Robot Upgrade: wordpress chart upgrade from 15.2.39 to 29.1.2

[weizhoublue]

I am robot, upgrade: project wordpress chart upgrade from 15.2.39 to 29.1.2

[gemini-code-assist]

Summary of Changes

Hello @weizhoublue, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a comprehensive upgrade to the WordPress Helm chart, bringing it to version 29.1.2. The update integrates a suite of security enhancements, including FIPS compliance and refined image handling, alongside significant architectural improvements in dependency management through OCI repositories. It also expands functionality by introducing Transparent Data Encryption and a password update job for MariaDB, and embraces modern traffic management with Gateway API's HTTPRoute. These changes collectively aim to improve the chart's security posture, maintainability, and compatibility with contemporary Kubernetes ecosystems.

Highlights

• Major Chart Upgrade: The WordPress Helm chart has been upgraded from version 15.2.39 to 29.1.2, incorporating significant updates across the main chart and its subcharts.
• Enhanced Security Features: Introduced FIPS compliance configuration, improved image verification, and updated security contexts across various components to align with modern security standards.
• Updated Dependency Management: Helm chart dependencies for MariaDB, Memcached, and the common library now utilize OCI repositories, reflecting a shift in how chart artifacts are stored and retrieved.
• Network Policy Refinements: Network policies have been refactored and updated, including the removal of old ingress/egress policy files and the introduction of a consolidated network policy for better traffic control.
• New Features for MariaDB: MariaDB subchart now supports Transparent Data Encryption (TDE) and includes a new password update job mechanism, enhancing data security and operational flexibility.
• Gateway API Support: The WordPress chart now includes support for the Gateway API's HTTPRoute, offering a more flexible and expressive way to manage application traffic.
• Common Library Modernization: The shared common library has been extensively updated with new helpers for certificates, compatibility, FIPS, and resource presets, while deprecated API version checks have been removed.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• charts/wordpress/config
  • Updated WordPress chart version to 29.1.2.
• charts/wordpress/wordpress/Chart.yaml
  • Updated WordPress chart metadata, including appVersion, maintainer, sources, and dependencies.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/.relok8s-images.yaml
  • Added a new file for relok8s image hints.
• charts/wordpress/wordpress/charts/wordpress/Chart.lock
  • Removed the Chart.lock file.
• charts/wordpress/wordpress/charts/wordpress/Chart.yaml
  • Updated WordPress chart dependencies to use OCI repositories and newer versions.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/chart_consistency.yaml
  • Added a new file for chart consistency ignore rules.
• charts/wordpress/wordpress/charts/wordpress/charts/common/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/charts/common/Chart.yaml
  • Updated common library chart metadata, including appVersion, maintainer, and sources.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/charts/common/README.md
  • Updated README with information about Bitnami Secure Images.
  • Updated Kubernetes and Helm prerequisites.
  • Revised helper tables.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_affinities.tpl
  • Modified pod affinity helpers to include custom labels, extra pod affinity terms, and extra namespaces.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_capabilities.tpl
  • Refactored Kubernetes API version detection logic and removed deprecated API versions.
  • Added new helpers for VPA, PSP, and AdmissionConfiguration.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_certs.tpl
  • Added a new template for generating TLS certificate SANs.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_compatibility.tpl
  • Added a new template for compatibility adaptations, specifically for Openshift security contexts.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_errors.tpl
  • Corrected a typo from 'Through error' to 'Throw error'.
  • Added a new helper for insecure image errors.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_images.tpl
  • Updated image name generation logic and improved pull secrets handling.
  • Added a new helper for image version extraction.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_ingress.tpl
  • Removed deprecated ingress API version checks and related helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_labels.tpl
  • Enhanced label generation to support custom labels and ensure immutable fields are handled correctly.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_names.tpl
  • Modified fullname generation to handle release names with special characters.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_resources.tpl
  • Added a new template for resource presets.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_secrets.tpl
  • Enhanced password management to support honorProvidedValues, failOnNew, skipB64enc, and skipQuote parameters.
  • Added a new lookup helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_storage.tpl
  • Simplified storage class selection logic.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_tplvalues.tpl
  • Enhanced template rendering to support scopes.
  • Added new merge and merge-overwrite helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_utils.tpl
  • Added a new helper for checksumming templates.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/_warnings.tpl
  • Updated rolling tag warning URL.
  • Added new warnings for modified images and unset resource sections.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_cassandra.tpl
  • Removed the Cassandra password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_mariadb.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_mongodb.tpl
  • Removed the MongoDB password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_mysql.tpl
  • Removed the MySQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_postgresql.tpl
  • Removed the PostgreSQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_redis.tpl
