create-namespacekubernetes/akvorado/templates/akvorado-redis-service.yaml (1)
1-17: Normalize line endings to LF.Resolve YAML lint “expected \n”.
kubernetes/akvorado/templates/akvorado-console-deployment.yaml (3)
26-33: Ensurencis available in the init image or switch to a more ubiquitous probe.Many minimal images lack netcat. Consider BusyBox
wget/timeoutorcurlto reduce fragility.- command: - - /bin/sh - - -c - - | - until nc -zvw5 {{ .Release.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local 8080; do echo "Waiting for Orchestrator..."; sleep 2; done + command: + - /bin/sh + - -c + - | + until wget -qO- --spider http://{{ .Release.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local:8080/healthz; do echo "Waiting for Orchestrator..."; sleep 2; done
34-47: Add health probes and resource requests/limits for stability.Console lacks readiness/liveness probes and resource constraints; add them via values for safer rollouts.
1-52: Normalize line endings to LF.YAMLlint flagged CRLF. Add a repo-level .gitattributes to enforce LF for yaml/yml.
+*.yaml text eol=lf +*.yml text eol=lfkubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml (3)
41-47: Trim extra spaces after colons.Double spaces after
value:can trip linters.- value: {{ .Values.geoip.env.ipinfo_db | quote }} + value: {{ .Values.geoip.env.ipinfo_db | quote }} @@ - value: {{ .Values.geoip.env.update_time | quote }} + value: {{ .Values.geoip.env.update_time | quote }}
54-55: Remove trailing whitespace and add imagePullPolicy.One trailing space on Line 54; also align pull policy handling with other components.
- image: {{ include "common.images.image" ( dict "imageRoot" .Values.orchestrator.image ) }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.orchestrator.image ) }} + imagePullPolicy: {{ .Values.orchestrator.image.pullPolicy | quote }}
24-33: Optional: replacenccheck with HTTP health probe and add container probes.More robust and faster rollouts.
kubernetes/kafka/templates/kafka.yaml (3)
31-33: Consider moving protocol version to values and matching Kafka version.Hard-coding
"3.8"can hinder upgrades; make it configurable and validate against.Values.kafka.version.
53-55: Running as root (runAsUser: 0).Running Kafka/ZK as root is usually unnecessary and may fail under PSP/PodSecurity. Prefer the image’s default UID.
Also applies to: 74-76
1-81: YAML/template linting: ignore false positives but keep LF endings consistent.Top-level Helm variable assignment confuses yamllint; safe to ignore. Still, enforce LF endings.
kubernetes/akvorado/templates/akvorado-orchestrator-configmap.yaml (2)
52-52: Remove trailing spaces to satisfy linters.- +
1-132: YAML structure/order.While valid, placing
kind/metadataafterdataconfused yamllint. Consider moving them next toapiVersionfor readability.kubernetes/clickhouse/templates/clickhouse.yaml (3)
20-27: Render networks as a proper YAML list under the key.Safer to break key/value across lines to avoid formatting edge cases.
- {{ .name }}/networks/ip: {{ toYaml .networks | nindent 8 }} + {{ .name }}/networks/ip: + {{- toYaml .networks | nindent 8 }}
65-74: Guard Akvorado-specific mounts behind the same conditional block.You already guard volumeMounts/volumes; keep the structure tight and ensure no stray whitespace.
- {{- end }} - + {{- end }}
76-80: Add a trailing newline and keep formatting consistent.- {{- end }} + {{- end }} +kubernetes/kafka/README.md (2)
2-5: Fix bare URL and minor wording.Avoid bare URLs and tighten phrasing.
-This chart defines a Kafka cluster as Kubernetes objects and it depends on the Strimzi Kafka Operator, which is available at https://strimzi.io/docs/ +This chart defines a Kafka cluster as Kubernetes objects and depends on the Strimzi Kafka Operator (see: https://strimzi.io/docs/). In detail: -- The Kafka Object is created to define the Kafka cluster (replicas, version, listeners, config, etc.) and Zookeeper cluster (storage, resources, replicas, etc.) +- The Kafka object defines the Kafka cluster (replicas, version, listeners, config, etc.) and the ZooKeeper cluster (storage, resources, replicas, etc.).
8-15: Add languages to fenced code blocks (markdownlint MD040).Specify languages for all fenced blocks.
-``` +```text ... -``` +``` - ``` + ```bash wget https://github.com/strimzi/strimzi-kafka-operator/releases/download/0.45.0/strimzi-cluster-operator-0.45.0.yaml sed 's/myproject/netflows/' strimzi-cluster-operator-0.45.0.yaml > strimzi.yaml kubectl apply -f strimzi.yaml - ``` + ``` - ``` + ```bash cd /opt git clone https://github.com/svtechnmaa/charts.git - ``` + ``` - ``` + ```bash helm install kafka /opt/charts/kubernetes/kafka \ --namespace kafka \ --create-namespace - ``` + ``` - ``` + ```bash helm uninstall kafka \ --namespace kafka - ``` + ```Also applies to: 20-24, 27-30, 46-50, 53-56
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml (1)
20-21: Trailing spaces and formatting.Trim trailing spaces to satisfy linters.
- storageClassName: {{ $namespace }}-{{ .Values.geoip.sharedPersistenceVolume.storageClass }} - + storageClassName: {{ $namespace }}-{{ .Values.geoip.sharedPersistenceVolume.storageClass }}kubernetes/clickhouse/templates/clickhouseKeeper.yaml (1)
53-55: No newline at EOF.Add a trailing newline.
- - name: default - spec: {{ toYaml .Values.clickhouseKeeper.volumes | nindent 10 }} + - name: default + spec: {{ toYaml .Values.clickhouseKeeper.volumes | nindent 10 }} +kubernetes/clickhouse/values.yaml (2)
13-13: Whitespace/formatting fixes (trailing spaces, newline at EOF).Clean up YAML to satisfy linters.
- networks: + networks: @@ - resources: + resources: @@ - requests: + requests: storage: 100Gi @@ - requests: + requests: storage: 100Mi +Also applies to: 25-25, 61-61, 69-70
35-37: Normalize list indentation for accessModes.Indent lists by two spaces under the key for readability and consistency.
volumes: accessModes: - - ReadWriteOnce + - ReadWriteOnce @@ volumes: data: persistentVolumeReclaimPolicy: Retain accessModes: - - ReadWriteOnce + - ReadWriteOnce @@ log: persistentVolumeReclaimPolicy: Retain accessModes: - - ReadWriteOnce + - ReadWriteOnceAlso applies to: 57-59, 65-67
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (30)
kubernetes/akvorado/.helmignore(1 hunks)kubernetes/akvorado/Chart.yaml(1 hunks)kubernetes/akvorado/README.md(1 hunks)kubernetes/akvorado/templates/_helpers.tpl(1 hunks)kubernetes/akvorado/templates/akvorado-console-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-console-persistentvolumeclaim.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-console-service.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-inlet-service.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-orchestrator-configmap.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-orchestrator-service.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-redis-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-redis-service.yaml(1 hunks)kubernetes/akvorado/values.yaml(1 hunks)kubernetes/clickhouse/.helmignore(1 hunks)kubernetes/clickhouse/Chart.yaml(1 hunks)kubernetes/clickhouse/README.md(1 hunks)kubernetes/clickhouse/templates/_helpers.tpl(1 hunks)kubernetes/clickhouse/templates/clickhouse.yaml(1 hunks)kubernetes/clickhouse/templates/clickhouseKeeper.yaml(1 hunks)kubernetes/clickhouse/templates/secret.yaml(1 hunks)kubernetes/clickhouse/values.yaml(1 hunks)kubernetes/kafka/.helmignore(1 hunks)kubernetes/kafka/Chart.yaml(1 hunks)kubernetes/kafka/README.md(1 hunks)kubernetes/kafka/templates/kafka.yaml(1 hunks)kubernetes/kafka/values.yaml(1 hunks)
🧰 Additional context used
🪛 LanguageTool
kubernetes/akvorado/README.md
[grammar] ~1-~1: Ensure spelling is correct
Context: # Akvorado Chart This Helm chart deploys Akvorado...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~14-~14: There might be a mistake here.
Context: ...tion. ## Prerequisites - Kafka cluster - ClickHouse cluster ## Installation 1. ...
(QB_NEW_EN)
kubernetes/clickhouse/README.md
[grammar] ~1-~1: There might be a mistake here.
Context: # Clickhouse Chart This chart defines Clickhouse DB Cluter ...
(QB_NEW_EN)
[grammar] ~2-~2: Ensure spelling is correct
Context: ... Chart This chart defines Clickhouse DB Cluter as Kubernetes objects and it depend on ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~3-~3: There might be a mistake here.
Context: ...inity.com/clickhouse-operator In detail: - The ClickHouseKeeperInstallation Object ...
(QB_NEW_EN)
[grammar] ~4-~4: There might be a mistake here.
Context: ...cas, podTemplate, VolumeClaimTemplates). - The ClickHouseInstallation Object is cre...
(QB_NEW_EN)
[grammar] ~5-~5: There might be a mistake here.
Context: ...rds, podTemplate, VolumeClaimTemplates). - The secret named clickhouse-credentials ...
(QB_NEW_EN)
[grammar] ~6-~6: There might be a mistake here.
Context: ...ministrators to access to Clickhouse DB. ## Tree level ``` +--- Chart.yaml : Chart ...
(QB_NEW_EN)
kubernetes/kafka/README.md
[grammar] ~1-~1: There might be a mistake here.
Context: # Kafka Chart This chart defines a Kafka cluster as Ku...
(QB_NEW_EN)
[grammar] ~2-~2: There might be a mistake here.
Context: ...is available at https://strimzi.io/docs/ In detail: - The Kafka Object is created...
(QB_NEW_EN)
[grammar] ~3-~3: There might be a mistake here.
Context: ...e at https://strimzi.io/docs/ In detail: - The Kafka Object is created to define th...
(QB_NEW_EN)
[grammar] ~41-~41: There might be a mistake here.
Context: ...r | 3 | | kafka.config.min_insync_replica ...
(QB_NEW_EN)
[grammar] ~42-~42: There might be a mistake here.
Context: ...te to them | 2 | | kafka.config.log_retention_hours ...
