Introduce cozy-proxy

[kvaps]

Signed-off-by: Andrei Kvapil kvapss@gmail.com

Summary by CodeRabbit

• New Features
  • Added a new proxy component to enhance deployment orchestration and dependency management.
  • Introduced dynamic update capabilities for fetching and deploying the latest assets.
  • Enabled configurable settings for container images, networking, and access control.
  • Incorporated streamlined resource naming and labeling for improved management.

[coderabbitai]

Walkthrough

A new release entry for cozy-proxy has been introduced across multiple configuration files. The changes add release definitions in platform bundles and system configurations, including a Helm chart and supporting templates, values, and a Makefile with an update target. Additional RBAC resources and a new API Chart are now part of the deployment configuration.

Changes

File(s)	Change Summary
packages/core/platform/bundles/distro-full.yaml packages/core/platform/bundles/paas-full.yaml	Added new release entry for cozy-proxy with attributes: releaseName cozystack, chart cozy-cozy-proxy, namespace cozy-system. In distro-full.yaml, optional is set to true and depends on cilium; in paas-full.yaml, it depends on cilium and kubeovn.
packages/system/cozy-proxy/Chart.yaml packages/system/cozy-proxy/Makefile	Introduced a new Chart for cozy-cozystack-api and a Makefile with an update target that removes the old charts, fetches the latest tag from GitHub, downloads the corresponding tarball, and extracts the charts.
packages/system/cozy-proxy/charts/cozy-proxy/...	Added a complete Helm chart for cozy-proxy including: a Chart file, helper templates (_helpers.tpl), DaemonSet, ClusterRole, ClusterRoleBinding, ServiceAccount, and a values file with new image, daemonset, and rbac sections.
packages/system/cozy-proxy/values.yaml	Added a new configuration entry: fullnameOverride: cozy-proxy.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Makefile
    participant GitHub
    participant FileSystem
    User->>Makefile: Trigger "update" target
    Makefile->>FileSystem: Remove existing 'charts' directory
    Makefile->>GitHub: Fetch latest cozy-proxy tag
    GitHub-->>Makefile: Return latest version tag
    Makefile->>GitHub: Download tarball for version tag
    GitHub-->>Makefile: Provide tarball
    Makefile->>FileSystem: Extract 'charts' directory
    Makefile-->>User: Updated charts available

Loading

sequenceDiagram
    participant HelmUser as "Helm User"
    participant Helm
    participant Chart
    participant Kubernetes
    HelmUser->>Helm: Execute helm install for cozy-proxy
    Helm->>Chart: Read Chart.yaml and values
    Helm->>Templates: Render manifests via helper templates
    Templates-->>Helm: Generated Kubernetes manifests
    Helm->>Kubernetes: Apply manifests (DaemonSet, RBAC, etc.)
    Kubernetes-->>Helm: Resources deployed successfully

Loading

Possibly related PRs

• External-dns and new clusterissuer dns01 Cloudflare #374: Introduced similar release entries with dependency on cilium, aligning with the dependency updates for cozy-proxy.
• Introduce optional components #391: Added a new release entry for cozy-proxy with the optional: true attribute, affecting the same YAML structure.

Suggested labels

enhancement, lgtm

Poem

I'm a rabbit with hops so spry,
Coding under the starry sky,
New releases dance in YAML delight,
Helm charts and roles, oh what a sight!
I twitch my ear and cheer with glee—
A cuddly hop for every PR spree! 🐇

Tip

🌐 Web search-backed reviews and chat

• We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
• You can disable this feature by setting web_search: false in the knowledge_base settings.
• Please share any feedback in the Discord discussion.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

packages/system/cozy-proxy/charts/cozy-proxy/templates/_helpers.tpl (1)

18-24: LGTM! Consider adding recommended selector labels.

The implementation follows Helm chart best practices. Consider adding recommended selector labels for better Kubernetes resource management.

Add these selector labels to improve resource management:

 {{- define "cozy-proxy.labels" -}}
 helm.sh/chart: {{ include "cozy-proxy.name" . }}-{{ .Chart.Version | replace "+" "_" }}
 app.kubernetes.io/name: {{ include "cozy-proxy.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/version: {{ .Chart.AppVersion }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: proxy
+app.kubernetes.io/part-of: cozystack
 {{- end -}}

packages/system/cozy-proxy/charts/cozy-proxy/values.yaml (1)

8-9: Add examples for podAnnotations and podLabels.

Consider adding commented examples for podAnnotations and podLabels to guide users.

-  podAnnotations: {}
-  podLabels: {}
+  # -- Additional annotations for pods
+  podAnnotations:
+    # example.com/annotation: value
+  # -- Additional labels for pods
+  podLabels:
+    # example.com/label: value

packages/system/cozy-proxy/Makefile (1)

7-11: Refine the Update Target for Robustness and Clarity
The update target is implemented to remove the existing charts directory, fetch the latest tag, and extract the charts from the tarball. Consider adding an error check to verify a tag was found before proceeding. A brief comment on the awk expression (used to extract the version number) would also improve maintainability. For example:

