Patch 1 #2490

mustakim-egov · 2024-03-05T08:39:06Z

Summary by CodeRabbit

New Features
- Introduced a new tool for deploying server setups using DIGIT, supporting multiple cloud platforms.
- Added a command-line tool for installing DIGIT platform, guiding through product selection and deployment.
- Updated the ingress-nginx Helm chart with new features, including support for disabling probes and setting security contexts.
- Added documentation for deploying cert-manager, including installation instructions and certificate management.
- Introduced new templates and parameters for configuring ingress-nginx and elasticsearch in Helm charts.
- Provided deployment success information and setup instructions for cert-manager and kafka-kraft.
Documentation
- Added and updated README files for various components, including detailed installation and configuration instructions.
- Introduced changelogs for tracking notable changes and updates to Helm charts.
Refactor
- Significant reorganization of ownership assignments in the CODEOWNERS file.
- Updated deployment paths and variable names for clarity and consistency across multiple files.
Style
- Added .gitignore and .helmignore files to ignore specific patterns in Helm chart directories.
Chores
- Updated path_regex patterns and encryption configurations in .sops.yaml.

Co-authored-by: Jagankumar <[email protected]>

* updated audit service in unified-UAT * Updated unified-uat.yaml --------- Co-authored-by: Jagankumar <[email protected]>

* added helm chart config for revision estimate * added values for estimate

* changed context path from health-mdms-v2 to egov-mdms-service * added in env SERVER_CONTEXT_PATH to egov-mdms-service * changed path to egov-mdms-service from health-mdms-v2

…#2154) * updated the hostname in boundary service to point to old mdms * Update values.yaml * Update unified-uat.yaml * Update values.yaml

* [DPG-2011] Added helm files for spring-cloud-gateway * Updated the spring gateway-k8-discovery

added csv and docs file formates to filestore

zip file added

coderabbitai · 2024-03-05T08:39:19Z

Walkthrough

This update encompasses a broad restructuring of deployment and configuration management across various components, with a focus on enhancing clarity, consistency, and security. It includes a significant reorganization of the CODEOWNERS file, adjustments in deployment paths and configurations, the introduction of new functionalities for server setup and module deployment, and updates to Helm charts for backbone services. These changes aim to streamline operations, improve deployment processes, and ensure a more secure and efficient management of configurations and deployments.

Changes

File(s)	Summary
`CODEOWNERS`	Reorganized ownership assignments, removed specific environment-related assignments, added new owners.
`config-as-code/.../README.md`	Added new file without visible changes in the diff provided.
`deploy-as-code/deployer/cmd/deploy.go`, `deploy-as-code/deployer/pkg/cmd/deployer/deployer.go`, `deploy-as-code/deployer/pkg/cmd/deployer/options.go`	Updated paths and variable names for configuration directories, improved clarity and consistency.
`deploy-as-code/deployer/cmd/root.go`, `deploy-as-code/deployer/main.go`	Renamed application references, altered import paths.
`deploy-as-code/deployer/full_installer.go`, `deploy-as-code/deployer/standalone_installer.go`	Introduced new functionalities for server setup and DIGIT platform deployment.
`deploy-as-code/helm/.sops.yaml`	Updated path_regex patterns, adjusted encryption keys and configurations.
`deploy-as-code/helm/charts/backbone-services/cert-manager/...`	Added and updated files for cert-manager Helm chart, including templates, READMEs, and ignore files.
`deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/_helpers.tpl`	Added templates for Elasticsearch roles and certificates, updated version.
`deploy-as-code/helm/charts/backbone-services/ingress-nginx/...`	Introduced and updated files for Ingress Nginx Helm chart, including changelogs, READMEs, and templates.
`deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/NOTES.txt`	Provided detailed instructions for deploying and accessing Kafka securely.

"In the realm of code and helm, amidst the digital crops,
A rabbit hopped with joy, as the deployment never stops.
With every change and tweak, under the moon's soft gleams,
It danced through lines of YAML, chasing its digital dreams.
🌟✨🐇✨🌟
'Here's to progress!' it cheered, with every commit and push,
Ensuring the garden of code, remained lush with every brush."

