Skip to content

Move router service to its own deployment #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 54 commits into
base: main
Choose a base branch
from
Open

Move router service to its own deployment #137

wants to merge 54 commits into from

Conversation

NickCao
Copy link
Collaborator

@NickCao NickCao commented May 13, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Introduced a standalone router service with its own executable and deployment configuration.
    • Added multiple Kubernetes Deployments and Services for router instances, supporting dynamic configuration.
    • Added a Makefile target to build and run the router service independently.
    • Enhanced Helm templates to support multiple router ingress and route resources with customizable hostnames and TLS settings.

  • Improvements

    • Updated Kubernetes Service and Deployment manifests to better handle multiple router instances with dynamic labels and annotations.
    • Reorganized router-related Helm values for improved configuration flexibility.
    • Updated deployment annotations and environment variable resolution for router endpoints.
    • Improved deployment and ingress configuration for the ingress-nginx controller with updated ports and Helm installation.
    • Implemented router endpoint selection logic in the controller service with error handling.
    • Enhanced configuration loading to include router settings and extended Helm template helpers for hostname and endpoint generation.

  • Refactor

    • Simplified the router service's internal structure by removing Kubernetes client and scheme dependencies.
    • Removed router service registration from the main manager process.
    • Shifted configmap hash annotation from Deployment to Pod template for better update tracking.
    • Consolidated Helm template conditionals and service type configurations for clarity and maintainability.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented May 13, 2025
edited
Loading 

## Walkthrough

The changes introduce a new standalone router service binary and deployment, decoupling router functionality from the manager. The build system and Dockerfile are updated to build and package both manager and router binaries. Kubernetes manifests are adjusted to deploy and expose the router service separately, and the router's code is refactored for independence from controller-runtime. Helm templates and values are restructured to support multiple routers with individual configurations and dynamic hostname resolution.

## Changes

| Files/Paths                                                                                         | Change Summary                                                                                                                                                                                                                      |
|---------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Dockerfile, Makefile                                                                              | Build system updated to compile and package both `manager` and new `router` binaries; added targets for building and running the router.                                                                                          |
| cmd/main.go                                                                                       | Modified `LoadConfiguration` call to return router config; removed explicit setup of `RouterService` from the manager startup.                                                                                                   |
| cmd/router/main.go                                                                                | New main program for the router service: initializes logger, loads config, starts router service, handles signals, and exits gracefully.                                                                                         |
| internal/service/router_service.go                                                                | Refactored `RouterService` to remove Kubernetes client and scheme dependencies; updated JWT parsing callback signature.                                                                                                          |
| internal/config/config.go                                                                         | Added `LoadRouterConfiguration` function; updated `LoadConfiguration` to return router config alongside existing values.                                                                                                         |
| internal/config/types.go                                                                          | Added new types `Router` (map) and `RouterEntry` struct to represent router configurations.                                                                                                                                       |
| internal/service/controller_service.go                                                          | Added `Router` field to `ControllerService`; implemented logic to select a router endpoint from the router map in `Dial` method based on label matching.                                                                         |
| internal/service/helpers.go                                                                      | Added `MatchLabels` function to compare label maps and score matches.                                                                                                                                                             |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml            | New Helm template defining standalone Kubernetes Deployments for each router entry with security, resource, and environment settings.                                                                                            |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml               | Modified Service manifest to create multiple Services for each router entry with corresponding labels and nodePort settings.                                                                                                     |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml               | Modified ingress template to generate multiple ingress resources, one per router configuration, with dynamic hostnames and TLS settings.                                                                                        |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml                 | Modified route template to generate multiple OpenShift Route resources per router configuration with unique names and hostnames.                                                                                                |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml        | Moved configmap SHA256 checksum annotation from Deployment metadata to Pod template metadata; removed `GRPC_ROUTER_ENDPOINT` environment variable from container spec.                                                           |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_endpoints.tpl                    | Deleted static Helm template definitions for router and controller endpoints.                                                                                                                                                     |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml           | Added `router` field to ConfigMap data populated from Helm values.                                                                                                                                                               |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json                         | Added JSON schema defining `grpc` config with nested `routers` map entries including hostname, endpoint, and optional nodePort.                                                                                                  |
| deploy/helm/jumpstarter/values.yaml                                                              | Reorganized gRPC router configuration into a nested map structure with multiple named routers, replacing flat hostname and endpoint keys.                                                                                        |
| hack/deploy_with_helm.sh                                                                          | Updated Helm set parameters for router hostname and endpoint to use nested keys under `grpc.routers`; changed ingress controller installation to Helm chart with updated ports and SSL passthrough settings.                     |
| hack/kind_cluster.yaml                                                                            | Updated kind cluster ingress controller port mappings to support HTTP on 5080 and HTTPS on 5443.                                                                                                                                  |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml           | Refactored service type and nodePort configuration to use unified `.Values.grpc.service` structure instead of `.Values.grpc.nodeport`.                                                                                          |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml    | Modified Role namespace to default to `.Release.Namespace` if `.Values.namespace` is unset.                                                                                                                                        |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml | Modified RoleBinding namespace fields to default to `.Release.Namespace` if `.Values.namespace` is unset.                                                                                                                          |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml           | Changed ingress rendering condition to nested `.Values.grpc.ingress.enabled`; refactored hostname to use Helm helper.                                                                                                            |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml             | Changed route rendering condition to nested `.Values.grpc.route.enabled`; refactored hostname to use Helm helper.                                                                                                                |
| deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml                     | Added Helm template helpers for generating gRPC and router hostnames and endpoints with validation and defaulting logic.                                                                                                         |
| .github/workflows/e2e.yaml                                                                        | Updated e2e test workflow to use `router` branch of jumpstarter-e2e action instead of `main`.                                                                                                                                     |

