chore(main): [bot] release base-cluster:9.1.0

[teutonet-bot]

🤖 I have created a release beep boop

9.1.0 (2025-07-31)

Features

• base-cluster: use new networkPolicy template (#1414) (e433c02)

Bug Fixes

• base-cluster/kyverno: migrate to new validationFailureAction syntax (#1621) (c3f16be)
• base-cluster/monitoring: also create metrics for resources without suspend field (#1634) (964b34c)
• base-cluster/monitoring: oauth-proxy serviceMonitor labels (#1625) (86c1981)
• base-cluster/monitoring: pin image-renderer version to ensure it's compatible (#1631) (685592c)

Miscellaneous Chores

• base-cluster/dependencies: update helm release kube-prometheus-stack to v75.15.1 (#1610) (256cb8e)
• base-cluster/dependencies: update helm release loki to v6.33.0 (#1618) (7e6a8e8)
• base-cluster/dns: migrate external-dns away from bitnami (#1601) (7af34d2)
• base-cluster/monitoring: adjust metrics syntax (#1562) (ebc2d74)
• base-cluster/monitoring: migrate metrics-server away from bitnami (#1604) (6a755d9)
• base-cluster: migrate kubectl image away from bitnami (#1606) (6fe2410)

---

This PR was generated with Release Please. See documentation.

Summary by CodeRabbit

• New Features

  • Introduced a new networkPolicy template in the base-cluster.

• Bug Fixes

  • Updated kyverno component to use the latest validationFailureAction syntax.
  • Added metrics for resources in monitoring that lack a suspend field.
  • Corrected labels in the oauth-proxy serviceMonitor within monitoring.
  • Pinned image-renderer version to ensure compatibility.

• Chores

  • Upgraded helm releases for kube-prometheus-stack and loki.
  • Migrated external-dns, metrics-server, and kubectl images away from bitnami.
  • Adjusted metrics syntax in monitoring.

• Documentation

  • Added changelog entry for version 9.1.0.

[coderabbitai]

Warning

Rate limit exceeded

@teutonet-bot has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 19 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 5609259 and f52014c.

📒 Files selected for processing (2)

• charts/base-cluster/Chart.yaml (1 hunks)
• charts/base-cluster/README.md (61 hunks)

Walkthrough

This change updates the base-cluster Helm chart from version 9.0.0 to 9.1.0. It includes a new changelog entry detailing one new feature, several bug fixes, and miscellaneous chores. The version is incremented in both the chart definition and the release manifest.

Changes

Cohort / File(s)	Change Summary
Helm Chart Version Bump .github/release-please/manifest.json, charts/base-cluster/Chart.yaml	Updated the base-cluster chart version from 9.0.0 to 9.1.0 in both the release manifest and Chart.yaml.
Changelog Update charts/base-cluster/CHANGELOG.md	Added a changelog entry for 9.1.0, listing one new feature, four bug fixes, and six chores with references.

Sequence Diagram(s)

Not applicable—no new features or control flow changes introduced in this PR.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Migrate Kyverno to new validationFailureAction syntax (#1621)	✅

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes detected.

Possibly related PRs

• chore(main): [bot] release base-cluster:8.1.0 #1486: Updates the same chart and related files for a previous version (8.1.0), showing sequential release maintenance.
• chore(main): [bot] release base-cluster:8.2.0 #1530: Updates base-cluster from 8.1.0 to 8.2.0, affecting the same files and chart versioning.
• chore(main): [bot] release base-cluster:8.2.1 #1607: Handles the major release from 8.2.0 to 9.0.0, also updating versioning and changelogs for base-cluster.

Suggested reviewers

• tasches
• marvinWolff
• cwrau

Poem

A hop, a skip, a version jump—
Base-cluster’s chart gets a thump!
Changelogs bloom with fixes neat,
New features make the update sweet.
From 9.0.0 to 9.1.0 we bound,
🐇 Helm charts hopping round and round!
Release day joy on code-filled ground.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release-please--branches--main--components--base-cluster

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a755d9 and 62f6ceb.