(QB_NEW_EN)
🪛 YAMLlint (1.37.1)
kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
kubernetes/kafka/Chart.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
kubernetes/akvorado/templates/akvorado-console-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 14-14: wrong indentation: expected 4 but found 6
(indentation)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
[error] 4-4: syntax error: expected , but found ''
(syntax)
kubernetes/akvorado/templates/akvorado-redis-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
kubernetes/akvorado/templates/akvorado-orchestrator-service.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 4-4: trailing spaces
(trailing-spaces)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[warning] 15-15: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-console-persistentvolumeclaim.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 2-2: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/kafka/values.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
kubernetes/clickhouse/templates/clickhouse.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[error] 6-6: syntax error: expected the node content, but found '-'
(syntax)
[error] 75-75: trailing spaces
(trailing-spaces)
[error] 80-80: no new line character at the end of file
(new-line-at-end-of-file)
kubernetes/akvorado/Chart.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
kubernetes/akvorado/values.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 18-18: trailing spaces
(trailing-spaces)
[error] 43-43: trailing spaces
(trailing-spaces)
kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
[warning] 41-41: too many spaces after colon
(colons)
[warning] 43-43: too many spaces after colon
(colons)
[error] 54-54: trailing spaces
(trailing-spaces)
kubernetes/kafka/templates/kafka.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 47-47: wrong indentation: expected 14 but found 12
(indentation)
[warning] 68-68: wrong indentation: expected 14 but found 12
(indentation)
kubernetes/akvorado/templates/akvorado-inlet-service.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 4-4: trailing spaces
(trailing-spaces)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[warning] 23-23: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-redis-service.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[warning] 15-15: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 21-21: trailing spaces
(trailing-spaces)
[error] 3-3: syntax error: mapping values are not allowed here
(syntax)
kubernetes/akvorado/templates/akvorado-console-service.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[warning] 15-15: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/clickhouse/Chart.yaml
[error] 28-28: no new line character at the end of file
(new-line-at-end-of-file)
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 21-21: trailing spaces
(trailing-spaces)
[error] 3-3: syntax error: mapping values are not allowed here
(syntax)
kubernetes/clickhouse/templates/secret.yaml
[warning] 8-8: wrong indentation: expected 0 but found 2
(indentation)
[error] 7-7: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-orchestrator-configmap.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 52-52: trailing spaces
(trailing-spaces)
[error] 130-130: syntax error: expected , but found ''
(syntax)
kubernetes/clickhouse/templates/clickhouseKeeper.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 31-31: wrong indentation: expected 12 but found 10
(indentation)
[error] 4-4: syntax error: expected , but found ''
(syntax)
[error] 55-55: no new line character at the end of file
(new-line-at-end-of-file)
kubernetes/clickhouse/values.yaml
[error] 13-13: trailing spaces
(trailing-spaces)
[error] 25-25: trailing spaces
(trailing-spaces)
[warning] 36-36: wrong indentation: expected 4 but found 6
(indentation)
[warning] 58-58: wrong indentation: expected 6 but found 8
(indentation)
[error] 61-61: trailing spaces
(trailing-spaces)
[warning] 66-66: wrong indentation: expected 6 but found 8
(indentation)
[error] 69-69: trailing spaces
(trailing-spaces)
[error] 70-70: no new line character at the end of file
(new-line-at-end-of-file)
🪛 markdownlint-cli2 (0.17.2)
kubernetes/kafka/README.md
2-2: Bare URL used
(MD034, no-bare-urls)
8-8: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
20-20: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
27-27: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
46-46: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
53-53: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🔇 Additional comments (17)
kubernetes/akvorado/Chart.yaml (1)
26-29: Helm dependency repository URL is correctI’ve verified that the
index.yamlis served athttps://svtechnmaa.github.io/charts/artifacthub/index.yaml(HTTP 200), whereas the parent path returns 404. Your current repository setting already points to the proper Helm chart repo root, so no update is required.kubernetes/kafka/Chart.yaml (1)
26-29: No change needed:artifacthub/is the correct Helm repo pathThe
commonchart is only indexed under the/artifacthub/path—attempting to use the root URL fails to find it. Your dependency entry is already pointing at the correct repository.
- https://svtechnmaa.github.io/charts/index.yaml does not list
common- https://svtechnmaa.github.io/charts/artifacthub/index.yaml does list
commonLeave the repository URL as
https://svtechnmaa.github.io/charts/artifacthub/.Likely an incorrect or invalid review comment.
kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml (1)
20-20: Verify StorageClass naming strategy.Prefixing the StorageClass with namespace is unusual; ensure a matching SC exists. Consider using the value verbatim to match cluster-scoped SC names.
- storageClassName: {{ $namespace }}-{{ .Values.inlet.sharedPersistenceVolume.storageClass }} + storageClassName: {{ .Values.inlet.sharedPersistenceVolume.storageClass }}Also applies to: 30-30
kubernetes/clickhouse/Chart.yaml (1)
25-28: Validate dependency repository URL.Confirm the ‘common’ chart is published at this URL (path includes ‘artifacthub/’, which is atypical). If not, adjust to your actual index URL or OCI repo.
kubernetes/akvorado/templates/akvorado-inlet-service.yaml (1)
18-20: Incorrect protocol suggestion for port 10179The Service manifest omits
protocol, which defaults to TCP—this matches the container’sprotocol: TCPon port 10179 inakvorado-inlet-deployment.yaml. No change to UDP is required. If you’d like to be explicit, you can add:- name: "10179" port: 10179 + protocol: TCP targetPort: 10179But the original recommendation to switch this to UDP is incorrect.
