Open
Conversation
|
Note Currently processing new changes in this PR. This may take a few minutes, please wait... ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR migrates the Kubescape Helm chart away from a service discovery initialization pattern to direct API URL configuration. The serviceDiscovery configuration block is removed and replaced with a new rollout configuration. All component deployments remove their conditional initContainers, volume mounts, and volumes related to service discovery, then inject API_URL directly into container environments. Component image tags are bumped and the grype offline database CronJob adopts the new rollout-scoped scheduling and metadata wiring. ChangesService Discovery Migration & API Configuration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@charts/kubescape-operator/templates/grype-offline-db/cronjob.yaml`:
- Around line 26-31: The pod metadata currently renders both
grypeOfflineDB.podAnnotations/podLabels and
grypeOfflineDB.rollout.podAnnotations/podLabels into the same pod template
causing silent overrides; pick one authoritative source (likely rollout.* for
this Job) and remove the duplicate rendering lines so only
grypeOfflineDB.rollout.podAnnotations and grypeOfflineDB.rollout.podLabels are
rendered into the pod metadata block (update the template that includes those
keys and remove the non-rollout toYaml calls).
In `@charts/kubescape-operator/templates/synchronizer/deployment.yaml`:
- Around line 86-87: The templates unconditionally set the API_URL environment
variable using "https://{{ .Values.server }}" which renders as "https://" when
.Values.server is empty; update the templates (synchronizer deployment,
kubevuln/deployment.yaml, kubescape/deployment.yaml, and
node-agent/_node-agent.tpl) to either (a) use the required Helm helper to fail
fast (e.g. require .Values.server with a clear message) when .Values.server is
mandatory, or (b) guard the API_URL env var rendering with a conditional that
only sets API_URL when .Values.server is non-empty (if empty is a valid config),
referencing the API_URL env var and .Values.server symbols and preserving the
previous serviceDiscovery gating behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 90c28b7c-d864-458b-86c5-1bff01773cb8
⛔ Files ignored due to path filters (1)
charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snapis excluded by!**/*.snap
📒 Files selected for processing (6)
charts/kubescape-operator/templates/grype-offline-db/cronjob.yamlcharts/kubescape-operator/templates/kubescape/deployment.yamlcharts/kubescape-operator/templates/kubevuln/deployment.yamlcharts/kubescape-operator/templates/node-agent/_node-agent.tplcharts/kubescape-operator/templates/synchronizer/deployment.yamlcharts/kubescape-operator/values.yaml
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
|
Caution Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted. Error details |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Updates