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>.
- Generate unit-tests for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit tests for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai generate interesting stats about this repository and render them as a table.
- @coderabbitai show all the console.log statements in this repository.
- @coderabbitai read src/utils.ts and generate unit tests.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
The JSON schema for the configuration file is available here.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

coderabbitai

Review Status

Actionable comments generated: 42

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 0da626e and 499bcc2.

Files ignored due to path filters (249)

config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.5.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.6.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-digit-v2.7.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/DIGIT/dependancy_chart-quickstart-v2.7.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/Sanitation/dependancy_chart-fsm-v1.2.1.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.2.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.3.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-digit-v2.4.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/URBAN/dependancy_chart-quickstart-v2.4.yaml is excluded by: !**/*.yaml
config-as-code/product-release-charts/iFix/dependancy_chart-mGramSeva-v1.0.yaml is excluded by: !**/*.yaml
deploy-as-code/deployer/go.mod is excluded by: !**/*.mod
deploy-as-code/deployer/go.sum is excluded by: !**/*.sum
deploy-as-code/egov-deployer/go.mod is excluded by: !**/*.mod
deploy-as-code/helm/charts/backbone-services/cert-manager/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/cert-manager-crds.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-certificaterequests.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-certificates.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-challenges.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-issuers.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/crd-orders.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-config.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp-clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-rbac.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/cainjector-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterissuer.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/controller-config.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/networkpolicy-egress.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/networkpolicy-webhooks.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/podmonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp-clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp-clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/rbac.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/servicemonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-job.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp-clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-rbac.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/startupapicheck-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-config.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-mutating-webhook.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp-clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp-clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-rbac.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/webhook-validating-webhook.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/cert-manager/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-data-infra-v1-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-data-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-master-infra-v1-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/elasticsearch-master-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/persistentvolume.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/secret-cert.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/secret.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/statefulset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/fluent-bit/templates/daemonset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/controller-admission-tls-cert-manager-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-customconfig-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-customnodeport-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-extra-modules.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-headers-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-internal-lb-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-nodeport-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-podannotations-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-udp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/daemonset-tcp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-default-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-metrics-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-psp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deamonset-webhook-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-autoscaling-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-customconfig-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-customnodeport-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-default-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules-default-container-sec-context.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules-specific-container-sec-context.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-extra-modules.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-headers-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-internal-lb-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-metrics-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-nodeport-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-podannotations-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-psp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-udp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-tcp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-resources-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/ci/deployment-webhook-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/cert-manager.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-addheaders.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-proxyheaders.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-tcp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap-udp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-daemonset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-hpa.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-ingressclass.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-keda.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-prometheusrules.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-role.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-internal.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-metrics.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service-webhook.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-servicemonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/controller-webhooks-networkpolicy.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-hpa.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-psp.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-role.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/default-backend-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/dh-param-secret.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/ingress-nginx/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/jaeger/templates/query-deploy.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/jaeger/templates/spark-cronjob.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/jenkins/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-connect/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/config-secrets.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/pdb.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/statefulset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/svc-external-access.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/broker/svc-headless.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/config-secrets.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/pdb.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/statefulset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/svc-external-access.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/controller-eligible/svc-headless.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/extra-list.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/log4j-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-servicemonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/jmx-svc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/prometheusrule.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/servicemonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/metrics/svc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/network-policy/networkpolicy-egress.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/network-policy/networkpolicy-ingress.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/job.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/provisioning/tls-secret.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/role.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/rbac/serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/scripts-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/secrets.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/svc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/tls-secret.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-kraft/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka-v2/templates/statefulset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/pv.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/pvc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/scripts-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/statefulset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/svc-headless.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/templates/svc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kafka/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana-v1/kibana-infra-v1-values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/configmap-helm-scripts.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/ingress.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-job.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-role.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/pre-install-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kibana/templates/service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/podsecuritypolicy.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/psp-clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/kube-state-metrics/templates/psp-clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/Chart.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/clusterrole.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/clusterrolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-daemonset.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-deployment.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-metrics-service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-prometheusrules.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-rolebinding.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-service.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-serviceaccount.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/controller-servicemonitor.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/templates/custom-headers.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/nginx-ingress/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/configmap.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/pv.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/templates/pvc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/pgadmin/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/playground/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/templates/pv.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/templates/pvc.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/postgres/values.yaml is excluded by: !**/*.yaml
deploy-as-code/helm/charts/backbone-services/prometheus-blackbox-exporter/Chart.yaml is excluded by: !**/*.yaml

Files selected for processing (31)

CODEOWNERS (1 hunks)
config-as-code/product-release-charts/Sanitation/README.md (1 hunks)
deploy-as-code/deployer/cmd/deploy.go (2 hunks)
deploy-as-code/deployer/cmd/root.go (3 hunks)
deploy-as-code/deployer/configs/deployment_configurator.go (1 hunks)
deploy-as-code/deployer/full_installer.go (1 hunks)
deploy-as-code/deployer/main.go (1 hunks)
deploy-as-code/deployer/pkg/cmd/deployer/deployer.go (3 hunks)
deploy-as-code/deployer/pkg/cmd/deployer/options.go (1 hunks)
deploy-as-code/deployer/standalone_installer.go (1 hunks)
deploy-as-code/helm/.sops.yaml (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/.gitignore (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/.helmignore (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/README.template.md (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/crds/README.md (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/signkey_annotation.txt (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/NOTES.txt (1 hunks)
deploy-as-code/helm/charts/backbone-services/cert-manager/templates/_helpers.tpl (1 hunks)
deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/_helpers.tpl (2 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/.helmignore (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/CHANGELOG.md (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/OWNERS (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md.gotmpl (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog.md.gotmpl (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog/Changelog-4.5.2.md (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/NOTES.txt (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_helpers.tpl (1 hunks)
deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_params.tpl (1 hunks)
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/NOTES.txt (1 hunks)
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl (1 hunks)

Files not summarized due to errors (2)

deploy-as-code/deployer/configs/deployment_configurator.go: Error: Message exceeds token limit
deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl: Error: Message exceeds token limit

Files skipped from review due to trivial changes (7)

config-as-code/product-release-charts/Sanitation/README.md
deploy-as-code/deployer/cmd/root.go
deploy-as-code/deployer/main.go
deploy-as-code/helm/charts/backbone-services/cert-manager/.gitignore
deploy-as-code/helm/charts/backbone-services/ingress-nginx/.helmignore
deploy-as-code/helm/charts/backbone-services/ingress-nginx/OWNERS
deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog.md.gotmpl

Additional comments: 103

CODEOWNERS (1)

1-1: The addition of new code owners (@shashwat-egov, @nikhilmulinti-egov, @sathishp-eGov) is noted. Please ensure that these individuals are aware of their new responsibilities and have been granted the necessary permissions to fulfill their roles effectively.

deploy-as-code/helm/charts/backbone-services/cert-manager/.helmignore (1)

23-27: The addition of specific files (BUILD.bazel, Chart.template.yaml, README.template.md, OWNERS, cert-manager*.tgz) to the .helmignore file is appropriate. Please verify that these patterns accurately match the intended files and directories to be ignored during Helm packaging.

deploy-as-code/helm/.sops.yaml (1)

6-6: The update to the path_regex pattern for environment secrets is noted. Please ensure that the regex pattern accurately matches the intended secrets file and that the encryption key is securely managed and has appropriate access controls.

deploy-as-code/deployer/pkg/cmd/deployer/options.go (1)

4-4: The introduction of ConfigDir in place of HelmDir is a positive change towards a more generic and clear naming convention for configuration directories. Please ensure that all references to this variable throughout the codebase have been updated accordingly and that this change is communicated to the team to avoid confusion.

deploy-as-code/helm/charts/backbone-services/ingress-nginx/changelog/Changelog-4.5.2.md (1)

1-13: The changelog for the ingress-nginx Helm Chart version 4.5.2 is clear and informative, documenting significant changes and improvements. Please ensure that the changelog is kept up-to-date with any future changes to maintain transparency and ease of understanding for users.

deploy-as-code/helm/charts/backbone-services/cert-manager/templates/NOTES.txt (1)

1-15: The deployment success information provided in NOTES.txt for cert-manager is clear and helpful, offering users guidance on next steps, such as setting up a ClusterIssuer or Issuer resource. This enhances the user experience by providing actionable information post-deployment.

deploy-as-code/helm/charts/backbone-services/cert-manager/crds/README.md (1)

1-18: The README for the CRDs source directory is clear and effectively communicates its purpose for development only. This documentation is important for guiding developers on how to use the files within this directory correctly and avoiding misuse by end-users.