📒 Files selected for processing (3)

• .github/release-please/manifest.json (1 hunks)
• charts/base-cluster/CHANGELOG.md (1 hunks)
• charts/base-cluster/Chart.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: lint helm chart (base-cluster)
• GitHub Check: wait-for-checks

🔇 Additional comments (4)

charts/base-cluster/Chart.yaml (2)

22-22: LGTM on semantic version bump

Version field correctly moves from 9.0.0 → 9.0.1 and keeps SemVer.
No additional changes required here.

---

34-34: metrics-server image override may be outdated – please verify upstream chart defaults

The Chart.yaml override in charts/base-cluster (line 34) still pins docker.io/bitnami/metrics-server:0.8.0-debian-12-r1, but the 9.0.1 changelog indicates the image was migrated away from Bitnami. If the upstream metrics-server v9.0.1 chart now uses a different image, remove or update this override to keep vulnerability scanners and Artifact Hub accurate.

• charts/base-cluster/Chart.yaml: line 34

.github/release-please/manifest.json (1)

1-1: Manifest bump looks consistent

The manifest entry reflects 9.0.1 for charts/base-cluster; no issues spotted.

charts/base-cluster/CHANGELOG.md (1)

3-14: Changelog entry aligns, but consider linking image updates

The new 9.0.1 section documents the Kyverno fix and metrics-server migration.
Given the discrepancy noted in Chart.yaml annotations, ensure the image reference change is actually part of the commit history; if not, update the changelog accordingly to avoid confusion.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/base-cluster/README.md (1)

249-249: Use the repository-wide bullet style to silence markdownlint
The rest of the README uses dash (-) list markers, but this new entry uses an asterisk (*), triggering MD004. Aligning styles keeps the linter quiet and avoids future noise.

-* <https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v9.0.1/charts/base-cluster>
+- <https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v9.0.1/charts/base-cluster>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62f6ceb and cbee140.

📒 Files selected for processing (2)

• charts/base-cluster/Chart.yaml (2 hunks)
• charts/base-cluster/README.md (4 hunks)

✅ Files skipped from review due to trivial changes (1)

• charts/base-cluster/Chart.yaml

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

charts/base-cluster/README.md

249-249: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

🔇 Additional comments (2)

charts/base-cluster/README.md (2)

3-3: Version badge correctly bumped to 9.0.1
Consistent with Chart.yaml and CHANGELOG. No further action required.

---

1754-1757: Documentation wording is clear; consider line-wrapping for readability
The added note about the DynamicResourceAllocation feature gate is helpful and technically accurate. If you touch this section again, consider soft-wrapping long table cells/descriptions (<120 chars) to keep diffs smaller, but no change is strictly required now.

Also applies to: 1764-1767

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

charts/base-cluster/README.md (4)

247-251: Unify unordered-list marker to silence MD004

Static analysis flagged the asterisk list style. Everything else in the README uses dashes (-). Switching keeps markdown-lint green and gives a uniform look.

-* <https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v9.1.0/charts/base-cluster>
-* <https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster>
+- <https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v9.1.0/charts/base-cluster>
+- <https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster>

---

449-453: Add a meaningful description for global.imageRenderer

The new top-level object is introduced with an empty description column (-). Readers won’t know why or when to set it. Consider replacing the dash with a short sentence, e.g.:

Image (repository, tag, digest) of the grafana-image-renderer side-car used by dashboards.

---

1652-1672: issuerHost marked Required – verify template usage

issuerHost is now required while issuerPath is optional. Make sure every template that builds OIDC URLs has been updated from {{ .Values.global.authentication.config.issuerPath }} to the new host/path split, otherwise installs will fail with “missing key” errors.

If you need help scanning the templates, let me know.

---

1771-1777: Wrap bare URLs to appease MD034

The two Kubernetes doc links are flagged as bare URLs. Wrap them in angle brackets or link text:

- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/...
+ Limits describes the maximum amount of compute resources allowed.  
+ See <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/> for details.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90b3c6d and 4e8e283.

📒 Files selected for processing (2)

• charts/base-cluster/Chart.yaml (2 hunks)
• charts/base-cluster/README.md (61 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• charts/base-cluster/Chart.yaml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cwrau
PR: teutonet/teutonet-helm-charts#1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The official kubernetes-sigs/metrics-server Helm chart pins the image tag to a specific version in its values.yaml by default, ensuring reproducible deployments without requiring explicit tag specification in consuming charts.

Learnt from: cwrau
PR: teutonet/teutonet-helm-charts#1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The kubernetes-sigs/metrics-server Helm chart uses `v{{ .Chart.AppVersion }}` as the default image tag when `image.tag` is empty, which provides pinned versioning through the chart's AppVersion rather than using floating tags like "latest".

Learnt from: cwrau
PR: teutonet/teutonet-helm-charts#1602
File: charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml:38-40
Timestamp: 2025-07-24T09:49:40.961Z
Learning: Official Helm charts like oauth2-proxy manage image versioning automatically through their Chart.yaml appVersion field, making manual tag pinning in consumer values unnecessary and potentially harmful. The chart version itself provides reproducibility by ensuring the correct image tag is used.

charts/base-cluster/README.md (5)

Learnt from: cwrau
PR: #1602
File: charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml:38-40
Timestamp: 2025-07-24T09:49:40.961Z
Learning: Official Helm charts like oauth2-proxy manage image versioning automatically through their Chart.yaml appVersion field, making manual tag pinning in consumer values unnecessary and potentially harmful. The chart version itself provides reproducibility by ensuring the correct image tag is used.

Learnt from: cwrau
PR: #1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The official kubernetes-sigs/metrics-server Helm chart pins the image tag to a specific version in its values.yaml by default, ensuring reproducible deployments without requiring explicit tag specification in consuming charts.

Learnt from: cwrau
PR: #1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The kubernetes-sigs/metrics-server Helm chart uses v{{ .Chart.AppVersion }} as the default image tag when image.tag is empty, which provides pinned versioning through the chart's AppVersion rather than using floating tags like "latest".

Learnt from: cwrau
PR: #1601
File: charts/base-cluster/templates/dns/external-dns.yaml:33-39
Timestamp: 2025-07-24T09:56:41.380Z
Learning: In the teutonet-helm-charts base-cluster chart, secret names like "external-dns" for Cloudflare provider are intentionally hard-coded. Users who need custom secret names should use Helm's valuesFrom feature to override values rather than expecting dedicated fields in values.yaml. This design keeps the values.yaml clean while still allowing full customization flexibility.

Learnt from: cwrau
PR: #1601
File: charts/base-cluster/templates/dns/external-dns.yaml:30-32
Timestamp: 2025-07-24T09:55:53.655Z
Learning: In charts/base-cluster/templates/dns/external-dns.yaml, the dns.provider field in values.yaml has always been expected to be a map format (e.g., { cloudflare: {} }), never a string format. The template correctly uses {{ .Values.dns.provider | keys | first }} to extract the provider name from the map keys.

🪛 markdownlint-cli2 (0.17.2)

charts/base-cluster/README.md

249-249: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

970-970: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1038-1038: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1041-1041: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1165-1165: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1175-1175: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1185-1185: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1195-1195: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1226-1226: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1236-1236: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1246-1246: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1256-1256: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

1775-1775: Bare URL used

(MD034, no-bare-urls)

---

1776-1776: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (1)

charts/base-cluster/README.md (1)

1-4: Ensure version badge & Chart.yaml stay in sync

The README now advertises version 9.1.0. Double-check that Chart.yaml, appVersion, and the release tag created by Release-Please all carry the exact same version to avoid Helm “version mismatch” warnings at install time.

[teutonet-bot]

🤖 Created releases:

• base-cluster-v9.1.0

🌻