  • Removed the Redis password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/common/templates/validations/_validations.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/common/values.yaml
  • Added copyright and SPDX-License-Identifier.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/.relok8s-images.yaml
  • Added a new file for relok8s image hints.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/Chart.lock
  • Removed the Chart.lock file.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/Chart.yaml
  • Updated MariaDB chart metadata, including appVersion, maintainer, and sources.
  • Updated dependencies to use OCI repositories and newer versions.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/chart_consistency.yaml
  • Added a new file for chart consistency ignore rules.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/Chart.yaml
  • Updated common library chart metadata, including appVersion, maintainer, and sources.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/README.md
  • Updated README with information about Bitnami Secure Images.
  • Updated Kubernetes and Helm prerequisites.
  • Revised helper tables.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_affinities.tpl
  • Modified pod affinity helpers to include custom labels, extra pod affinity terms, and extra namespaces.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_capabilities.tpl
  • Refactored Kubernetes API version detection logic and removed deprecated API versions.
  • Added new helpers for VPA, PSP, and AdmissionConfiguration.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_certs.tpl
  • Added a new template for generating TLS certificate SANs.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_compatibility.tpl
  • Added a new template for compatibility adaptations, specifically for Openshift security contexts.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_errors.tpl
  • Corrected a typo from 'Through error' to 'Throw error'.
  • Added a new helper for insecure image errors.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_images.tpl
  • Updated image name generation logic and improved pull secrets handling.
  • Added a new helper for image version extraction.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_ingress.tpl
  • Removed deprecated ingress API version checks and related helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_labels.tpl
  • Enhanced label generation to support custom labels and ensure immutable fields are handled correctly.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_names.tpl
  • Modified fullname generation to handle release names with special characters.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_resources.tpl
  • Added a new template for resource presets.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_secrets.tpl
  • Enhanced password management to support honorProvidedValues, failOnNew, skipB64enc, and skipQuote parameters.
  • Added a new lookup helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_storage.tpl
  • Simplified storage class selection logic.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_tplvalues.tpl
  • Enhanced template rendering to support scopes.
  • Added new merge and merge-overwrite helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_utils.tpl
  • Added a new helper for checksumming templates.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/_warnings.tpl
  • Updated rolling tag warning URL.
  • Added new warnings for modified images and unset resource sections.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_cassandra.tpl
  • Removed the Cassandra password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_mariadb.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_mongodb.tpl
  • Removed the MongoDB password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_mysql.tpl
  • Removed the MySQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_postgresql.tpl
  • Removed the PostgreSQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_redis.tpl
  • Removed the Redis password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/templates/validations/_validations.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/charts/common/values.yaml
  • Added copyright and SPDX-License-Identifier.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/NOTES.txt
  • Added a warning about Bitnami Secure Images.
  • Updated connection instructions for TLS and upgrade command.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/_helpers.tpl
  • Added new helpers for TLS secret name and password update job secrets.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/ca-cert.yaml
  • Added a new template for generating CA TLS certificates using cert-manager.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/cert.yaml
  • Added a new template for generating TLS certificates using cert-manager.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/extra-list.yaml
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/headless-svc.yaml
  • Added a new template for the headless service.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/networkpolicy-egress.yaml
  • Removed the networkpolicy-egress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/networkpolicy.yaml
  • Added a new template for network policy.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/configmap.yaml
  • Updated configmap for primary MariaDB to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/initialization-configmap.yaml
  • Updated initialization configmap for primary MariaDB to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/networkpolicy-ingress.yaml
  • Removed the networkpolicy-ingress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/pdb.yaml
  • Updated PDB for primary MariaDB to use common helpers for labels and annotations.
  • Adjusted maxUnavailable default.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/statefulset.yaml
  • Updated statefulset for primary MariaDB to include new features like automountServiceAccountToken, terminationGracePeriodSeconds, FIPS, TLS, TDE.
  • Improved volume mounts.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/primary/svc.yaml
  • Updated service for primary MariaDB to use common helpers for labels and annotations.