-update:
-	rm -rf charts
-	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/aenix-io/cozy-proxy | awk -F'[/^]' 'END{print $$3}') && \
-	curl -sSL https://github.com/aenix-io/cozy-proxy/archive/refs/tags/$${tag}.tar.gz | \
-	tar xzvf - --strip 1 cozy-proxy-$${tag#*v}/charts
+update:
+	# Remove the existing charts directory.
+	rm -rf charts
+	# Retrieve the latest tag from the cozy-proxy repository.
+	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/aenix-io/cozy-proxy | awk -F'[/^]' 'END{print $$3}')
+	# Abort if no tag was found.
+	if [ -z "$$tag" ]; then echo "No tag found. Exiting update."; exit 1; fi
+	# Download and extract the charts from the tarball.
+	curl -sSL https://github.com/aenix-io/cozy-proxy/archive/refs/tags/$${tag}.tar.gz | \
+	tar xzvf - --strip 1 cozy-proxy-$${tag#*v}/charts

packages/core/platform/bundles/paas-full.yaml (1)

53-58: Approve and Enhance Dependency Array Formatting
The new release entry for cozy-proxy in the PaaS configuration correctly specifies the dependencies on both cilium and kubeovn. For improved readability and to satisfy YAML linters, consider adding a space after the comma in the array. For example:

-  dependsOn: [cilium,kubeovn]
+  dependsOn: [cilium, kubeovn]

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 57-57: too few spaces after comma

(commas)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 835ee11 and e0c98cc.

📒 Files selected for processing (12)

• packages/core/platform/bundles/distro-full.yaml (1 hunks)
• packages/core/platform/bundles/paas-full.yaml (1 hunks)
• packages/system/cozy-proxy/Chart.yaml (1 hunks)
• packages/system/cozy-proxy/Makefile (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/templates/_helpers.tpl (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/templates/role.yaml (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/templates/rolebinding.yaml (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/templates/serviceaccount.yaml (1 hunks)
• packages/system/cozy-proxy/charts/cozy-proxy/values.yaml (1 hunks)
• packages/system/cozy-proxy/values.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• packages/system/cozy-proxy/values.yaml
• packages/system/cozy-proxy/Chart.yaml
• packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

packages/system/cozy-proxy/charts/cozy-proxy/templates/serviceaccount.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/cozy-proxy/charts/cozy-proxy/templates/rolebinding.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/cozy-proxy/charts/cozy-proxy/templates/role.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/core/platform/bundles/paas-full.yaml

[warning] 57-57: too few spaces after comma

(commas)

packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml

[error] 6-6: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (8)

packages/system/cozy-proxy/charts/cozy-proxy/templates/serviceaccount.yaml (1)

1-8: LGTM! ServiceAccount implementation follows best practices.

The ServiceAccount is correctly configured with proper conditional creation and labeling.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/cozy-proxy/charts/cozy-proxy/values.yaml (2)

6-9: Review security implications of hostNetwork: true.

Using hostNetwork: true gives pods direct access to the host's network namespace, which could have security implications.

Please ensure this is required for the proxy's functionality and document the security considerations.

---

1-4: Consider using a more flexible image tag strategy.

Using a fixed tag (v0.1.0) could lead to outdated images. Consider using a more flexible strategy or documenting the version policy.

Please verify the latest available version:

✅ Verification successful

🌐 Web query:

What is the latest version of cozy-proxy on GitHub (aenix-io/cozystack)?

Length of output: 2548

---

Update the image tag strategy to reflect the latest available version.

The image tag in the chart is currently set to a fixed value of v0.1.0, which is outdated since the latest release on GitHub (aenix-io/cozystack) is v0.24.0. Consider updating the default value or using a more flexible/dynamic approach to avoid future discrepancies.

• File to update: packages/system/cozy-proxy/charts/cozy-proxy/values.yaml
• Recommendation: Either update to the latest version (v0.24.0) or employ a strategy that allows for easier updates (e.g., referencing a tag maintained in a CI/CD process or documented version policy).

packages/system/cozy-proxy/charts/cozy-proxy/templates/role.yaml (1)

1-12: Consider using Role instead of ClusterRole for better security.

The current implementation uses cluster-wide permissions. Consider:

1. Document why cluster-wide access to services and endpoints is required
2. If possible, use namespaced Role instead of ClusterRole for better security

Please clarify if cluster-wide access is necessary for the proxy's functionality.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/cozy-proxy/Makefile (1)

1-2: Define Project Variables Clearly
Declares the project name and namespace appropriately for use in the Makefile.

packages/system/cozy-proxy/charts/cozy-proxy/templates/rolebinding.yaml (1)

1-16: Handle YAML Templating Syntax in Linters
The inclusion of Helm templating directives (such as {{- if .Values.rbac.create }}) may trigger false positives from YAML linters. Ensure that your linter configuration is set to ignore or properly handle Helm template syntax so that these warnings do not obscure genuine issues.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml (1)

1-28: Validate YAML Template with Linter Settings
The DaemonSet definition looks well structured. Similar to the rolebinding template, templating directives (for example, on line 6 where labels are included) might raise false positives in YAML linting. Please confirm that your CI configuration ignores these templating constructs. Also, the overall configuration (security context, image specifications, etc.) meets the deployment needs.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 6-6: syntax error: expected the node content, but found '-'

(syntax)

packages/core/platform/bundles/distro-full.yaml (1)

34-40: Verify New Release Entry for cozy-proxy
The release entry for cozy-proxy is added with a release name of cozystack and chart cozy-cozy-proxy, along with the dependency on cilium and the optional: true flag. This appears consistent with the intended deployment configuration.