## Sequence Diagram(s)

```mermaid
sequenceDiagram
    participant User
    participant Router Service (binary)
    participant Kubernetes
    participant Manager (binary)

    User->>Kubernetes: Deploy router via Helm chart
    Kubernetes->>Router Service (Pod): Start container
    Router Service (binary)->>Router Service (binary): Initialize logger and config
    Router Service (binary)->>Router Service (binary): Start gRPC server
    User->>Router Service (Service): Connect to gRPC endpoint
    Router Service (binary)->>User: Handle request/response

    Note over Manager (binary): No longer initializes RouterService

Possibly related PRs

Suggested reviewers

  • mangelajo

Poem

In burrows deep, a router wakes,
Its own new path, the project takes.
With Docker, Make, and Helm in tow,
The manager lets the router go.
Now pods and services hop along—
Two binaries, one rabbit song! 🐇✨


<!-- walkthrough_end -->
<!-- internal state start -->


<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEejqANiS4BZfFMgV8eSpESUJ8BiUgEUuZHwAdywlbgt8WTYMXAMAOWxmAUouAEYAZgB2AwBVdwouOK8AawBhNHwjfWNwKDJ6fAAzHAJiMmUaeiZWdi5efmFRcSkZeSYlKlV1LR1qkyg4VFRMFsJScipOhR6Yriogt0TmNAp5OQUJlTVNbV0wQxrTAwARfAZiykb4Kw4DACIAQYAMRAyAAQQAkm0NtQ6IdWCd5E1GLBMKREGZYD5Xu9Pt8SAByGTYb70RC4NCkSBBNDIbDcWiw+h+JjceS4LGQdjwCg+AAGDGYtAA9HzILQeUN8KcUBhySQ0A1mvgMBZ5AKhcLjvAMBoiPg+RpwZByAcBCSLF0WMcMPQachFUpmfhttx8eg3KIVfQAOIutQYREmtBseh8pwuChixpOZiQDUiiM0Cha7S6/VitARDBERDwJS+TkkAAeSHEOfjNsplDFAcRRohWA5Pi+gYsKGOVPJ1YANIWfKa1ZBzd9cPGkzXhzqg6hWfA4TGWP3hxaJm4KVSdX5mx3q+hs7n8z4dyWyzqiJXMNWo1PA6cjXAfOxTtx8FvHCRtXLPWO/BRsE2nJ8lWpA3nW95GEYILghYybUPAKrINunJKAwFgnPBiH8M0JavhQWzSjw2ACBYXhcjE6jzhiBhQHEKo+AAFBgLoMKiObSL4Lq4dKBF8NwxGkQwkCNABYgIVghG4LI3A+Kh6GbOJiAANz8Kq8g4h8FBfFYK6krK5L/mJWFBJQPjMIo8BfHQACU/yAjRTw2GgHzadYdl/MCoKQtCHRwogRxBsirFotImI+E5Ln4kSumWjwTjeIgyD2lyxY0LacJ+DqaHYAWaAmiQZrTjKFIUKQY6BqG47OMmhowEBI6WmKJVlSawSuviMj4Byy6nuS56XoGoG1kV8iYMynKmlVkbDXe8iLnGzY8h+iAyWJDhfpAfpuM4FDeMJHVGmCtASuIKpZmqfZ5ZN3CwCq7InC14YAWAE43slW5OLQ2DeLQfZBAgrGOABSGcq9t5BhKvJiEO83bdgu0kJdbb4Pq2BIS6J6ln1FZPRgTUPSQv6omO/7fjuIGuOBshGgAQl1sD5QcjqUVhYT1Kpy6ICGPi8KZACOJJ5jQiBcDalnSAEfbrL5faNMwuBI/QUiaJAdEoiFSWmZAxwFn4lBOHwbG0KRFaEUwMROO2jQRGaJCyN66DHf1zbuIzMX0GNQNYN0Nq0IgGiQZ5MFwadZMYyhojyZh37Itx+FwoR/EkWR3LiKFNHgsdcLXbdGD3aVhNcLjL3VZOOrxhFJCuXyGd2BKVn0L15YXjdd2+ATnDxg1tBiuXfKV9XnGO/Q3f9XyAbCq90axvGgqJqXKZfnqBruVUTxz6mOrL78AIedB3nS5sfkBTKQVseiYXipZzT0oywvLhtIkYEZWDnOZ9eyM7nIMOdQ8CiqXwiAaAADL4EVKUAB8AiDw2jk1FiaBuC4Hhj4FYzNQ5Zg/Egig5AlZZmwPyKeD4EDIHDAvXuIMyCyhEGIOEtIPRWVilucO/IIEW3wBYKwFAADKHgvAkDFF9Cg/V1DIHcEg7g1J1AM3JleUCRpWEMHhryGIF0erFnCF4dQ+kKQUWjugW0P56TYU5iQbgGEaDxgAEoLx4RQTw3gxRBCkQ/WRrhUC8nMlIRuFFeSqKyhYHKwiAiMFIuwPsiBWKfkRvoskHhXD4EQYpI0at6auHyPYjiZsVS4Etpwh0vJ1bsV+jE5c9hlAcO1q4vgOpKJZngAALz0Z7bs+FPQCzIHtDxaYKFuG5gHSC+9YIdEUkPHcclzEjNjuoniCc+ICRThRNO1E6LkADrvNeYAjAb1epvdM+Ad6An3lCQ+TJ4THFPs0YK7FqJgjdltXgKMqBxiWGwr6P10A9I2s+eQr53yNEInlMG6S+ENjHDU8QdT6kcQiEQIg/UnHdXNoAmBJEfAJNDnSPMFYdyNIkTC0CsoaBECPnaZx5scnsM4S9AC4g2BEJ5k4YlIYeAnHcMgH2Y0wAmxbOhXMQ8kVQOQZAfF55QX9m9ryWEDpIAAGliKUHIPfNC84YiQDRl/Hw5LcmUGpRRNgCgMDIoUiqPsp5m6SO6isfWhEYUoEuaE1VDBJWh2EtoCw/s6oMsecyiIipkBgwFdA41WBYZ5TlckbBhMOK8kQDtPaR4KIN2HOyIsGBPBOAwNEMcEgTjwBUDpP4cQwQ2AAKJcIAApglKCWv4JS8pfGLNnbmkA/hCESNwFpyYwBaspZQHstaRUVk9ma/qKpXXfGQYdRwC9PR2L4dozA8b2XOrhAi6RnJfVOlnVIPg6KRnNJKlsNd5c8rkpLETagjAThCI4jufFlAGzNB3MCvajQ3Xo3XCcBW/hhUox6davgw7SwBHpXFb1cYxF0gkXmIgbZIBGxNhePwpF5QhskpQZg04XUwbbMgBiXCIQ+ghHEaAfYCM+mgCWyxNhrIlJIm8YodIKLtn8oDPKOGMHuNECQSQdA+z0jHf9LwDMtEwp6VDHjXi3BQLg0BkRkAmXeBEhw6mgdBkhxGchWSkcJlYSmXhXiRFk5CVTlRKoqsCopVEHgfNXqmVxjXfGJ+QkvwMWsgInTvJ6DlzMe8PcwE0y9xDe6BMk8F67OXjXdZDlNkGDCBEWQwosQWGYMKNtzAO2HsoMKYK+FEBpfbZ2nVPaOHZZoBl9CwswuRjAPFyIWaNCyBDBYA5e8vLHPaCSs5gVLnn3TosZAk0AASJAUu+E/OEWE4oq46g4swbAsF4DhB8OGhVUbkDPFMQlrNy040cQqnCPk6XMtfp1a9MAwAPiyD0NGQiCpAbfNlMuQ0AA1PB0g9QUG4AwDQr1EBimONwI0Ja0CAzq1EdgKBl0Ki2Ceg1RrbPBjYCtUHPhHPoWSO6lAShE2fwrFouhZjWnIh3CVzh07IwlJ3MdorFBu3ZO1YB7gQPIAAHlElnRU5dab4R6uQ9pRLEMEjMDMQpC6l52Ut2wyIBEAQGCc0BOkJdA8FqGYrDBKVfApRnhuFkM/akaAHAi66tHYHoOGbg526TaVWKZc+F5Bon+PBFCq8qbgVi/UMejYdAY43YvFJ9n8YEod8OoGA8gFwobYIABMABWAAbCiUQjHEj6NF3oiYvH6Cw1Jwz3tfBA3h/K5NmgoHXxklWuRf5CMbfWaEVJA1NBUofgFjyfqzEMAly6lZxRLrPZ5SUG+hbY53AMG6BIh5rkxXku6apTV2S0yuAO2GKeXsMAavjNVmq2xfagZn7NvgZB00qh2zmoRtn2WQKDceTkRBLHltKBT5M5FaC/NVbQPXIYvDnTmjPHcYNw9HtHM30OE5d3gh5bpyQDsqcsQmwXQB8q40Bh8n9XBng4guEkc0dnEDNhIZ4ZdBB5d3sPUIQxwsxY0qEhhpUwYrtcClww15VI175R9eRSCDFINlwDsUdX0/9ORy9tZCZFRqA0A98F8D9dwqRPZ+IKlXxBJRoCkiduZkwGkFwZ4RsxsFd8FEA/pnEdx4BOxjxKRpsh9FtsVmF1ZWkEEJEd08wVQRCYhF8+BR94Z1Axhslz0r4uZUVkBeBJB8QqRpAf5KtxISlaAnAO19x2xgEdRsBiwr0zE1BSIlkjRLFpA9sW9NDglPZSJMNMiCkVpRBLJ5xs9CJShy0cgSk2BzJ7xPVnd6A0Zb0gIycdUKYbwX0UEx9nBVVPZURpVkxMNAwXVFMeZKAEIlRIBUgAAGT0c2P2UDYvSrHwIPJQS/HYToMAaqaYjFYSQiZiXKRoVsFw9uAuc1ebRbZbdAXaBAGgMQZBH3BoGSBSCsRAWQeUZgLQj5akUbdsOhH2dgOgdYvAYVXjcgRKEpSVCUEE7wpwZIf2NTLyIZYND9MZTzaOQIHCaZeOBoOZYzcicQJZczOISzVbRgjiTbXnCHVVGNNIo7QrLLOnc7S7O2G7Iw2bbzLAPkcHJLUbVLGnOknLVEPLArDLWnenNhUrFMeYqVLfHVS3dgRrZrW7Q/c3SAGgvuDQN7RXf2Ylb7X7Bef7bQxFK/FFHSTg3zaJL3d1JGdPDFPsPg/IhgPsffDYNwVacJOvQ4s9VKU1NNHkE/SHM/PNLwvsKk+GPabIkRN0udPaUHJgGlRWfgDnWTfY8FUaAxB5GEyABiX4mIBOPAayNZeyCAWLTk5LHk2k07FMXLAIIUk7eOOnJoiUibBY/Lc7No+U5gFrVeI5HyLrfyBEC5QpC+AwR8SANQhaJsqbavZcXkis0UilcU6KO/B/FAvgWxDJA3dlPrZ0BTTrKbU48Qc4tc+dEMmvZNfwYZU2HdeMdUogz7HUv7WqEHQGI8vaZiA4Hoj0ACeAdpTAkpC0w4ZM2IuXdwBoQCRYjTMdGghiPkAAbxgsgAABJihIAABfFCvkayYMrbUHDfXmTwZwURc8HSbscQISF8gcbmMMGcuskuGrbUhgRxZxf8/+MUsASbcgLgBssAFo2qEc001HD8RoUyZ+NHOhW+U5Pweo5cAgbgLlEgKQdsT0scaChCjQFIqwWkEgDQOIbmLg/hEpPkVSjUzQjQfihxWjKcpgCgKGXASE1XcuO9fABJUDci3waSRYwbNqD/Cqb/FTH8M8nUCQfAYoDfMc8bCrKbZLB4+MP4V6DQNsqSGSP4Ri7qUnJRSHdQYZMdJSwPOUGgRUYxGYlmNsIcQfJAkwpDF0OiJQctHiYcTS0Cj0fAuXK2XlUDPkXYkgWq/CaMecRhS/W0Yqn/fynPb+dKykmdb5aKQ0Nszq7q3AXuZoQfVkrCybBgXC3kfCtGBTWXDBV7W8+i0yxQUxHiXUyMeasUNGasUDdwKwMQG1FQUbDctVBkCSl0Y4d3ddAcSzbyr/ISf86vD6ohWcPrciC/bWYfJbHSCUbGMQBTe/R/MGcij9ZIHnBLOEYChOMC0c7kyADQj7OE4OLKsOZccZRE4xOOQzJOQSXEyidOWiFiPrD9Sm2ZIzGm0zaQFSFUIcMKyUixGFMiT2YkxVDiVysWIS8kHcmEF1EyApd+QougAsjyGLIwLcBVLMYUNo6UigAAfTbP1FayDgPl3K2D7POSRF6w1kviuXRA/E8RvyfCSDoC3WFvWxCRVVYLJEiX1QYT9kzIFAdU0FKEDszAMT5C4W9p8AACpSYBcNAI6sQ2AMLaCFogJrFIxyKxQDJvpv1Rs9CsN+o2Z0pn4qIOY+RigAAOf2BCYUBBPQ83A/RLbgYoIgSeGlPQ/Sz2PkGDf2Su6u/AHLPPcU3VAXYUZu1u5VdgXuDLHiD1I6E6cSH/PsHcAAKQAHVoAWUKBbcr1QDQdkLnNsMZNqAhU+507kxyKtA8BYDSLYRyEXq74VClwWD4Z18cYGI1atJUcYKULTVrLpR3M/4GJMBZA/6DZ3MsLrYhh+o8oqizJjrsFNoMZ3K1UuYqQ10NibaN8BaftVYXRUk+BD7F72wskxThIbZByOITgzJFQtLCawQETUTRkI40JdMY50SDNWbqaFk8SzMM4Uj7bs8+q/a+Rg6Pb3a5SxGp6DKE6olIAY7266VZGk6U7ntz7KBM71xDIwV2TP62xNbeFvBta9bDGtKMwlaNkjASzuSazad+Sv18tqKu0GzhQ+bpBB6xSqVZSYh2zOz1luyTlTaT4LbKHqIRyWLAFAcwBEBUQ4949Q7rTgjkoPEyls8eDsQts+dVU2AKQ748o/cmH+8s5tydxarmQJyLEcnBCKQ08TcbSPwIgf5zVc9DUw8EF4NaQ1cMBEmx1RqMnySdsrAFLmGfAymXTRBhV5LRtQMj9fTM1/Tc1Ec+QfQEadaS04hnhy1WdiNoAgtlwnS0lK9ko8wKsFaR55AHd0J1qQ99z4BRSF7Occaxs3HhxGnkKORL1bqhgMpOR8b6qQKy6bzNS7yft6g38Fq+x9rgXIDbLuY+Q+wAUjDyqxxzZs6aF6BaAWA0wDS1dpMcwdJAj2wtMnnxyIqLEorXA+RDqwW3wYheLU1xAClZmM1T9FnUV4wVmH8dbLFWcchKNLE1mNmtmdnQ7vNMjEo3g80tgir0F2w/naQcMdtZb7dPxUnkl8HmwC8mah4cGwHCIENzwEWC8h7yG2plXKklB+koJ4SIKSbkTWHyb9MZksS2aeG6bll6ILGVaDA9GNbA0PHAFt4uz2sezTkzaetQmjBblJoiGx0+RQFFR1GKBWEEdQ5HE6FHQMoXRN14blz0l4lEzkA+mW1A1a1R8XVkR6CI0RbkAU2oEnJuB+NM1WVUREMf0DIvBcAhwmEPRRGr8s6ckc6wTCZX6N8lzH983d1C28a814wE3aAfQvsGA62g1YEZmsZzV42wFaAV2YE03hJRIZa6F5ak0/A0FiGhwc28o+Qk2B3tHVGrpLNYqF4y3oGx0HLOQV2G2sKsE36LwCcDw8xdYiwN2YHr7uQmnJJgqyBbTeQG0tHDXc2J24kp36nJCnBPAbC/3ndP7QNY2sA3zMFX6fcUoclr3b28b3sSlxL75f4AMiPsEHQOiKAISZd2QXQlib9UBJoX7EH8bQMwDigaQWP6cMt4J2WkDmwKImngjN1+oBAqBn4GZkoaOs39xyDePsab2yFgd/7DYxo23kpFQ215RtzNP4x18LBFSODLNtPppKPFcOY30J1eRQMAJzkYm6lTYn1ORn3IxX2X5UH9sVRomclO3IAABNYtYBNVZt7e1txDoTHSHcP4UtzY4I+o0RMLuG9zltrzoBNnHdc6Ze7+bV89dmQNPd2T7d52Dj5+AJAsANI04NEpdwBQixMGOT/HGIDj4JYIENQ98SK1o2xhrY4lsmphp1zE/gbE9mxZPhqAAAMUG7HUzdoCLnnaTd3eDSzNwFiKUo0FYSb2/UnsdUDrUoVAmD7BoNO80FZ0GDEBlTtlowYkOrXMoHZ1Dj1YoEAZ833v80DT2b5F9YsADagTB6AQzAzmW+fiPtgxPoKVU/W7ne3e2+jl2/27cNSkO6x5O8DokZ8ZSNoYoHCUjvkdjo7vjsjuu7tgJ7u4e9wCe9Aek1g1cCjrfFoB+y4Rkz7UYEoHEC+CaZIDBGvulEOI7ZzBe8k5vu/wIAoA0GgGg4wHCTC5zCliXfjpQ8+/Ej7CjvLQw6QHEkQ4A0AcACTCFH8BZr9HsQTHnM7Ho789R0/H27i74n0nxO6OinpR6nlU2nl3+76hRnu2cJHnvgdn/MLn0Px0/nwooXkXjkMXhvCXogKX8D6T6gaUBXpXlXoRNXyAJN9XnU97igbXk1eR/X+wQ3lUY3vT37rAXzYoAH/tp7YHnM7BP1q/CHyLVeb16xlLWxvkqsxx8smilxtx/LHWmlrcf2XAcIQ2gJk24+fskJm2/rCOKwLYVyRvRfZkIIF0Xmip7TA4rYqcwJ/qKf1VGFzgoLtk0mzJiklFq30OPDnkSWtxyFvz5MDQC/3AZKn91+2hPBnwBQFm0U5f/DOjaJcAtE9RcaD4D+bIgoWJlQ6q9CGzADYWKjSyD+C5qasnE7gQPI/zyraNABZVZAlf2bTnBeYDaMeJ/wfTJURm6RSUGGCBZIDdqFgDQJjVeBfh6WPgUfA7Hf4xUGy3/W0OCz/7SZMM8kIcJp0AFkCfakkb+EPXJyQCf0MA68sZQ+yHUZB+lTAWImwFYgKAuA6JFolRaDt0WHoEgbBCAEgD9UFAuDvAFLA4w/gh1OgcS15Ct4vMqgg6qwPYGaVOBgWWmPTHCol4OIZAavO8g+ZjgeMmrTmKtFj6WD0BaKPgDuGaoYJMa4oLFuXHmyS1UaYiBFjgKQDHghEsKEYkOiwAAYX+BLUQjglaj8AohODGblyD04dNbQbbZIPbAMQux58g1WVnEOgJfMX4sJAZDa2JpIkWGUcLYlNyprzITM83empAE2wb8Moh/FkuvlDhFxlq5AFtHFR/50C+4ffMssKUH4ClqyTjYrAoLKyH8J+P/GfuEBrhQB5hUacpmSyP7gpxIawmbBsNS5nD5e2woHnsIH4Vl7GgpE4fWS+GuMLhwoSfsINpYgZZ+VnHvkWSsb38uS/fYEYCOOEj9nGoI8ftrTADngY0/sJrB2Xn4htAmS/c2oVSZqXwD+Tw7YokNvwI1ZQxKaQP6lSKhlRKm5EKGkyXBn8Q8tuHSHiOZG7Y2R1IWAh4OBaHV34+lEgALDIItoBRiUWtJlA0yXlKWzA9QRrwfIlIZWF7eQDyIvC3Nzi8olkbGjZEepFud2ZUmDCAJ6D+QGgI0UINsw9wocvgf8NEnYymJzEixHMPiKFEIxnRTqGHIrRqJGjfRr5ZtJ7EE7sw2iv5ahgBQbSrodCoMGdDQT1hyghUX5dpJCSNCoCrBVDAxNAGAQYEYW+SWSJ/kwyEt5ASgPoqyQCpppgqG+UhJGA0CaCmoSwxzOAMpw0FPY+NValcw2ryUEI21EimREIjJD2wmg39HClwYjkQxrDUEtAW45tQKQHwENOk1lAShPAX0DBK9Giizin+wRHUPKAKqVsdqBBOVu9lAwFiMCZiRKByAjBEAumPTLAM0lEAsEYxBSGMsyKfqp0fAY4xvO4XVTYokx3eCJAkkYiGUMKoGSaGiywQ+BMu+UUzgagea4Z+UWIcAmAN4IxoOkKCAxGQFsw7ZkQIY6Kq9GVw2x+oBo6GmeFh6MifRlXcmiyHwBNxhu6mYYfQIm7jCOGzreodw2mG8NZhasVfszQxKTCcSHNRAASGmwOtUSKkMZNfFUhDgT2pdakUEMnFkQpyrte+CGJPJ7Qz+theEU8D+Goih+/w0fliPBHnYJwvjYkeCA6zS0yREbQSZfBebJRV+XIuMHqI9B8ifA7OMgFwgQCNAxw6jUMWjlFGID1ROpSUWKGlHYBZRNAxUb1wvIXgykfAMKVqQ1F6lRWSEoan5Q8kUSfAQU7SR9kgBPkGYE4f0SulArdsfOmqcaiTEmoWx5AH5a9hODFCCBA+JSeTHyDwmoonRvtZ0YOy0o1Eyp0BT2DuGaiExt086EaXkWwCAUExqVTkJlRa40FDKxQOBORH8iI918mY5kVBN0pmlnRuEQSJYAuZVxhK7yYtk4G7xKV/aCFZOpZUQhlhIcoEt0DmFAwTjFxBwMRLWKCohUgJBCBeM2LQEHZWxNI9sWNWsqQ4cqvvZnp7DBg9iPwa1fsVtQGrISMEE4uoZjUaqpSQWZ1ZMDmPiGtSUpaorUl4I4HpC8YD4QseNgoD9E9EkopPO8DuKlJEyGCcru30Uox9BeU2ODudJQSI9XqWwSSq7HAHXTcetIyjufgk5j5dpNRbkAUjKmFTXmDGZ0UECoDM44Qh4o8AhK2DhgQomU4Ho0AHawgs07xbqW2zykoFlhxVGQA1Q5gdjn8gBC2KXUczmy4QE4AYSxPolmF2JkyTidN0ThTDaa+JDOAJO1Z6xhJXDIOfh3qF5MtGOdIVL7MQgyTOQikmTlhFjHhkhZ+/XGi8zqHHpsaGkubJgHFhv8lhU+fScWSRGlkTJyYNEcPwOGzkXG+NAkc1msnG07JZIYJhSKtrDl5BrTVdke2NEmDYJ5zO2pX3+kWd9pqOMUF2IMS+I3g8ESecD30IGz66pActAtgsC1VZCs8u2CMOPAJJJmwzYAnYLhAtyZmPifkPRSzpvssAxzPQhoiTTnAlAG/DfJoODILwCZB2b0q/mhGfzIwJaKEVuFypMjEoACmgPGU6o4F/IAgctkkhqJ8gu2/2Q4HArvmxc1wVLJdumxZFvI1O3NeQJx0rDHUuAfwG8eSFgD3jYAdArugZi4AAAWehekFqjRtLMMlOSsMwiZQJb5gXd6K8m+h8Zt+NSCsCCWlb7jemhELBd9j3kejSIDgMRM3CSjOJgIOocwCo1oUYZ1Aa9KRNVC4Q5IFQzAMUAoRyaUB3i/edktLwg6wJ0ugmZxCsFb7Jg2wRi2wbEU9jZk1iGxQ8SPP3TtCLhEs6MTGU6K/gleLotGCPhHYSJAJF4depvSQD+RXAdE03PQ1G6aYfZKJDiSlE4YuseJwchbngw2EMRSc2rTOfnWzmh5B5wRFuU9jyhRcbAMXVyH2GYiZKuJgcnEuMCfAzDNYH4hEjZC9YIi4s1cmxqiIvmEi/GhyEkYvy7nL8e51yKkbjRGXNZ9oOkDCT4GBFzlGcz1UIrSFvp+UTmT8oomeRSaeAh0FSdxXCExaKIs0TSNMhhBMV8BliTqJbBilAx/j4FgmOhF5gEXbkCF2xeGFvUUKmKuAAubsBlkzITYk+qvFPn2HJkbQsyW5VRq2gxEPpmA1MTFkvG6DxSW0JYIXFYA0AYrMKmBPSpmVEhbkCVnsHJkIgYD+w3Z9ABiCSs5H5kYIJDKIX+OMVRpt6DTN6uuGlB7g5xbKT4grNVZeJL5jLVZUipBGeMEl4i1+G82epHK4QJYbwIgglnsYiKHSx0eQ0MLfTtwro4GsgE44sjPEGCQifoWmwUhvg7xDcIHn0KbyOEO8rwMzzMpood0QiJQFLAZEfBZFvGH8Iosuhp9b6LqRJV9zrQVJx2NE5kdKX+V3LRE30NXMgE0FmzgFMQd4leO1jHVbSs9eMt4Hwix8pszBQmB6hHIxpIaFYLfiwVnw/L+i9ddsH+KDXBF+8eLO3JADWUNkwaPUzVUAmSW2sD5kksYX7OaUBzZubrEOQzVCZDwWa2S6OSt2V4hIFWRrSWYGWhrpLFIXNNSCS3MLZoiC8cm4h+IMQXLEg7APRO4q6UqtBG9QvZaRAbh9KngqId4MKHBw6010OtUsvFVgDtzbJvkKZeSLPi9yRy3jEfI8uVWXNUcPSPCoOOQCQwhg6AZnIJD0Qk5Fp3o5kWABzA6hYi4tCWBLL+mkpLU66+kEyiUDCgvFv8DlO0OJgLoOE+qxDYlGQ1woMAsRWGPJiaCC8807YMKg7mAHqBpQ1MOqKgDCpEaOER65rg0S9FgKBq85RQaYw+LVUuqdVRzENmgDQBy0HMHArHgmIV0pinseTYpowJjoVNjC9IG6WCS6EqN7KdCKCSVl0JzBJ3ITcgGjzUhpQmkMDAlDZTxk3ZyALhFwhi7kK7xzgB8eu0dxaI+C4JWbKCRkJtsVl4a0Eq2q4yCN+kI5CJEImVUfRFAAi6VHAzNVuo4QYVb6XWokV8Aw1VopNcEgAhrhH2iEmko3NMmSr5eyAjKZUgkTti9+K5EWPGCs0GzMABDR8paJnQflGNIQHodzF/ngtIy65RKoYJM1tqrA2eXlFAuOrzVMyU5aBXVUlGMqRyYan/s7jywSyQxDM2MUj1Uaqb1NQ8WPPpqNDmi+AS21pJKJK724etwM8MbhKK0LrwasYtbvGQdmuANt2WiaVxhgnIIyQ+dCQfIBK2UsW1Xw3GX9g0BtaDKWgUXHoJSoMxoxY20RBNL8DSb5tQGALeVDm11UL5cysbN9LZXJgi2hEQrX/On4XEVWf29waGkbU6RGxyYIBeTrpbPb2WZ7DLfiHoB/Z6truS2X9lNTKlXZ6iY6QQNTbBErsJOw2PdrYBDb/5k0vaGNsaU478IoCn0TSvjIWk8MZyhoHmTi2gxLuIWzcsnl/RHzT+DIq4c6P20sg0JyFX+HeJIAdLmdAQIFanLTBIcX84LOjAELJ3gs8MHJRAsPna1w6awq2zkK2AwT/rDgMs0EsjjQYMoKdduyhQ7vd0W6dQG4/MDFJUz9IvZTDcbsur0z+yRJc3PidRFHWCTx1kcydTiRjmEQAyiOJOXKFXXds2+cGBLU8tZ1WBmZ32scETtMUCr4G9cIotetiy3rigwoLDTrWyjyh5eoy99aGyCbTKf1syvuSJtolfDNtY4QHK9IvAuT4VsMA5nxDqpHaGJ9hMQiprU0TFoVAQrfWpxhYb7IAh2y/a7itTC7NEj/VYuuNl79QtN5aKdNdGW2WF+oEWvcdVtHIKby0GBIzsUz7Bb7+oB++/SdqYUQE0BCB07TUTA0EV6t2+wqpUNcA4F9NyByWnpqQPJMhVQY+etlNURJCl2K5VqGEDqruLnqDrM5kPEcE0GwYVmugydRV21oG1k0eirQcu2b7ADFYKA1LlIbmrnSOBdIBMQmKpA7NfgO/TgXU0V16Ff+yzDgVgOlrCISgWIts2eCP4xDgirQxeHgPSHo8shqYooZQMqbY8CeF5TQaENYHzwkuoRVIdnqQAZDchjTQYi8OpBUgdtN3fSqKQpQlVY4CLYwdU7MShh3su/lJIyUTruJQcsSUYBWR0Nos/SwyeKvrm1zTh1WsEU8PyyCgijXw7tMwCsnBsbJ8++yQOUckr7IAX7dpi8wi1g7QDH5ZIJQit3wFjoHoSaHHL6nL4poNUPVftFGzeZvCCSBbKcnOBLSl5SUq8juBxm1bIwKCsKoDilgm0YGpQhqRLPuylTkxdsM7RaMBgkT22Ba/RPGB/69UxjqDBsVsKK2gyVJ4MmqZDNVRzzcEiuLNd6EoOEL6uOUKhvGE11Z1iIfUzAZrsp3LDBFgNagM00TofFalMXRzGnsPXP8eNJCVfKCco35BYcPQCULCCHDJBq8DtFKFRIvBcKiA1xy0OqxqF6Cx1yGFGF4G+5NDjYiHCQ5bFNZMx5CWEnxtayJqxH7WfagvQOqL3Dq8lYcjWBXqyVJHRJiySsfnsb3yTRo66l5o0YkT9HhGw8YqsPsRHklkR+w2snXOMmtHxN2WC+REkTrCEhAsaDAHPtJFfqHJlIgwKwoOAr0uErOOIG4G9r1p3QEWsKlWQc6aFjEix404zjFDtGHdWAZLXgtoAjHzTn4BAq2ABPj5eQsBPMPIpHlCpuxdSO+MEX/Cd6JZRSr9OUqq62FIAJBBgTGnjDrzO6Ydas7au3nsIHVd7fqA8geJLISke6TnEOH8jM4PDXUwMD1LFAMQBATlDShgAJUdVp5DiSFhuHhZ1p4wY41qQz2f1dwfBFM5syUPuLdDgIhMSlSgralDAbqXpyE9KirGZawwN8gYO1McytmY+HEVjHGvjAtjIWVxyFkaLnMM7+EkLNoh+eQVzmu6D5dqn+avNQaezBmTqOwgVDskaVc55PtMRYKuHs1AvWXkrg9A4EMAiQCNPGVgbHVyIqeRzFUr5DebKFvm2AETPHARmnU0kBau1U1Hh4nSgQBniyLcFjwrjBlH8wi1Zl+UliY8Z81WZM0fmWp8ZPkECfao/mwMbZsYCsFRqRDaT17YOmEsoAQhy05FvkOjp4hNR3KOLeMOpZ6oVmYGFnZXQtUJQkACUyQXACZEoQ+H6A8eOw+kFjxHmLT6nF0OsOjQkArq7LcfPRGTUSzwLfYTXSNvnTI7VdzIiBdEia4DySzcoeMjEpaAy905uoGorFcsXp9sM9IcC1DniX3KBCFqp3toDjAK58weiPM6hdYZ6FnDOYVw/UXb4y6FMEYDtPxnzCubUoVAUY5aDMUGJqrDnIqy6hKuFrOQcZ44FXmlAJQEOcNRKoh1cEkgadwjDqxiyQDnRggDoJ2N0NvM5qOI/0LWPaTOZioyCdXSXBxFy1oZqkLejBEBkcVnX/VX+svmGs9VmI5FPAwmL6pCI5WptMAamXDOqijpp2EW9bUVs9kxHc9aS+I/2sSOtLi97rAkpZi35rc3hupmuUZKOENyDTeRk0ymDNNemNAVplUB5gOIh4zznOyAK6fdOemnLU5P00cIDOoWeLFYKa4wIkt3mSE1ZteTaq3n2qGAsgOc52bgz9nHRH5p1b+cpAfnFz2F10FYFiJSKGKxZlro5lEWHYHyM591LBck3BXIt7xCcGFeNaRXESuVC698QMTJWrrCV62WhwMS3WHd9171QopcPamfWp10Hv62R1Bt/GEyzud1lqOOmRyq/YeNKkmhjb9weaEhBR1csew0t7TWGMnw/R2dGdDUu9jnTmu9HLMMEtyjJCsQLwgFOSTm67gssuhfaLWvkEzvBZDn2MkK2jF3WASPUlbmZWBuHZniR2h4kdxlXTG6h52W+SbDO6cEzAFINwpAYonwGJsen8gLGhpKbjwYknsYSGdyoED4D5ytYikxWl2tYl56QbQpsG0Ot4mQ2M40AFBrDbTv2cQ7HxALNwAADayfAALrt3Y7LfEHhD1cZT3u+CwHe8UyLiX3M7cduGqfLGMkJC70IhDjmANkV3McyAQHKfchVn3k+QPG+47fvtQ8MjTwG+1rQbImMoyZjfZJUY7mfr3bK/T20BCO6M5NGydoztgCIBZp5puLSaNHcnB9SScKDck2pR05lmtOzwFjQDkJi3RikO4DA9tTWokBboloVwHUKnJ9DzUgKeqU7rlXYV3k5wU9CqADEWJH5VgK5S6nCGeg7qRmzkDCTqmU4sZHMf8h9Q9xvSaiOTdh61AOCRImZhYS9HegVCuwmpz4taE+Ejl8BeZyibwD+xvQjA1EnDXdAz2atkcxADoCpIVrC4cRi2lDm8IDnpSuxgnN6EsdtGm7lwHl9QUdCx0pgpoqdyBE8Xo+oAGPTDLAInEgDHTmXLLWATrpXeZks0Z75Tx9NUO52vac03wWzEjAaEGxnR96D2PPJHaRoYzNRdhYpw+Bc6F40UDbagGEe0JxMYjz3RFrxPtgY0r4OUINIGyIyrmwmuKAhEcJIIBAu9Ili6E/MUAf7W4NzAjrMHsqq1fUISMI+CI6Ox02Tz6lsY9jHRkAR0t/S0/1YGcgDhETDIlHP5OPBKfMipxlgbydcywAw3kww27VsT5TaJYU1HJlMl7zM89BcBqfCflL6H9nYlsnb7bVbNGfcBB6Yw8Zo3kHGSbvnA6rnw2hl2Ro0+KvWX54CjQQifhS23oVGXbVRu01g5mVDkln57d9vwtGvKSFi8GUbNFXw6uGPJCa2XdP3jJI6p7nKspWGs+uU42iSijkB+x8Ar1xVjeDZRTa/TtUNB0u/Soy4Y7fg8oYaicbJdcC06Hkm4hVa/vWqbrHOpDGCYEA2FRKmqrA/5rJApnelQhX8S9PRCDNYhXYmQscKjV5juAfGiC6lg8cFcWBiJXT41we1DXm6itpqKRBa5nh5QrXR4RuLa60QbbCI5wboAGHfn6uVzdEuEKmoMy6uNeCVdymGaFeuBNOPSMNdK5kh9grNtXFtApen3KXa0mA0XOM3WpXqjA3PcQScFUR7OgZuYg2fcad31vY3fe0kQNuRwlILdU5fnbcYrBVLLXCrOEDdJUcGrTxLVKm+rYOMvF4yrZGIYL2luokonPgRl088NQjXiTYb7CRTTTeH5c3Y4BNfUJNfuvUhaKt3Z7E4NnsNZg1SeZW7qpTkLdm10oV+493Qi4nA7rN06FouAza3Mked3G9/YTPFXKtrS0ixLWVUu3ASHt+Wj7fNAB321q9TUTqGHvtRjzcx4xlXeNDY91YZmmmMFVuDz5W62Ma+55ODC+TQNuI4KfYYwuq9ENkdZnC3T8vIqDbwhtOoXMa8WxLfLI5VsNNI3cjEqtG3S+bIQiH3vjW4dJ6y25ylhhrmOZLaEFzvVPgylEZS808hnaX2I59fJ9bkdkjPiL+gLJ/JbyeD2sPYIpZ4w9aD2SanlG5WQc/Uux+4Ilzwu6ZejKPPxTZU2Z988We4qKn3YbZ/1N2MqX6n1G4zl09SkYvDxNz3CKgCeekvNI8z4p8ndsWMv5Luz7l/C8OMtPNL8UgV6qxFfTFhnjOOV+8/3uUv1XuKkF9+GZetPORxz21+c8Gf4vlcnUwlj1NjecvYX1r5wna/uMuK9o2feg4/W9lu5S+zlwhtE3BSsp3Q5RJnlEM/E99GbunZqht2As1BaUiKbhYAC8z3uUSZucHwEdZe7u73Tdz4XgRz3UJYxr3fMw6HvuM+0TBaHio1B2HIbjSOQnHAGJtJVkpKmuLESO3091dwcLOJN9eY30VVvgdZbR6vcxtaDQEFiPFjEVgOoblCd+IaWPwlajjGoTBKdiikByn/V+RYTPIsDUME78Wz/UFky1zXA0DLOLM2DZm0EuBrljSqkC/HvP2e0XyvvpiI98EQHevBs6Foz2w9GCx1AZM5lL9HX1N2HLe8zNBqdg0lJFEPL3msdYh85cDtoEJxyC3+9KMZJqOvRGhPY3YG6J+hdr3XWG9qT+KeuSSmWl693JdIAkkN6T1FrEgE3vkB4+6hbi747K2j/z3b+ixjbyZsM+BCFitt0L9l4i+NeVv5wwowS8Zy0VS8W3llxg92+L7Lay+r28n+CJk4N8Z34oUlOqls4ZIGAPyZZECmlxjvu+zkQ+xu+MzkKcbEmbjMinDgeMFYaKRgj8B8g4p60srdK1+/RS28OMSf8sZoDrSYf/4OH2D4OrpSXADowc9D4KH4J3ppbhVjJiVZ0IL1LB84Eco3wMe4MdQlR2M5Hgs+Izcv3GSp4bVODCcWMEiBNyT/8xxbwXcBfBHUFqhGwSnxu1l3DylMd9wGkBeJ/KGYzrE/pJDE5A8fQ10J9pfYnw59SfSAHJ9DoZ8RWt6fNCA40cYOChfxUKdCmeo1uIeDWshwKgJFkJoAqGb0KUaM2+8rQLoXp8dfYoFAwY0McA198+Af2o9rrGdRpsW4HiD7BU1I6ylcVbDuCwovwJjFckPfcFyXtvfNhl99K9aU0k8xTRmglMI5KU3BtRTCP17VdA/vRj8U5WSDklK1CyCshkABPwZMhIOGVZE/RdDUlpdJb2Cb9EIPP1G9EbZrwm9VvbES4o2yKv3GVWXSZXZd9vNfkesUHFO06Exdd5Q5EQjWnTf8MEeMXoBC0Iy0VEUGa53ZJt/DXiEMz/KbRX9xQMsTIh4BAQEkNz5Wdh3BcA3z3wD/jQgJ1IgvMn24E6fR5iDwsOAN35A5qDSzas7QMSkFl+fJjzHgSgnUjKCofT2FddgfGYOOoq3AzEqCTfHoLgwmPe72P8Og0xgNlpgn7FmojLOc1dc70GE1cA/mTAX48VYJZ1RZGzR+h6RW3HCXoAhg1pCOsMFVwEWMDg+Kj2Dt1WCWHZ7aUDU2pwNcANKDlg4YOthKQZmTx1BPLQP5NRhawImFYXQwPTg0jPfGKUCkLOTU48fBExvc+8PdRdAB3LMGfwQGcTwMCyIdpXD9YSUlzm9IgBb2CCgRSLzMlS/CgDAJhQDSgmBJ+NR3EgdaS2C0oogtrBiC3bcNg9tf1UrhCg01QfVWcnVD5EVZIcCLSLlkAaxB0glZVVwq8ghI0H14BxAiioMJoKc3ZF/KSDWhhf8JcC+DwfAW3XV+OGolU46TYhCHgpKRY2h18OP6ABg41HDB6QZQxf0n8LQzAS0RUAEO10FKAAwXwFXUCjXqpwCL0PUobHLSh0pkcM0npZUAMgE2kGiS9EwEcZH0M8oe9A3idAEA5UKwIKkVGgDFTkNUN8Row6KE4MZQrxUu5jEV8DSgIUPymSBz+QFyRATrQqxjMwXFJSwhl7H3wpp9A8wID8jAuky4g+wsP1Tg5TFewVMflPKDx8/mWBT6gkEIeUlCdrWbwGV6vLL0OEQgpkPyNsRVkNBx2Qy7koAuQu+V5DILHWgDBWOZl2iCa/MNj296/A73ylILGmDT1yJEuQlpfwNsWPYnAg5Rx9lwMKn91jCYyxjkItGUNBMmwJrUaZUSF3TMhHfIQkJUDpUaQGtiIQPmignVBsDypqw5ECNCu2UaG+dYMKYPND9QuczGklhQjlv9YMEhG9DCIu1B/R/Q94ToBAw/QXyEQwkAixxBOP+Au4NKdwG0pCIkY29skw24mXA8wp8PA8iAFCP1DCPWCB7VSwzSjgiBKWDz/8Mw1qCzDK+VD0Xt4Q7TAnC9AswNHDOlVI09YVw/Pz5IL5LDUvDBQ68IX1v1O8ISCr4fYnHlPHE8Cvl4wUIMnA3lVcVNCcA+ZS3Ut+PkGMi09Qz1jN0FTjitBVif4g2JuUURCvc8cbAMWJTVdjSFguNKnEMIWjLcLRtLoTWAqQM2XgKU9pFPEKSY7FYhSUBb5YJRiojRZKheV3Xd4Mcxx4YX0CwDKClS8BqVAcwqDnRPazsiF7EbghduwxEML1kQiwI9ZVkFcLxcUHZEWK9nbK8J28bwuv0jYnTN2As8nIT6kAdvce+ijMvlJ7EWNxLBvmuo0TPz0C5lxW9Ca1AcaF3rs/ASO0hYf4QakfoDZcaRosyzMFBDhMkK8l/grsMAD+YzEV/jWigIa6IBx2mNxRt19VHCGVIaCJuEo1nsc6IlBLonnWeNekfVCso5nb4y3cLxMs2aBSQmglhgkFDuHvovnHej7gwYnq30o5BOAS3V64IShJ5lwGOT0JQwKVlGxTpHD10BUgGpyei7YF6Ko43ojlT7gvoiE0N8bXUHGwiW+XGMuiQwpt32YglYxC5j6AVmPeIhMB7BlEscZ9GUJjEdGOOJugmOQ5BtqHdAVokoLECiEBQMaDxjowLeVcJT9b8EViyoY5wTQdlGGWZjHOCWOHZaY81zpF58GlFFicnQN3qEwAAI0wFSQr50N9+AMfHhhQXDqO0CRPbqLJD+wqkPMwYeQLl3s+QZzEgB5o1iEWj3ULMl1jH6erVAd/vcB0hVl6DuDTjz7ZPlowtwPZk2iqQbul+Dy4byKGiMkEaK69YHQsieA9QKRGIhhQPfgoBiga2CWthQEgGjx+QtuW29qje01FCG/TkB9B1AIbGIhwQfoXs1W49uIOBoPW0DABWgdmGFhgkFTnGCx5LBknlrCXMzOlXHNFE78KtZbyUAJAFry7jO6QLhUE1QrqW7iF4iWBQUhAQQFUZFjLgWHBFOQGGJY9nWsFfjYAQ6AoCuzWGU9B2uVZQfjBjK+JIAb48kEQAwAaPArpaAePAEBUgMfHSABAehQABOFQDQSSAVIEyB48FBNSAK6dBMyAJiNBO7i48aPGjwGAFBMyB9KFR0U4y6YiBpRsALlClRjLeYIBZ2MK9wpDrQLREjxbkMQK5h9UHmKSYPlMg28RRVNUGpMCGIcOXAW4tuIoZdWWUH4hJYeoRKwOTGwNt9NAzsLtYEQx1h6iJPPqL0iBomkNXD5vBG2yMMbC0yxtrTW01iCRQ7B17lnTImzdNB7Y8y35ybXGn9MqlEBPMT4zSxJxtGAxLxB0UpQyIrIEw0RGPNXLR4IzNd1D4x6tczBbFCcCY9dX9N3gi+VuiPCRayCBlrLXwZt1rGQDtg+BSAh4EOEoMXi1jzQ9xztKkHzDCJGbIuGciowF0OEwWoiSGXMMGQEhEh8IWkxAC0wJRK7oRbEUUaTlgZpOvNnEEQMpUtgNaySJI3VgSXN2pc6LcMp5OMJnlq7P+wvBqPKKLv4BmSHCdUJzYFQpAMsYu0jMcyAlEIg4LFQR1UoEAlC8x7+U2QnMYVWqOAYVkiWRACc6fqGjENtRbgABFNAkQAyVMOnqiqVA5JAsP7fKJHNILexSh9IQ4jwIBYUHSH+SnnYSXud5dEgEZUSpHJIbxD3B5US1hgY8HcIjpNMCCRvCeGFfAuItSOE8BTEOL98clFI1Dlobd0GjjgkusmFBvE44F8S8Ya2UnlBretEIhtXVpCqUbzapNySnIlKNDMDKRc0zIZArKImTS6Sc0WTpzeMF2ShcD8zuSYA4SzhTygugEgl9JB4HmA6AytjwA1gWIPcU9gNAC+lu5QtwQYrgaYFuA5gWoB3x1AHWnzBEAXkIHECoOgD1pD0O4G1TbUzIDQBGgAQBQT48NTWjxMgBgEyBGgBgHITUgRoCjSA0gQAmJo8ePEyB0gFBPSBYE+PDQAEE6PF9T6AG1IgBIAH1IYA30ePFSA0AEgCyB6FeQ39TkgdIBUAhKGtNjxo8FBImJ6FeNJQTC0+hRIA0EgI1zSoAVQyyA48QhNoBZDSYnISJiKuFSABAQtPSB6FfBMZABAaPCEoJiRoArSZDf1M9SDAHVIEAE8LIBQTY8VNIEBGgFBJQT8ExNMoSD0o9NjxGgePE7TGgE9Irpo8dIAQTVDZoB7TxQJBMaBaAFNNoAK6FBMwSJiBgHoUr0hgFoBMgehTQBr0tACzTQcWgAEAK6WPArpU02gH8M7NV9PjwGAeDOAyK6bwH9SYEtABQTGgIhPoUGAe9O7j0gePFTSUE6PHoVo8KNNHSf0l9PuAN021IfTwMgQEyBCE+hQEB0gBUCwzkgNjPSBC0kgAmJY8WgCIyJiR9ITwZ0hgEmIYM9dJ1TaAZNMyA4M0TKbScEuQ13TfU6BNUMK6fYjHTVAJDMoSEMjtLQSc0xjPkzCEmQ38MdMjICUz48JhVjxNMkNPDSa0tAAmJRMsdKozcEsNMoS5M21JjJvAEgEyAm0xoEyBGQfBJrT6FBzNjxMgE7Qcz6FTnlvTd08TIyBbLdIF8y80mDKyBU0uw1oBG0kgC3TjoQNNvT7M+PGLTE01IAbTCEzIFSB6FUDNoAGMwwB1SOMuXF9S0AQDNEAK0pdIoS/039NSB48fYhQSkM2y1SB8skgHwT5DdLN7Tk06NImIcExkEizJ0trMoSHdZdJqzFQQtIIz2M/w1Cy/UquEmz0AETPSBU05tLszgMhBNvTY8ShLIyZ039PnT8MugHyy0AMNJnSE8fbLkMSAa9KHSjstADQBH0mQx/TP00NOjSm0vBLLSlM0QF3T7LQHP2zpMgDMITJ0qhJkNRAOzNstcs3LPst0gVQ0yAF0znhTSmFNjOXSYcmQ1U0UEtjJizYEhgAEAUcuNIQzKc1Q3ITqM1TWwSUEsDMmJ0M/bIyACM+dLQyYMlnPwSdM+PBgzRAVzKUBkE7HMLSM0hgH6yyEo9P2zj0ojIczm09TQqzFc9NLaygs/YiQSxs8jMAyM0+hVKzU0kLLlzOeedPSAhKD7LfQO0oSlJydM0nKIT/02BMuyHM0TIIz4s3dPXSmMvNJ9h7Ux1OdTPAV1NoBIRUzL0AgAA= -->

<!-- internal state end -->
<!-- finishing_touch_checkbox_start -->

<details open="true">
<summary>✨ Finishing Touches</summary>

- [ ] <!-- {"checkboxId": "7962f53c-55bc-4827-bfbf-6a18da830691"} --> 📝 Generate Docstrings

</details>

<!-- finishing_touch_checkbox_end -->
<!-- tips_start -->

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

<details>
<summary>❤️ Share</summary>

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

</details>

<details>
<summary>🪧 Tips</summary>

### Chat

There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=jumpstarter-dev/jumpstarter-controller&utm_content=137):

- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  - `I pushed a fix in commit <commit_id>, please review it.`
  - `Explain this complex logic.`
  - `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
  - `@coderabbitai explain this code block.`
  -	`@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`
  - `@coderabbitai read src/utils.ts and explain its main purpose.`
  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
  - `@coderabbitai help me debug CodeRabbit configuration file.`

### Support

Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

### CodeRabbit Commands (Invoked using PR comments)

- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR.
- `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.

### Other keywords and placeholders

- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.

### CodeRabbit Configuration File (`.coderabbit.yaml`)

- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`

### Documentation and Community

- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

</details>

<!-- tips_end -->

coderabbitai[bot]
coderabbitai bot reviewed May 13, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (10)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (10)

5-5: Avoid hardcoding namespace in chart templates
Using {{ default .Release.Namespace .Values.namespace }} can be confusing—Helm charts typically rely on --namespace and .Release.Namespace. Consider dropping .Values.namespace and using namespace: {{ .Release.Namespace }} exclusively, or document the override clearly.

9-11: Improve Helm templating for conditional timestamp
YAML linters may error on the raw {{ if }} block. To ensure proper indentation and remove extra blank lines, use the whitespace-trimming syntax and indent inside the block, e.g.:

{{- if .Values.global.timestamp }}
deployment.timestamp: {{ .Values.global.timestamp | quote }}
{{- end }}
🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 10-10: syntax error: could not find expected ':'

(syntax)

18-18: Make replicas count configurable
The replica count is hardcoded to 1. For high availability or load-driven scaling, expose this via values.yaml (e.g., .Values.router.replicaCount) so users can adjust without editing templates.

29-44: Move nodeAffinity to values.yaml instead of commented code
The commented-out affinity section is useful guidance, but it’s better to template it dynamically. For example:

affinity: {{ toYaml .Values.affinity | indent 8 }}

and let users configure affinity in values.yaml. This keeps templates clean and maintainable.

49-52: Consider adding fsGroup for volume permissions
You already enforce runAsNonRoot and seccompProfile. If the router writes to any mounted volumes in the future, adding fsGroup under securityContext can ensure correct file permissions.

58-64: Consolidate GRPC_ROUTER_ENDPOINT logic
The multi-branch if/else for GRPC_ROUTER_ENDPOINT is verbose. You can simplify with a single expression, for instance using default and printf:

- name: GRPC_ROUTER_ENDPOINT
  value: {{ default (printf "%s:%d" .Values.routerHostname .Values.grpc.tls.port) .Values.grpc.routerEndpoint | quote }}

74-79: Harden container with read-only root filesystem
You drop all capabilities and disable privilege escalation. For added security, add:

readOnlyRootFilesystem: true

to your securityContext.

79-90: Enable and parameterize health probes
Liveness/readiness probes are commented out. It’s recommended to enable them and make probe settings (path, port, initialDelaySeconds, periodSeconds) configurable via values.yaml.

91-97: Parameterize resource requests/limits
Resource values are hardcoded. To cater to different environments, delegate resources to values.yaml (e.g., .Values.router.resources), then inject with toYaml:

resources: {{ toYaml .Values.router.resources | indent 10 }}

98-98: Explicit serviceAccountName configuration
The serviceAccountName is commented out. For proper RBAC separation, expose this via a Helm value (e.g., .Values.serviceAccountName) and enable it by default or document its use.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea0c554 and 7afb960.

📒 Files selected for processing (7)
  • Dockerfile (2 hunks)
  • Makefile (1 hunks)
  • cmd/main.go (0 hunks)
  • cmd/router/main.go (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (2 hunks)