  • Adjusted sessionAffinity handling.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/prometheusrules.yaml
  • Updated Prometheus rules to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/role.yaml
  • Updated role to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/rolebinding.yaml
  • Updated rolebinding to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secondary/configmap.yaml
  • Updated configmap for secondary MariaDB to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secondary/networkpolicy-ingress.yaml
  • Removed the networkpolicy-ingress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secondary/pdb.yaml
  • Updated PDB for secondary MariaDB to use common helpers for labels and annotations.
  • Adjusted maxUnavailable default.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secondary/statefulset.yaml
  • Updated statefulset for secondary MariaDB to include new features like automountServiceAccountToken, terminationGracePeriodSeconds, FIPS, TLS, TDE.
  • Improved volume mounts.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secondary/svc.yaml
  • Updated service for secondary MariaDB to use common helpers for labels and annotations.
  • Adjusted sessionAffinity handling.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secrets.yaml
  • Updated secrets generation to use new password management helpers.
  • Added service binding secrets.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/secretstoreproviderclass-tde.yaml
  • Added a new template for SecretProviderClass for TDE.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/serviceaccount.yaml
  • Updated service account to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/servicemonitor.yaml
  • Updated service monitor to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/tls-secret.yaml
  • Added a new template for generating TLS secrets.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/update-password/job.yaml
  • Added a new template for the password update job.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/update-password/new-secret.yaml
  • Added a new template for the new password secret for the update job.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/templates/update-password/previous-secret.yaml
  • Added a new template for the previous password secret for the update job.
• charts/wordpress/wordpress/charts/wordpress/charts/mariadb/values.yaml
  • Updated values with new global parameters, TLS, TDE, password update job, and network policy settings.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/.relok8s-images.yaml
  • Added a new file for relok8s image hints.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/Chart.lock
  • Removed the Chart.lock file.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/Chart.yaml
  • Updated Memcached chart metadata, including appVersion, maintainer, and sources.
  • Updated dependencies to use OCI repositories and newer versions.
  • Added new annotations for images.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/.helmignore
  • Added 'img/' and 'CHANGELOG.md' to be ignored.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/Chart.yaml
  • Updated common library chart metadata, including appVersion, maintainer, and sources.
  • Added new annotations for FIPS and images.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/README.md
  • Updated README with information about Bitnami Secure Images.
  • Updated Kubernetes and Helm prerequisites.
  • Revised helper tables.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_affinities.tpl
  • Modified pod affinity helpers to include custom labels, extra pod affinity terms, and extra namespaces.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_capabilities.tpl
  • Refactored Kubernetes API version detection logic and removed deprecated API versions.
  • Added new helpers for VPA, PSP, and AdmissionConfiguration.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_certs.tpl
  • Added a new template for generating TLS certificate SANs.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_compatibility.tpl
  • Added a new template for compatibility adaptations, specifically for Openshift security contexts.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_errors.tpl
  • Corrected a typo from 'Through error' to 'Throw error'.
  • Added a new helper for insecure image errors.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_images.tpl
  • Updated image name generation logic and improved pull secrets handling.
  • Added a new helper for image version extraction.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_ingress.tpl
  • Removed deprecated ingress API version checks and related helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_labels.tpl
  • Enhanced label generation to support custom labels and ensure immutable fields are handled correctly.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_names.tpl
  • Modified fullname generation to handle release names with special characters.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_resources.tpl
  • Added a new template for resource presets.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_secrets.tpl
  • Enhanced password management to support honorProvidedValues, failOnNew, skipB64enc, and skipQuote parameters.
  • Added a new lookup helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_storage.tpl
  • Simplified storage class selection logic.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_tplvalues.tpl
  • Enhanced template rendering to support scopes.
  • Added new merge and merge-overwrite helpers.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_utils.tpl
  • Added a new helper for checksumming templates.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/_warnings.tpl
  • Updated rolling tag warning URL.
  • Added new warnings for modified images and unset resource sections.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_cassandra.tpl
  • Removed the Cassandra password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_mariadb.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_mongodb.tpl
  • Removed the MongoDB password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_mysql.tpl
  • Removed the MySQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_postgresql.tpl
