[metallb] Build patched image #945

lllamnyp · 2025-05-15T11:39:52Z

Since it's taking a while for metallb/metallb#2726 to get released, the binaries with the fix are recompiled in-tree. Workaround for #909.

Summary by CodeRabbit

New Features
- Added support for dynamic ASN assignment in BGP peer resources, allowing selection between "internal" and "external" options.
- Introduced multi-stage Dockerfile for streamlined, reproducible builds of controller and speaker images.
- Added conditional creation of monitoring and RBAC resources based on component enablement.
- Added new image build targets for MetalLB components with automated image tagging and metadata updates.
Improvements
- Updated Helm chart and CRD versions to v0.14.9.
- Enhanced alert annotations and severity levels for Prometheus rules.
- Refined configuration defaults for container images and resource creation logic.
- Improved documentation and corrected typographical errors in configuration files.
- Updated environment variable conditions and tightened resource creation logic for speaker components.
Bug Fixes
- Tightened conditions for creating service accounts and RBAC resources to prevent unnecessary resource creation.
- Added validation to prevent simultaneous enabling of conflicting monitoring options.

coderabbitai · 2025-05-15T11:40:00Z

Walkthrough

The changes introduce an enhanced build process for the MetalLB system package, including a new Dockerfile and Makefile logic for building and tagging controller and speaker images. The Helm chart and CRDs are updated to support new features, such as dynamic ASN configuration and stricter conditional resource creation. Alert severities and documentation are also revised.

Changes

File(s)	Change Summary
Makefile	Updated the `build` target to include building the MetalLB image via its own Makefile.
packages/system/metallb/Makefile	Added `image-controller`, `image-speaker`, and aggregate `image` targets for building and tagging Docker images for MetalLB components, updating Helm values with digests. Included common environment variables.
packages/system/metallb/images/metallb/Dockerfile	Introduced a multi-stage Dockerfile for building MetalLB controller and speaker images with version metadata, patch application, and multi-arch support.
packages/system/metallb/charts/metallb/Chart.yaml packages/system/metallb/charts/metallb/charts/crds/Chart.yaml	Bumped chart, appVersion, and dependency versions for MetalLB and its CRDs.
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml	Updated CRDs: added `dynamicASN` field to BGPPeer v1beta2, marked v1beta1 as deprecated, updated controller-gen version annotation, and revised field requirements and descriptions.
packages/system/metallb/charts/metallb/README.md	Updated `frr-k8s` dependency version and changed default Prometheus alert severities from "alert" to "critical" for certain rules in documentation.
packages/system/metallb/charts/metallb/templates/controller.yaml	Changed condition for setting `METALLB_BGP_TYPE` env var to require both speaker and FRR to be enabled.
packages/system/metallb/charts/metallb/templates/podmonitor.yaml	Added a conditional PodMonitor resource for the speaker component, rendered only if enabled.
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml	Split alert annotation "message" into "summary" and "description" for several PrometheusRule alerts, adding clarity to alerting output.
packages/system/metallb/charts/metallb/templates/rbac.yaml	Made speaker RBAC resources conditional on speaker enablement, removed webhook configuration permissions, added "delete" verb for FRR configs, and refined secret permissions.
packages/system/metallb/charts/metallb/templates/service-accounts.yaml	Tightened condition for creating speaker ServiceAccount to require both speaker and serviceAccount creation to be enabled.
packages/system/metallb/charts/metallb/templates/servicemonitor.yaml	Added validation to prevent enabling both ServiceMonitor and PodMonitor, made speaker ServiceMonitor conditional, and removed a label from controller ServiceMonitor.
packages/system/metallb/charts/metallb/values.yaml packages/system/metallb/values.yaml	Fixed typos in comments, updated alert severities to "critical", and explicitly set image repositories and tags for controller and speaker in values files.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Make as Makefile
    participant Docker as Docker Build
    participant Helm as Helm Chart
    participant K8s as Kubernetes

    Dev->>Make: make build
    Make->>Make: Build other system packages
    Make->>Make: make -C packages/system/metallb image
    Make->>Docker: Build controller and speaker images (multi-arch)
    Docker->>Make: Output image digests
    Make->>Helm: Update values.yaml with new image digests
    Helm->>K8s: Deploy updated MetalLB with new images and CRDs

Poem

In the garden of code, MetalLB grew,
With Docker and Helm, it’s shiny and new!
Alerts now shout “critical!” in the night,
Dynamic ASN brings BGP delight.
A bunny builds images, hops with glee—
“Patch applied, all ready!” squeaks rabbit, that’s me!
🐇✨

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (9)

packages/system/metallb/charts/metallb/README.md (1)

19-21: Update frr-k8s dependency version in docs
The frr-k8s version has been bumped to 0.0.16—good. Consider converting the bare URL in the table to reference-style or angle-bracket form to satisfy markdownlint (MD034).

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

20-20: Bare URL used
null

(MD034, no-bare-urls)
packages/system/metallb/charts/metallb/values.yaml (1)
45-46: Clarify Prometheus RBAC comment
Minor wording suggestion:
- # prometheus doesn't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
+ # Grant Prometheus permission to scrape MetalLB's namespace when RBAC is enabled
This improves readability and grammar.
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml (2)
22-23: Use standard YAML quoting for annotations.
The current backtick‐wrapped literals ({{\'…'`}}`) will embed extra single quotes in the rendered alert. It’s clearer and more idiomatic to write:
summary: "Stale config on {{ $labels.pod }}"
description: "{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has a stale config for > 1 minute"
Apply this change for the MetalLBStaleConfig, MetalLBConfigNotLoaded, and MetalLBAddressPoolExhausted alerts.

Also applies to: 34-35, 46-47

60-61: Unify annotation keys across alerts.
The first three alerts use description, but addressPoolUsage and bgpSessionDown still use message. For consistency and downstream tooling support, replace message with description.

Also applies to: 72-73
packages/system/metallb/Makefile (1)
14-33: DRY up the image build targets.
The image-controller and image-speaker targets share almost identical steps. Consider refactoring into a pattern rule or Makefile function to avoid duplication and ease maintenance. For example:
TARGETS := controller speaker
.PHONY: image $(addprefix image-,$(TARGETS))

image: $(addprefix image-,$(TARGETS))

define build-image
  $(eval VERSION := $(shell yq '.appVersion' charts/metallb/Chart.yaml))
  docker buildx build images/metallb \
    --provenance false \
    --target $(1) \
    --build-arg VERSION=$(VERSION) \
    --tag $(REGISTRY)/metallb/$(1):$(VERSION) \
    --cache-from type=registry,ref=$(REGISTRY)/metallb/$(1):latest \
    --cache-to type=inline \
    --metadata-file images/$(1).json \
    --push=$(PUSH) \
    --label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
    --load=1
  # update values.yaml...
endef

$(foreach t,$(TARGETS),$(eval image-$(t):;$(call build-image,$(t))))
This will make future tweaks (e.g., adding build args) easier.
packages/system/metallb/charts/metallb/templates/rbac.yaml (1)
76-76: Add spacing after commas in verb lists.
YAML lists like ["get", "list", "watch","create","update","delete"] should include a space after each comma for readability:
verbs: ["get", "list", "watch", "create", "update", "delete"]
packages/system/metallb/images/metallb/Dockerfile (3)
14-20: Improve build robustness and log cleanliness.

Remove the verbose -v flag from tar to avoid cluttering build logs (tar -xzf- instead of tar -xzvf-).

Prefix patch application with set -euxo pipefail so failures abort the build immediately:
RUN set -euxo pipefail \
    && curl -sSL https://github.com/metallb/metallb/pull/2726.diff -o 2726.diff \
    && git apply 2726.diff
54-67: Pin distroless base image for reproducibility.
Using gcr.io/distroless/static:latest can introduce unexpected changes. It’s better to pin to a specific digest or version tag (e.g., gcr.io/distroless/static@sha256:<digest>).

70-76: Ensure the reloader script is executable.
The frr-reloader.sh file is copied but its executable bit may not be preserved. Add:
COPY --from=builder ... /frr-reloader.sh
RUN chmod +x /frr-reloader.sh
so that the reloader can run at runtime.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between a240c0b and 85d7dc7.

⛔ Files ignored due to path filters (1)

packages/system/metallb/charts/metallb/Chart.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

Makefile (1 hunks)
packages/system/metallb/Makefile (2 hunks)
packages/system/metallb/charts/metallb/Chart.yaml (2 hunks)
packages/system/metallb/charts/metallb/README.md (2 hunks)
packages/system/metallb/charts/metallb/charts/crds/Chart.yaml (1 hunks)
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml (10 hunks)
packages/system/metallb/charts/metallb/templates/controller.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/podmonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml (5 hunks)
packages/system/metallb/charts/metallb/templates/rbac.yaml (7 hunks)
packages/system/metallb/charts/metallb/templates/service-accounts.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/values.yaml (5 hunks)
packages/system/metallb/images/metallb/Dockerfile (1 hunks)
packages/system/metallb/values.yaml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

🪛 markdownlint-cli2 (0.17.2)

packages/system/metallb/charts/metallb/README.md

20-20: Bare URL used
null

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Build and Test

🔇 Additional comments (18)

packages/system/metallb/charts/metallb/templates/controller.yaml (1)

87-90: Ensure speaker enablement gate for FRR mode
Good catch adding the speaker.enabled check alongside speaker.frr.enabled to prevent setting METALLB_BGP_TYPE=frr when the speaker is turned off. This avoids misconfiguration and unintended behavior.

packages/system/metallb/charts/metallb/charts/crds/Chart.yaml (1)

2-3: Bump CRDs chart version to v0.14.9
The appVersion and version fields have been correctly updated to v0.14.9. Please verify that the main MetalLB Helm chart (packages/system/metallb/charts/metallb/Chart.yaml) has the same version bump to maintain consistency across charts and that any Chart.lock or dependency references are updated accordingly.

Also applies to: 10-10

Makefile (1)

23-23: Integrate MetalLB image build into standard flow
Nice addition of the make -C packages/system/metallb image step. Ensure the image target in packages/system/metallb/Makefile handles push/load flags and errors gracefully. Also confirm CI pipelines invoke make build so the new images are always built.

packages/system/metallb/charts/metallb/values.yaml (5)

67-69: The addition of the comment for prometheus.podMonitor.additionalLabels is self-explanatory and doesn’t require further action.

146-148: The new comment for prometheusRule.additionalLabels follows the same pattern and is clear as-is.

168-169: Elevate addressPoolExhausted severity to Critical
Updating the severity to critical aligns with higher-impact alerts. Ensure the prometheusrules.yaml template reflects this default.

181-182: Elevate 95% addressPoolUsage threshold to Critical
Good to mark the highest utilization threshold as critical. This will trigger faster escalations when pools are nearly exhausted.

187-188: Elevate bgpSessionDown severity to Critical
Marking BGP sessions down as critical is appropriate given its potential to disrupt service.

packages/system/metallb/charts/metallb/templates/service-accounts.yaml (1)

16-16: Ensure speaker.serviceAccount.create is defined in values.yaml
The new condition requires both .Values.speaker.enabled and .Values.speaker.serviceAccount.create. Please confirm that a default for speaker.serviceAccount.create exists in values.yaml (e.g., false) to avoid unexpected omissions.

packages/system/metallb/charts/metallb/Chart.yaml (1)

2-2: Verify coordinated chart and dependency version bumps
The appVersion, dependency versions for crds and frr-k8s, and chart version have been updated (0.14.9 and 0.0.16). Ensure these align with the upstream MetalLB and FRR-K8s releases and that all sub-charts remain compatible.

Also applies to: 7-7, 11-11, 21-21

packages/system/metallb/values.yaml (1)

4-11: Explicitly pin controller and speaker images with digests
Great to see the controller and speaker images pinned by digest. Please verify that these digests match the artifacts produced by your build pipeline, and consider specifying an explicit image.pullPolicy (e.g., IfNotPresent or Always) if you have specific pull semantics in mind.

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2)

1-3: Prevent conflicting ServiceMonitor and PodMonitor enablement
Adding a fail when both prometheus.serviceMonitor.enabled and prometheus.podMonitor.enabled are set prevents resource collisions—this is a strong safeguard against misconfiguration.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

6-97: Wrap speaker ServiceMonitor in speaker.enabled check
The speaker-specific ServiceMonitor and Service definitions now only render when .Values.speaker.enabled is true, mirroring the RBAC and ServiceAccount templates. Please confirm that speaker.enabled defaults to a sensible value in values.yaml and update the chart README to document this new toggle.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

packages/system/metallb/charts/metallb/templates/podmonitor.yaml (1)

39-78: Conditionally create speaker PodMonitor
The speaker PodMonitor resource is now created only if .Values.speaker.enabled is true, aligning with other component toggles. Verify that this flag is defined (and documented) in values.yaml, and update the chart documentation to cover enabling/disabling the speaker PodMonitor.

packages/system/metallb/charts/metallb/templates/rbac.yaml (1)

22-27: Verify removal of mutating webhook permissions.
The controller ClusterRole no longer includes mutatingwebhookconfigurations. Ensure there is no active mutating webhook (e.g., metallb-webhook-configuration) that still needs permissions; otherwise, this change may break webhook cleanup or updates.

packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml (3)

5-5: Approve controller-gen version bumps.
Updating the controller-gen.kubebuilder.io/version annotation to v0.16.3 across all CRDs aligns with the chart version and the patched binaries.

Also applies to: 126-126, 332-332, 682-682, 747-747, 957-957, 1137-1137

368-370: Approve deprecation of v1beta1 BGPPeer.
Marking the v1beta1 version as deprecated: true with a clear deprecation warning is the correct approach to guide users toward v1beta2.

638-641: Approve updated peerASN description.
The inclusion of mutual-exclusivity guidance in the peerASN field’s description is helpful for users migrating to dynamicASN.

packages/system/metallb/charts/metallb/templates/prometheusrules.yaml

packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml

kvaps

LGTM

packages/system/metallb/Makefile

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/system/metallb/charts/metallb/README.md (1)
20-20: Verify version bump and URL formatting.

The update from 0.0.14 to 0.0.16 for the frr-k8s dependency aligns with the Chart metadata. To address the markdownlint MD034 warning for a bare URL, consider using link syntax:
-| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 |
+| [https://metallb.github.io/frr-k8s](https://metallb.github.io/frr-k8s) | frr-k8s | 0.0.16 |
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

20-20: Bare URL used
null

(MD034, no-bare-urls)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 85d7dc7 and b38d387.

⛔ Files ignored due to path filters (1)

packages/system/metallb/charts/metallb/Chart.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

Makefile (1 hunks)
packages/system/metallb/Makefile (2 hunks)
packages/system/metallb/charts/metallb/Chart.yaml (2 hunks)
packages/system/metallb/charts/metallb/README.md (2 hunks)
packages/system/metallb/charts/metallb/charts/crds/Chart.yaml (1 hunks)
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml (10 hunks)
packages/system/metallb/charts/metallb/templates/controller.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/podmonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml (5 hunks)
packages/system/metallb/charts/metallb/templates/rbac.yaml (7 hunks)
packages/system/metallb/charts/metallb/templates/service-accounts.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/values.yaml (5 hunks)
packages/system/metallb/images/metallb/Dockerfile (1 hunks)
packages/system/metallb/values.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (13)

packages/system/metallb/charts/metallb/templates/controller.yaml
packages/system/metallb/charts/metallb/templates/service-accounts.yaml
packages/system/metallb/charts/metallb/values.yaml
Makefile
packages/system/metallb/values.yaml
packages/system/metallb/charts/metallb/charts/crds/Chart.yaml
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml
packages/system/metallb/charts/metallb/templates/podmonitor.yaml
packages/system/metallb/charts/metallb/Chart.yaml
packages/system/metallb/images/metallb/Dockerfile
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml
packages/system/metallb/charts/metallb/templates/rbac.yaml
packages/system/metallb/Makefile

