Skip to content

fix(metrics-server): align template standards#681

Open
mberlofa wants to merge 2 commits into
mainfrom
fix/metrics-server-template-standards
Open

fix(metrics-server): align template standards#681
mberlofa wants to merge 2 commits into
mainfrom
fix/metrics-server-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • keep the Helm test hook under templates/tests so helm test remains functional
  • add NetworkPolicy extra egress support with schema and unit coverage
  • expand NOTES and README coverage for the operational controls

Validation

  • make validate-chart CHART=metrics-server TIMEOUT=900: FULLY VALIDATED (16 layers), including k3d behavioral scenarios for default, dual-stack, HA, host-network, k3d, networkpolicy, and servicemonitor.
  • make site-sync-check CHART=metrics-server
  • make release-check REPO=charts passed with the expected GR-077 post-merge release confirmation warning.
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#359
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added networkPolicy.egress.extraEgress to let you append custom NetworkPolicy egress rules (defaults to []).
    • Updated the chart values and values schema to document the new option.
  • Bug Fixes
    • NetworkPolicy egress rules are now conditionally rendered only when egress is enabled, while still supporting optional extra egress.
  • Documentation
    • Refreshed Helm install/upgrade NOTES with clearer numbered sections.
  • Tests
    • Updated Operations tests to verify networkPolicy.extraEgress is included in the rendered egress rules.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 7836742d-6030-4ab3-bda3-6cb1f8206c86

📥 Commits

Reviewing files that changed from the base of the PR and between 6abb962 and 3668ae3.

📒 Files selected for processing (5)
  • charts/metrics-server/README.md
  • charts/metrics-server/templates/networkpolicy.yaml
  • charts/metrics-server/tests/operations_test.yaml
  • charts/metrics-server/values.schema.json
  • charts/metrics-server/values.yaml
✅ Files skipped from review due to trivial changes (2)
  • charts/metrics-server/README.md
  • charts/metrics-server/values.yaml
🚧 Files skipped from review as they are similar to previous changes (3)
  • charts/metrics-server/values.schema.json
  • charts/metrics-server/templates/networkpolicy.yaml
  • charts/metrics-server/tests/operations_test.yaml

📝 Walkthrough

Walkthrough

Adds networkPolicy.extraEgress validation and defaults, updates NetworkPolicy rendering and tests, documents the new value, and renames NOTES.txt headings to numbered sections.

Changes

NetworkPolicy extraEgress feature

Layer / File(s) Summary
extraEgress default value and schema validation
charts/metrics-server/values.yaml, charts/metrics-server/values.schema.json
Adds networkPolicy.extraEgress: [] and defines schema validation for enabled, extraEgress, ingress, and egress.
Conditional egress rendering in NetworkPolicy template
charts/metrics-server/templates/networkpolicy.yaml
Computes $allowEgress from allow and extra egress inputs, and renders either the configured egress entries or egress: [].
Tests and documentation for extraEgress
charts/metrics-server/tests/operations_test.yaml, charts/metrics-server/README.md
Adds a test for networkPolicy.extraEgress rendering, removes the Helm test pod case, and documents the new value in the chart README.

NOTES.txt heading restructure

Layer / File(s) Summary
Numbered NOTES.txt sections
charts/metrics-server/templates/NOTES.txt
Replaces the banner and uppercase section labels with numbered headings 1 through 7 while keeping the existing templated content.

Estimated code review effort: 2 (Simple) | ~12 minutes

Possibly related PRs

  • helmforgedev/charts#641: Implements and tests the same networkPolicy.egress.extraEgress behavior by appending user-provided egress rules into spec.egress in a chart NetworkPolicy template.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title is related to the metrics-server chart changes, but it is too generic to convey the main update. Use a more specific title like 'fix(metrics-server): add networkPolicy.extraEgress support and update chart notes'.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/metrics-server-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: metrics-server

Framework Score
MITRE + NSA + SOC2 89.898994%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

{{- if .Values.tests.enabled }}

P2 Badge Keep the Helm test hook under templates

With this file now under charts/metrics-server/tests/, it is no longer part of Helm's template set; I checked helm template test charts/metrics-server --show-only tests/test-connection.yaml, which reports could not find template, and Helm's generated chart layout puts test hooks in templates/tests/test-connection.yaml. As a result, default installs won't store any helm.sh/hook: test pod, so helm test has nothing to run even though the chart still documents and configures a Helm test.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
charts/metrics-server/README.md (1)

92-92: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Document the egress.enabled dependency.

extraEgress only renders when networkPolicy.egress.enabled: true (per the template gating). Worth noting that in the description so users don't set it alone and get no output.

📝 Suggested doc tweak
-| `networkPolicy.extraEgress` | `[]` | Append full custom NetworkPolicy egress rules |
+| `networkPolicy.extraEgress` | `[]` | Append full custom NetworkPolicy egress rules (requires `networkPolicy.egress.enabled: true`) |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/metrics-server/README.md` at line 92, Document the dependency for
networkPolicy.extraEgress in the README table: note that it only renders when
networkPolicy.egress.enabled is true, matching the template gating. Update the
description near the networkPolicy.extraEgress entry so users know to enable
egress first; use the networkPolicy.egress.enabled and networkPolicy.extraEgress
identifiers to locate the spot.
charts/metrics-server/values.yaml (1)

168-171: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Inconsistent placement of extraEgress.

extraEgress sits at the networkPolicy top level, but its sibling extraTo lives under networkPolicy.egress, and extraFrom lives under networkPolicy.ingress. The template also only renders extraEgress when networkPolicy.egress.enabled: true (it's evaluated inside that gate), so its effective scope is already tied to egress, but its placement breaks that convention and can confuse users configuring it without egress.enabled: true.

Consider nesting it as networkPolicy.egress.extraEgress for consistency, since the chart hasn't been released with this field yet.

♻️ Suggested restructure
 networkPolicy:
   enabled: false
-  extraEgress: []
   ingress:
     ...
   egress:
     enabled: false
+    extraEgress: []
     ...
     extraTo: []

Would also require updating templates/networkpolicy.yaml (.Values.networkPolicy.extraEgress.Values.networkPolicy.egress.extraEgress) and values.schema.json.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/metrics-server/values.yaml` around lines 168 - 171, `extraEgress` is
placed at the top level of `networkPolicy` while its related knobs live under
`networkPolicy.egress` and `networkPolicy.ingress`. Move this setting to
`networkPolicy.egress.extraEgress` for consistency, then update
`templates/networkpolicy.yaml` to read from
`.Values.networkPolicy.egress.extraEgress` and adjust `values.schema.json`
accordingly. Use the existing `networkPolicy`, `egress`, and `ingress` value
blocks as the main anchors when relocating the field.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@charts/metrics-server/README.md`:
- Line 92: Document the dependency for networkPolicy.extraEgress in the README
table: note that it only renders when networkPolicy.egress.enabled is true,
matching the template gating. Update the description near the
networkPolicy.extraEgress entry so users know to enable egress first; use the
networkPolicy.egress.enabled and networkPolicy.extraEgress identifiers to locate
the spot.

In `@charts/metrics-server/values.yaml`:
- Around line 168-171: `extraEgress` is placed at the top level of
`networkPolicy` while its related knobs live under `networkPolicy.egress` and
`networkPolicy.ingress`. Move this setting to `networkPolicy.egress.extraEgress`
for consistency, then update `templates/networkpolicy.yaml` to read from
`.Values.networkPolicy.egress.extraEgress` and adjust `values.schema.json`
accordingly. Use the existing `networkPolicy`, `egress`, and `ingress` value
blocks as the main anchors when relocating the field.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f649a5df-8e8e-452e-9b4e-168106171d26

📥 Commits

Reviewing files that changed from the base of the PR and between 47bc2fc and 6c75326.

📒 Files selected for processing (7)
  • charts/metrics-server/README.md
  • charts/metrics-server/templates/NOTES.txt
  • charts/metrics-server/templates/networkpolicy.yaml
  • charts/metrics-server/tests/operations_test.yaml
  • charts/metrics-server/tests/test-connection.yaml
  • charts/metrics-server/values.schema.json
  • charts/metrics-server/values.yaml

@mberlofa mberlofa force-pushed the fix/metrics-server-template-standards branch from 6c75326 to 786c15a Compare July 4, 2026 09:04
@mberlofa mberlofa force-pushed the fix/metrics-server-template-standards branch from 786c15a to 6abb962 Compare July 4, 2026 19:55
@mberlofa

mberlofa commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Addressed the still-valid CodeRabbit review-body notes:

  • Moved networkPolicy.extraEgress to networkPolicy.egress.extraEgress for consistency with the egress-scoped controls.
  • Updated the NetworkPolicy template, values schema, README, and unit test references to the nested path.
  • Synced the same value path in the paired site PR: docs(metrics-server): sync template standards updates site#359.

Validation completed after the fix:

  • make validate-chart CHART=metrics-server TIMEOUT=1200 passed: metrics-server: FULLY VALIDATED (16 layers) including all GR-027 k3d scenarios.
  • make release-check REPO=charts passed with only the expected GR-077 release warning.
  • make attribution-check REPO=charts passed.

These CodeRabbit notes were in the review summary body, not as separate resolvable review threads, so there was no thread ID to resolve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant