Skip to content

fix(generic): align template standards#667

Open
mberlofa wants to merge 2 commits into
mainfrom
fix/generic-template-standards
Open

fix(generic): align template standards#667
mberlofa wants to merge 2 commits into
mainfrom
fix/generic-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • guard Generic ingressClassName rendering so empty values omit spec.ingressClassName
  • rename the ExternalSecret template to the canonical externalsecret.yaml name
  • add networkPolicy.extraEgress support with schema and unit coverage, and centralize validation through the chart validate helper

Validation

  • helm unittest charts/generic
  • helm lint --strict charts/generic
  • make template-standards-check CHART=generic
  • make standards-check CHART=generic
  • make standards-guard CHART=generic
  • make validate-chart CHART=generic TIMEOUT=900: FULLY VALIDATED (18 layers)
  • make site-sync-check CHART=generic
  • make release-check REPO=charts
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#345
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added networkPolicy.extraEgress to append egress rules and include the Egress policy type when applicable.
    • Chart validation now enforces additional render-time value checks.
    • Ingress omits spec.ingressClassName when ingress.ingressClassName is set to "".
  • Documentation
    • Updated networkPolicy guidance for defaultDeny and extraEgress.
  • Bug Fixes
    • PodDisruptionBudget now selects minAvailable/maxUnavailable based on key presence (so 0 is handled correctly).
  • Tests
    • Expanded validation, Ingress, security (extra egress), PDB, and validation failure/success scenarios; updated one ExternalSecret test template reference.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates generic chart networking and ingress rendering, extracts Helm validation into a helper template, changes PDB selection to preserve explicit zero values, and fixes an ExternalSecret test template reference. Related docs, values, schema, and tests were updated.

Changes

Generic chart updates

Layer / File(s) Summary
NetworkPolicy extraEgress
charts/generic/values.schema.json, charts/generic/values.yaml, charts/generic/templates/networkpolicy.yaml, charts/generic/tests/security_test.yaml, charts/generic/docs/security.md, charts/generic/README.md
Adds extraEgress to the network policy values/schema, combines it with base egress rules for rendering, and updates docs and tests for the appended egress behavior.
Optional ingressClassName
charts/generic/templates/ingress.yaml, charts/generic/README.md, charts/generic/tests/ingress_test.yaml
Omits ingressClassName when unset, with documentation and a test covering the empty-string case.
Validation helper extraction
charts/generic/templates/validate.yaml, charts/generic/templates/_helpers.tpl, charts/generic/tests/validation_test.yaml
Moves the inline validation checks into chart.validate and adds validation coverage for overlong container names and pdb.minAvailable: 0.
PDB zero-value handling
charts/generic/templates/pdb.yaml, charts/generic/tests/pdb_test.yaml
Switches PDB rendering to key-based checks so explicit 0 values are preserved, with a test covering maxUnavailable: 0.
ExternalSecret test reference
charts/generic/tests/externalsecret_test.yaml
Updates the test harness to include externalsecret.yaml.

Estimated code review effort: 3 (Moderate) | ~25 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the PR’s main goal of aligning the generic chart with template standards.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/generic-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: generic

Framework Score
MITRE + NSA + SOC2 75.757576%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 00e8a1d2b6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread charts/generic/templates/networkpolicy.yaml

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/generic/templates/_helpers.tpl`:
- Around line 370-391: The validation in _helpers.tpl only checks the DNS-1123
name shape for containers, jobs, cronjobs, and configMaps, but it does not
enforce the 63-character maximum. Update the existing validation blocks that use
$namePattern and fail messages so they also reject .name values longer than 63
characters, keeping the checks alongside the current regexMatch logic for each
range.
- Around line 400-404: The PDB validation and rendering logic is treating
numeric 0 as unset because it relies on truthiness checks in the _helpers.tpl
PDB guard and in the pdb.yaml template. Update the checks around
.Values.pdb.minAvailable and .Values.pdb.maxUnavailable to use explicit presence
detection instead of not/truthy tests, and apply the same approach where the PDB
fields are emitted so a valid 0 is preserved and rendered correctly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 2dad990a-c7f2-495e-8729-66ec05423786

📥 Commits

Reviewing files that changed from the base of the PR and between 870b4c7 and 00e8a1d.

📒 Files selected for processing (12)
  • charts/generic/README.md
  • charts/generic/docs/security.md
  • charts/generic/templates/_helpers.tpl
  • charts/generic/templates/externalsecret.yaml
  • charts/generic/templates/ingress.yaml
  • charts/generic/templates/networkpolicy.yaml
  • charts/generic/templates/validate.yaml
  • charts/generic/tests/externalsecret_test.yaml
  • charts/generic/tests/ingress_test.yaml
  • charts/generic/tests/security_test.yaml
  • charts/generic/values.schema.json
  • charts/generic/values.yaml

Comment thread charts/generic/templates/_helpers.tpl
Comment thread charts/generic/templates/_helpers.tpl Outdated
@mberlofa mberlofa force-pushed the fix/generic-template-standards branch from 4b2b9c2 to 31cf7c0 Compare July 4, 2026 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant