feat(hotrod): add hotrod charts

[prashant-shahi]

Features

• add hotrod charts

Summary by CodeRabbit

• New Features

  • Added a new Helm chart for deploying the Hotrod application.
  • Introduced Locust load testing configuration.
  • Implemented OpenTelemetry integration.
  • Added Kubernetes service, ingress, and deployment configurations.
  • Enhanced usability with instructions for accessing the application based on deployment scenarios.
  • Introduced detailed configuration options for both Hotrod and Locust components.
  • Added a .helmignore file to specify ignored files during Helm package builds.

• Chores

  • Created comprehensive Helm chart with templating support.
  • Added configuration files and test connections.
  • Updated chart testing configuration.

[coderabbitai]

Warning

Rate limit exceeded

@prashant-shahi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 77d8df3 and 8a7dce0.

📒 Files selected for processing (1)

• .github/workflows/test.yaml (1 hunks)

Walkthrough

This pull request introduces a comprehensive Helm chart configuration for the "hotrod" application. The changes include creating multiple configuration files such as .helmignore, Chart.yaml, and various Kubernetes resource templates like deployment.yaml, service.yaml, and ingress.yaml. The chart supports configurable deployments with OpenTelemetry integration, load testing capabilities via Locust, and flexible service configurations. It provides a standardized way to deploy the hotrod application in Kubernetes environments with extensive customization options.

Changes

File	Change Summary
charts/hotrod/.helmignore	New file specifying patterns to ignore during Helm package building
charts/hotrod/Chart.yaml	New Helm chart configuration with version 0.1.0 and app version 1.65.0
charts/hotrod/templates/NOTES.txt	Added instructions for obtaining application URL based on service type
charts/hotrod/templates/_helpers.tpl	Added multiple template helper functions for naming, labeling, and secret management
charts/hotrod/templates/configmap.yaml	New ConfigMap with Locust load testing script
charts/hotrod/templates/deployment.yaml	New Deployment configuration for hotrod and locust containers
charts/hotrod/templates/ingestion-key-secret.yaml	New Secret template for OpenTelemetry ingestion key
charts/hotrod/templates/ingress.yaml	New Ingress configuration template
charts/hotrod/templates/service.yaml	New Service resource configuration
charts/hotrod/templates/serviceaccount.yaml	New ServiceAccount template
charts/hotrod/templates/tests/test-connection.yaml	New connection test Pod configuration
charts/hotrod/values.yaml	Comprehensive configuration values for hotrod and locust components
ct.yaml	Added hotrod chart to chart testing configuration
.github/workflows/test.yaml	Modified GitHub Actions workflow to include additional Helm chart arguments

Possibly related PRs

• fix(schema-migrator): update async helm hook and remove unnecessary resources #544: The changes in this PR involve updates to the Helm chart version and modifications to the schema migrator, which may relate to the overall structure and management of Helm charts, similar to the .helmignore file introduced in the main PR.

Suggested reviewers

• srikanthccv
• grandwizard28

Poem

🐰 A Helm chart hops into view,
Hotrod's config, crisp and new!
Locust dances, metrics sing,
Kubernetes gets its shiny wing!
Deploy with joy, no more despair! 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 10

🧹 Nitpick comments (6)

charts/hotrod/templates/_helpers.tpl (3)

33-52: Consider adding recommended Kubernetes labels.

While the current labels follow best practices, consider adding these recommended labels for better resource management:

• app.kubernetes.io/part-of
• app.kubernetes.io/created-by

 {{- define "hotrod.labels" -}}
 helm.sh/chart: {{ include "hotrod.chart" . }}
 {{ include "hotrod.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+app.kubernetes.io/created-by: helm
 {{- end }}

---

65-102: Reduce code duplication in locust templates.

The locust template functions largely duplicate the hotrod functions. Consider creating a generic template that both can use.

+{{/*
+Create a component-specific name
+*/}}
+{{- define "hotrod.componentName" -}}
+{{- $component := .component }}
+{{- $context := .context }}
+{{- printf "%s-%s" (include "hotrod.fullname" $context) $component | trunc 63 | trimSuffix "-" }}
+{{- end }}

 {{- define "hotrod.locust.fullname" -}}
-{{- printf "%s-locust" (include "hotrod.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- include "hotrod.componentName" (dict "context" . "component" "locust") }}
 {{- end }}

---

104-124: Improve error message for required secret key.

The error message for missing existingSecretKey could be more descriptive.

 {{- define "hotrod.otel.secretKey" }}
 {{- if .Values.otel.existingSecretName }}
-{{- required "otel.existingSecretKey is required when otel.existingSecretName is set" .Values.otel.existingSecretKey }}
+{{- required (printf "otel.existingSecretKey must be provided when using existing secret '%s'" .Values.otel.existingSecretName) .Values.otel.existingSecretKey }}
 {{- else }}
 {{- print "signoz-ingestion-key" }}
 {{- end }}
 {{- end }}

charts/hotrod/templates/tests/test-connection.yaml (1)

1-15: Enhance the connection test.

While the basic connectivity test is good, consider these improvements:

1. Add readiness/liveness probe timeouts
2. Test all exposed services (both hotrod and locust)
3. Verify the response content

 spec:
   containers:
     - name: wget
       image: busybox
-      command: ['wget']
-      args: ['{{ include "hotrod.fullname" . }}:{{ .Values.service.port }}']
+      command: ['/bin/sh']
+      args:
+        - -c
+        - |
+          wget -T 10 -q -O - {{ include "hotrod.fullname" . }}:{{ .Values.service.port }} | grep -q "Hotrod"
+          wget -T 10 -q -O - {{ include "hotrod.locust.fullname" . }}:{{ .Values.locust.service.port }} | grep -q "Locust"

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 4-4: syntax error: expected , but found ''

(syntax)

charts/hotrod/templates/service.yaml (1)

11-14: Consider using a more specific port name.

While the implementation is correct, consider using a more descriptive port name than "http" to better indicate the service's purpose (e.g., "hotrod-http" or "hotrod-web").

  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
-     name: http
+     name: hotrod-http

charts/hotrod/templates/NOTES.txt (1)

20-21: Avoid hard-coded port in port-forward command.

The port-forward command uses a hard-coded port 8080, which might conflict with other services. Consider making it configurable.

- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+ echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.port }}:$CONTAINER_PORT

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3301db4 and 29dbddc.

📒 Files selected for processing (13)

• charts/hotrod/.helmignore (1 hunks)
• charts/hotrod/Chart.yaml (1 hunks)
• charts/hotrod/templates/NOTES.txt (1 hunks)
• charts/hotrod/templates/_helpers.tpl (1 hunks)
• charts/hotrod/templates/configmap.yaml (1 hunks)
• charts/hotrod/templates/deployment.yaml (1 hunks)
• charts/hotrod/templates/ingestion-key-secret.yaml (1 hunks)
• charts/hotrod/templates/ingress.yaml (1 hunks)
• charts/hotrod/templates/service.yaml (1 hunks)
• charts/hotrod/templates/serviceaccount.yaml (1 hunks)
• charts/hotrod/templates/tests/test-connection.yaml (1 hunks)
• charts/hotrod/values.yaml (1 hunks)
• ct.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• charts/hotrod/Chart.yaml
• charts/hotrod/.helmignore

🧰 Additional context used

🪛 LanguageTool

charts/hotrod/templates/NOTES.txt

[uncategorized] ~9-~9: Loose punctuation mark.
Context: ...services {{ include "hotrod.fullname" . }}) export NODE_IP=$(kubectl get nodes ...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~14-~14: Loose punctuation mark.
Context: ...} svc -w {{ include "hotrod.fullname" . }}' export SERVICE_IP=$(kubectl get svc...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~15-~15: Loose punctuation mark.
Context: ...space }} {{ include "hotrod.fullname" . }} --template "{{"{{ range (index .status...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~18-~18: Loose punctuation mark.
Context: ...etes.io/name={{ include "hotrod.name" . }},app.kubernetes.io/instance={{ .Release...

(UNLIKELY_OPENING_PUNCTUATION)

🪛 YAMLlint (1.35.1)

charts/hotrod/templates/configmap.yaml

[error] 4-4: syntax error: expected , but found ''

(syntax)

charts/hotrod/templates/ingestion-key-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/templates/tests/test-connection.yaml

[error] 4-4: syntax error: expected , but found ''

(syntax)

charts/hotrod/templates/deployment.yaml

[error] 6-6: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/templates/serviceaccount.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/templates/service.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/templates/ingress.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/values.yaml

[error] 113-113: trailing spaces

(trailing-spaces)

🪛 GitHub Check: lint-chart

charts/hotrod/values.yaml

[failure] 113-113:
113:32 [trailing-spaces] trailing spaces

🪛 GitHub Actions: Lint Charts

charts/hotrod/values.yaml

[error] 113-113: Trailing spaces detected at position 32

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test-chart

🔇 Additional comments (5)

charts/hotrod/templates/_helpers.tpl (1)

1-24: LGTM! Well-structured naming templates.

The name and fullname template functions follow Helm best practices with proper truncation, override support, and DNS compatibility.

ct.yaml (1)

9-9: LGTM! Proper integration with chart testing.

The hotrod chart is correctly added to the chart testing configuration.

charts/hotrod/templates/ingestion-key-secret.yaml (1)

1-14: Review secret management approach.

While the implementation is functional, consider these security recommendations:

1. Avoid storing sensitive data in Values files
2. Consider using external secret management solutions (e.g., Vault, Sealed Secrets)
3. Add documentation about the expected format and security implications of the ingestion key

Let's verify if there are any sensitive values committed in the repository:

✅ Verification successful

✅ Secret management approach is secure

The current implementation follows security best practices:

• Default values are empty strings
• Supports external secrets via existingSecretName
• No sensitive data is committed in the Values files

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for potential sensitive values in Values files
echo "Checking for potential sensitive data in Values files..."
rg -i "ingestionKey:|secret:|password:|key:" -g "values.yaml" -g "values-*.yaml"

Length of output: 2490

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/hotrod/templates/deployment.yaml (1)

37-38: Review the "all" argument usage for security implications.

Running with the "all" argument might expose unnecessary services. Consider explicitly specifying only the required services to minimize the attack surface.

charts/hotrod/values.yaml (1)

15-21: Review image repository and tag strategy.

1. The image is hosted on a personal Docker Hub account (coolboi567/hotrod). Consider using an official or organization-controlled repository.
2. No specific tag is set, which could lead to inconsistent deployments.

[coderabbitai]

🛠️ Refactor suggestion

Add validation for service account name.

When serviceAccount.create is false, we should validate that serviceAccount.name is provided if not using "default".

 {{- define "hotrod.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "hotrod.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- $name := default "default" .Values.serviceAccount.name }}
+{{- if and (ne $name "default") (empty $name) }}
+{{- fail "serviceAccount.name is required when serviceAccount.create is false and not using 'default'" }}
+{{- end }}
+{{- $name }}
 {{- end }}
 {{- end }}

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

💡 Codebase verification

🛠️ Refactor suggestion

Remove commented OTLP insecure configuration

The OTLP insecure configuration is commented out in both values.yaml and template files, and no other parts of the codebase depend on it. Remove these commented sections to maintain clean code. If this feature is needed in the future, it can be properly implemented then.

🔗 Analysis chain

Address commented OTLP configuration.

The OTLP insecure flag is commented out but might be needed for development environments.

Consider either:

1. Removing the commented code if not needed
2. Implementing it properly if required for development environments

 {{- define "hotrod.otlp-env" }}
 - name: OTEL_EXPORTER_OTLP_ENDPOINT
   value: {{ required "otel.endpoint is required" .Values.otel.endpoint }}
-# - name: OTEL_EXPORTER_OTLP_INSECURE
-#   value: {{ default true .Values.otel.insecure | quote }}
+{{- if .Values.otel.insecure }}
+- name: OTEL_EXPORTER_OTLP_INSECURE
+  value: {{ .Values.otel.insecure | quote }}
+{{- end }}

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if any deployment files reference OTEL_EXPORTER_OTLP_INSECURE
rg -l "OTEL_EXPORTER_OTLP_INSECURE" charts/hotrod/templates/

Length of output: 97

---

Script:

#!/bin/bash
# Check values files for insecure configuration
echo "=== Checking values files ==="
rg -i "insecure" charts/hotrod/values.yaml || true

echo -e "\n=== Checking documentation ==="
fd README.md charts/hotrod/ -x cat {} || true

echo -e "\n=== Checking for other OTLP configurations ==="
rg "OTEL_EXPORTER_OTLP" charts/hotrod/

Length of output: 672

[coderabbitai]

🛠️ Refactor suggestion

Set a secure default for automountServiceAccountToken.

For security best practices, explicitly set a default value for automountServiceAccountToken.

-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+automountServiceAccountToken: {{ default false .Values.serviceAccount.automount }}

This ensures tokens are only mounted when explicitly enabled.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if .Values.serviceAccount.create -}}
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: {{ include "hotrod.serviceAccountName" . }}
	labels:
	{{- include "hotrod.labels" . | nindent 4 }}
	{{- with .Values.serviceAccount.annotations }}
	annotations:
	{{- toYaml . | nindent 4 }}
	{{- end }}
	automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
	{{- end }}
	{{- if .Values.serviceAccount.create -}}
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: {{ include "hotrod.serviceAccountName" . }}
	labels:
	{{- include "hotrod.labels" . | nindent 4 }}
	{{- with .Values.serviceAccount.annotations }}
	annotations:
	{{- toYaml . | nindent 4 }}
	{{- end }}
	automountServiceAccountToken: {{ default false .Values.serviceAccount.automount }}
	{{- end }}

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[coderabbitai]

🛠️ Refactor suggestion

Enhance load testing implementation.

The current load testing script could be improved in several ways:

1. Hardcoded customer IDs and nonce values limit test coverage
2. Missing error handling for failed requests
3. Limited variety in test scenarios

Consider this enhanced implementation:

     from locust import HttpUser, task, between
+    import random
+    import time
     class UserTasks(HttpUser):
         wait_time = between(5, 15)
+        
+        def __init__(self, *args, **kwargs):
+            super().__init__(*args, **kwargs)
+            self.customer_ids = list(range(100, 999))
+
+        def on_start(self):
+            random.shuffle(self.customer_ids)
+
         @task
         def rachel(self):
-            self.client.get("/dispatch?customer=123&nonse=0.6308392664170006")
+            self._dispatch_request()
+
+        def _dispatch_request(self):
+            try:
+                customer_id = random.choice(self.customer_ids)
+                nonce = time.time()
+                response = self.client.get(
+                    f"/dispatch?customer={customer_id}&nonse={nonce}",
+                    name="/dispatch"
+                )
+                response.raise_for_status()
+            except Exception as e:
+                self.environment.events.request_failure.fire(
+                    request_type="GET",
+                    name="/dispatch",
+                    response_time=0,
+                    exception=e,
+                )

This implementation provides:

• Dynamic customer IDs
• Proper error handling
• More realistic nonce values
• Better request naming for metrics

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Add default pathType for Ingress paths.

The pathType field is required in networking.k8s.io/v1 Ingress but currently optional in the template. Consider setting a default value.

          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
+            pathType: {{ .pathType | default "Prefix" }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- path: {{ .path }}
	{{- with .pathType }}
	pathType: {{ . }}
	{{- end }}
	- path: {{ .path }}
	pathType: {{ .pathType | default "Prefix" }}

[coderabbitai]

🛠️ Refactor suggestion

Configure default probes for better reliability.

The deployment allows for probe configuration but doesn't set defaults. Consider adding default liveness and readiness probes to ensure proper container health monitoring.

Add these default values to your values.yaml:

livenessProbe:
  httpGet:
    path: /
    port: http
  initialDelaySeconds: 10
  periodSeconds: 10

readinessProbe:
  httpGet:
    path: /
    port: http
  initialDelaySeconds: 5
  periodSeconds: 5

[coderabbitai]

🛠️ Refactor suggestion

Make locust configuration more flexible.

The locust configuration has several hardcoded values that should be configurable:

1. Task delay values (45-60)
2. Number of users (6) and spawn rate (2)
3. Localhost connection might not work in all scenarios

Move these configurations to values.yaml:

locust:
  config:
    taskDelayFrom: "45"
    taskDelayTo: "60"
    users: "6"
    spawnRate: "2"
    quietMode: "false"
    host: "http://localhost:{{ .Values.service.port }}"

Then update the deployment to use these values:

            - name: TASK_DELAY_FROM
-              value: "45"
+              value: {{ .Values.locust.config.taskDelayFrom | quote }}
            - name: TASK_DELAY_TO
-              value: "60"
+              value: {{ .Values.locust.config.taskDelayTo | quote }}
            - name: LOCUST_OPTS
-              value: "--headless -u 6 -r 2 --print-stats"
+              value: "--headless -u {{ .Values.locust.config.users }} -r {{ .Values.locust.config.spawnRate }} --print-stats"

[coderabbitai]

🛠️ Refactor suggestion

Set secure defaults for security context.