deploy-as-code/deployer/cmd/deploy.go (1)

50-53: The update to the helm-dir path and the addition of a print statement for options.ConfigDir are positive changes that enhance clarity and aid in debugging. Please ensure that the new path (../../config-as-code) is correct, accessible, and communicated to the team. The print statement adds transparency to the deployment process, which is beneficial for troubleshooting.

deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_params.tpl (1)

1-65: The template parameters defined in _params.tpl for the ingress-nginx Helm chart are comprehensive and provide a wide range of configuration options. This flexibility allows for customization to meet various deployment needs while emphasizing the importance of secure defaults. Please ensure that the parameters are reviewed for security implications and best practices are followed to maintain a secure and efficient deployment.

deploy-as-code/helm/charts/backbone-services/elasticsearch/templates/_helpers.tpl (4)

11-15: The template for generating Elasticsearch roles is straightforward and correctly iterates over the roles defined in the values file. This approach allows for flexible role assignment based on deployment needs.

20-34: The elasticsearch.gen-certs template introduces a mechanism to generate certificates if the secret doesn't already exist. This is a valuable addition for environments where automatic certificate management is not available. However, ensure that the certificate generation (genCA and genSignedCert) functions are secure and generate certificates with appropriate attributes (e.g., validity period, usage constraints).

Verify that the certificate generation logic adheres to security best practices.

Confirm that the generated certificates meet the requirements for Elasticsearch and any interfacing systems.

36-50: The template for determining the Elasticsearch master service name is well-structured, offering flexibility through various overrides (fullnameOverride, nameOverride, clusterName). This ensures that the master service name can be customized to fit different deployment scenarios. It's important to document these options clearly for users of the chart to understand how to use them effectively.

68-68: Updating the Elasticsearch version to 8 in the elasticsearch.esMajorVersion template is a significant change that aligns with the latest Elasticsearch versions. Ensure that all dependent configurations, plugins, and integrations are compatible with Elasticsearch 8 to avoid runtime issues.

deploy-as-code/helm/charts/backbone-services/cert-manager/templates/_helpers.tpl (15)

14-29: The logic for generating the full name of the cert-manager incorporates environment-specific overrides, which is a good practice for flexibility across different deployments. However, ensure that the environment-specific values are validated to prevent any potential injection vulnerabilities when used in templates.

34-40: The service account name generation for cert-manager correctly checks if a service account should be created and applies the appropriate name. This is a good example of conditional logic in Helm templates.

51-53: The webhook.name template hardcodes the name to "webhook" for compatibility reasons. While this approach works, consider documenting the reason for such hardcoded values to maintain clarity for future maintainers.

60-63: The webhook.fullname template correctly generates a fully qualified name, ensuring it stays within the Kubernetes name field limits. This is a crucial detail for maintaining compatibility across Kubernetes versions.

72-78: The webhook.serviceAccountName template follows a similar pattern to the cert-manager service account name generation, which is consistent and maintainable. Good use of Helm template functions.

89-91: The cainjector.name template, like the webhook, hardcodes its name for compatibility. Again, ensure this is documented for clarity.

98-101: The cainjector.fullname template logic is consistent with other fullname templates, ensuring compatibility and maintainability.

106-112: The service account name generation for cainjector is consistent with the pattern used in other components, which is good for maintainability.

123-125: The startupapicheck.name template hardcodes its name, similar to other components. Ensure reasons for such decisions are documented.

132-135: The startupapicheck.fullname template follows the established pattern for generating fully qualified names, maintaining consistency across the chart.

140-146: The service account name generation for startupapicheck follows the consistent pattern seen in other components, ensuring maintainability and clarity.

151-153: The chartName template generates a name and version label for the chart, which is useful for tracking deployed versions. Ensure that the version naming follows semantic versioning to avoid potential confusion.

158-167: The labels template correctly adds version and management labels to resources. Including a check for global common labels is a good practice for flexibility in labeling.

177-179: The cert-manager.namespace template provides a flexible way to specify the namespace, defaulting to the Helm release namespace if not specified. This flexibility is important for deployments across different environments.

