From 966985dc3e2525041003047d70b0927d8cc46961 Mon Sep 17 00:00:00 2001 From: Malar Kannan Date: Wed, 2 Jul 2025 13:29:08 +0530 Subject: [PATCH] Jules/align helm release workflow (#22) * ci: Align Helm dependency setup in release workflow Adds missing Helm dependency setup steps (repo add, dependency build) to the release workflow, mirroring the CI workflow. This ensures that dependencies are correctly handled during linting and packaging in the release process. * refactor: Scope exporter RBAC to namespace for least privilege Changed the exporter's ClusterRole and ClusterRoleBinding to a namespaced Role and RoleBinding. This modification ensures that the exporter, by default, only has permissions to get, list, and watch pods within its own installation namespace. This aligns with the default behavior of IPERF_SERVER_NAMESPACE, which also defaults to the pod's own namespace, thereby adhering more strictly to the principle of least privilege. Verified with `helm template` that the Role and RoleBinding are correctly created within the release namespace. * fix: Add 'v' prefix to default image tag for exporter Updated the logic in `charts/iperf3-monitor/templates/exporter-controller.yaml` to ensure that when the exporter's image tag is not specified in `values.yaml`, it defaults to `v` instead of just ``. This change ensures the default tag matches image tagging conventions where a 'v' prefix is used for versions (e.g., `v0.1.0`). If an image tag is explicitly provided in `values.yaml`, that tag is used directly without modification. Verified with `helm template` for both default and custom tag scenarios. --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --- charts/iperf3-monitor/templates/exporter-controller.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/iperf3-monitor/templates/exporter-controller.yaml b/charts/iperf3-monitor/templates/exporter-controller.yaml index dffa5b1..e34acd7 100644 --- a/charts/iperf3-monitor/templates/exporter-controller.yaml +++ b/charts/iperf3-monitor/templates/exporter-controller.yaml @@ -77,7 +77,7 @@ Proceed with modifications only if the exporter controller is defined. {{- if $exporterContainerCfg -}} {{- if not $exporterContainerCfg.image.tag -}} {{- if $chart.AppVersion -}} - {{- $_ := set $exporterContainerCfg.image "tag" $chart.AppVersion -}} + {{- $_ := set $exporterContainerCfg.image "tag" (printf "v%s" $chart.AppVersion) -}} {{- else -}} {{- fail (printf "Error: Container image tag is not specified for controller '%s', container '%s', and Chart.AppVersion is also empty." $exporterControllerKey "exporter") -}} {{- end -}}