Likely an incorrect or invalid review comment.
kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml (1)
24-33: Verify BusyBox netcat flags in your initContainer imageBusyBox’s
ncimplementation can vary between distributions and versions. Flags like-z(zero-I/O),-v(verbose) and-w(timeout) are not universally supported. Please confirm that your chosen initContainer image’s BusyBox build supportsnc -zvw. If it does not, consider using a more portable approach that relies on DNS lookups and an HTTP health endpoint instead.• File: kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml
• Lines: 24–33Suggested fallback snippet:
- - | - until nc -zvw5 {{ .Chart.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local 8080; do - echo "Waiting for Orchestrator..."; sleep 2; - done + - | + H={{ .Release.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local + P=8080 + until getent hosts "$H" >/dev/null \ + && wget -qO- "http://$H:$P/health" >/dev/null 2>&1; do + echo "Waiting for Orchestrator…" + sleep 2 + donekubernetes/kafka/values.yaml (1)
35-41: Persistence fallback not verifiable automaticallyI ran searches across
kubernetes/kafka/templatesand found no occurrences of:
.Values.kafka.hostPathhostPath:persistentVolumeClaim:storageClassName:This means we can’t confirm that an empty
hostPathwill fall back to a PVC rather than rendering an invalid (empty) hostPath volume.Please manually verify that:
- The Kafka and Zookeeper StatefulSet (or Deployment) templates include conditional logic to:
- Use a
hostPathvolume when.Values.kafka.hostPathis non-empty- Otherwise define a
volumeClaimTemplate(orpersistentVolumeClaim) with a validstorageClassName- No volumes with an empty
hostPathare rendered whenhostPath: ""is set invalues.yamlIf the logic is missing, consider adding something like:
volumes: - - name: data - hostPath: - path: {{ .Values.kafka.hostPath }} +{{- if .Values.kafka.hostPath }} + - name: data + hostPath: + path: {{ .Values.kafka.hostPath | quote }} +{{- else }} + volumeClaimTemplates: + - metadata: + name: data + spec: + storageClassName: {{ .Values.storageClassName | quote }} + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: {{ .Values.kafka.size | quote }} +{{- end }}This will ensure that when
hostPathis empty, Helm falls back to provisioning a PVC rather than producing an invalid hostPath volume.kubernetes/clickhouse/README.md (1)
24-29: Helm repo URL for Altinity operator.The docs site URL isn’t a Helm repo. Use the official Helm repo URL.
-helm repo add clickhouse-operator https://docs.altinity.com/clickhouse-operator +helm repo add clickhouse-operator https://helm.altinity.com/ helm upgrade --install --create-namespace \ --namespace clickhouse \ clickhouse-operator \ clickhouse-operator/altinity-clickhouse-operatorPlease verify current operator chart name if it changed.
kubernetes/akvorado/templates/akvorado-redis-service.yaml (2)
7-7: Service naming consistency.Service uses
{{ .Chart.Name }}-rediswhile Deployment uses{{ .Release.Name }}-redis. Labels match, so selectors work, but double-check any in-cluster references (ConfigMaps) assume this service name.I can align both to a shared fullname helper if desired.
1-17: Otherwise LGTM.Labels, selector, and type wiring look correct.
kubernetes/akvorado/templates/akvorado-console-deployment.yaml (1)
39-46: Verify DB path alignment with the mounted volume.AKVORADO_CFG_CONSOLE_DATABASE_DSN points to /run/akvorado/console.sqlite, but the PVC is mounted at {{ .Values.console.sharedPersistenceVolume.path }}. Make sure these paths align.
kubernetes/kafka/templates/kafka.yaml (1)
44-53: Check anti-affinity label selector.Selector uses
app.kubernetes.io/name: kafka; Strimzi pods typically usestrimzi.io/name. Verify labels to ensure the anti-affinity is effective.Also applies to: 65-73
kubernetes/akvorado/templates/akvorado-orchestrator-configmap.yaml (1)
75-127: Sanity-check SNMP community exposure.SNMP communities under
inletare sensitive. Consider sourcing from Secrets and templating them in at runtime.kubernetes/clickhouse/templates/clickhouse.yaml (2)
12-13: Keeper service DNS likely should be release-scoped.If the Keeper Service is named with
.Release.Name, this FQDN will be wrong.- - host: {{ .Chart.Name }}-keeper.{{ .Release.Namespace }}.svc.cluster.local + - host: {{ .Release.Name }}-keeper.{{ .Release.Namespace }}.svc.cluster.local
33-35: Confirm volumes/claims integrate as intended.CHI typically needs volumeClaimTemplates and appropriate defaults/podTemplates mapping. Verify data/log volumes are attached as expected for your layout.
Also applies to: 76-80
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml (1)
20-21: Double-check storageClassName naming.Prefixing storageClassName with the namespace is unusual; StorageClass is cluster-scoped. Ensure the StorageClass actually exists with that name for both PV and PVC.
Would you like me to add a values toggle to omit storageClassName (static binding by name) or to reference an existing class?
Also applies to: 30-31
kubernetes/clickhouse/templates/_helpers.tpl (1)
1-63: Helpers look standard and solid.Naming, labels, and truncation patterns align with Helm best practices.
There was a problem hiding this comment.
Actionable comments posted: 5
♻️ Duplicate comments (13)
kubernetes/kafka/templates/kafka.yaml (1)
30-30: Fix values key typo and add safe default for min.insync.replicas.Use the correct key and guard against unset values to avoid rendering
<no value>.Apply:
- min.insync.replicas: {{ .Values.kafka.config.min_insync_replica }} + min.insync.replicas: {{ default (min (int .Values.kafka.replicaCount) 2) .Values.kafka.config.min_insync_replicas }}kubernetes/clickhouse/values.yaml (1)
10-14: Remove default plaintext password and unrestricted network.Do not ship an empty/real password or 0.0.0.0/0 by default. Require user-supplied secret and narrow networks.
users: - name: juniper - password: "" - networks: - - 0.0.0.0/0 + # password: "" # Do not commit real passwords. Provide via values at install-time or an existing Secret. + # existingSecret: clickhouse-credentials # optional: wire templates to read this + # passwordKey: juniper # optional: key inside the secret + networks: + - 10.0.0.0/8 # example; scope to your CIDRsIf you want, I can wire existingSecret/passwordKey in the secret template and operator users config.
kubernetes/clickhouse/templates/clickhouseKeeper.yaml (2)
25-38: Ports indentation under serviceTemplates now looks correct.Previous mis-indentation is fixed; this should satisfy yamllint.
1-16: Ensure common library and Keeper CRD are present.This template depends on Bitnami/common helpers and the Altinity Keeper CRD; make sure Chart.yaml references the correct common repo and the CRD is installed/bundled.
I can verify Chart.yaml/CRD placement across the repo if you’d like a quick check script.
kubernetes/clickhouse/README.md (1)
13-15: Filename now matches the template.README references clickhouseKeeper.yaml, consistent with the chart.
kubernetes/akvorado/templates/akvorado-redis-deployment.yaml (2)
25-29: Disable empty password; use Secret-based auth.ALLOW_EMPTY_PASSWORD=yes is unsafe. Inject a password from a Secret and configure clients accordingly.
- - env: - - name: ALLOW_EMPTY_PASSWORD - value: "yes" + - env: + - name: VALKEY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-redis-auth + key: passwordI can add a Secret template and wire it through values on request.
30-36: Liveness probe command won’t run as written; use tcpSocket or a shell.Kubelet exec doesn’t invoke a shell; a single string with pipes won’t work. Prefer tcpSocket for simplicity.
- livenessProbe: - exec: - command: - - timeout 3 redis-cli ping | grep -q PONG - failureThreshold: 3 - periodSeconds: 20 - timeoutSeconds: 10 + livenessProbe: + tcpSocket: + port: 6379 + failureThreshold: 3 + periodSeconds: 20 + timeoutSeconds: 3Optionally add a readinessProbe mirroring the liveness check.
kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml (2)
1-1: YAML document separator fixed.Replaced invalid ‘------’ with ‘---’. Looks good.
10-13: Support list or string for accessModes (both PV and PVC).Template assumes a single string; add list handling to avoid rendering errors.
- accessModes: - - {{ .Values.inlet.sharedPersistenceVolume.accessModes }} + accessModes: + {{- if kindIs "slice" .Values.inlet.sharedPersistenceVolume.accessModes }} + {{- range .Values.inlet.sharedPersistenceVolume.accessModes }} + - {{ . }} + {{- end }} + {{- else }} + - {{ .Values.inlet.sharedPersistenceVolume.accessModes }} + {{- end }}Repeat the same change for the PVC section (Lines 31–33).
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml (1)
10-13: Render accessModes via toYaml; current template breaks when value is a list.spec: accessModes: - - {{ .Values.geoip.sharedPersistenceVolume.accessModes }} + {{- toYaml .Values.geoip.sharedPersistenceVolume.accessModes | nindent 4 }} @@ spec: accessModes: - - {{ .Values.geoip.sharedPersistenceVolume.accessModes }} + {{- toYaml .Values.geoip.sharedPersistenceVolume.accessModes | nindent 4 }}Also applies to: 31-35
kubernetes/akvorado/values.yaml (2)
66-69: Restrict SNMP providers; avoid::/0withcommunity: public.config: providers: - - ip: "::/0" - community: "public" + - ip: "fd00:1234:abcd::/48" # CHANGE: limit to mgmt subnet(s) + community: "" # source from a Secret, not values.yaml
86-90: Remove plaintext ipinfo token from Git; source via Secret.env: - ipinfo_token: "a2632ea59736c7" + # TODO: load from a Kubernetes Secret (e.g., {{ .Release.Name }}-geoip/ipinfo_token) + ipinfo_token: "" ipinfo_db: "country asn" update_time: "48h"I can generate the Secret manifest and wire secretKeyRef in templates if you want.
kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml (1)
15-17: AvoidrollingUpdate: null; render only for RollingUpdate.- strategy: - type: {{ .Values.orchestrator.updateStrategy }} - rollingUpdate: null + strategy: + type: {{ .Values.orchestrator.updateStrategy | default "RollingUpdate" }} + {{- if eq (.Values.orchestrator.updateStrategy | default "RollingUpdate") "RollingUpdate" }} + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + {{- end }}
🧹 Nitpick comments (25)
kubernetes/kafka/templates/kafka.yaml (8)
26-29: Clamp replication settings to replicaCount with sensible defaults.Prevents invalid configs when replicas < desired RF and reduces footguns if values are omitted.