187-192: The image template provides a standardized way to generate image URLs, which is crucial for consistency across deployments. Ensure that the registry and repository names are validated to prevent injection vulnerabilities.

deploy-as-code/helm/charts/backbone-services/ingress-nginx/templates/_helpers.tpl (13)

20-31: The logic for generating the full name of the ingress-nginx follows a similar pattern to the cert-manager chart, ensuring consistency across charts. This is good practice for maintainability.

37-51: The controller.containerSecurityContext template allows for a default security context to be applied if not specified in the values. This is a crucial aspect for ensuring the security of the deployed containers. However, ensure that the default security settings align with the security policies of your deployment environment.

57-63: The ingress-nginx.image and ingress-nginx.imageDigest templates provide flexibility in handling images and their digests, including support for chroot environments. This flexibility is important for deployments across different environments and requirements.

84-86: The ingress-nginx.controller.fullname template ensures that the controller name stays within Kubernetes name field limits, which is important for compatibility across Kubernetes versions.

92-96: The ingress-nginx.controller.electionID template allows for a default electionID to be generated or overridden, providing flexibility in configuring the ingress controller.

107-111: The ingress-nginx.controller.publishServicePath template provides a mechanism for specifying or overriding the publish-service path, which is important for custom deployments.

117-119: The ingress-nginx.defaultBackend.fullname template follows the established pattern for generating fully qualified names, maintaining consistency across the chart.

124-135: The ingress-nginx.labels and ingress-nginx.selectorLabels templates correctly add labels to resources, ensuring that resources are properly categorized and managed. Including checks for common labels is a good practice for flexibility.

148-154: The service account name generation for the ingress-nginx controller and default backend follows a consistent pattern, ensuring maintainability and clarity.

170-176: The podSecurityPolicy.apiGroup template dynamically selects the appropriate API group based on the Kubernetes version, which is crucial for compatibility across different Kubernetes versions.

181-185: The isControllerTagValid template ensures that the ingress controller version tag meets a minimum version requirement. This is an important check for maintaining compatibility and security. However, ensure that the version requirement is kept up-to-date with the latest stable releases.

190-195: The ingressClass.parameters template provides a way to specify extra parameters for the ingress class, which is important for customizing the ingress behavior.

200-212: The extraModules template allows for the definition of additional modules, including their security context and volume mounts. This flexibility is important for extending the functionality of the ingress controller. Ensure that the security context for these modules is appropriately configured for your deployment environment.

deploy-as-code/deployer/pkg/cmd/deployer/deployer.go (3)

23-26: The use of filepath.FromSlash for constructing envOverrideFile and envSecretFile paths is a good practice for ensuring path compatibility across different operating systems.

122-122: In the deployClusterConfigs function, the use of configDir to construct paths is consistent with the rest of the code. However, ensure that any user input that might influence these paths is properly sanitized to prevent path traversal vulnerabilities.

151-159: The logic for handling .sops.yaml and decrypting secrets with sops is a crucial part of managing sensitive configurations securely. Ensure that the sops command and its parameters are securely managed to prevent injection vulnerabilities.

deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/NOTES.txt (3)

1-3: The header information is clear and provides essential details about the chart, version, and app version.

5-23: The diagnostic mode instructions are comprehensive, providing users with clear steps on how to access and debug the deployed pods. It's good practice to include such detailed instructions for diagnostic purposes.

25-332: General deployment instructions, security warnings, and external access configurations are well-documented, offering users guidance on accessing Kafka within and outside the cluster, configuring security settings, and handling different service types (NodePort, LoadBalancer, ClusterIP). The inclusion of security warnings for LoadBalancer without authentication is particularly noteworthy, emphasizing the importance of security considerations in deployment configurations.

deploy-as-code/helm/charts/backbone-services/ingress-nginx/CHANGELOG.md (17)

27-27: The entry "- Support for Kubernetes v1.19.0 was removed" is clear and concise.

92-92: The entry "- 8286 Fix OpenTelemetry sidecar image build" correctly references OpenTelemetry, which is a specific technology.

165-165: The entry "- [8061] docs(charts): using helm-docs for chart kubernetes/ingress-nginx#8061 Using helm-docs to populate values table in README.md" is clear and indicates an improvement in documentation practices.

169-169: The entry "- [8008] Add relabelings in controller-servicemonitor.yaml kubernetes/ingress-nginx#8008 Add relabelings in controller-servicemonitor.yaml" is clear and concise.