  • internal/service/router_service.go (1 hunks)
💤 Files with no reviewable changes (1)
  • cmd/main.go
🧰 Additional context used
🧬 Code Graph Analysis (1)
cmd/router/main.go (3)
internal/config/grpc.go (1)
  • LoadGrpcConfiguration (10-20)
internal/config/types.go (2)
  • Grpc (21-23)
  • Keepalive (25-28)
internal/service/router_service.go (1)
  • RouterService (39-43)
🪛 GitHub Check: lint-go
cmd/router/main.go

[failure] 67-67:
S1000: should use a simple channel send/receive instead of select with a single case (staticcheck)

🪛 GitHub Actions: Linters
cmd/router/main.go

[error] 67-67: staticcheck: should use a simple channel send/receive instead of select with a single case (S1000)

🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 10-10: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: deploy-kind
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
🔇 Additional comments (10)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1)

5-5: Label selector change looks good

The updated labels properly target the new router deployment instead of the controller-manager. This is a necessary change for the service to work with the decoupled router deployment.

Also applies to: 24-24

Dockerfile (3)

14-14: LGTM: Copying entire cmd/ directory

Copying the entire cmd/ directory is necessary to build both binaries.

24-24: Build process for router binary looks good

Adding a build command for the router binary with the same build flags as the manager binary ensures consistency.

29-29: LGTM: Copying router binary to final image

The router binary is properly copied to the final image, making it available for execution.

internal/service/router_service.go (1)

59-59: Modernizing Go code with 'any' type

Good update to use the more modern any type alias instead of interface{}, which was introduced in Go 1.18.

Makefile (2)

90-90: LGTM: Build target for router binary

Adding the build command for the router binary ensures it's built alongside the manager binary.

96-98: LGTM: Run target for router service

The new run-router target properly mirrors the existing run target for the manager, making local development and testing of the router service easier.

cmd/router/main.go (3)

19-32: Imports look good

The imports are appropriate for the router service's functionality, including context handling, signal handling, and logging.

43-52: LGTM: gRPC configuration

The gRPC configuration is set up with reasonable keepalive settings and proper error handling.

54-63: Router service initialization looks good

The router service is properly initialized with the configured server option and started with a logger-enriched context.

coderabbitai[bot]
coderabbitai bot reviewed May 13, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1)

7-8: Inconsistent app.kubernetes.io/name label

The router deployment is labeled app.kubernetes.io/name: jumpstarter-controller, which conflicts with its purpose. It should be jumpstarter-router (or derived via {{ include "jumpstarter-router.name" . }}) to accurately reflect this component.

🧹 Nitpick comments (3)
internal/config/config.go (1)

18-45: Add documentation for LoadRouterConfiguration

The new function is missing documentation comments that explain its purpose, parameters, and return values. Consider adding a comment similar to the existing LoadGrpcConfiguration function to improve code readability and maintainability.

+// LoadRouterConfiguration loads gRPC server options from a Kubernetes ConfigMap.
+// It retrieves the ConfigMap using the provided client and key, extracts the "config" data section,
+// unmarshals it into a Config struct, and then calls LoadGrpcConfiguration on the Grpc field.
+// It returns the resulting grpc.ServerOption or any error encountered.
 func LoadRouterConfiguration(
 	ctx context.Context,
 	client client.Reader,
 	key client.ObjectKey,
 ) (grpc.ServerOption, error) {

Also, consider refactoring the shared logic between this function and LoadConfiguration to reduce code duplication, particularly the ConfigMap retrieval and unmarshaling steps.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

103-103: Consider using a dedicated service account for the router

The router deployment is using the controller-manager service account, which may grant more permissions than necessary. Consider creating a dedicated service account with the minimum required permissions for the router service to follow the principle of least privilege.

58-65: Document complex environment variable setup

The GRPC_ROUTER_ENDPOINT environment variable uses a complex conditional with multiple fallbacks. Consider adding comments to explain the purpose and priority of each fallback option to improve maintainability.

        - name: GRPC_ROUTER_ENDPOINT
+          # Priority order:
+          # 1. Use explicit router endpoint if provided
+          # 2. Use router hostname if provided
+          # 3. Fallback to constructed domain using baseDomain
          {{ if .Values.grpc.routerEndpoint }}
          value: {{ .Values.grpc.routerEndpoint }}
          {{ else if .Values.routerHostname }}
          value: {{ .Values.routerHostname }}:{{ .Values.grpc.tls.port }}
          {{ else }}
          value: router.{{ .Values.global.baseDomain }}:{{ .Values.grpc.tls.port }}
          {{ end }}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7acfa61 and 8437257.

📒 Files selected for processing (4)
  • cmd/router/main.go (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • internal/config/config.go (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • cmd/router/main.go
🧰 Additional context used
🧬 Code Graph Analysis (1)
internal/config/config.go (2)
internal/config/types.go (2)
  • Config (7-10)
  • Grpc (21-23)
internal/config/grpc.go (1)
  • LoadGrpcConfiguration (10-20)
🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 10-10: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (3)
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)

coderabbitai[bot]
coderabbitai bot reviewed May 13, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

9-10: Inconsistent app.kubernetes.io/name label
The router Deployment is still labeled as jumpstarter-controller, which misrepresents this component. It should reference the router chart, e.g. jumpstarter-router or use the Helm name helper.

-    app.kubernetes.io/name: jumpstarter-controller
+    app.kubernetes.io/name: {{ include "jumpstarter-router.name" . }}

86-97: Implement appropriate gRPC health checks
The HTTP health probes are commented out and not suitable for a gRPC service. You’ll need to either integrate the gRPC Health Checking Protocol in your binary or use a grpc_health_probe exec command.

🧹 Nitpick comments (7)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1)

10-14: Add nested gRPC router configuration
The new grpc.router.default block correctly scopes per-router settings (endpoint, hostname, nodeport) to support multiple router instances. Consider adding a documentation comment for the nodeport field alongside the existing endpoint and hostname parameters to improve discoverability.

hack/deploy_with_helm.sh (2)

43-45: DRY up router hostname assignment in ingress branch
The line GRPC_ROUTER_HOSTNAME="router.${BASEDOMAIN}" is duplicated in both branches. You can extract the hostname calculation out of the conditional to reduce duplication and simplify future updates.

50-52: DRY up router hostname assignment in nodeport branch
Similarly, the nodeport branch repeats GRPC_ROUTER_HOSTNAME="router.${BASEDOMAIN}". Consolidating this logic will make the script more maintainable.

deploy/helm/jumpstarter/values.yaml (1)

106-111: Define default gRPC router settings
Adding grpc.router.default with endpoint, hostname, and nodeport mirrors the controller chart changes. For completeness, consider adding @param jumpstarter-controller.grpc.router.<name>.nodeport to the documentation section above.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (3)

98-104: Template resource requests and limits
Hardcoding CPU/memory makes tuning difficult. Consider driving these from values.yaml so operators can override per-environment.

resources:
  limits:
    cpu: {{ .Values.router.resources.limits.cpu }}
    memory: {{ .Values.router.resources.limits.memory }}
  requests:
    cpu: {{ .Values.router.resources.requests.cpu }}
    memory: {{ .Values.router.resources.requests.memory }}

105-107: Use a dedicated service account for the router
Reusing controller-manager conflates privileges. Define and reference a jumpstarter-router ServiceAccount to enforce least privilege.

-      serviceAccountName: controller-manager
+      serviceAccountName: jumpstarter-router

32-48: Move commented nodeAffinity to values-driven block
A large commented-out affinity block clutters the template. If you intend to support multi-arch scheduling, drive this via values.router.affinity, using a Helm helper rather than inline comments.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8437257 and b563795.

📒 Files selected for processing (9)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_endpoints.tpl (0 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1 hunks)
  • deploy/helm/jumpstarter/values.yaml (3 hunks)
  • hack/deploy_with_helm.sh (1 hunks)
💤 Files with no reviewable changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_endpoints.tpl
🚧 Files skipped from review as they are similar to previous changes (2)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml
🧰 Additional context used
🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 12-12: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: deploy-kind
🔇 Additional comments (20)
hack/deploy_with_helm.sh (1)

56-57: Correct Helm flags for nested router values
Using --set jumpstarter-controller.grpc.router.default.hostname=${GRPC_ROUTER_HOSTNAME} and --set jumpstarter-controller.grpc.router.default.endpoint=${GRPC_ROUTER_ENDPOINT} aligns with the new nested schema in your Helm chart.

deploy/helm/jumpstarter/values.yaml (2)

46-46: Update doc for router hostname parameter
The @param jumpstarter-controller.grpc.router.<name>.hostname entry matches the new nested map and will guide users to configure custom router hostnames.

56-56: Update doc for router endpoint parameter
The @param jumpstarter-controller.grpc.router.<name>.endpoint doc is now consistent with the chart’s dynamic router configuration.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (7)

2-3: Enable multi-router iteration for OpenShift Routes
The range $k, $v := .Values.grpc.router loop combined with document separators (---) will generate a distinct Route per router key, supporting the new multi-router deployment.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

13-14: Dynamic naming and namespace resolution
Appending -{{ $k }} to the Route name and defaulting the namespace via {{ default $.Release.Namespace $.Values.namespace }} ensures each router resource is uniquely identified.

16-21: Conditional host selection
The block checking if $v.hostname with a fallback to router-{{ $k }}.{{ $.Values.global.baseDomain }} and a required validation message guarantees valid host values for all routes.

26-31: TLS termination logic
Separating passthrough and reencrypt branches under the TLS spec is correct and preserves ingress flexibility for different security requirements.

33-36: Optional external certificate configuration
Guarding the externalCertificate stanza with if $.Values.grpc.tls.routerCertSecret cleanly handles cases where no router-specific cert is provided.

40-40: Service target alignment
Routing to jumpstarter-router-grpc-{{ $k }} for each router key directs traffic to the proper backend service.

44-44: Closing Helm control blocks
The final {{ end }} statements correctly terminate the range and if constructs.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (10)

2-3: Implement multi-router loop for Ingress resources
Iterating over .Values.grpc.router with --- separators will produce one Ingress per router key, matching the multi-instance design.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

12-14: Conditional TLS passthrough annotation
The nginx.ingress.kubernetes.io/ssl-passthrough: "true" annotation under the passthrough check is properly scoped within the router loop.

15-16: Ingress naming and namespace scoping
Naming each Ingress jumpstarter-router-ingress-{{ $k }} and defaulting the namespace prevents naming collisions.

18-19: Optional ingress class configuration
Conditionally setting ingressClassName from .Values.grpc.ingress.class allows flexible integration with cluster-specific Ingress controllers.

22-27: Dynamic host routing
Using if $v.hostname with a fallback to router-{{ $k }}.{{ $.Values.global.baseDomain }} and a required validation ensures every Ingress rule has a valid host.

29-29: HTTP backend path mapping
Defining the HTTP path context (/) under each Ingress properly routes gRPC traffic to the service backend.

35-35: Service backend mapping
Pointing the Ingress backend to service jumpstarter-router-grpc-{{ $k }} on port 8083 aligns with the router Service configuration.

40-46: TLS hosts configuration
Iterating over tls.hosts with the same hostname logic ensures each router’s TLS section is correctly populated.

47-48: Conditional TLS secret usage