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

packages/system/metallb/charts/metallb/README.md

20-20: Bare URL used
null

(MD034, no-bare-urls)

🪛 YAMLlint (1.35.1)

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Build and Test

🔇 Additional comments (5)

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2)

1-3: Fail early on conflicting monitor flags
This fail block correctly halts chart rendering if both prometheus.serviceMonitor.enabled and prometheus.podMonitor.enabled are set, avoiding ambiguous Prometheus configurations and preventing users from deploying an invalid setup.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

6-97: Scope speaker ServiceMonitor and Service to speaker.enabled
Adding {{- if .Values.speaker.enabled }} around the speaker ServiceMonitor and its backing Service ensures these resources are only rendered when the speaker component is actually enabled. This matches the gating applied in RBAC, ServiceAccount, and PodMonitor templates, improving chart modularity and preventing orphaned resources.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

packages/system/metallb/charts/metallb/README.md (3)

82-82: Approve severity increase for addressPoolExhausted.

Bumping the default severity to "critical" for the addressPoolExhausted alert is appropriate given the impact of pool exhaustion on cluster networking.

88-88: Approve severity increase for high address pool usage.

Changing the 95% threshold severity to "critical" accurately reflects the urgency when address pool utilization is critically high.

92-92: Approve severity increase for BGP session down alert.

Updating the bgpSessionDown alert severity to "critical" is consistent with its potential service-disrupting impact.

kvaps

LGTM

Since it's taking a while for metallb/metallb#2726 to get released, the binaries with the fix are recompiled in-tree. Workaround for #909. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/system/metallb/charts/metallb/README.md (1)
7-7: Nit: convert bare URL to a named markdown link
To comply with MD034 (no bare URLs), consider rewriting
**Homepage:** <https://metallb.universe.tf>
as
**Homepage:** [metallb.universe.tf](https://metallb.universe.tf)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between b38d387 and 5fe7b3b.

⛔ Files ignored due to path filters (1)

packages/system/metallb/charts/metallb/Chart.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

Makefile (1 hunks)
packages/system/metallb/Makefile (2 hunks)
packages/system/metallb/charts/metallb/Chart.yaml (2 hunks)
packages/system/metallb/charts/metallb/README.md (2 hunks)
packages/system/metallb/charts/metallb/charts/crds/Chart.yaml (1 hunks)
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml (10 hunks)
packages/system/metallb/charts/metallb/templates/controller.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/podmonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml (5 hunks)
packages/system/metallb/charts/metallb/templates/rbac.yaml (7 hunks)
packages/system/metallb/charts/metallb/templates/service-accounts.yaml (1 hunks)
packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2 hunks)
packages/system/metallb/charts/metallb/values.yaml (5 hunks)
packages/system/metallb/images/metallb/Dockerfile (1 hunks)
packages/system/metallb/values.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

packages/system/metallb/charts/metallb/values.yaml

🚧 Files skipped from review as they are similar to previous changes (12)

packages/system/metallb/charts/metallb/templates/service-accounts.yaml
packages/system/metallb/values.yaml
packages/system/metallb/charts/metallb/templates/controller.yaml
packages/system/metallb/charts/metallb/Chart.yaml
packages/system/metallb/charts/metallb/charts/crds/Chart.yaml
Makefile
packages/system/metallb/charts/metallb/templates/prometheusrules.yaml
packages/system/metallb/charts/metallb/templates/podmonitor.yaml
packages/system/metallb/Makefile
packages/system/metallb/images/metallb/Dockerfile
packages/system/metallb/charts/metallb/templates/rbac.yaml
packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

packages/system/metallb/charts/metallb/README.md

20-20: Bare URL used
null

(MD034, no-bare-urls)

🪛 YAMLlint (1.35.1)

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Build and Test

🔇 Additional comments (4)

packages/system/metallb/charts/metallb/README.md (2)

20-20: Confirm frr-k8s dependency version bump
The README now reflects frr-k8s version 0.0.16, consistent with the Chart.yaml and CRD updates. Ensure the actual Chart.yaml dependency has been bumped accordingly and remind users to run helm dependency update when upgrading.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

20-20: Bare URL used
null

(MD034, no-bare-urls)

82-82: Approve severity level updates for Prometheus alerts
The default severities for addressPoolExhausted, the 95% addressPoolUsage threshold, and bgpSessionDown have been correctly elevated to "critical", aligning the documentation with the changes in values.yaml.