The security context is configurable but doesn't set secure defaults. Consider setting restrictive defaults to enhance security.

Add these secure defaults to your values.yaml:

podSecurityContext:
  fsGroup: 1000
  runAsNonRoot: true
  runAsUser: 1000

securityContext:
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

Also applies to: 33-34

[coderabbitai]

🛠️ Refactor suggestion

Improve OTLP configuration validation and documentation.

1. The OTLP endpoint is required but set to null by default. This should be validated in the templates.
2. The insecure mode configuration is commented out but might be needed for development.

Add validation in the templates:

{{- if not .Values.otel.endpoint }}
{{- fail "OTLP endpoint is required. Please set .Values.otel.endpoint" }}
{{- end }}

Also, consider adding development-focused documentation about using insecure mode.

[coderabbitai]

⚠️ Potential issue

Fix trailing spaces to resolve linting errors.

Remove trailing spaces from line 113 to fix the linting errors reported by both YAMLlint and GitHub Actions.

Apply this change:

-  # -- Whether to enable locust 
+  # -- Whether to enable locust

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# -- Whether to enable locust
	enabled: true
	# -- Whether to enable locust
	enabled: true

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 113-113: trailing spaces

(trailing-spaces)

🪛 GitHub Check: lint-chart

[failure] 113-113:
113:32 [trailing-spaces] trailing spaces

🪛 GitHub Actions: Lint Charts

[error] 113-113: Trailing spaces detected at position 32

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (5)

.github/workflows/test.yaml (2)

46-46: Consider using GitHub Actions environment variables for repeated values.

The endpoint hostname is repeated in both --set arguments. Consider using a GitHub Actions environment variable to make it more maintainable:

-        run: ct install --config ct.yaml --helm-extra-set-args '--set=otelCollectorEndpoint=endpoint-that-does-not-exist:4317' '--set=otel.endpoint=endpoint-that-does-not-exist:4318'
+        env:
+          TEST_ENDPOINT: endpoint-that-does-not-exist
+        run: ct install --config ct.yaml --helm-extra-set-args '--set=otelCollectorEndpoint=${{ env.TEST_ENDPOINT }}:4317' '--set=otel.endpoint=${{ env.TEST_ENDPOINT }}:4318'

---

46-46: Add inline documentation for the test endpoints.

Consider adding a comment explaining that these endpoints are intentionally non-existent for testing purposes. This will prevent confusion for future contributors who might think this is a configuration error.

+        # Using non-existent endpoints for testing. In production, these would point to actual OpenTelemetry collectors.
         run: ct install --config ct.yaml --helm-extra-set-args '--set=otelCollectorEndpoint=endpoint-that-does-not-exist:4317' '--set=otel.endpoint=endpoint-that-does-not-exist:4318'

charts/hotrod/values.yaml (3)

33-41: Review service account configuration.

The current configuration has automount: true but create: false. This combination might be confusing as automounting won't work without a service account. Consider either:

1. Setting automount: false when create: false
2. Adding validation in templates to ensure proper configuration

---

115-121: Consider using semantic versioning for the locust image.

The current configuration uses a fixed version (1.2.3). Consider using semantic versioning to allow for patch updates while maintaining stability:

-    tag: 1.2.3
+    tag: ~1.2.3

---

122-155: Improve port configuration values.

The node port values are set to empty strings which could cause issues. Consider:

1. Using null instead of empty strings for unset values
2. Adding validation for port number ranges

-      nodePort: ""
+      nodePort: null

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 29dbddc and 3c12bb8.

📒 Files selected for processing (2)

• .github/workflows/test.yaml (1 hunks)
• charts/hotrod/values.yaml (1 hunks)

🔇 Additional comments (2)

charts/hotrod/values.yaml (2)

1-11: Improve OTLP configuration validation and documentation.

1. The OTLP endpoint is required but set to null by default. This should be validated in the templates.
2. The insecure mode configuration is commented out but might be needed for development.

Let's verify if the templates include the necessary validation:

#!/bin/bash
# Check if templates validate the required OTLP endpoint
rg -l "\.Values\.otel\.endpoint" charts/hotrod/templates/

---

113-113: Fix trailing spaces to resolve linting errors.

Remove trailing spaces from line 113 to fix the linting errors reported by both YAMLlint and GitHub Actions.