177-177: The entry "- [7873] Making Kube service appProtocol field optional kubernetes/ingress-nginx#7873 Makes the appProtocol field optional." is clear and indicates an improvement in flexibility.

181-181: The entry "- [7964] Release updates for v1.1.0 kubernetes/ingress-nginx#7964 Update controller version to v1.1.0" is straightforward and indicates a version update.

185-185: The entry "- [6992] [Helm] Add labels to resources kubernetes/ingress-nginx#6992 Add ability to specify labels for all resources" enhances configurability and is clearly stated.

195-195: The entry "- [7651] Support ipFamilyPolicy and ipFamilies fields in Helm Chart kubernetes/ingress-nginx#7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart" correctly introduces support for new Kubernetes fields.

201-201: The entry "- [7740] Prepare for v1.0.3 release kubernetes/ingress-nginx#7740 Release v1.0.3 of ingress-nginx" is clear and indicates a new release.

205-205: The entry "- [7707] Tag release v1.0.2 kubernetes/ingress-nginx#7707 Release v1.0.2 of ingress-nginx" is straightforward and indicates a new release.

209-209: The entry "- [7681] preparing release v1.0.1 kubernetes/ingress-nginx#7681 Release v1.0.1 of ingress-nginx" is clear and indicates a new release.

213-213: The entry "- [7535] release v1.0.0 kubernetes/ingress-nginx#7535 Release v1.0.0 ingress-nginx" is clear and marks a significant version release.

217-217: The entry "- [7256] added namespace field in the namespace scoped resource templates of helm chart kubernetes/ingress-nginx#7256 Add namespace field in the namespace scoped resource templates" improves clarity in resource templates.

221-221: The entry "- [7164] Update nginx to mitigate CVE-2021-23017 kubernetes/ingress-nginx#7164 Update nginx to v1.20.1" is straightforward and indicates an important update.

225-225: The entry "- [7117] Adding annotations for HPA kubernetes/ingress-nginx#7117 Add annotations for HPA" enhances configurability for Horizontal Pod Autoscaling.

229-229: The entry "- [7137] Add support for custom probes kubernetes/ingress-nginx#7137 Add support for custom probes" introduces flexibility in health checking.

233-233: The entry "- #7092 Removes the possibility of using localhost in ExternalNames as endpoints" enhances security by preventing the use of localhost in ExternalNames.

deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md (10)

5-5: The version badges provide clear information about the chart and application versions. However, ensure that these versions are up-to-date with the latest releases of ingress-nginx to maintain compatibility and access to new features.

7-7: The instruction to use ingressClassName: nginx or the annotation kubernetes.io/ingress.class: nginx is clear and concise, guiding users on how to specify the ingress controller for their Ingress resources.

83-84: The note about the PodDisruptionBudget (PDB) being defined only if replicaCount is greater than one is an important detail for planning deployments. It helps ensure high availability while allowing node evacuations. This explanation is clear and informative.

91-91: The explanation on enabling Prometheus metrics and annotations for the metrics service is detailed and helpful. However, ensure that the documentation is updated if there are changes to the configuration options or if additional metrics capabilities are introduced in future versions of ingress-nginx.

103-103: The section on ExternalDNS service configuration is clear and provides a straightforward example of how to add an annotation to the LoadBalancer service. This is valuable for users looking to integrate ExternalDNS for dynamic DNS management.

131-131: The instructions for configuring the LoadBalancer service with the route53-mapper addon are clear and provide a practical example. It's important for users leveraging AWS and Route 53 for DNS management to have this information readily available.

153-153: The note about the internal load balancer deployment requiring both controller.service.internal.enabled and controller.service.internal.annotations is crucial for users planning to use internal load balancers. It helps avoid confusion and ensures that the necessary configurations are in place.

215-218: The section on Ingress Admission Webhooks provides valuable information on preventing bad ingress configurations. It's important to ensure that the documentation reflects any changes or enhancements to this feature in future versions of ingress-nginx.

235-245: The explanation of the Helm error related to spec.clusterIP and the solution to set xxxx.service.omitClusterIP to true is helpful for users encountering this issue during upgrades. It's important to keep this section updated if there are changes to how Helm or Kubernetes handle service upgrades in the future.