Also applies to: 88-88, 92-92

packages/system/metallb/charts/metallb/templates/servicemonitor.yaml (2)

1-3: Add conflict guard for ServiceMonitor vs PodMonitor
The new validation check halts template rendering if both .Values.prometheus.serviceMonitor.enabled and .Values.prometheus.podMonitor.enabled are set, preventing duplicate scrape configurations. Good alignment with Helm best practices.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

6-6: Wrap speaker resources in the speaker.enabled guard
Introducing {{- if .Values.speaker.enabled }} around the speaker ServiceMonitor and Service ensures these resources are only rendered when the speaker component is active, matching the patterns in other templates.

Since it's taking a while for metallb/metallb#2726 to get released, the binaries with the fix are recompiled in-tree. Workaround for #909. (cherry picked from commit 73fdc5d) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

Add support for metallb multiarch build. Part of #519 and a follow-up to PR #945 (issue #909)  ## Summary by CodeRabbit - **Chores** - Improved Docker build process for image-controller and image-speaker to allow dynamic control over image loading and enhanced build configuration consistency. No changes to user-facing features.

lllamnyp requested review from kvaps and klinch0 as code owners May 15, 2025 11:39

coderabbitai bot reviewed May 15, 2025 8000

View reviewed changes

packages/system/metallb/charts/metallb/templates/prometheusrules.yaml Show resolved Hide resolved

packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml Show resolved Hide resolved

kvaps approved these changes May 15, 2025

View reviewed changes

lllamnyp enabled auto-merge May 15, 2025 11:51

kvaps requested changes May 15, 2025

View reviewed changes

packages/system/metallb/Makefile Outdated Show resolved Hide resolved

< 8000 div data-show-on-forbidden-error hidden>

Uh oh!

There was an error while loading. Please reload this page.

nbykov0 reviewed May 15, 2025

View reviewed changes

packages/system/metallb/Makefile Show resolved Hide resolved

lllamnyp force-pushed the 909-build-metallb branch from 85d7dc7 to b38d387 Compare May 15, 2025 12:59

coderabbitai bot reviewed May 15, 2025

View reviewed changes

kvaps approved these changes May 15, 2025

View reviewed changes

kvaps changed the title ~~Build patched MetalLB~~ [metallb] Build patched image May 15, 2025

Build patched MetalLB

5fe7b3b

Since it's taking a while for metallb/metallb#2726 to get released, the binaries with the fix are recompiled in-tree. Workaround for #909. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

lllamnyp force-pushed the 909-build-metallb branch from b38d387 to 5fe7b3b Compare May 16, 2025 11:58

coderabbitai bot reviewed May 16, 2025

View reviewed changes

lllamnyp merged commit 73fdc5d into main May 16, 2025
6 checks passed

lllamnyp deleted the 909-build-metallb branch May 16, 2025 12:15

lllamnyp mentioned this pull request May 20, 2025

Prepare 0.31.0 rc.2 #966

Closed

This was referenced May 23, 2025

[build] system/metallb: multiarch support #970

Merged

Update metallb to 0.14.10/0.15.0 once released #909

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[metallb] Build patched image #945

[metallb] Build patched image #945

Uh oh!

Uh oh!

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (`.coderabbit.yaml`)

Documentation and Community

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[metallb] Build patched image #945

[metallb] Build patched image #945

Uh oh!

Conversation

Uh oh!

Summary by CodeRabbit

Uh oh!

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

CodeRabbit Configuration File (`.coderabbit.yaml`)