[coderabbitai]

💡 Codebase verification

The otelCollectorEndpoint parameter is redundant and unsupported

The chart only supports and uses the otel.endpoint configuration (port 4318 for OTLP HTTP). The otelCollectorEndpoint parameter in the test command appears to be redundant and should be removed as it's not used by the chart.

• Remove --set=otelCollectorEndpoint=endpoint-that-does-not-exist:4317 from the test command in .github/workflows/test.yaml

🔗 Analysis chain

Please clarify the need for dual OpenTelemetry endpoint configuration.

The command sets two different OpenTelemetry endpoints with different ports:

• otelCollectorEndpoint on port 4317
• otel.endpoint on port 4318

Could you explain why two different endpoint configurations are needed? This would help future maintainers understand the purpose of each setting.

Let me verify if these endpoint configurations are consistently used across the hotrod chart:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for references to both endpoint configurations in the hotrod chart
echo "Searching for otelCollectorEndpoint references:"
rg "otelCollectorEndpoint" charts/hotrod/

echo -e "\nSearching for otel.endpoint references:"
rg "otel.endpoint" charts/hotrod/

Length of output: 386

---

Script:

#!/bin/bash
# Check values and documentation
echo "=== Checking values.yaml ==="
cat charts/hotrod/values.yaml

echo -e "\n=== Checking Chart.yaml and README ==="
cat charts/hotrod/Chart.yaml
cat charts/hotrod/README.md 2>/dev/null || echo "README.md not found"

echo -e "\n=== Checking all template files for any endpoint references ==="
find charts/hotrod/templates -type f -exec cat {} \;

Length of output: 18241

[coderabbitai]

🛠️ Refactor suggestion

Configure health probes by default.

The liveness and readiness probes are not configured by default. This could lead to improper container lifecycle management. Also, the example uses an undefined 'http' port name.

-livenessProbe: {}
+livenessProbe:
+  httpGet:
+    path: /
+    port: 8080
+  initialDelaySeconds: 10
+  periodSeconds: 10

-readinessProbe: {}
+readinessProbe:
+  httpGet:
+    path: /
+    port: 8080
+  initialDelaySeconds: 5
+  periodSeconds: 5

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# -- Liveness probe for hotrod
	livenessProbe: {}
	# httpGet:
	# path: /
	# port: http
	# -- Readiness probe for hotrod
	readinessProbe: {}
	# httpGet:
	# path: /
	# port: http
	# -- Liveness probe for hotrod
	livenessProbe:
	httpGet:
	path: /
	port: 8080
	initialDelaySeconds: 10
	periodSeconds: 10
	# -- Readiness probe for hotrod
	readinessProbe:
	httpGet:
	path: /
	port: 8080
	initialDelaySeconds: 5
	periodSeconds: 5

[coderabbitai]

🛠️ Refactor suggestion

Enable security context by default.

Consider enabling security contexts by default with secure values:

• Drop unnecessary capabilities
• Enable read-only root filesystem
• Run as non-root user
  This aligns with Kubernetes security best practices.

-podSecurityContext: {}
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  fsGroup: 1000

-securityContext: {}
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# -- Pod security context for hotrod
	podSecurityContext: {}
	# -- Security context for hotrod
	securityContext: {}
	# capabilities:
	# drop:
	# - ALL
	# readOnlyRootFilesystem: true
	# runAsNonRoot: true
	# runAsUser: 1000
	# -- Pod security context for hotrod
	podSecurityContext:
	runAsNonRoot: true
	runAsUser: 1000
	fsGroup: 1000
	# -- Security context for hotrod
	securityContext:
	capabilities:
	drop:
	- ALL
	readOnlyRootFilesystem: true
	runAsNonRoot: true
	runAsUser: 1000

[coderabbitai]

💡 Codebase verification

Switch to official Jaeger source for HotRod

The current image coolboi567/hotrod is from a personal repository. Since HotRod is an official example from the Jaeger project (confirmed in jaegertracing/jaeger/examples/hotrod), it's recommended to:

• Either use an official Jaeger image that includes HotRod
• Or build the image directly from the official Jaeger repository

This ensures better security, maintenance, and alignment with the official Jaeger project.

🔗 Analysis chain

Consider using an official image repository.

The current image repository coolboi567/hotrod appears to be a personal repository. This could pose security risks and maintenance concerns.