Apply:
- offsets.topic.replication.factor: {{ .Values.kafka.config.offsets_topic_replication_factor }} - transaction.state.log.replication.factor: {{ .Values.kafka.config.transaction_state_log_replication_factor }} - transaction.state.log.min.isr: {{ .Values.kafka.config.transaction_state_log_min_isr }} - default.replication.factor: {{ .Values.kafka.config.default_replication_factor }} + offsets.topic.replication.factor: {{ default (min (int .Values.kafka.replicaCount) 3) .Values.kafka.config.offsets_topic_replication_factor }} + transaction.state.log.replication.factor: {{ default (min (int .Values.kafka.replicaCount) 3) .Values.kafka.config.transaction_state_log_replication_factor }} + transaction.state.log.min.isr: {{ default (ternary 2 1 (ge (int .Values.kafka.replicaCount) 3)) .Values.kafka.config.transaction_state_log_min_isr }} + default.replication.factor: {{ default (min (int .Values.kafka.replicaCount) 3) .Values.kafka.config.default_replication_factor }}
31-31: Avoid hard-coding IBP; default to Kafka version’s major.minor.Keeps IBP aligned when Kafka is bumped.
Apply:
- inter.broker.protocol.version: "3.8" + inter.broker.protocol.version: {{ default (regexFind "^[0-9]+\\.[0-9]+" .Values.kafka.version) .Values.kafka.config.inter_broker_protocol_version | quote }}
33-33: Parameterize socket.request.max.bytes.Let users tune via values.
Apply:
- socket.request.max.bytes: 419430400 + socket.request.max.bytes: {{ default 419430400 .Values.kafka.config.socket_request_max_bytes }}
47-52: Fix list item indentation under preferredDuringSchedulingIgnoredDuringExecution.Current indentation trips linters; YAML list items should be indented two spaces beyond the parent key.
Apply:
- preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: @@ - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm:Also applies to: 68-73
48-51: Use Strimzi labels for anti-affinity; current selector likely won’t match.Strimzi pods are labeled with
strimzi.io/name: <cluster>-{kafka|zookeeper}.Apply:
- labelSelector: - matchLabels: - app.kubernetes.io/name: kafka + labelSelector: + matchLabels: + strimzi.io/name: {{ .Release.Name }}-kafka @@ - labelSelector: - matchLabels: - app.kubernetes.io/name: zookeeper + labelSelector: + matchLabels: + strimzi.io/name: {{ .Release.Name }}-zookeeperAlso applies to: 69-72
37-38: Make storageClass configurable (keep local-path as default).Avoid baking cluster-specific class names into the template.
Apply:
- class: local-path - size: {{ .Values.persistence.kafka.size }} + class: {{ default "local-path" .Values.persistence.kafka.storageClass }} + size: {{ .Values.persistence.kafka.size }} @@ - class: local-path - size: {{ .Values.persistence.zookeeper.size }} + class: {{ default "local-path" .Values.persistence.zookeeper.storageClass }} + size: {{ .Values.persistence.zookeeper.size }}Also applies to: 60-61
1-2: Remove unused$namespacehelper.It’s only referenced in commented lines.
Apply:
-{{- $namespace := .Release.Namespace }} -
1-1: Yamllint noise on Helm templates.If yamllint runs on raw templates, it will flag templating as syntax errors. Run lint on rendered manifests or exclude
templates/in.yamllintfor this chart.kubernetes/clickhouse/values.yaml (4)
24-31: Default Keeper log level “trace” is noisy for prod.Consider “info” (or “warn”) as default; keep “trace” for troubleshooting via values override.
- log_level: trace + log_level: info
33-40: YAML lint: indentation and trailing spaces.Fix mis-indents under volumes and trailing spaces flagged by yamllint; add final newline.
volumes: - - ReadWriteOnce + - ReadWriteOnce resources: - limits: {} - requests: - storage: 10Gi + limits: {} + requests: + storage: 10GiAlso remove trailing spaces at Lines 13, 25, 61, 69 and ensure the file ends with a newline.
54-63: Consistent indentation under clickhouse.volumes.data.Align with two-space nesting to avoid yamllint warnings.
volumes: data: persistentVolumeReclaimPolicy: Retain accessModes: - - ReadWriteOnce + - ReadWriteOnce resources: - limits: {} - requests: - storage: 100Gi + limits: {} + requests: + storage: 100Gi
63-70: Consistent indentation under clickhouse.volumes.log.Mirror data section; remove trailing space after “requests:”.
log: persistentVolumeReclaimPolicy: Retain accessModes: - - ReadWriteOnce + - ReadWriteOnce resources: - limits: {} - requests: - storage: 100Mi + limits: {} + requests: + storage: 100Mikubernetes/clickhouse/templates/clickhouseKeeper.yaml (2)
1-3: Style: unquote apiVersion/kind (optional).Quotes are valid but uncommon; unquoting improves readability and avoids some linters complaining.
