docs(notediscovery): sync template standards updates#350
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughAdds a new Network Policy configuration section to the notediscovery playground chart config, introducing ingress namespace, extra egress CIDR, and extra egress port fields with defaults. Updates the notediscovery documentation with corresponding reference entries, an extended example, and an explanatory section. ChangesNetwork Policy Config and Documentation
Estimated code review effort: 1 (Trivial) | ~5 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/pages/docs/charts/notediscovery.mdx (1)
100-109: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winProduction example leaves ingress unrestricted despite "Network Policy" guidance.
The new Network Policy section explains that without
networkPolicy.ingressFrompeers, ingress falls back to allowing all namespaces. The "Production Example" only setsextraEgressand doesn't configureingressFrom, so it demonstrates tightened egress but permissive (all-namespace) ingress — a bit inconsistent for a production-hardening example.📝 Suggested addition to the production example
networkPolicy: enabled: true + ingressFrom: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: ingress-system extraEgress: - to: - ipBlock: cidr: 10.0.0.0/8 ports: - protocol: TCP port: 8443Also applies to: 203-210
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/pages/docs/charts/notediscovery.mdx` around lines 100 - 109, The Production Example in notediscovery.mdx shows only networkPolicy.enabled and extraEgress, which leaves ingress permissive and inconsistent with the Network Policy guidance. Update the example in the production section to also configure networkPolicy.ingressFrom using the same policy pattern described in the Network Policy section so it demonstrates a fully hardened setup. Use the existing networkPolicy block in the docs as the anchor when editing.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/pages/docs/charts/notediscovery.mdx`:
- Around line 100-109: The Production Example in notediscovery.mdx shows only
networkPolicy.enabled and extraEgress, which leaves ingress permissive and
inconsistent with the Network Policy guidance. Update the example in the
production section to also configure networkPolicy.ingressFrom using the same
policy pattern described in the Network Policy section so it demonstrates a
fully hardened setup. Use the existing networkPolicy block in the docs as the
anchor when editing.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 02bc722a-1c32-41ee-804e-2db02b300a8e
📒 Files selected for processing (2)
src/data/playground-configs.tssrc/pages/docs/charts/notediscovery.mdx
|
Addressed the CodeRabbit review-body feedback. Changes:
Validation:
Note: this CodeRabbit item was posted in the review summary/body, not as an active review thread, so there is no thread ID to reply to or resolve. |
Summary
networkPolicy.extraEgressfor the NoteDiscovery chart.Related
Chart PR: helmforgedev/charts#672
Validation
make site-sync-check CHART=notediscovery: passednpm run lint: passednpm run format:check: passednpm run build: passedmake release-check REPO=site: passedmake attribution-check REPO=site: passedSummary by CodeRabbit