Guarding secretName: {{ $.Values.grpc.tls.routerCertSecret }} under an if check prevents errors when no certificate is specified.

51-52: Finalize Helm blocks
The closing {{ end }} directives properly terminate the range and outer if statements.

coderabbitai[bot]
coderabbitai bot reviewed May 13, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3bfd93 and 6c58cd8.

📒 Files selected for processing (2)
  • hack/deploy_with_helm.sh (1 hunks)
  • hack/kind_cluster.yaml (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • hack/kind_cluster.yaml
⏰ Context from checks skipped due to timeout of 90000ms (3)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
🔇 Additional comments (2)
hack/deploy_with_helm.sh (2)

38-40: Approve: Introduce router gRPC variables for ingress mode
These new variables correctly capture the router’s hostname and endpoint for the ingress-enabled path. They’ll be consumed by the Helm sets later in the script.

46-48: Approve: Introduce router gRPC variables for NodePort mode
The router hostname and endpoint for the NodePort deployment are correctly configured (port 8083 to avoid collision with the main gRPC service on 8082).

coderabbitai[bot]
coderabbitai bot reviewed May 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🔭 Outside diff range comments (1)
hack/deploy_with_helm.sh (1)

114-125: ⚠️ Potential issue

Update loop to check all router endpoints.

The script checks GRPC_ENDPOINT and GRPC_ROUTER_ENDPOINT, but not the new GRPC_ROUTER_ANOTHER_ENDPOINT.

Apply this diff to include all router endpoints in the verification loop:

-for ep in ${GRPC_ENDPOINT} ${GRPC_ROUTER_ENDPOINT}; do
+for ep in ${GRPC_ENDPOINT} ${GRPC_ROUTER_ENDPOINT} ${GRPC_ROUTER_ANOTHER_ENDPOINT}; do
♻️ Duplicate comments (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

86-97: Health probe implementation reminder.

The health probes remain commented out. Remember to implement these health checks as part of the router binary as you mentioned.

10-10: 🛠️ Refactor suggestion

Inconsistent app.kubernetes.io/name label.

The router deployment is labeled app.kubernetes.io/name: jumpstarter-controller, but since this is now a separate router deployment, consider using a distinct label like jumpstarter-router to correctly identify this component.

🧹 Nitpick comments (1)
internal/service/controller_service.go (1)

416-428: Simple but effective router selection logic.

The implementation uses Go's random map iteration to effectively select a random router, which provides basic load distribution. The error handling for the case when no router is available is comprehensive.

Consider enhancing this in a future update to support more sophisticated selection strategies (round-robin, least connections, etc.) if router load balancing becomes important.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6c58cd8 and 23a6b77.

📒 Files selected for processing (10)
  • cmd/main.go (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (0 hunks)
  • hack/deploy_with_helm.sh (1 hunks)
  • internal/config/config.go (3 hunks)
  • internal/config/types.go (1 hunks)
  • internal/service/controller_service.go (3 hunks)
💤 Files with no reviewable changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml
✅ Files skipped from review due to trivial changes (2)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
  • internal/config/types.go
🚧 Files skipped from review as they are similar to previous changes (3)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml
  • cmd/main.go
  • internal/config/config.go
🧰 Additional context used
🧠 Learnings (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml:23-26
Timestamp: 2025-05-13T19:56:27.876Z
Learning: In the jumpstarter-controller project, the router service uses the same ConfigMap as the controller service (controller-cm.yaml) even though it has been moved to its own separate deployment.
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml:23-26
Timestamp: 2025-05-13T19:56:27.876Z
Learning: In the jumpstarter-controller project, the router service uses the same ConfigMap as the controller service (controller-cm.yaml) even though it has been moved to its own separate deployment.
🧬 Code Graph Analysis (1)
internal/service/controller_service.go (1)
internal/config/types.go (1)
  • Router (30-30)
🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 12-12: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: deploy-kind
🔇 Additional comments (8)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1)

18-19: Added router configuration section looks good.

The addition of the router configuration to the shared ConfigMap provides a clean way to manage both controller and router configurations in one place.

internal/service/controller_service.go (2)

36-36: Import for config package added appropriately.

This import is necessary to use the Router type for the newly added field.

74-74: Good addition of Router field to ControllerService struct.

Adding this field allows the service to be aware of all available routers.

hack/deploy_with_helm.sh (3)

26-34: Better approach using Helm for ingress-nginx installation.

Using Helm for the ingress-nginx installation is cleaner and more maintainable than applying manifests directly.

39-47: Multi-router configuration looks good.

The updated endpoint configurations properly support multiple named router endpoints, which aligns with the PR objective to move the router service to its own deployment.

58-59: Router configuration structure aligns with new architecture.

The Helm parameters have been updated to reflect the new multi-router architecture, using a map structure with named keys.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

60-67: Well-structured endpoint configuration with proper quoting.

The environment variable configuration handles various fallback options appropriately and properly quotes values containing colons to avoid YAML parsing errors.

52-56: Good security practices implemented.

The deployment includes proper security context settings at both pod and container levels, including:

  • Running as non-root
  • Using a default seccomp profile
  • Disabling privilege escalation
  • Dropping all Linux capabilities

These are excellent security practices for containerized applications.

Also applies to: 81-85

coderabbitai[bot]
coderabbitai bot reviewed May 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

♻️ Duplicate comments (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

10-10: Update the app.kubernetes.io/name label for router
The label is still jumpstarter-controller, which conflicts with the router component. It should accurately reflect the router, e.g.:

app.kubernetes.io/name: jumpstarter-router

61-61: ⚠️ Potential issue

Quote environment variable values containing colons
The GRPC_ROUTER_ENDPOINT value can include host:port. Wrap it in quotes (or use | quote) to render valid YAML:

-        - name: GRPC_ROUTER_ENDPOINT
-          value: {{ include "router.endpoint" (list $ $k $v) }}
+        - name: GRPC_ROUTER_ENDPOINT
+          value: {{ include "router.endpoint" (list $ $k $v) | quote }}
🧹 Nitpick comments (6)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1)

18-19: Ensure consistent root context for Values
For clarity and to avoid scoping issues in deeper templates, use the root context ($) for all .Values references.

-    {{ if .Values.grpc.service.nodePort }}
-      nodePort: {{ .Values.grpc.service.nodePort }}
+    {{- if $.Values.grpc.service.nodePort }}
+      nodePort: {{ $.Values.grpc.service.nodePort }}
+    {{- end }}
🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 19-19: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (1)

1-3: Flatten nested if statements for readability
Combine the two conditionals (.Values.grpc.routers entry exists and .route.enabled) into one to reduce nesting:

-{{ range $k, $v := .Values.grpc.routers }}
-{{ if $v.route }}
-{{ if $v.route.enabled }}
+{{- range $k, $v := .Values.grpc.routers }}
+{{- if and $v.route $v.route.enabled }}
  ---
  apiVersion: route.openshift.io/v1
  ...
+{{- end }}
+{{- end }}

This simplifies the template and trims extra indentation.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (1)

1-3: Use a combined conditional for ingress.enabled
Merge the two if checks into one to reduce nesting and improve clarity:

-{{ range $k, $v := .Values.grpc.routers }}
-{{ if $v.ingress }}
-{{ if $v.ingress.enabled }}
+{{- range $k, $v := .Values.grpc.routers }}
+{{- if and $v.ingress $v.ingress.enabled }}
  ---
  apiVersion: networking.k8s.io/v1
  ...
+{{- end }}
+{{- end }}

This approach consolidates the logic and removes an extra layer of indentation.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (2)

2-3: Upgrade to JSON Schema draft-07 and HTTPS
Helm 3 supports draft-07. Update the $schema URI to "https://json-schema.org/draft-07/schema#" to leverage improved validation and avoid potential deprecation issues.

88-90: Consider requiring grpc at the top level
Currently only "image" is required. Since grpc.endpoint is vital, add "grpc" to the top-level "required" array so Helm enforces its presence.

hack/deploy_with_helm.sh (1)

26-34: Pin the ingress-nginx chart version for reproducible deployments
You’re installing ingress-nginx via Helm without specifying --version, which can lead to drift when the chart is updated. Pin to a known stable release to keep your deployments consistent:

-    helm upgrade --wait --install ingress-nginx ingress-nginx \
+    helm upgrade --wait --install ingress-nginx ingress-nginx \
       --repo https://kubernetes.github.io/ingress-nginx \
       --namespace ingress-nginx --create-namespace \
+      --version 4.7.1 \
       --set controller.service.type=NodePort \
       --set controller.service.nodePorts.http=5080 \
       --set controller.service.nodePorts.https=5443 \
       --set controller.ingressClassResource.default=true \
       --set controller.config.worker-processes=2 \
       --set controller.extraArgs.enable-ssl-passthrough=true
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 23a6b77 and d39785d.

📒 Files selected for processing (16)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml (3 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml (3 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1 hunks)
  • deploy/helm/jumpstarter/values.yaml (2 hunks)
  • hack/deploy_with_helm.sh (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
  • deploy/helm/jumpstarter/values.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml
🧰 Additional context used
🧠 Learnings (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: hack/deploy_with_helm.sh:26-34
Timestamp: 2025-05-13T19:57:56.762Z
Learning: The jumpstarter project uses a custom kind cluster configuration with an expanded NodePort range (3000-32767) and explicit port mappings for ingress (5080/5443) and gRPC services (30010/30011 mapped to 8082/8083).
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml:23-26
Timestamp: 2025-05-13T19:56:27.876Z
Learning: In the jumpstarter-controller project, the router service uses the same ConfigMap as the controller service (controller-cm.yaml) even though it has been moved to its own separate deployment.
🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml

[error] 19-19: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 12-12: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml

[error] 21-21: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: deploy-kind
🔇 Additional comments (17)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml (1)

8-8: Ensure namespace fallback with Helm default.
Switching to namespace: {{ default .Release.Namespace .Values.namespace }} guarantees that if .Values.namespace is not set or is empty, the Role will be created in the release’s namespace. This change aligns with the other RBAC templates and improves configuration robustness.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (1)

22-22: Align configmap checksum annotation to Pod template
Moving the configmap-sha256 annotation under template.metadata.annotations ensures pods roll out when the configmap changes, which is a best practice for triggering updates.

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (2)

1-1: Set controller image to the official repository
Pinning the controller image at quay.io/jumpstarter-dev/jumpstarter-controller centralizes the image reference and avoids ambiguity.

4-5: Introduce unified gRPC service configuration
Replacing flat router-specific keys with a nested grpc.service.type makes the service definition more consistent and flexible across both controller and router charts.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1)

10-10: Use dynamic service type for gRPC service
Switching type to {{ $.Values.grpc.service.type }} aligns the controller Service with the new unified .Values.grpc.service structure and supports multiple service types.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml (3)

1-2: Guard route creation on existence and enabled flags
Adding an outer {{ if .Values.grpc.route }} before checking .Values.grpc.route.enabled prevents rendering when grpc.route is undefined, improving chart robustness.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

15-15: Use hostname helper for route host