Let's verify if there's an official repository available:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for official hotrod images
curl -s "https://registry.hub.docker.com/v2/search/repositories?query=hotrod&page_size=25" | jq '.results[] | select(.official==true or .name | contains("jaeger")) | {name, description}'

Length of output: 290

---

Script:

#!/bin/bash
# Search for hotrod-related images on Docker Hub
echo "=== Docker Hub Search ==="
curl -s "https://registry.hub.docker.com/v2/search/repositories?query=jaeger-hotrod&page_size=10" | jq -r '.results[] | "Name: \(.name)\nDescription: \(.description)\nStars: \(.star_count)\nOfficial: \(.official)\n---"'

echo -e "\n=== GitHub Check ==="
# Check if HotRod is part of Jaeger's official examples
curl -s "https://api.github.com/search/code?q=hotrod+repo:jaegertracing/jaeger" | jq -r '.items[] | select(.path | contains("hotrod")) | "Path: \(.path)\nURL: \(.html_url)"'

echo -e "\n=== Original Image Check ==="
# Check the original image details
curl -s "https://registry.hub.docker.com/v2/repositories/coolboi567/hotrod" | jq -r '. | "Last Updated: \(.last_updated)\nDescription: \(.description)\nStars: \(.star_count)"'

Length of output: 1460

---

Script:

#!/bin/bash
echo "=== Jaeger Official Images ==="
curl -s "https://registry.hub.docker.com/v2/repositories/jaegertracing" | jq -r '.results[]? | select(.name | contains("hotrod") or contains("demo")) | "Name: \(.name)\nDescription: \(.description)\n---"'

echo -e "\n=== GitHub HotRod Example ==="
curl -s "https://api.github.com/repos/jaegertracing/jaeger/contents/examples/hotrod" | \
  jq -r 'if type == "object" and has("message") then "Not found" else "Found in examples/hotrod" end'

echo -e "\n=== Jaeger All-in-one Image ==="
curl -s "https://registry.hub.docker.com/v2/repositories/jaegertracing/all-in-one" | \
  jq -r '. | "Name: all-in-one\nPulls: \(.pull_count)\nStars: \(.star_count)\n---"'

Length of output: 857

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

charts/hotrod/Chart.yaml (1)

1-4: Enhance the chart description to be more specific.

The current description is a generic placeholder. Consider updating it to describe the actual purpose of the hotrod application, such as "A Helm chart for deploying the hotrod demo application with OpenTelemetry integration and load testing capabilities."

 apiVersion: v2
 name: hotrod
-description: A Helm chart for Kubernetes
+description: A Helm chart for deploying the hotrod demo application with OpenTelemetry integration and load testing capabilities
 type: application

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3c12bb8 and 5ddfcf6.

📒 Files selected for processing (2)

• charts/hotrod/Chart.yaml (1 hunks)
• ct.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• ct.yaml

🔇 Additional comments (2)

charts/hotrod/Chart.yaml (2)

7-10: LGTM! Maintainer information is complete.

The maintainer section correctly identifies SigNoz as the maintainer with appropriate contact information.

---

5-6: Verify the appVersion.

Please confirm if "1.65.0" is the correct version of the hotrod application being deployed.

✅ Verification successful

The appVersion "1.65.0" is correct

The version matches an existing tag in the Docker Hub repository coolboi567/hotrod, and the chart is properly configured to use this version by default when no specific tag is set in values.yaml.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for any references to the hotrod version in the repository
# to verify consistency with the appVersion.

echo "Searching for version references in values.yaml..."
rg --type yaml "1\.65\.0" charts/hotrod/values.yaml

echo "Searching for Docker image tags in values.yaml..."
rg --type yaml "image:.*hotrod" charts/hotrod/values.yaml

Length of output: 333

---

Script:

#!/bin/bash
# Check values.yaml content and search for version patterns
echo "Checking if values.yaml exists..."
ls -l charts/hotrod/values.yaml

echo -e "\nContent of values.yaml:"
cat charts/hotrod/values.yaml

echo -e "\nSearching for version patterns..."
rg -i "version|tag" charts/hotrod/values.yaml

echo -e "\nSearching for hotrod configurations..."
rg "hotrod|jaeger" charts/hotrod/values.yaml

Length of output: 6611

---

Script:

#!/bin/bash
# Check if the image version exists in Docker Hub
curl -s "https://hub.docker.com/v2/repositories/coolboi567/hotrod/tags/?page_size=100" | jq -r '.results[].name'

Length of output: 128