  • Removed the PostgreSQL password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_redis.tpl
  • Removed the Redis password validation helper.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/templates/validations/_validations.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/charts/common/values.yaml
  • Added copyright and SPDX-License-Identifier.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/NOTES.txt
  • Added a warning about Bitnami Secure Images.
  • Added new warnings for resources, modified images, and insecure images.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/_helpers.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/deployment.yaml
  • Updated deployment to include automountServiceAccountToken, hostNetwork, and use common helpers for labels, affinities, security contexts, resources, and volume mounts.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/extra-list.yaml
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/hpa.yaml
  • Updated HPA to use common helpers for labels and remove deprecated API version checks.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/metrics-svc.yaml
  • Updated metrics service to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/networkpolicy.yaml
  • Added a new template for network policy.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/pdb.yaml
  • Updated PDB to use common helpers for labels and annotations.
  • Adjusted maxUnavailable default.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/secrets.yaml
  • Updated secrets to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/service.yaml
  • Updated service to include trafficDistribution and publishNotReadyAddresses.
  • Updated service to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/serviceaccount.yaml
  • Updated service account to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/servicemonitor.yaml
  • Updated service monitor to use common helpers for labels and annotations.
  • Added podTargetLabels.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/templates/statefulset.yaml
  • Updated statefulset to include automountServiceAccountToken, hostNetwork, enableServiceLinks.
  • Updated statefulset to use common helpers for labels, affinities, security contexts, resources, and volume mounts.
• charts/wordpress/wordpress/charts/wordpress/charts/memcached/values.yaml
  • Updated values with new global parameters, security, compatibility, FIPS, and network policy settings.
• charts/wordpress/wordpress/charts/wordpress/templates/NOTES.txt
  • Added a warning about Bitnami Secure Images.
  • Updated connection instructions for HTTPRoute.
  • Added new warnings for resources, modified images, and insecure images.
• charts/wordpress/wordpress/charts/wordpress/templates/_helpers.tpl
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/templates/config-secret.yaml
  • Updated config secret to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/deployment.yaml
  • Updated deployment to include automountServiceAccountToken, runtimeClassName, terminationGracePeriodSeconds, FIPS.
  • Updated deployment to use common helpers for labels, affinities, security contexts, resources, and volume mounts.
• charts/wordpress/wordpress/charts/wordpress/templates/externaldb-secrets.yaml
  • Updated externaldb secrets to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/extra-list.yaml
  • Updated copyright notice.
• charts/wordpress/wordpress/charts/wordpress/templates/hpa.yaml
  • Updated HPA to use common helpers for labels and remove deprecated API version checks.
• charts/wordpress/wordpress/charts/wordpress/templates/httpd-configmap.yaml
  • Updated httpd configmap to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/httproute.yaml
  • Added a new template for HTTPRoute.
• charts/wordpress/wordpress/charts/wordpress/templates/ingress-secondary.yaml
  • Added a new template for secondary ingress.
• charts/wordpress/wordpress/charts/wordpress/templates/ingress.yaml
  • Updated ingress to use common helpers for labels and annotations.
  • Adjusted hostname templating and www prefix logic.
• charts/wordpress/wordpress/charts/wordpress/templates/metrics-svc.yaml
  • Updated metrics service to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/networkpolicy-backend-ingress.yaml
  • Removed the networkpolicy-backend-ingress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/templates/networkpolicy-egress.yaml
  • Removed the networkpolicy-egress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/templates/networkpolicy-ingress.yaml
  • Removed the networkpolicy-ingress.yaml file.
• charts/wordpress/wordpress/charts/wordpress/templates/networkpolicy.yaml
  • Added a new template for network policy.
• charts/wordpress/wordpress/charts/wordpress/templates/pdb.yaml
  • Updated PDB to use common helpers for labels and annotations.
  • Adjusted maxUnavailable default.
• charts/wordpress/wordpress/charts/wordpress/templates/postinit-configmap.yaml
  • Updated postinit configmap to use common helpers for labels and annotations.
  • Corrected chmod path.
• charts/wordpress/wordpress/charts/wordpress/templates/pvc.yaml
  • Updated PVC to use common helpers for labels and annotations.
  • Added selector.
• charts/wordpress/wordpress/charts/wordpress/templates/secrets.yaml
  • Updated secrets to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/serviceaccount.yaml
  • Updated service account to use common helpers for labels and annotations.
• charts/wordpress/wordpress/charts/wordpress/templates/servicemonitor.yaml
  • Updated service monitor to use common helpers for labels and annotations.
  • Adjusted metricRelabelings and selector.
• charts/wordpress/wordpress/charts/wordpress/templates/svc.yaml
  • Updated service to use common helpers for labels and annotations.
  • Adjusted sessionAffinity handling.
• charts/wordpress/wordpress/charts/wordpress/templates/tls-secrets.yaml
  • Updated TLS secrets to use common helpers for labels and annotations.
  • Added secondary ingress TLS secrets.
• charts/wordpress/wordpress/charts/wordpress/values.schema.json
  • Added schema for secondaryIngress.
• charts/wordpress/wordpress/charts/wordpress/values.yaml
  • Updated values with new global parameters, security, compatibility, FIPS, network policy, HTTPRoute, and secondary ingress settings.

Activity

• The pull request was created by weizhoublue.
• The changes were automatically generated by a robot to upgrade the WordPress chart from version 15.2.39 to 29.1.2.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades the WordPress Helm chart from version 15.2.39 to 29.1.2, along with its dependencies like MariaDB, Memcached, and the common library chart. The changes are extensive, introducing FIPS support, modernizing API usage, and improving security practices by moving towards read-only filesystems and projected secrets.

My review focuses on ensuring best practices are followed. The main issue identified is the use of latest tags for container images across the main chart and its subcharts, which is not recommended for production environments. I've provided suggestions to pin these to specific versions. Additionally, I've suggested explicitly stating the minimum required Kubernetes version in the chart's metadata for better user experience and to prevent installation on unsupported clusters.

[gemini-code-assist]

Using the latest tag for container images is not recommended in production environments as it can lead to unexpected behavior when the image is updated. It's better to use a specific, immutable tag to ensure predictable deployments.

  tag: 6.9.1-debian-12-r0

[gemini-code-assist]

Using the latest tag for the os-shell image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 5-debian-12-r2

[gemini-code-assist]

Using the latest tag for the apache-exporter image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 1.0.12-debian-12-r0

[gemini-code-assist]

Using the latest tag for container images is not recommended in production environments. Please use a specific, immutable tag to ensure predictable deployments.

  tag: 12.2.2-debian-12-r0

[gemini-code-assist]

Using the latest tag for the os-shell image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 5-debian-12-r2

[gemini-code-assist]

Using the latest tag for the mysqld-exporter image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 0.18.0-debian-12-r0

[gemini-code-assist]

Using the latest tag for container images is not recommended in production environments. Please use a specific, immutable tag to ensure predictable deployments.

  tag: 1.6.39-debian-12-r0

[gemini-code-assist]

Using the latest tag for the os-shell image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 5-debian-12-r2

[gemini-code-assist]

Using the latest tag for the memcached-exporter image is not recommended for production. Please pin it to a specific version to ensure build reproducibility.

    tag: 0.13.0-debian-12-r0

[gemini-code-assist]

Given the dependency on the new common chart which requires Kubernetes 1.23+, it would be beneficial to specify the minimum supported Kubernetes version in this Chart.yaml using the kubeVersion field. This helps prevent installation on unsupported cluster versions and improves chart maintainability.

apiVersion: v2
 kubeVersion: ">= 1.23.0-0"