Leveraging {{ include "grpc.hostname" . }} centralizes hostname logic and avoids duplicated inline templates across resources.

32-32: Close nested route conditionals correctly
Ensuring the outer if is closed prevents the route block from rendering when grpc.route is absent, avoiding unintended resource creation.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml (4)

1-2: Refactor ingress guard to nested checks
Requiring both {{ if .Values.grpc.ingress }} and {{ if .Values.grpc.ingress.enabled }} makes ingress rendering conditions explicit and avoids accidental inclusion.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

21-21: Use helper for ingress host
Replacing inline host logic with {{ include "grpc.hostname" . }} maintains consistency and centralizes domain name computation.

33-33: Use helper for TLS host entries
Aligning TLS hosts with the hostname helper simplifies updates and ensures both HTTP and TLS ingress rules use the same value.

38-39: Properly close ingress conditionals
Closing both if blocks prevents the ingress resource from leaking into the rendered manifest when ingress is disabled.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (1)

1-3: Ignore false-positive YAMLLint errors in Helm template directives
The linter’s complaint expected '<document start>', but found '{' occurs on lines with {{ but these are valid Helm controls, not literal YAML. It’s safe to disregard these warnings.

Also applies to: 39-41

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (1)

1-3: Ignore false-positive YAMLLint errors in Helm template directives
Lint errors about expected '<document start>', but found '{' on the Helm directives ({{ … }}) are false positives—these lines are template logic, not actual YAML.

Also applies to: 40-42

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (1)

1-7: Ignore indentation warnings within template helpers
The YAMLLint errors about indentation inside define blocks are false positives—Helm’s whitespace control handles these correctly, and they do not appear in the rendered manifests.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

hack/deploy_with_helm.sh (1)

56-56: Approve addition of router hostname for nodeport mode
Defining GRPC_ROUTER_HOSTNAME in the non-ingress branch ensures the subsequent Helm flags can reference it consistently. This change aligns correctly with the new router configuration structure.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1)

11-13: Ignore YAMLlint false positive on Helm templating
The {{ if }}/{{ end }} block under metadata.labels triggers a YAML parse error in standard linters but is valid Helm template logic. You can safely ignore this warning.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 12-12: syntax error: could not find expected ':'

(syntax)

coderabbitai[bot]
coderabbitai bot reviewed May 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
internal/service/helpers.go (2)

3-13: Add documentation to clarify the function's purpose and return values

The function logic is clear and correct for label matching, but it lacks documentation that explains its purpose, parameters, and return values. Add a comment block to clarify:

  • What the function is used for (router selection based on label matching)
  • What the parameters represent (candidate router labels vs target/required labels)
  • What the return values mean (-1 for non-match, count of matches otherwise)
 package service

+// MatchLabels checks if the candidate map contains all key-value pairs from the target map.
+// It returns:
+// - The count of matching labels (equal to len(target)) if all target labels exist in candidate with matching values
+// - -1 if any label in target is missing from candidate or has a different value
+// This is used for selecting routers based on label matching criteria.
 func MatchLabels(candidate map[string]string, target map[string]string) int {
 	count := 0
 	for k, vt := range target {
 		if vc, ok := candidate[k]; ok && vc == vt {
 			count += 1
 		} else {
 			return -1
 		}
 	}
 	return count
 }

3-13: Consider handling nil or empty map edge cases explicitly

The current implementation works correctly for most cases, but doesn't explicitly handle nil or empty maps. While the loop would not execute for empty maps (returning 0), adding explicit handling would improve readability and avoid potential confusion.

 func MatchLabels(candidate map[string]string, target map[string]string) int {
+	// If target is empty, all labels match (by definition)
+	if len(target) == 0 {
+		return 0
+	}
+	
+	// If candidate is nil/empty but target has requirements, no match is possible
+	if candidate == nil && len(target) > 0 {
+		return -1
+	}
+	
 	count := 0
 	for k, vt := range target {
 		if vc, ok := candidate[k]; ok && vc == vt {
 			count += 1
 		} else {
 			return -1
 		}
 	}
 	return count
 }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d703011 and acccee7.

📒 Files selected for processing (6)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • hack/deploy_with_helm.sh (1 hunks)
  • internal/config/types.go (1 hunks)
  • internal/service/controller_service.go (3 hunks)
  • internal/service/helpers.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (5)
  • internal/config/types.go
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml
  • internal/service/controller_service.go
  • hack/deploy_with_helm.sh
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: deploy-kind
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e

coderabbitai[bot]
coderabbitai bot reviewed May 15, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1)

20-24: Fix indentation for nodePort conditional to prevent parse errors
Align the nodePort lines with proper whitespace trimming, e.g.:

-    {{ if $v.service }}
-    {{ if $v.service.nodePort }}
-    nodePort: {{ $v.service.nodePort }}
-    {{ end }}
-    {{ end }}
+    {{- if $v.service }}
+    {{- if $v.service.nodePort }}
+      nodePort: {{ $v.service.nodePort }}
+    {{- end }}
+    {{- end }}

This corrects YAMLlint could not find expected ':' errors by removing extra indentation.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 21-21: syntax error: could not find expected ':'

(syntax)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between db373d5 and 704baaf.

📒 Files selected for processing (6)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (0 hunks)
  • hack/deploy_with_helm.sh (3 hunks)
💤 Files with no reviewable changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
  • hack/deploy_with_helm.sh
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
🧰 Additional context used
🪛 YAMLlint (1.35.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml

[error] 21-21: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml

[error] 19-19: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e
  • GitHub Check: deploy-kind
🔇 Additional comments (12)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1)

10-10: Leverage Helm helper for dynamic service type
Dynamic type: {{ include "grpc.service.type" . }} correctly centralizes service‐type logic and makes the chart more flexible.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (6)

1-1: Enable multi-router iteration
Introducing range over .Values.grpc.routers correctly parameterizes Service resources per router instance.

7-7: Dynamic service label suffix
Using control-plane: controller-router-{{ $k }} ensures unique labels per router.

9-9: Dynamic Service naming
Appending -{{ $k }} to the Service name prevents clashes when multiple routers are defined.

10-10: Consistent namespace resolution
Switching to top-level context ($.Release.Namespace) within the loop is necessary and correctly applied.

12-12: Leverage Helm helper for dynamic router service type
Using include "router.service.type" (list $ $k $v) centralizes service-type logic per router entry.

26-26: Dynamic selector for multi-router support
Updating the selector to use controller-router-{{ $k }} matches the metadata labels and ensures proper pod selection.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (5)

1-7: Standardize Helm helper for gRPC hostname resolution
The grpc.hostname helper cleanly defaults to grpc.<baseDomain> if not overridden. Good use of required to enforce configuration.

🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

17-23: Parameterize gRPC service type with default
The grpc.service.type helper correctly abstracts service-type logic and defaults to ClusterIP when unset, promoting DRY patterns.

25-34: Parameterize router hostname per instance
The router.hostname helper effectively generates hostnames for each router key with a fallback to router-<key>.<baseDomain>. Well modularized.

36-45: Parameterize router endpoint per instance
The router.endpoint helper mirrors grpc.endpoint logic—supports per-router override with fallback to the shared TLS port. Looks solid.

47-56: Parameterize router service type with default
The router.service.type helper cleanly abstracts per-router service-type selection, defaulting to ClusterIP if unset. Nicely structured.

coderabbitai[bot]
coderabbitai bot reviewed May 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (3)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (3)

55-64: Define ingress as an object in the schema
The ingress definition currently lacks a type and properties wrapper, so its fields aren’t enforced. It should be defined as:

"ingress": {
  "type": "object",
  "properties": {
    "enabled": { "type": "boolean", "description": "Whether to enable Ingress for the gRPC endpoint" },
    "class":   { "type": "string",  "description": "IngressClass to use for the gRPC endpoint" }
  },
  "additionalProperties": false
}

65-70: Define route as an object in the schema
The route definition also lacks a type wrapper and additionalProperties, so only enabled isn’t enforced. It should be:

"route": {
  "type": "object",
  "properties": {
    "enabled": { "type": "boolean", "description": "Whether to enable OpenShift Router for the gRPC endpoint" }
  },
  "additionalProperties": false
}

316-373: Explicitly set type: "object" for root-level grpc
While you’ve defined properties and additionalProperties, adding "type": "object" ensures that only an object is accepted:

"grpc": {
- "additionalProperties": false,
+ "type": "object",
+ "additionalProperties": false,
  "properties": {
    // …
  }
}
🧹 Nitpick comments (1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1)

71-96: Consider enforcing required fields for router definitions
Currently, the router object makes all fields optional, which may lead to incomplete configurations. It’s recommended to require at least hostname and endpoint:

 "router": {
   "type": "object",
   "additionalProperties": false,
+  "required": ["hostname", "endpoint"],
   "properties": {
     "hostname": { … },
     "endpoint": { … },
     // …
   }
 }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 01e6ed0 and c1c470b.

📒 Files selected for processing (2)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/values.yaml (0 hunks)
💤 Files with no reviewable changes (1)
  • deploy/helm/jumpstarter/values.yaml
⏰ Context from checks skipped due to timeout of 90000ms (5)
  • GitHub Check: deploy-kind
  • GitHub Check: lint-go
  • GitHub Check: tests
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
🔇 Additional comments (4)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (4)

1-54: Core definitions are correct
The port, labels, ClusterIP, NodePort, and service definitions correctly validate port ranges and service types.

97-223: JWT & claim definitions look solid
The PrefixedClaimOrExpression, ClaimOrExpression, and JWTAuthenticator schemas are correctly constructed with strict additionalProperties: false.

224-279: Configuration and config.grpc schema are well-defined
The top-level config object and its nested authentication and keepalive properties are properly scoped and type-safe.

282-296: Basic properties validated correctly
The namespace, image, tag, and imagePullPolicy fields are all typed correctly as strings.

coderabbitai[bot]
coderabbitai bot reviewed May 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (2)

11-17: Review aggressive gRPC keepalive defaults.

Setting minTime: 3s with permitWithoutStream: true can generate frequent HTTP/2 PING frames and expose you to potential DDoS vectors (as noted). Consider:

  • Providing more conservative defaults (e.g., 30s).
  • Documenting these settings in your values schema and README to guide operators.

21-37: Promote JWT configuration to a real schema block.

Rather than leaving JWT settings commented out, define them explicitly in values.yaml (and update values.schema.json) with defaults disabled. This enhances discoverability via helm show values:

@@ values.yaml
-    # To trust service account tokens, first execute:
-    #   kubectl create clusterrolebinding oidc-reviewer \
-    #     --clusterrole=system:service-account-issuer-discovery \
-    #     --group=system:unauthenticated
-    # Then uncomment:
-    #
-    # jwt:
-    #   - issuer:
-    #       url: https://kubernetes.default.svc.cluster.local
-    #       audiences:
-    #         - https://kubernetes.default.svc.cluster.local
-    #     audienceMatchPolicy: MatchAny
-    #     certificateAuthority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    #   claimMappings:
