Skip to content

fix(langflow): align template standards#670

Open
mberlofa wants to merge 1 commit into
mainfrom
fix/langflow-template-standards
Open

fix(langflow): align template standards#670
mberlofa wants to merge 1 commit into
mainfrom
fix/langflow-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Align Langflow template standards: immutable selector labels, guarded ingressClassName, centralized validate helper, and numbered NOTES.
  • Make NetworkPolicy egress isolation active whenever networkPolicy.enabled=true, with scoped configurable DNS peers, built-in HTTPS allowance, and additive networkPolicy.extraEgress.
  • Sync values schema defaults and validation/unit coverage for selector-label overrides, existingClaim scaling, and NetworkPolicy egress behavior.
  • Remove hardcoded runtime env hints from NOTES when they can be overridden by user-provided env entries.

Related

Validation

  • helm template test charts/langflow --set networkPolicy.enabled=true | rg -n "policyTypes|Egress|kube-system|kube-dns|port: 53|port: 443"
  • helm unittest charts/langflow (20 tests, 6 suites)
  • make template-standards-check CHART=langflow
  • node scripts/charts/validate-chart.js --chart langflow --no-k3d
  • make validate-chart CHART=langflow TIMEOUT=900 (FULLY VALIDATED, 17 layers)
  • make site-sync-check CHART=langflow
  • make release-check REPO=charts (expected GR-077 post-merge release warning)
  • make attribution-check REPO=charts

Summary by CodeRabbit

  • New Features
    • Added networkPolicy DNS allow-listing via dnsEgressPeers.
    • Added networkPolicy.extraEgress to append additional outbound rules after the built-in DNS and HTTPS allowances.
  • Bug Fixes
    • Improved pod labeling to consistently match selector labels.
    • ingressClassName is now omitted when unset or intentionally blank.
  • Documentation
    • Expanded post-install notes with clearer access, runtime/state/auth, scaling, exposure, and troubleshooting details.
  • Tests
    • Updated and added Helm chart tests for ingress behavior, network policy egress ordering, and validation rules.
  • Chores
    • Updated default image tag recommendation to 1.10.1.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates the Langflow Helm chart by bumping the default image tag to 1.10.1, centralizing validation, making ingress class rendering conditional, adding NetworkPolicy egress support, and expanding the chart README and install notes.

Changes

Langflow chart validation, networking, and label fixes

Layer / File(s) Summary
Centralized validation helper and validate.yaml wiring
charts/langflow/templates/_helpers.tpl, charts/langflow/templates/validate.yaml, charts/langflow/tests/validation_test.yaml
New langflow.validate logic enforces shared-state and persistence requirements for multi-replica installs and rejects reserved pod label overrides; validate.yaml now includes it; tests cover allowed and failing validation paths.
Pod selector label fix
charts/langflow/templates/deployment.yaml, charts/langflow/tests/templates_test.yaml
Pod template metadata now uses selector labels, and tests assert the expected name label plus absence of helm.sh/chart.
Conditional ingressClassName rendering
charts/langflow/templates/ingress.yaml, charts/langflow/tests/templates_test.yaml, charts/langflow/README.md
Ingress omits spec.ingressClassName when the value is empty, with matching test coverage and README guidance.
NetworkPolicy egress support
charts/langflow/templates/networkpolicy.yaml, charts/langflow/values.yaml, charts/langflow/values.schema.json, charts/langflow/tests/networkpolicy_test.yaml
NetworkPolicy now renders baseline DNS and HTTPS egress, appends user extra egress rules, and exposes the related values and schema entries; tests verify default egress behavior and rule ordering.
Version bump and NOTES updates
charts/langflow/values.schema.json, charts/langflow/README.md, charts/langflow/templates/NOTES.txt
The default image tag is updated to 1.10.1, and NOTES.txt is expanded into numbered sections covering access, runtime, state, authentication, scaling, exposure, troubleshooting, and resources.

Estimated code review effort: 3 (Moderate) | ~25 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects the chart template standardization changes in the Langflow chart.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/langflow-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: langflow

Framework Score
MITRE + NSA + SOC2 75.757576%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7346f16d05

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread charts/langflow/templates/networkpolicy.yaml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/langflow/templates/networkpolicy.yaml`:
- Line 3: The network policy template currently gates the baseline Egress rules
on .Values.networkPolicy.extraEgress being non-empty, so an empty list renders
ingress-only policy. Update charts/langflow/templates/networkpolicy.yaml so the
default DNS/HTTPS egress rules are always included whenever networkPolicy is
enabled, and treat extraEgress as additive rather than a شرط for rendering
Egress. Add or adjust a test around the NetworkPolicy rendering path to cover
the empty-list case and verify egress is still present.

In `@charts/langflow/templates/NOTES.txt`:
- Around line 12-19: The runtime env hints in NOTES are hardcoded and can become
stale when app.env or extraEnv overrides those names. Update the NOTES template
to render LANGFLOW_SAVE_DB_IN_CONFIG_DIR and LANGFLOW_OPEN_BROWSER from the same
values source used by the chart, or remove those hints entirely if they cannot
be derived reliably. Use the NOTES template and the app.env/extraEnv rendering
logic as the reference points when making the change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a3c6519a-2a4d-4ba7-9e27-0a27c0a440fa

📥 Commits

Reviewing files that changed from the base of the PR and between 870b4c7 and 7346f16.

📒 Files selected for processing (12)
  • charts/langflow/README.md
  • charts/langflow/templates/NOTES.txt
  • charts/langflow/templates/_helpers.tpl
  • charts/langflow/templates/deployment.yaml
  • charts/langflow/templates/ingress.yaml
  • charts/langflow/templates/networkpolicy.yaml
  • charts/langflow/templates/validate.yaml
  • charts/langflow/tests/networkpolicy_test.yaml
  • charts/langflow/tests/templates_test.yaml
  • charts/langflow/tests/validation_test.yaml
  • charts/langflow/values.schema.json
  • charts/langflow/values.yaml

Comment thread charts/langflow/templates/networkpolicy.yaml
Comment thread charts/langflow/templates/NOTES.txt
@mberlofa mberlofa force-pushed the fix/langflow-template-standards branch from 7346f16 to e36676b Compare July 4, 2026 12:02
@mberlofa mberlofa force-pushed the fix/langflow-template-standards branch from e36676b to 7959594 Compare July 4, 2026 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant