Restore ligthspeed-to-dataverse-exporter

[omertuc]

It was accidentally removed in a14100a

Summary by CodeRabbit

• New Features

  • Background exporter now collects and sends chat feedback and transcripts to a configured destination on a set interval.
  • Supports configurable timing, connection timeout, and optional cleanup of files after successful send.

• Chores

  • Deployment updated to include a dedicated exporter component with defined resource limits and secure token-based connectivity.
  • New configuration options available for data directories, allowed subfolders, and service/identity identifiers (admin-configured).

[coderabbitai]

Walkthrough

Adds a new lightspeed-to-dataverse-exporter sidecar container, a ConfigMap carrying its config, associated env/args/resources, and mounts/volumes to the assisted-chat Deployment in template.yaml.

Changes

Cohort / File(s)	Summary
Exporter sidecar and config template.yaml	Adds lightspeed-to-dataverse-exporter sidecar with args (--mode manual, --config /etc/config/config.yaml, --log-level INFO), env (INGRESS_SERVER_AUTH_TOKEN from secret), resources, and volume mounts. Introduces ConfigMap lightspeed-exporter-config (config.yaml with data_dir, allowed_subdirs, IDs, ingress URL, interval, cleanup, timeout) and corresponding volume in Deployment.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant K as Kubernetes
  participant AC as assisted-chat Pod
  participant EX as exporter sidecar
  participant CM as ConfigMap (exporter config)
  participant DS as data-storage (PVC/volume)
  participant IS as Insights Ingress Server

  K->>AC: Deploy Pod with assisted-chat + exporter containers
  K-->>EX: Mount CM at /etc/config/config.yaml
  K-->>EX: Mount DS at ${STORAGE_MOUNT_PATH}

  EX->>EX: Start with --mode manual, load config.yaml
  loop Every collection_interval
    EX->>DS: Scan ${STORAGE_MOUNT_PATH}/{feedback, transcripts}
    EX->>IS: POST data (auth via secret token)
    alt Success
      EX->>DS: Cleanup sent items (if cleanup_after_send)
    else Error/Timeout
      EX->>EX: Log error and retry on next interval
    end
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Insights Export Config #78 — Adds the same exporter sidecar, ConfigMap, and volume/volumeMount edits in template.yaml, indicating parallel or duplicate changes.

Suggested labels

lgtm, ok-to-test

Suggested reviewers

• maorfr

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[keitwb]

Thanks!

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: keitwb, omertuc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [omertuc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

template.yaml (5)

509-512: ConfigMap changes won’t live-reload; add recycle and make config mount read-only

• Using subPath disables live updates for ConfigMap-mounted files; pods must be restarted for config changes anyway. To make rollouts automatic when the ConfigMap changes in AppSRE flows, mirror the pattern used elsewhere and add qontract.recycle: "true".
• The config file should be mounted read-only.

Diffs:

1. Make the config file mount read-only

           volumeMounts:
             - name: lightspeed-exporter-config
               mountPath: /etc/config/config.yaml
               subPath: config.yaml
+              readOnly: true

2. Add recycle annotation to the exporter ConfigMap

 - apiVersion: v1
   kind: ConfigMap
   metadata:
+    annotations:
+      qontract.recycle: "true"
     name: lightspeed-exporter-config

Also applies to: 573-577

---

528-530: Ephemeral emptyDir may lose unsent data on restart

data-storage is emptyDir. If the Pod restarts between collections, unsent feedback/transcripts are lost. If durability matters, use a PVC with a ReadWriteOnce (or appropriate) access mode.

Happy to propose a PVC + volumeClaimTemplates (for StatefulSet) or a shared PVC if this Deployment is singleton.

---

485-487: Harden the exporter container with a restrictive securityContext

Sidecars that handle auth tokens should be non-root, drop caps, etc.

         - name: lightspeed-to-dataverse-exporter
           image: quay.io/lightspeed-core/lightspeed-to-dataverse-exporter:${LIGHTSPEED_EXPORTER_IMAGE_TAG}
           imagePullPolicy: Always
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+            seccompProfile:
+              type: RuntimeDefault

---

118-120: Nit: Typo in parameter name “LIGHTSSPEED_…”

Minor consistency issue: “LIGHTSSPEED” has an extra “S”. It’s referenced consistently, so it works, but it’s easy to trip future readers and scripts.

If you want to correct it now, change both the parameter and its usage:

- name: LIGHTSSPEED_STACK_POSTGRES_SSL_MODE
+ name: LIGHTSPEED_STACK_POSTGRES_SSL_MODE
...
-          ssl_mode: ${LIGHTSSPEED_STACK_POSTGRES_SSL_MODE}
+          ssl_mode: ${LIGHTSPEED_STACK_POSTGRES_SSL_MODE}

Double-check for any other references before applying.

Also applies to: 173-181

---

488-495: Optional: add a simple liveness probe if running in daemon mode

If you switch to a long-running mode, a basic HTTP or exec probe helps catch silent failures.

Example (if the exporter exposes a health endpoint) — adjust as supported:

           args:
             - "--mode"
             - "daemon"
             - "--config"
             - "/etc/config/config.yaml"
             - "--log-level"
             - "INFO"
+          livenessProbe:
+            exec:
+              command: ["sh", "-c", "test -f /proc/1/cmdline"] # placeholder; replace with real check
+            initialDelaySeconds: 30
+            periodSeconds: 10

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c515669 and 0d2f73a.

📒 Files selected for processing (1)

• template.yaml (1 hunks)

🔇 Additional comments (4)

template.yaml (4)

502-508: Resource sizing looks reasonable for a lightweight sidecar

Initial requests/limits are conservative and should be fine to start. Plan to tune after observing usage.

---

579-591: Confirm config schema matches the exporter version (keys and units)

Please verify that these keys are valid for the ${LIGHTSPEED_EXPORTER_IMAGE_TAG} you’ll deploy:

• data_dir, allowed_subdirs, service_id, identity_id, ingress_server_url
• Collection block: collection_interval (seconds?), cleanup_after_send, ingress_connection_timeout (seconds?)

If keys differ between versions, the exporter may fail at startup.

---

496-501: Verified Secret Configuration

I’ve confirmed that the default INSIGHTS_INGRESS_SECRET_NAME is set to "insights-ingress" in template.yaml (lines 74–76) and that the deploy_template.sh script automatically creates a generic secret named insights-ingress with the auth_token key if it’s missing (scripts/deploy_template.sh:26–29). No further action is required here.

---

488-495: Verify Exporter Mode and Sidecar Behavior

The container spec uses --mode manual alongside a collection_interval setting. If “manual” mode performs a single run and exits, Kubernetes (with restartPolicy: Always) will immediately restart the container—potentially re-sending the same data repeatedly.

• For a continuously running exporter sidecar, switch to the exporter’s daemon/periodic mode (often named daemon or similar).
• If you intend to run the exporter on a schedule, consider using a Kubernetes CronJob instead of a sidecar.

Suggested minimal change for a long-lived sidecar:

           args:
             - "--mode"
-            - "manual"
+            - "daemon"
             - "--config"
             - "/etc/config/config.yaml"
             - "--log-level"
             - "INFO"

Please confirm in the exporter’s documentation that:

1. --mode manual only runs once and then exits.
2. There is a daemon (or equivalent) mode for continuous operation.