-    #     username:
-    #       claim: "sub"
-    #       prefix: "kubernetes:"
+    # JWT-based authentication configuration.
+    jwt:
+      enabled: false
+      issuers: []
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between c1c470b and c30509b.

📒 Files selected for processing (3)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1 hunks)
  • deploy/helm/jumpstarter/values.yaml (0 hunks)
💤 Files with no reviewable changes (1)
  • deploy/helm/jumpstarter/values.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
🔇 Additional comments (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (2)

18-20:

✅ Verification successful

Verify the internal authentication prefix format.

You’ve configured prefix: "internal:". Ensure downstream code or templates:

  • Don’t inadvertently double-append the colon.
  • Properly strip or append this prefix when constructing service principals.

🏁 Script executed:

#!/usr/bin/env bash
# Confirm usage of the internal auth prefix in Go code
rg -n 'internal:' -A 2 .

Length of output: 747

To verify how the internal: prefix is consumed in your Helm templates, let’s search for its usage in the chart’s templates:

🏁 Script executed:

#!/usr/bin/env bash
# Search for direct use of the internal auth prefix in Helm templates
rg -n '.Values.authentication.internal.prefix' -A 3 deploy/helm/jumpstarter/charts/jumpstarter-controller/templates
rg -n 'authentication.internal' -A 3 deploy/helm/jumpstarter/charts/jumpstarter-controller/templates

Length of output: 216

To verify that the internal: prefix isn’t accidentally doubled in code, let’s inspect exactly how it’s consumed in your Go configuration logic:

🏁 Script executed:

#!/usr/bin/env bash
# Inspect how Internal.Prefix is used when building service principals
rg -n 'Prefix' -A 5 internal/oidc/config.go internal/config/oidc.go

Length of output: 2536

Let’s confirm how newJWTAuthenticator handles the Prefix (to ensure no extra colons are added or stripped):

🏁 Script executed:

#!/usr/bin/env bash
# Show the implementation of newJWTAuthenticator in both config files
rg -n 'func newJWTAuthenticator' -A 30 internal/config/oidc.go internal/oidc/config.go

Length of output: 4058

Internal auth prefix usage verified

  • The Go config defaults Internal.Prefix to "internal:" and passes it directly into PrefixedClaimOrExpression without any extra colon added in newJWTAuthenticator.
  • No occurrences of .Values.authentication.internal.prefix were found in the Helm templates, so there’s no risk of double-appending the colon.

No changes required.

8-9:

✅ Verification successful

Confirm gRPC TLS passthrough settings propagate correctly.

You’ve set mode: "passthrough" and port: 443 under grpc.tls. Please verify that all related templates (service, ingress, router) consume these values consistently:

🏁 Script executed:

#!/usr/bin/env bash
# Search for grpc.tls usage in your Helm templates
rg -n "grpc.tls" -A 3 deploy/helm/jumpstarter/charts/jumpstarter-controller/templates

Length of output: 5585

🏁 Script executed:

#!/usr/bin/env bash
# Show Service definitions to verify port handling
rg -n "kind: Service" -A5 deploy/helm/jumpstarter/charts/jumpstarter-controller/templates
# Check where .Values.grpc.tls.port is referenced across templates
rg -n ".Values.grpc.tls.port" deploy/helm/jumpstarter/charts/jumpstarter-controller/templates

Length of output: 6127

🏁 Script executed:

#!/usr/bin/env bash
# Print service port definitions for router and controller
sed -n '1,200p' deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml
sed -n '1,200p' deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml

# Print ingress backend port definitions for router and controller
sed -n '1,200p' deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml
sed -n '1,200p' deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml

Length of output: 4132

gRPC TLS passthrough is wired correctly

  • The passthrough mode is applied in all route and ingress templates:
    • router-route.yaml & controller-route.yaml use termination: passthrough
    • router-ingress.yaml & controller-ingress.yaml set nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  • The port: 443 value is only consumed by the hostname helpers (_helpers.yaml) for client‐side URL generation, while the Service backends remain on their internal gRPC ports (8083 for routers, 8082 for the controller), which is intentional.

No further changes needed.

@mangelajo mangelajo self-requested a review May 27, 2025 14:24
NickCao and others added 16 commits June 6, 2025 09:48
@NickCao
Router service: drop reference to k8s client
b472c39
@NickCao
Init router binary
b1daa08
@NickCao
Add router deployment
cb978ec
@NickCao
Drop router service from main binary
f9dd425
@NickCao @coderabbitai
Update cmd/router/main.go
55c6cea 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@NickCao
Implement LoadRouterConfiguration
5bda516
@NickCao
Load router config from configmap
af5126f
@NickCao
Update helm chart to support multiple routers
1ccb2a8
@NickCao
Fixup nginx ingress endpoints
4efc688
@NickCao
Fixup ingress controller installation
5f1bb03
@NickCao
Make router config part of the configmap
f11c5e3
@NickCao
Load router configuration into controller service
a58d236
@NickCao
Select random router from map
b5d1930
@NickCao
Deploy another router
343d0f4
@NickCao @coderabbitai
Update deploy/helm/jumpstarter/charts/jumpstarter-controller/template…
f93fd05 
…s/router-deployment.yaml

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@NickCao
Add json schema for values
6106d0b
coderabbitai[bot]
coderabbitai bot reviewed Jun 6, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (7)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1)

18-22: ⚠️ Potential issue

Fix YAML indentation for nodePort conditional to prevent parse errors

The current templating lines introduce extra leading whitespace, causing YAMLlint could not find expected ':'. Align the if/end blocks and nodePort entry with proper hyphen whitespace trimming.

Apply this diff to fix the YAML indentation:

-    {{ if .Values.grpc.service }}
-    {{ if .Values.grpc.service.nodePort }}
-    nodePort: {{ .Values.grpc.service.nodePort }}
-    {{ end }}
-    {{ end }}
+{{- if .Values.grpc.service }}
+{{- if .Values.grpc.service.nodePort }}
+    nodePort: {{ .Values.grpc.service.nodePort }}
+{{- end }}
+{{- end }}
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 19-19: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (2)

1-1: Add conditional rendering for the enabled flag

The enabled: true flag was added but chart templates don't reference .Values.enabled for conditional rendering. All resource templates should include conditional guards.

Verify template usage with this script:

#!/bin/bash
# Check if .Values.enabled is referenced in templates
rg -n "Values\.enabled" deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/

3-4: 🛠️ Refactor suggestion

Pin the image tag explicitly

The image specification lacks an explicit tag, which can lead to unpredictable deployments using implicit latest tags.

Refactor the image configuration:

-image: quay.io/jumpstarter-dev/jumpstarter-controller
-imagePullPolicy: IfNotPresent
+image:
+  repository: quay.io/jumpstarter-dev/jumpstarter-controller
+  tag: "v0.1.0"  # specify appropriate version
+  pullPolicy: IfNotPresent
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (2)

7-8: Duplicate app.kubernetes.io/name label issue
The Service is still labeled jumpstarter-controller though it represents a router. Rename to jumpstarter-router or leverage a helper like {{ include "router.name" . }}.

20-24: ⚠️ Potential issue

Fix indentation for nodePort block
The nested if statements around nodePort are misaligned, causing YAML parse errors. Consolidate into one conditional aligned with the other port keys:

-    {{ if $v.service }}
-    {{ if $v.service.nodePort }}
-    nodePort: {{ $v.service.nodePort }}
-    {{ end }}
-    {{ end }}
+    {{- if $v.service.nodePort }}
+    nodePort: {{ $v.service.nodePort }}
+    {{- end }}
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 21-21: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1)

10-10: Duplicate app.kubernetes.io/name label issue
The Deployment retains app.kubernetes.io/name: jumpstarter-controller though the pod runs the router. It should be updated to jumpstarter-router.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (1)

9-15: Ensure default grpc.tls.port is declared

The grpc.endpoint helper references .Values.grpc.tls.port for its fallback. Make sure you’ve defined a default grpc.tls.port in values.yaml (and the JSON schema) to avoid missing-value errors at deployment.

🧹 Nitpick comments (9)
deploy/helm/jumpstarter/values.yaml (1)

3-4: Document simplified global parameters
The newly reduced timestamp and baseDomain entries lack context—consider adding brief comments or descriptions to clarify their purpose for future maintainers.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (3)

1-3: Consolidate nested ingress conditionals
You can combine the two if checks into one for readability:

{{- if and $v.ingress $v.ingress.enabled }}
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

16-17: Use Helm fullname helper for resource naming
Instead of hardcoding:

name: jumpstarter-router-ingress-{{ $k }}

use your chart’s fullname helper to include the release prefix and avoid naming conflicts.

30-30: Apply fullname helper to backend service name
Replace the literal service name with:

name: {{ include "jumpstarter-controller.fullname" (dict "name" (printf "router-grpc-%s" $k) "values" $) }}

to maintain consistency.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1)

9-9: Use fullname helper for Service name
Swap the hardcoded name for:

name: {{ include "jumpstarter-controller.fullname" (dict "name" (printf "router-grpc-%s" $k) "values" $) }}

to inherit release naming.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (2)

1-3: Consolidate nested route conditionals
Merge {{ if $v.route }} and {{ if $v.route.enabled }}:

{{- if and $v.route $v.route.enabled }}

for brevity.

🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

14-15: Use Helm fullname helper for Route name
Avoid hardcoded names; use:

name: {{ include "jumpstarter-controller.fullname" (dict "name" (printf "router-route-%s" $k) "values" $) }}
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (2)

25-34: Refine error message in router hostname helper

The required call mentions grpc.router.<name>.hostname but the actual path is Values.grpc.routers.<key>.hostname. Updating the message to reflect the real values path will improve clarity for chart users.

47-56: Extract common service type logic (optional)

Both grpc.service.type and router.service.type follow the same pattern. Consider creating a generic service.type helper to DRY up this duplication and simplify future maintenance.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c30509b and 13f0b26.

📒 Files selected for processing (30)
  • .github/workflows/e2e.yaml (1 hunks)
  • Dockerfile (2 hunks)
  • Makefile (1 hunks)
  • cmd/main.go (2 hunks)
  • cmd/router/main.go (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_endpoints.tpl (0 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml (3 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml (3 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1 hunks)
  • deploy/helm/jumpstarter/values.kind.yaml (0 hunks)
  • deploy/helm/jumpstarter/values.schema.json (1 hunks)
  • deploy/helm/jumpstarter/values.yaml (1 hunks)
  • hack/deploy_with_helm.sh (3 hunks)
  • hack/kind_cluster.yaml (1 hunks)
  • internal/config/config.go (3 hunks)
  • internal/config/types.go (1 hunks)
  • internal/service/controller_service.go (3 hunks)
  • internal/service/helpers.go (1 hunks)
  • internal/service/router_service.go (1 hunks)
💤 Files with no reviewable changes (2)
  • deploy/helm/jumpstarter/values.kind.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_endpoints.tpl
✅ Files skipped from review due to trivial changes (2)
  • internal/config/types.go
  • deploy/helm/jumpstarter/values.schema.json
🚧 Files skipped from review as they are similar to previous changes (15)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml
  • Dockerfile
  • cmd/main.go
  • hack/kind_cluster.yaml
  • .github/workflows/e2e.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml
  • internal/service/router_service.go
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml
  • cmd/router/main.go
  • internal/service/helpers.go
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml
  • internal/config/config.go
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
  • Makefile
  • hack/deploy_with_helm.sh
🧰 Additional context used
🧠 Learnings (2)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: hack/deploy_with_helm.sh:26-34
Timestamp: 2025-05-13T19:57:56.811Z
Learning: The jumpstarter project uses a custom kind cluster configuration with an expanded NodePort range (3000-32767) and explicit port mappings for ingress (5080/5443) and gRPC services (30010/30011 mapped to 8082/8083).
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml:23-26
Timestamp: 2025-05-13T19:56:27.924Z
Learning: In the jumpstarter-controller project, the router service uses the same ConfigMap as the controller service (controller-cm.yaml) even though it has been moved to its own separate deployment.
🪛 YAMLlint (1.37.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml

[error] 19-19: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 12-12: syntax error: could not find expected ':'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-route.yaml

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-service.yaml

[error] 21-21: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (5)
  • GitHub Check: deploy-kind
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: tests
  • GitHub Check: lint-go
🔇 Additional comments (14)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml (1)

10-10: LGTM: Dynamic service type configuration

Good use of the helper template for dynamic service type resolution, which supports the new multi-router architecture.

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml (1)

11-37: LGTM: Comprehensive configuration structure

The new config section provides well-structured authentication settings with helpful comments for JWT configuration. The gRPC keepalive settings include appropriate safety warnings.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml (2)

21-21: LGTM: Consistent hostname helper usage

Good use of the grpc.hostname helper template for consistent hostname resolution across ingress rules and TLS configuration.

Also applies to: 33-33

1-2:

❓ Verification inconclusive

Verify YAML template syntax

The nested conditional structure looks correct, but static analysis flagged a syntax error. Ensure proper YAML document formatting.

🏁 Script executed:

#!/bin/bash
# Test Helm template rendering to verify syntax
helm template deploy/helm/jumpstarter/charts/jumpstarter-controller/ --dry-run --debug

Length of output: 183

Verify YAML template syntax for nested conditionals

We weren’t able to run helm template in the sandbox (Helm not installed), so please install Helm or run a lint step locally to catch any formatting errors:

helm lint deploy/helm/jumpstarter/charts/jumpstarter-controller/
# or, once Helm is installed:
helm template deploy/helm/jumpstarter/charts/jumpstarter-controller/ --dry-run --debug

Points to double-check:

  • Proper indentation and matching {{ end }} for the nested
    if .Values.grpc.ingressif .Values.grpc.ingress.enabled blocks
  • No stray or extra end statements
  • Final rendered YAML is valid and parsable

The helper template usage for hostname looks good.

🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml (2)

15-15: LGTM: Consistent hostname resolution

Good use of the grpc.hostname helper template for consistent hostname configuration in the OpenShift Route.

1-2:

❓ Verification inconclusive

Verify YAML template syntax for OpenShift Route

The nested conditional structure matches the ingress template pattern, but static analysis flagged a syntax error. Ensure proper YAML formatting.

🏁 Script executed:

#!/bin/bash
# Test Route template rendering specifically
helm template deploy/helm/jumpstarter/charts/jumpstarter-controller/ --show-only templates/controller-route.yaml

Length of output: 209

Manual Check Needed: OpenShift Route Template Syntax

We attempted to render controller-route.yaml with Helm in the sandbox, but helm isn’t installed. Please verify locally that the nested conditional blocks emit valid YAML:

  • File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml
  • Focus on lines 1–2: 
    {{ if .Values.grpc.route }}
{{ if .Values.grpc.route.enabled }}
  • Confirm all {{ end }} statements line up and indentation produces a well-formed Route.

Run locally:

helm template deploy/helm/jumpstarter/charts/jumpstarter-controller/ \
  --show-only templates/controller-route.yaml
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 2-2: syntax error: expected '', but found '{'

(syntax)

internal/service/controller_service.go (2)

78-78: LGTM: Router configuration integration

Good addition of the Router field to support the new multi-router architecture with label-based selection.

20-20: LGTM: Well-organized imports

Good additions of necessary imports for the new functionality:

  • cmp and slices for sorting router candidates
  • golang.org/x/exp/maps for working with router map
  • config package for router configuration types

Also applies to: 26-26, 31-32

deploy/helm/jumpstarter/values.yaml (1)

8-9: Ensure grpc.routers map is supplied downstream
This minimal values.yaml omits the grpc.routers definition introduced in the chart. Users must provide a grpc.routers map in their environment-specific values; verify upgrade impact on existing deployments.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (2)

23-26: Reference to controller ConfigMap is intentional
Per design, the router shares the controller’s ConfigMap (controller-cm.yaml), so the existing annotation is correct.

80-91: Skip HTTP health probe comments for gRPC
These HTTP-based liveness/readiness probes are commented out deliberately; they’ll be replaced once the router binary implements gRPC health endpoints.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml (3)

1-7: Validate hostname fallback logic

The helper correctly prioritizes an explicit Values.grpc.hostname and uses required on global.baseDomain for fallback. Good use of required to surface missing configurations at render time.

🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

[warning] 3-3: wrong indentation: expected 0 but found 4

(indentation)

[warning] 4-4: wrong indentation: expected 0 but found 2

(indentation)

[warning] 5-5: wrong indentation: expected 0 but found 4

(indentation)

17-23: Default gRPC service type implementation

This helper sensibly falls back to "ClusterIP" when no grpc.service.type is set. The conditional and default usage is clear and correct.

36-45: Consistent endpoint construction for routers

The router.endpoint helper mirrors the gRPC logic and correctly falls back to a constructed hostname with the shared TLS port. This aligns well with the multi-router architecture.

coderabbitai[bot]
coderabbitai bot reviewed Jun 6, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1)

8-10: Inconsistent app.kubernetes.io/name label
The app.kubernetes.io/name label is still set to jumpstarter-controller rather than jumpstarter-router, which misrepresents this component. It should be updated (or derived via a Helm helper) to accurately reflect the router deployment.

🧹 Nitpick comments (5)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (5)

7-7: Quote namespace value
Wrap the templated namespace in quotes to avoid YAML parsing issues if it contains special characters:

- namespace: {{ default $.Release.Namespace $.Values.namespace }}
+ namespace: "{{ default $.Release.Namespace $.Values.namespace }}"

32-39: Unaddressed TODO for node affinity
The template still contains commented-out node affinity and a TODO. For multi-architecture support, either remove this block or parameterize and enable affinity via values.yaml.

80-91: Missing gRPC health probes
HTTP health probes are commented out. Once your router binary implements a gRPC health endpoint (or you include a grpc_health_probe), update these to use an exec probe or HTTP₂ probe for gRPC:

livenessProbe:
  exec:
    command: ["/grpc_health_probe", "-addr=localhost:{{ .Values.grpc.tls.port }}"]
  initialDelaySeconds: 15
  periodSeconds: 20
readinessProbe:
  exec:
    command: ["/grpc_health_probe", "-addr=localhost:{{ .Values.grpc.tls.port }}"]
  initialDelaySeconds: 5
  periodSeconds: 10

99-99: Decouple ServiceAccount for router
Reusing controller-manager couples RBAC for both controller and router. Consider parameterizing serviceAccountName and creating a dedicated ServiceAccount for the router to enforce least-privilege.

100-100: Review terminationGracePeriodSeconds
The 10 s grace period may not cover in-flight gRPC requests during shutdown. Consider aligning this with your router binary’s shutdown timeout or exposing it as a configurable value.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 984c5a0 and 9dcb23f.

📒 Files selected for processing (5)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml (2 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1 hunks)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json (1 hunks)
  • hack/deploy_with_helm.sh (3 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml
  • deploy/helm/jumpstarter/charts/jumpstarter-controller/values.schema.json
  • hack/deploy_with_helm.sh
🧰 Additional context used
🧠 Learnings (1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml (1) 
Learnt from: NickCao
PR: jumpstarter-dev/jumpstarter-controller#137
File: deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml:23-26
Timestamp: 2025-05-13T19:56:27.924Z
Learning: In the jumpstarter-controller project, the router service uses the same ConfigMap as the controller service (controller-cm.yaml) even though it has been moved to its own separate deployment.
🪛 YAMLlint (1.37.1)
deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-deployment.yaml

[error] 12-12: syntax error: could not find expected ':'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (5)
  • GitHub Check: lint-go
  • GitHub Check: tests
  • GitHub Check: deploy-kind
  • GitHub Check: e2e-tests (ubuntu-24.04)
  • GitHub Check: e2e-tests (ubuntu-24.04-arm)

mangelajo
mangelajo requested changes Jun 6, 2025
View reviewed changes
Copy link
Member

@mangelajo mangelajo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, my only ask would be that we try to minimize changes to the config entries as much as we can.

I know some are unavoidable if we have multiple routers, also try to keep the top level values.yaml with all the possible configurations and defaults.

This is a change that will break deployers, like @bennyz and I on the lab as we switch from 0.6.0 to 0.7.0

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml

grpc:
hostname: ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not delete the options in this values.yaml

As it serves as the base to let others understand what are the available overall options and defaults (i.e. argocd)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are now in the json schema, I think argocd can visualize that too.

deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml

config:
grpc:
keepalive:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep the overall grpc config under the root grpc?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The keepalive part is handled by the controller itself not the helm chart.

deploy/helm/jumpstarter/values.kind.yaml
@@ -1,10 +0,0 @@
global:
baseDomain: jumpstarter.127.0.0.1.nip.io
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't need this anymore for kind?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are always set by the hack/deploy_with_helm.sh script?

deploy/helm/jumpstarter/values.yaml

jumpstarter-controller:
enabled: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why deleting all those?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's generally very useful to see the overall structure and defaults in the values.yaml I see we have json now, which I guess it's much better to eventually generate docs or have other tools understand our structure.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml
@@ -1,4 +1,5 @@
{{ if eq .Values.grpc.mode "ingress" }}
{{ if .Values.grpc.ingress }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's avoid changes to configuration formats unless we have a good reason, of course.

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml
@@ -1,4 +1,5 @@
{{ if eq .Values.grpc.mode "route" }}
{{ if .Values.grpc.route }}
{{ if .Values.grpc.route.enabled }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-ingress.yaml
@@ -7,38 +10,32 @@ metadata:
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
{{ if eq .Values.grpc.tls.mode "passthrough" }}
{{ if eq $.Values.grpc.tls.mode "passthrough" }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need the complexity to individually configure each router in a different form.

Can we keep unified settings for all routers? (image, mode, etc...) only the endpoint name could change potentially. Otherwise it means that you need to finetune each of them.

For tls we may want to use a certificate that covers them all.

hack/deploy_with_helm.sh
HELM_SETS+=" --set global.baseDomain=${BASEDOMAIN}"
HELM_SETS+=" --set jumpstarter-controller.grpc.endpoint=${GRPC_ENDPOINT}"

HELM_SETS+=" --set jumpstarter-controller.grpc.routers.default.hostname=${GRPC_ROUTER_DEFAULT_HOSTNAME}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will we still get a default one based on baseDomain if we don't provide one here?

internal/service/controller_service.go

candidates := maps.Values(s.Router)
slices.SortFunc(candidates, func(a config.RouterEntry, b config.RouterEntry) int {
return -cmp.Compare(MatchLabels(a.Labels, exporter.Labels), MatchLabels(b.Labels, exporter.Labels))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah nice, so you can steer exporters to specific routers.

@NickCao NickCao mentioned this pull request Jun 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mangelajo mangelajo mangelajo requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NickCao @mangelajo