chore(base-cluster/logs): only delete volumes on deletion

[cwrau]

chore(base-cluster/logs): optimize volume chown; this speeds up startup

Summary by CodeRabbit

• New Features
  • Introduced filesystem group security policy for Loki pods to improve default security posture.
  • Added persistence lifecycle controls for Loki storage: retain data on scale events and delete on resource removal for clearer data management.
• Chores
  • Upgraded Loki chart dependency to 6.42.0 for the latest stability and improvements.

[Copilot]

Pull Request Overview

This PR optimizes Loki startup performance by updating the Loki Helm chart version and configuring volume ownership handling to only perform expensive operations when necessary.

• Updated Loki Helm chart from version 6.33.0 to 6.42.0
• Added fsGroupChangePolicy: OnRootMismatch to avoid unnecessary chown operations on startup
• Configured persistence policy to retain volumes when scaling but delete when the deployment is removed

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
charts/base-cluster/values.yaml	Updates Loki chart version to 6.42.0
charts/base-cluster/templates/monitoring/logs/loki.yaml	Adds volume ownership optimization and persistence policies

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Walkthrough

Updated Loki Helm template to add podSecurityContext fsGroupChangePolicy and persistence lifecycle hooks. Bumped Grafana Loki chart version in values.yaml from 6.33.0 to 6.42.0.

Changes

Cohort / File(s)	Summary
Loki Helm template updates charts/base-cluster/templates/monitoring/logs/loki.yaml	Added podSecurityContext with fsGroupChangePolicy: OnRootMismatch; defined persistence lifecycle hooks whenScaled: Retain and whenDeleted: Delete.
Chart values update charts/base-cluster/values.yaml	Bumped grafana.loki chart version from 6.33.0 to 6.42.0.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Helm (values.yaml)
  participant K8s as Kubernetes API
  participant STS as StatefulSet/PVC
  participant Loki as Loki Pod

  rect rgb(230,245,255)
  note over Dev: Upgrade Loki chart 6.33.0 ➜ 6.42.0
  Dev->>K8s: helm upgrade --values values.yaml
  end

  K8s->>STS: Reconcile StatefulSet & PVC
  STS-->>Loki: Create/Update Pod

  rect rgb(235,255,235)
  note over Loki: podSecurityContext.fsGroupChangePolicy=OnRootMismatch
  Loki->>Loki: Apply fsGroup adjustments on root mismatch
  end

  alt Scale event
    note over STS: Persistence whenScaled=Retain
    STS->>STS: Keep PVCs during scaling
  else Deletion
    note over STS: Persistence whenDeleted=Delete
    STS->>K8s: Delete PVCs on resource deletion
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws—new charts arise,
Loki hums beneath the skies.
Groups set right, on roots we check,
Scale? We keep. Delete? We deck.
Version hops with gentle cheer—
Logs will whisper, crisp and clear. 🐇📜✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately describes the new persistence lifecycle behavior by indicating that volumes are only deleted on resource deletion, which is one of the primary changes in the patch. It uses concise and clear language without extraneous detail. While it omits mention of the fsGroupChangePolicy update for optimized chown behavior, it still correctly highlights a key aspect of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/loki/volume-improvements

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 104f986 and d495feb.

📒 Files selected for processing (2)

• charts/base-cluster/templates/monitoring/logs/loki.yaml (2 hunks)
• charts/base-cluster/values.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: check licenses
• GitHub Check: Update release-please config file for a possibly new chart
• GitHub Check: lint helm chart (base-cluster)

🔇 Additional comments (1)

charts/base-cluster/values.yaml (1)

112-112: Approve Loki chart bump; retention policy & fsGroup confirmed.

6.42.0 supports singleBinary.persistence.enableStatefulSetAutoDeletePVC for emitting whenDeleted/whenScaled; default podSecurityContext.fsGroup remains 10001.