[fluxcd] update to flux-operator 0.19.0 #880
Conversation
Signed-off-by: Kingdon B <kingdon@urmanac.com>
WalkthroughThis update introduces a new Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant HelmChart
participant KubernetesAPI
participant ServiceAccount
participant FlowSchema
User->>HelmChart: Deploy/upgrade flux-operator with apiPriority.enabled=true
HelmChart->>KubernetesAPI: Apply CRDs, ClusterRoleBindings, and other manifests
HelmChart->>KubernetesAPI: Apply FlowSchema (if apiPriority.enabled)
KubernetesAPI->>FlowSchema: Registers API priority rules
ServiceAccount->>KubernetesAPI: Makes API requests
KubernetesAPI->>FlowSchema: Matches requests to FlowSchema rules
FlowSchema->>KubernetesAPI: Applies priority/fairness as configured
Suggested reviewers
Poem
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
packages/system/fluxcd-operator/charts/flux-operator/templates/flowschema.yaml (1)
1-41: Preserve indentation in the extraServiceAccounts loop
Using{{- range .Values.apiPriority.extraServiceAccounts }}strips leading whitespace, which can break YAML indentation for the generated- kind: ServiceAccountentries. To maintain correct indent levels, switch to:{{ range .Values.apiPriority.extraServiceAccounts }} - kind: ServiceAccount serviceAccount: name: {{ .name }} namespace: {{ .namespace }} {{ end }}Also, run
helm lintorhelm templateon this chart to validate that the rendered FlowSchema YAML is syntactically correct.🧰 Tools
🪛 YAMLlint (1.35.1)
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml(2 hunks)packages/system/fluxcd-operator/charts/flux-operator/README.md(2 hunks)packages/system/fluxcd-operator/charts/flux-operator/templates/admin-clusterrole.yaml(1 hunks)packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml(1 hunks)packages/system/fluxcd-operator/charts/flux-operator/templates/flowschema.yaml(1 hunks)packages/system/fluxcd-operator/charts/flux-operator/values.schema.json(1 hunks)packages/system/fluxcd-operator/charts/flux-operator/values.yaml(1 hunks)packages/system/fluxcd/charts/flux-instance/Chart.yaml(2 hunks)packages/system/fluxcd/charts/flux-instance/README.md(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.35.1)
packages/system/fluxcd-operator/charts/flux-operator/templates/flowschema.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
🔇 Additional comments (8)
packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml (1)
11-11: Bump chart version and appVersion to 0.19.0
TheappVersionandversionfields have been correctly updated to v0.19.0 to align with the operator release.Also applies to: 28-28
packages/system/fluxcd/charts/flux-instance/README.md (1)
3-3: Update version badges to 0.19.0
The README badges now reflect the new chart and app version.packages/system/fluxcd/charts/flux-instance/Chart.yaml (1)
11-11: Bump flux-instance chart version and appVersion to 0.19.0
The Flux instance chart metadata has been updated consistently with the operator chart.Also applies to: 28-28
packages/system/fluxcd-operator/charts/flux-operator/README.md (2)
3-3: Update version badges in README
Badges now reflect the chart and app version bump to 0.19.0.
36-36: Document newapiPriorityconfiguration
The newapiPrioritykey is clearly described with default settings and a link to Kubernetes API priority and fairness docs.packages/system/fluxcd-operator/charts/flux-operator/templates/admin-clusterrole.yaml (1)
21-21: Bind ClusterRoleBinding to the configured service account
Switching fromfullnametoserviceAccountNameensures the ClusterRoleBinding targets the actual service account (including any custom name).packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml (1)
881-892: Newskip.labelsfield is correctly added to the CRD schema
Theskipobject with itslabelsarray accurately captures the intended skip logic for input providers. Ensure that the controller implementation properly interprets prefixes (!) and that users can omitskipentirely when no skipping behavior is desired.packages/system/fluxcd-operator/charts/flux-operator/values.yaml (1)
36-44: Verify chart version bump and documentation updates
You’ve added theapiPriorityblock, but please confirm that:
Chart.yamlhas been updated to version0.19.0per the PR objective.- The chart’s README (or values documentation) includes examples demonstrating how to use
extraServiceAccounts.
| "apiPriority": { | ||
| "default": { | ||
| "enabled": false, | ||
| "extraServiceAccounts": [], | ||
| "level": "workload-high" | ||
| }, | ||
| "properties": { | ||
| "enabled": { | ||
| "type": "boolean" | ||
| }, | ||
| "extraServiceAccounts": { | ||
| "type": "array" | ||
| }, | ||
| "level": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "type": "object" | ||
| }, |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Improve schema validation for extraServiceAccounts
The current schema defines extraServiceAccounts as a generic array without item constraints, which weakens validation. To ensure each entry has the expected shape, add an items block specifying an object with required name and namespace string fields. For example:
"extraServiceAccounts": {
"type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "namespace": {
+ "type": "string"
+ }
+ },
+ "required": ["name", "namespace"]
+ }
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "apiPriority": { | |
| "default": { | |
| "enabled": false, | |
| "extraServiceAccounts": [], | |
| "level": "workload-high" | |
| }, | |
| "properties": { | |
| "enabled": { | |
| "type": "boolean" | |
| }, | |
| "extraServiceAccounts": { | |
| "type": "array" | |
| }, | |
| "level": { | |
| "type": "string" | |
| } | |
| }, | |
| "type": "object" | |
| }, | |
| "apiPriority": { | |
| "default": { | |
| "enabled": false, | |
| "extraServiceAccounts": [], | |
| "level": "workload-high" | |
| }, | |
| "properties": { | |
| "enabled": { | |
| "type": "boolean" | |
| }, | |
| "extraServiceAccounts": { | |
| "type": "array", | |
| "items": { | |
| "type": "object", | |
| "properties": { | |
| "name": { | |
| "type": "string" | |
| }, | |
| "namespace": { | |
| "type": "string" | |
| } | |
| }, | |
| "required": ["name", "namespace"] | |
| } | |
| }, | |
| "level": { | |
| "type": "string" | |
| } | |
| }, | |
| "type": "object" | |
| }, |
|
Allright, we need to fix our pipeline to be able run tests for external forks |
Summary by CodeRabbit
New Features
skipfield in theResourceSetInputProviderCRD to control update skipping based on label conditions.Bug Fixes
Documentation
apiPriorityconfiguration option in the Flux Operator Helm chart.