255-522: The comprehensive list of configuration options in the values.yaml file provides users with the flexibility to customize the ingress-nginx deployment to their needs. It's crucial to ensure that this section is kept up-to-date with all available configuration options and that any deprecated options are clearly marked or removed.

deploy-as-code/helm/charts/backbone-services/kafka-kraft/templates/_helpers.tpl (29)

11-13: The helper kafka.name correctly defines a template for generating the Kafka release name, ensuring it adheres to Kubernetes naming constraints.

19-26: The helper kafka.zookeeper.fullname correctly handles the override logic for Zookeeper's full name, providing flexibility in naming conventions.

31-37: The kafka.serviceAccountName helper properly handles the conditional creation of a service account name based on the .Values.serviceAccount.create flag.

43-60: The common.storage.class helper effectively abstracts the logic for determining the appropriate storage class, considering both local and global configurations.

67-74: The common.warnings.rollingTag helper provides a valuable warning mechanism for detecting rolling tags in image repositories, which is crucial for ensuring stable and predictable deployments in production environments.

79-81: The kafka.image helper correctly abstracts the image definition logic, allowing for centralized management of image sources and versions.

86-88: The kafka.externalAccess.autoDiscovery.image helper is well-defined, supporting the configuration of the auto-discovery image for external access.

93-95: The kafka.volumePermissions.image helper is correctly implemented, facilitating the configuration of the volume permissions image.

100-102: The kafka.metrics.kafka.image helper properly abstracts the Kafka exporter image configuration, enhancing modularity.

107-109: The kafka.metrics.jmx.image helper is correctly implemented, allowing for easy configuration of the JMX exporter image.

114-116: The kafka.imagePullSecrets helper effectively consolidates the logic for defining image pull secrets, considering both local and global configurations.

1574-1595: The validation logic for listener protocols (kafka.validateValues.listener.protocols) correctly ensures that only supported authentication protocols are used, which is crucial for security and compatibility.

1598-1607: The validation for the node port list length in the controller configuration (kafka.validateValues.controller.nodePortListLength) correctly ensures that the number of node ports matches the number of replicas, which is essential for consistent external access configuration.

1611-1619: Similarly, the validation for the broker node port list length (kafka.validateValues.broker.nodePortListLength) ensures consistency between the number of brokers and the configured node ports, which is crucial for external access.

1624-1633: The validation for external IP list length (kafka.validateValues.controller.externalIPListLength) correctly checks the alignment between the number of replicas and the length of the external IPs list, ensuring proper external access configuration.

1637-1645: The validation for the broker external IP list length (kafka.validateValues.broker.externalIPListLength) performs a similar check for brokers, ensuring that the external IP configuration matches the number of broker replicas.

1650-1658: The validation for domain specification (kafka.validateValues.domainSpecified) when the service type is ClusterIP correctly ensures that a domain is provided, which is necessary for proper DNS configuration.

1662-1670: The validation for the external access service type (kafka.validateValues.externalAccessServiceType) ensures that only supported service types are used for external access, which is crucial for network configuration.

1674-1681: The validation for RBAC settings when auto-discovery is enabled (kafka.validateValues.externalAccessAutoDiscoveryRBAC) correctly highlights the need for RBAC resources, ensuring that the auto-discovery feature can operate securely.

1685-1694: The validation for LoadBalancerIPs or LoadBalancerNames when auto-discovery is disabled (kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames) correctly ensures that necessary information is provided for LoadBalancer services, which is essential for external access.

1708-1714: The validation for the external access service list (kafka.validateValues.externalAccessServiceList) correctly ensures that the length of service-related lists matches the number of replicas, which is crucial for consistent service configuration.

1724-1732: The validation for SASL mechanisms (kafka.validateValues.saslMechanisms) ensures that SASL mechanisms are correctly configured when SASL is enabled, which is vital for secure communication.

1741-1748: The validation for the TLS secret (kafka.validateValues.tlsSecret) correctly ensures that a secret containing TLS certificates is provided when TLS is enabled, which is crucial for secure communication.

1754-1758: The validation for provisioning TLS passwords (kafka.validateValues.provisioning.tlsPasswords) correctly highlights the need for specifying a secret when TLS passwords are used, ensuring secure handling of sensitive information.

1765-1768: The validation for Kraft mode (kafka.validateValues.kraftMode) correctly ensures that Kraft and Zookeeper modes are not used simultaneously without migration mode enabled, which is crucial for a consistent cluster configuration.