-apiVersion: "clickhouse-keeper.altinity.com/v1" -kind: "ClickHouseKeeperInstallation" +apiVersion: clickhouse-keeper.altinity.com/v1 +kind: ClickHouseKeeperInstallation
47-53: Minor: trim trailing spaces and keep multiline mappings clean.There’s trailing whitespace after resources; also prefer the multiline form for securityContext/resources for clarity.
containers: - name: clickhouse-keeper imagePullPolicy: {{ .Values.clickhouseKeeper.image.pullPolicy }} image: {{ include "common.images.image" ( dict "imageRoot" .Values.clickhouseKeeper.image) }} - resources: {{ toYaml .Values.clickhouseKeeper.resources | nindent 16 }} + resources: + {{- toYaml .Values.clickhouseKeeper.resources | nindent 16 }} - securityContext: {{ toYaml .Values.clickhouseKeeper.securityContext | nindent 12 }} + securityContext: + {{- toYaml .Values.clickhouseKeeper.securityContext | nindent 12 }}Also add a final newline at EOF.
kubernetes/clickhouse/README.md (2)
9-18: Add fenced code languages; minor cleanup.Mark code blocks as bash and clarify tree description.
-``` +```text +--- Chart.yaml : Chart information and dependencies (available as {{ .Chart }} in templates) @@ -+--- values.yaml : define {{ .Values }} variable to use in template files ++--- values.yaml : define values (available as {{ .Values }}) used in templates
46-56: Add bash fences to install/uninstall commands.Improves readability and editor copy/paste.
- ``` + ```bash @@ - ``` + ```bash @@ - ``` + ```kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml (1)
21-24: Trim trailing spaces and normalize newlines.Remove the trailing space at Line 21 and ensure LF newlines across the file.
kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml (3)
15-17: Don’t renderrollingUpdate: null; gate it on RollingUpdate.- strategy: - type: {{ .Values.inlet.updateStrategy }} - rollingUpdate: null + strategy: + type: {{ .Values.inlet.updateStrategy | default "RollingUpdate" }} + {{- if eq (.Values.inlet.updateStrategy | default "RollingUpdate") "RollingUpdate" }} + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + {{- end }}
25-33: BusyBox nc flags are unreliable; use HTTP probe with wget for orchestrator.More portable in minimal images.
- command: - - /bin/sh - - -c - - | - until nc -zvw5 {{ .Release.Name }}-orchestrator.{{ .Release.Namespace }}.svc.cluster.local 8080; do echo "Waiting for Orchestrator..."; sleep 2; done + command: + - /bin/sh + - -c + - | + until wget -q --spider http://{{ .Release.Name }}-orchestrator:8080; do echo "Waiting for Orchestrator..."; sleep 2; done
1-59: Normalize line endings inkubernetes/akvorado/templates/akvorado-inlet-deployment.yaml• CRLF line endings were detected throughout the file—please convert to LF to satisfy YAML linting and avoid platform-specific issues.
• No trailing whitespace was found.
• To prevent regressions, add a.gitattributesentry such as:*.yaml text eol=lfand an
.editorconfigrule to enforce 2-space indentation for YAML files.kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml (1)
19-21: Add volumeMode and trim trailing space.Explicit volumeMode improves clarity; also remove trailing whitespace at Line 21.
persistentVolumeReclaimPolicy: Retain - storageClassName: {{ $namespace }}-{{ .Values.geoip.sharedPersistenceVolume.storageClass }} - + storageClassName: {{ $namespace }}-{{ .Values.geoip.sharedPersistenceVolume.storageClass }} + volumeMode: Filesystemspec: resources: requests: storage: {{ .Values.geoip.sharedPersistenceVolume.storageSize }} + volumeMode: Filesystemkubernetes/akvorado/values.yaml (2)
27-33: Make accessModes arrays for consistency with templates.- accessModes: ReadWriteMany + accessModes: + - ReadWriteMany @@ - accessModes: ReadWriteMany + accessModes: + - ReadWriteMany @@ - accessModes: ReadWriteMany + accessModes: + - ReadWriteManyAlso applies to: 56-62, 91-96
1-106: Trim trailing whitespace (lines 18 & 47) and normalize to LF endings
- Line 18 and line 47 each contain trailing spaces; please remove them.
- The file currently uses CRLF line endings—please convert it to LF.
- Consider adding a repo-wide
.editorconfigor.gitattributesto enforce whitespace and line-ending rules.kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml (2)
54-55: Set imagePullPolicy from values for the orchestrator container.- image: {{ include "common.images.image" ( dict "imageRoot" .Values.orchestrator.image ) }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.orchestrator.image ) }} + imagePullPolicy: {{ .Values.orchestrator.image.pullPolicy | quote }}
1-70: Whitespace/style nits flagged by YAMLlint.Extra spaces (Lines 41, 43) and trailing space (Line 54). Safe to trim.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (10)
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml(1 hunks)kubernetes/akvorado/templates/akvorado-redis-deployment.yaml(1 hunks)kubernetes/akvorado/values.yaml(1 hunks)kubernetes/clickhouse/README.md(1 hunks)kubernetes/clickhouse/templates/clickhouseKeeper.yaml(1 hunks)kubernetes/clickhouse/values.yaml(1 hunks)kubernetes/kafka/templates/kafka.yaml(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
kubernetes/akvorado/templates/akvorado-redis-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
kubernetes/clickhouse/templates/clickhouseKeeper.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[error] 4-4: syntax error: expected , but found ''
(syntax)
[error] 56-56: no new line character at the end of file
(new-line-at-end-of-file)
kubernetes/akvorado/values.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 18-18: trailing spaces
(trailing-spaces)
[error] 47-47: trailing spaces
(trailing-spaces)
kubernetes/akvorado/templates/akvorado-inlet-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 21-21: trailing spaces
(trailing-spaces)
[error] 2-2: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-inlet-persistentvolumeclaim.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 21-21: trailing spaces
(trailing-spaces)
[error] 2-2: syntax error: expected the node content, but found '-'
(syntax)
kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[warning] 6-6: wrong indentation: expected 2 but found 4
(indentation)
[error] 5-5: syntax error: expected the node content, but found '-'
(syntax)
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
[warning] 41-41: too many spaces after colon
(colons)
[warning] 43-43: too many spaces after colon
(colons)
[error] 54-54: trailing spaces
(trailing-spaces)
kubernetes/clickhouse/values.yaml
[error] 13-13: trailing spaces
(trailing-spaces)
[error] 25-25: trailing spaces
(trailing-spaces)
[warning] 36-36: wrong indentation: expected 4 but found 6
(indentation)
[warning] 58-58: wrong indentation: expected 6 but found 8
(indentation)
[error] 61-61: trailing spaces
(trailing-spaces)
[warning] 66-66: wrong indentation: expected 6 but found 8
(indentation)
[error] 69-69: trailing spaces
(trailing-spaces)
[error] 70-70: no new line character at the end of file
(new-line-at-end-of-file)
kubernetes/kafka/templates/kafka.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 47-47: wrong indentation: expected 14 but found 12
(indentation)
[warning] 68-68: wrong indentation: expected 14 but found 12
(indentation)
🪛 LanguageTool
kubernetes/clickhouse/README.md
[grammar] ~1-~1: There might be a mistake here.
Context: # Clickhouse Chart This chart defines Clickhouse DB Cluter ...
(QB_NEW_EN)
[grammar] ~2-~2: Ensure spelling is correct
Context: ... Chart This chart defines Clickhouse DB Cluter as Kubernetes objects and it depend on ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~3-~3: There might be a mistake here.
Context: ...inity.com/clickhouse-operator In detail: - The ClickHouseKeeperInstallation Object ...
(QB_NEW_EN)
[grammar] ~4-~4: There might be a mistake here.
Context: ...cas, podTemplate, VolumeClaimTemplates). - The ClickHouseInstallation Object is cre...
(QB_NEW_EN)
[grammar] ~5-~5: There might be a mistake here.
Context: ...rds, podTemplate, VolumeClaimTemplates). - The secret named clickhouse-credentials ...
(QB_NEW_EN)
[grammar] ~6-~6: There might be a mistake here.
Context: ...ministrators to access to Clickhouse DB. ## Tree level ``` +--- Chart.yaml : Chart ...
(QB_NEW_EN)
🪛 markdownlint-cli2 (0.17.2)
kubernetes/clickhouse/README.md
2-2: Bare URL used
(MD034, no-bare-urls)
9-9: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
23-23: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
31-31: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
46-46: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
53-53: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🔇 Additional comments (4)
kubernetes/kafka/templates/kafka.yaml (1)
13-16: Verify external listener schema (port on nodeport).Strimzi’s nodeport external listener may not accept an explicit
port(ports are allocated per-broker via configuration). Please confirm against your target Strimzi version’s CRD.If needed, drop
port:here and set bootstrap/broker nodePorts underconfiguration.brokers[].kubernetes/clickhouse/README.md (1)
22-29: Add bash fencing and includehelm repo update; the existing Helm repo URL and chart name are correctVerified that the official Altinity ClickHouse Operator Helm repository is indeed
https://docs.altinity.com/clickhouse-operator/and the chart isclickhouse-operator/altinity-clickhouse-operator(github.com, docs.altinity.com). There’s no need to replace the URL or chart name—simply fence as bash and add a repo update step.Locations to update:
kubernetes/clickhouse/README.mdlines 22–29Suggested diff:
- ``` - helm repo add clickhouse-operator https://docs.altinity.com/clickhouse-operator + ```bash + # Add Altinity’s ClickHouse Operator Helm repository and update + helm repo add clickhouse-operator https://docs.altinity.com/clickhouse-operator/ + helm repo update helm upgrade --install --create-namespace \ --namespace clickhouse \ clickhouse-operator \ - clickhouse-operator/altinity-clickhouse-operator + clickhouse-operator/altinity-clickhouse-operator ```Likely an incorrect or invalid review comment.
kubernetes/akvorado/templates/akvorado-geoip-persistentvolumeclaim.yaml (1)
1-3: Header looks good now.The invalid “------” header noted earlier is fixed; proper
---is present.kubernetes/akvorado/templates/akvorado-orchestrator-deployment.yaml (1)
24-33: The external-bootstrap endpoint is valid as configured by the Strimzi Kafka CRD, no change requiredThe Kafka subchart uses a Strimzi Kafka custom resource, which defines both an internal listener on port 9092 and an external NodePort listener on port 9094. The Strimzi operator will automatically create a Service named
<clusterName>-kafka-external-bootstrap(clusterIP + NodePort) that listens on port 9094, exactly matching your initContainer’s wait target . Inside the cluster, NodePort services still have a clusterIP and will correctly proxy traffic on port 9094 to the brokers (dzone.com).If you prefer to use the internal listener for in-cluster traffic, you can point to
<ReleaseName>-kafka-bootstrap:9092instead, but the existing external-bootstrap approach will work as is. No edits to the deployment or configmap are necessary.Likely an incorrect or invalid review comment.
|
🎉 This PR is included in version 1.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
3 participants
Summary by CodeRabbit
New Features
Documentation