fix(helm): exclude commonLabels from immutable selector matchLabels#2571
Merged
pepol merged 5 commits intowundergraph:mainfrom Mar 4, 2026
Merged
Conversation
commonLabels values were included in the selectorLabels helper, which is used for spec.selector.matchLabels. Since Kubernetes makes this field immutable after creation, adding or changing commonLabels on an existing release fails with "field is immutable". Move commonLabels from selectorLabels into the labels helper (deployment metadata) and add them to pod template metadata.labels directly. This preserves commonLabels on all resource metadata and pod labels without polluting the immutable selector. Affected charts: cdn, controlplane, graphqlmetrics, otelcollector, router, studio. Fixes wundergraph#1523
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughMoved rendering of Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@helm/cosmo/charts/controlplane/templates/deployment.yaml`:
- Around line 47-49: When merging .Values.commonLabels into the pod template
labels (the {{- range $key, $value := .Values.commonLabels }} block), guard
against overriding selector keys so spec.selector.matchLabels (the Deployment
selector labels such as app.kubernetes.io/name and app.kubernetes.io/instance)
remain authoritative; modify the merge to either filter out those selector keys
(skip keys "app.kubernetes.io/name" and "app.kubernetes.io/instance" when
iterating .Values.commonLabels) or move the explicit selector labels to be
applied after the commonLabels merge so they win, ensuring the pod labels still
match spec.selector.matchLabels.
In `@helm/cosmo/charts/graphqlmetrics/templates/deployment.yaml`:
- Around line 35-37: User-supplied commonLabels are currently rendered into pod
template labels unconditionally, which can override critical selector labels
like app.kubernetes.io/name and app.kubernetes.io/instance and break
spec.selector.matchLabels vs spec.template.metadata.labels; update the template
loop that renders .Values.commonLabels so it skips/filters out keys that
conflict with the Deployment selector labels (at minimum
"app.kubernetes.io/name" and "app.kubernetes.io/instance", or any other keys you
use in spec.selector.matchLabels) before emitting them, and apply the same
guarded pattern to all other deployment templates (cdn, controlplane,
otelcollector, router, studio) so the selector and pod template labels always
remain consistent.
In `@helm/cosmo/charts/otelcollector/templates/deployment.yaml`:
- Around line 35-37: The patch appends .Values.commonLabels into
spec.template.metadata.labels after the selector labels, which allows
user-provided keys like app.kubernetes.io/name or app.kubernetes.io/instance in
commonLabels to override spec.selector.matchLabels; fix by ensuring selector
keys take precedence—merge commonLabels before or only add keys that do not
collide with selector matchLabels so spec.template.metadata.labels remains
identical to spec.selector.matchLabels; update the template rendering around the
labels loop (the block that iterates {{- range $key, $value :=
.Values.commonLabels }}) to skip keys present in the selector or to render
commonLabels before emitting selector labels so selector labels always win.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (12)
helm/cosmo/charts/cdn/templates/_helpers.tplhelm/cosmo/charts/cdn/templates/deployment.yamlhelm/cosmo/charts/controlplane/templates/_helpers.tplhelm/cosmo/charts/controlplane/templates/deployment.yamlhelm/cosmo/charts/graphqlmetrics/templates/_helpers.tplhelm/cosmo/charts/graphqlmetrics/templates/deployment.yamlhelm/cosmo/charts/otelcollector/templates/_helpers.tplhelm/cosmo/charts/otelcollector/templates/deployment.yamlhelm/cosmo/charts/router/templates/_helpers.tplhelm/cosmo/charts/router/templates/deployment.yamlhelm/cosmo/charts/studio/templates/_helpers.tplhelm/cosmo/charts/studio/templates/deployment.yaml
This was referenced Mar 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
commonLabels values were included in the selectorLabels helper, which is used for spec.selector.matchLabels. Since Kubernetes makes this field immutable after creation, adding or changing commonLabels on an existing release fails with "field is immutable" as stated in #1523
Move commonLabels from selectorLabels into the labels helper (deployment metadata) and add them to pod template
metadata.labelsdirectly. This preservescommonLabelson all resource metadata and pod labels. This was first proposed hereAffected charts:
cdn,controlplane,graphqlmetrics,otelcollector,router,studio.This should (hopefully) fix #1523
Summary by CodeRabbit
Checklist
N/A?N/A?