1773-1776: The validation for missing controllers in Kraft mode (kafka.validateValues.kraftMissingControllers) correctly ensures that at least one controller is configured when Kraft mode is enabled, which is necessary for cluster operation.

1781-1783: The validation for missing brokers in Zookeeper mode (kafka.validateValues.zookeeperMissingBrokers) correctly ensures that at least one broker is configured, which is necessary for the Kafka cluster to function.

1789-1791: The validation for controller nodes in Zookeeper mode (kafka.validateValues.zookeeperNoControllers) correctly ensures that controller nodes are not configured in Zookeeper mode unless migration mode is enabled, preventing configuration conflicts.

1797-1800: The validation for mode settings (kafka.validateValues.modeEmpty) correctly ensures that either Kraft or Zookeeper mode is enabled, which is crucial for the Kafka cluster to operate.

coderabbitai · 2024-03-05T08:44:37Z

deploy-as-code/deployer/standalone_installer.go

+	head := parts[0]
+	args := parts[1:len(parts)]
+	//	Format the command
+	cmd := exec.Command(head, args...)


The use of exec.Command with dynamic input poses a security risk, as it can lead to command injection vulnerabilities if the input is not properly sanitized. Ensure that inputs to exec.Command are validated or derived from trusted sources.

- cmd := exec.Command(head, args...) + // Ensure `head` and `args` are from trusted sources or sanitized to prevent command injection + cmd := exec.Command(head, args...)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

cmd := exec.Command(head, args...)

// Ensure `head` and `args` are from trusted sources or sanitized to prevent command injection

cmd := exec.Command(head, args...)

coderabbitai · 2024-03-05T08:44:37Z

deploy-as-code/helm/charts/backbone-services/ingress-nginx/README.md.gotmpl

+
+## Install Chart
+
+**Important:** only helm3 is supported


It's mentioned that "only helm3 is supported," which is crucial information. To enhance clarity, consider explicitly stating the incompatibility with previous Helm versions and providing a link to Helm 3 documentation or installation guide for users who may need to upgrade.

coderabbitai · 2024-03-05T08:44:37Z

deploy-as-code/deployer/full_installer.go

+	//	Format the command
+
+	log.Println(string(Blue), " ==> "+command)
+	cmd := exec.Command(head, args...)


The use of exec.Command with variable input poses a security risk due to potential command injection vulnerabilities. Ensure that inputs to commands are sanitized or use safer alternatives to dynamically construct command strings.

- cmd := exec.Command(head, args...) + // Ensure `head` and `args` are sanitized or derived from trusted sources to mitigate command injection risks.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

cmd := exec.Command(head, args...)

// Ensure `head` and `args` are sanitized or derived from trusted sources to mitigate command injection risks.

coderabbitai · 2024-03-05T08:44:37Z

deploy-as-code/deployer/full_installer.go

+	var err error
+	sshPreFix := fmt.Sprintf("ssh %s@%s -i %s \"%s\" ", user, ip, sshFileLocation, command)
+
+	cmd := exec.Command("sh", "-c", sshPreFix)


Similar to the previous comment, the use of exec.Command with variable input here also poses a security risk. It's crucial to validate or sanitize inputs to prevent command injection vulnerabilities.

- cmd := exec.Command("sh", "-c", sshPreFix) + // Validate or sanitize `sshPreFix` to prevent potential command injection.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

cmd := exec.Command("sh", "-c", sshPreFix)

// Validate or sanitize `sshPreFix` to prevent potential command injection.

coderabbitai · 2024-03-05T08:44:37Z

deploy-as-code/deployer/full_installer.go

+func execSingleCommand(command string) error {
+	var err error
+
+	cmd := exec.Command("sh", "-c", command)


The use of exec.Command with dynamically constructed command strings can lead to security vulnerabilities. Consider validating inputs to ensure they are safe before executing commands.

- cmd := exec.Command("sh", "-c", command) + // Ensure `command` is from a trusted source or sanitized to prevent command injection.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

cmd := exec.Command("sh", "-c", command)

// Ensure `command` is from a trusted source or sanitized to prevent command injection.

cmd := exec.Command("sh", "-c", command)

coderabbitai · 2024-03-05T08:44:41Z