Skip to content

fix(jupyterhub): align template standards#678

Open
mberlofa wants to merge 2 commits into
mainfrom
fix/jupyterhub-template-standards
Open

fix(jupyterhub): align template standards#678
mberlofa wants to merge 2 commits into
mainfrom
fix/jupyterhub-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Keep the JupyterHub Helm test hook under templates/tests/ so helm test renders and executes it, with unittest coverage restored.
  • Add networkPolicy.extraEgress as an additive Hub egress alias while preserving networkPolicy.hub.egress.
  • Rewrite NOTES into numbered operational sections and update README/schema/unit coverage.

Related

Validation

  • helm template test charts/jupyterhub | rg -n "helm.sh/hook|test-connection" (hook rendered from templates/tests/test-connection.yaml)
  • helm unittest charts/jupyterhub (69 tests, 9 suites)
  • make template-standards-check CHART=jupyterhub
  • node scripts/charts/validate-chart.js --chart jupyterhub --no-k3d
  • make validate-chart CHART=jupyterhub TIMEOUT=900 (FULLY VALIDATED, 19 layers)
  • make release-check REPO=charts
  • make attribution-check REPO=charts

Summary by CodeRabbit

  • New Features
    • Added support for networkPolicy.hub.extraEgress to append additional Hub egress rules while keeping the default egress behavior.
  • Bug Fixes
    • Updated generated NetworkPolicy output to include the additional egress rules in the rendered spec.egress.
  • Documentation
    • Refreshed chart documentation and generated notes to describe the new extra egress setting.
  • Tests
    • Extended the NetworkPolicy test coverage to verify the appended egress rule is generated as expected.
  • Chores
    • Improved NetworkPolicy value validation by defining the new extraEgress structure.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 123900a6-1922-495a-912e-2d82b90bb0dc

📥 Commits

Reviewing files that changed from the base of the PR and between b3180b0 and d24aaa4.

📒 Files selected for processing (7)
  • charts/jupyterhub/README.md
  • charts/jupyterhub/templates/NOTES.txt
  • charts/jupyterhub/templates/networkpolicy.yaml
  • charts/jupyterhub/tests/networkpolicy-extra-egress-values.yaml
  • charts/jupyterhub/tests/networkpolicy_test.yaml
  • charts/jupyterhub/values.schema.json
  • charts/jupyterhub/values.yaml
✅ Files skipped from review due to trivial changes (2)
  • charts/jupyterhub/README.md
  • charts/jupyterhub/values.yaml
🚧 Files skipped from review as they are similar to previous changes (4)
  • charts/jupyterhub/tests/networkpolicy-extra-egress-values.yaml
  • charts/jupyterhub/values.schema.json
  • charts/jupyterhub/templates/networkpolicy.yaml
  • charts/jupyterhub/tests/networkpolicy_test.yaml

📝 Walkthrough

Walkthrough

Adds a networkPolicy.hub.extraEgress option to the JupyterHub Helm chart so extra Hub egress rules are appended to the rendered NetworkPolicy. Updates the values schema, template, tests, README, and NOTES.txt formatting.

Changes

NetworkPolicy extraEgress feature

Layer / File(s) Summary
Values and schema for extraEgress
charts/jupyterhub/values.yaml, charts/jupyterhub/values.schema.json
Adds networkPolicy.hub.extraEgress defaulting to an empty list, and expands the schema to define enabled, hub, and extraEgress properties.
Template rendering of extraEgress
charts/jupyterhub/templates/networkpolicy.yaml
Renders the existing hub egress rules together with .Values.networkPolicy.extraEgress in the Hub NetworkPolicy spec.egress output.
Tests for extraEgress
charts/jupyterhub/tests/networkpolicy-extra-egress-values.yaml, charts/jupyterhub/tests/networkpolicy_test.yaml
Adds a test values fixture with a CIDR-based egress rule and a new test case asserting the rule is appended to the rendered manifest.
Documentation and NOTES.txt updates
charts/jupyterhub/README.md, charts/jupyterhub/templates/NOTES.txt
Documents extraEgress usage in the README and reformats NOTES.txt sections into a numbered list with a NetworkPolicy enabled/disabled status line.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant HelmValues
  participant NetworkPolicyTemplate
  participant KubernetesManifest
  HelmValues->>NetworkPolicyTemplate: networkPolicy.hub.egress + extraEgress
  NetworkPolicyTemplate->>KubernetesManifest: render combined spec.egress
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and relevant, capturing the PR’s goal of aligning the JupyterHub chart with template standards.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/jupyterhub-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: jupyterhub

Framework Score
MITRE + NSA + SOC2 78.030304%

✅ Security posture acceptable.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
charts/jupyterhub/templates/networkpolicy.yaml (1)

88-93: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider consolidating the two egress-append blocks.

networkPolicy.hub.egress (Lines 88-90) and networkPolicy.extraEgress (Lines 91-93) execute identical toYaml/nindent logic back-to-back. Could combine into a single with using concat to avoid the near-duplicate template block, though the current form is clear and functionally correct.

♻️ Optional consolidation
-    {{- with .Values.networkPolicy.hub.egress }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- with .Values.networkPolicy.extraEgress }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
+    {{- with (concat .Values.networkPolicy.hub.egress .Values.networkPolicy.extraEgress) }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/jupyterhub/templates/networkpolicy.yaml` around lines 88 - 93, The two
egress append blocks in the network policy template duplicate the same `toYaml`
and `nindent` logic for `networkPolicy.hub.egress` and
`networkPolicy.extraEgress`. Consolidate them in the `networkPolicy.yaml`
template by combining both values into a single `with` using `concat`, while
preserving the current rendered output and placement within the existing `hub
egress` section.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@charts/jupyterhub/templates/networkpolicy.yaml`:
- Around line 88-93: The two egress append blocks in the network policy template
duplicate the same `toYaml` and `nindent` logic for `networkPolicy.hub.egress`
and `networkPolicy.extraEgress`. Consolidate them in the `networkPolicy.yaml`
template by combining both values into a single `with` using `concat`, while
preserving the current rendered output and placement within the existing `hub
egress` section.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 13b5f071-d5db-49f3-9d22-9d65c695f683

📥 Commits

Reviewing files that changed from the base of the PR and between 47bc2fc and 3ec67e3.

📒 Files selected for processing (9)
  • charts/jupyterhub/README.md
  • charts/jupyterhub/templates/NOTES.txt
  • charts/jupyterhub/templates/networkpolicy.yaml
  • charts/jupyterhub/tests/networkpolicy-extra-egress-values.yaml
  • charts/jupyterhub/tests/networkpolicy_test.yaml
  • charts/jupyterhub/tests/test-connection.yaml
  • charts/jupyterhub/tests/test_connection_test.yaml
  • charts/jupyterhub/values.schema.json
  • charts/jupyterhub/values.yaml
💤 Files with no reviewable changes (1)
  • charts/jupyterhub/tests/test_connection_test.yaml

@mberlofa mberlofa force-pushed the fix/jupyterhub-template-standards branch from 3ec67e3 to b3180b0 Compare July 4, 2026 10:58
@mberlofa mberlofa force-pushed the fix/jupyterhub-template-standards branch from b3180b0 to d24aaa4 Compare July 5, 2026 14:10
@mberlofa

mberlofa commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Addressed the CodeRabbit review-summary nitpick about duplicate egress rendering blocks in templates/networkpolicy.yaml.

What changed:

  • Consolidated networkPolicy.hub.egress and networkPolicy.extraEgress rendering with concat.
  • Preserved the existing order: networkPolicy.hub.egress entries render before networkPolicy.extraEgress entries.
  • No value contract or documentation change was needed.

Validation:

  • make validate-chart CHART=jupyterhub TIMEOUT=1200 passed end-to-end after rebasing on origin/main (jupyterhub: FULLY VALIDATED (19 layers), including all GR-027 k3d scenarios). One transient FailedMount warning was observed in a healthy workload and justified by the validator.
  • make site-sync-check CHART=jupyterhub passed on the existing site PR branch docs(jupyterhub): sync template standards updates site#356; no additional site change was required for this template-only consolidation.
  • make release-check REPO=charts passed with the expected GR-077 release-publication warning.
  • make attribution-check REPO=charts passed.

This feedback was present in the CodeRabbit review summary rather than an unresolved review thread, so there is no thread ID to reply to or resolve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant