Skip to content

feat(helm): Add storage and bundled-MariaDB templates.#384

Open
20001020ycx wants to merge 7 commits into
y-scope:mainfrom
20001020ycx:feat/2026-07-09-helm-storage-mariadb
Open

feat(helm): Add storage and bundled-MariaDB templates.#384
20001020ycx wants to merge 7 commits into
y-scope:mainfrom
20001020ycx:feat/2026-07-09-helm-storage-mariadb

Conversation

@20001020ycx

@20001020ycx 20001020ycx commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Description

This PR adds the chart's templates and values.yaml: the storage gRPC service (Deployment + Service + ConfigMap) and a bundled MariaDB (StatefulSet + Service + Secret). Remove "database" from bundled to connect to an external MariaDB instead.

Note

Part of the ongoing Spider Huntsman Kubernetes integration. This PR adds only storage + database; the scheduler, execution manager, and task executor follow in later PRs.

Note

This PR needs review from two teams:

  • Cloud Team: Please review the Helm chart itself — the templates, helpers, and packaging. Feel free to also skim through the configuration itself.
  • Spider Team: Please review the user-facing Spider configuration — the spiderConfig block in values.yaml and the storage.yaml it renders in configmap.yaml. You can leave the rest of the chart to the Cloud reviewer.

A few notes for the reviewers:

For Cloud reviewer:

  • _helpers.tpl is mostly helm create boilerplate. We only added: componentFullname (63-char-safe names), imageRef, readiness/livenessProbeTimings, and databaseHost/databasePort.

For Spider reviwer:

  • spiderConfig in values.yaml is the user-facing config in helm chart; the chart renders it into each component's config file. Naming loosely follows the sample spider.yaml. I would appreciate any suggestions to make it more aligning with the real Spider configuration workflow.

Checklist

  • The PR satisfies the [contribution guidelines][yscope-contrib-guidelines].
  • This is a breaking change and that has been indicated in the PR title, OR this isn't a
    breaking change.
  • Necessary docs have been updated, OR no docs need to be updated.

Validation performed

We perform the steps below to verify the storage + database Helm chart in this PR works end-to-end in a kind cluster. The goal: submit a task through the spider-client Rust SDK and observe it persisted in the database.

  1. Start a kind cluster:
kind create cluster --name spider-test
  1. Install the chart:
helm install spider tools/deployment/spider-helm/
  1. Wait for both components to become ready (storage restarts a few times while MariaDB boots):
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=spider --timeout=180s
  1. Confirm storage self-created its tables:
kubectl exec spider-database-0 -- mysql -uspider-user -pspider-password spider-db -e "SHOW TABLES;"

Expected: execution_managers, jobs, resource_groups, schedulers, sessions.

  1. Port-forward storage and submit a task through the spider-client SDK, the below code are phsedu-code for illustration purpose:
kubectl port-forward svc/spider-storage 50051:50051

The client submits a one-task graph — math::add(2, 3):

let client = SpiderClient::connect(endpoint, pool_size).await?;             // dial storage
let rg = client.add_resource_group("add-rg", b"secret".to_vec()).await?;    // register a resource group

let mut graph = TaskGraph::new(None, None)?;                                // one-task graph
graph.insert_task(TaskDescriptor {                                          // TDL func math::add(i32, i32) -> i32
    tdl_context: TdlContext { package: "math", task_func: "add" },
    inputs: vec![int32, int32], outputs: vec![int32], ..Default::default()
})?;
let inputs = vec![TaskInput::ValuePayload(rmp_serde::to_vec(&2)?),          // msgpack-encode the operands
                  TaskInput::ValuePayload(rmp_serde::to_vec(&3)?)];
let job_id = client.submit_job(rg, &graph, inputs).await?;                  // storage persists the job
  1. Confirm the task is persisted in the database:
kubectl exec spider-database-0 -- mysql -uspider-user -pspider-password spider-db -e "SELECT COUNT(*) FROM jobs; SELECT COUNT(*) FROM resource_groups;"

Expected: jobs=1, resource_groups=1.

Summary by CodeRabbit

  • New Features
    • Added Helm deployment support for Spider storage, including a dedicated service and storage configuration.
    • Added optional bundled MariaDB support, with automatic creation of the database secret, stateful database workload, and (headless) database service when enabled.
    • Introduced configurable chart values for images, endpoints, connection limits, credentials, and queue capacity defaults.
    • Added shared Helm helpers to standardize naming/labels, build image references, apply readiness/liveness probe timings, and resolve database host/port for bundled vs external setups.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@20001020ycx, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 48 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: eeb8a238-67b2-400d-a03d-b9b515e913cd

📥 Commits

Reviewing files that changed from the base of the PR and between bcd7223 and b8bc2c1.

📒 Files selected for processing (1)
  • tools/deployment/spider-helm/Chart.yaml

Walkthrough

Adds Spider Helm chart helpers and default values, renders storage configuration and gRPC resources, and conditionally renders a persistent bundled MariaDB with credentials, networking, and probes.

Changes

Spider Helm deployment

Layer / File(s) Summary
Chart helpers and configuration
tools/deployment/spider-helm/templates/_helpers.tpl, tools/deployment/spider-helm/values.yaml
Adds naming, labelling, image, probe, and database-resolution helpers alongside image, database, endpoint, and storage defaults.
Storage configuration and service
tools/deployment/spider-helm/templates/configmap.yaml, tools/deployment/spider-helm/templates/storage-deployment.yaml, tools/deployment/spider-helm/templates/storage-service.yaml
Renders storage configuration, a single-replica Deployment with probes and mounted configuration, and a gRPC Service.
Bundled database resources
tools/deployment/spider-helm/templates/database-secret.yaml, tools/deployment/spider-helm/templates/database-service.yaml, tools/deployment/spider-helm/templates/database-statefulset.yaml
Conditionally renders database credentials, a headless Service, and a persistent MariaDB StatefulSet when the database is bundled.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Values
  participant Helm
  participant Kubernetes
  participant MariaDB
  Values->>Helm: provide chart and component configuration
  Helm->>Kubernetes: render storage and optional database resources
  Kubernetes->>MariaDB: inject credentials and mount persistent storage
Loading

Possibly related issues

Suggested reviewers: hoophalab, sitaowang1998

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: new Helm templates for storage and bundled MariaDB support.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@20001020ycx 20001020ycx requested a review from hoophalab July 9, 2026 20:19
@20001020ycx 20001020ycx force-pushed the feat/2026-07-09-helm-storage-mariadb branch from ef8a4a6 to 656b17e Compare July 9, 2026 20:25
20001020ycx added a commit to 20001020ycx/spider that referenced this pull request Jul 10, 2026
…dalone.

`ct lint` requires a values.yaml in every chart, so PR y-scope#383 could not pass its own
`task lint:helm` without one. Add the generic scaffold keys (nameOverride/fullnameOverride);
the storage/mariadb values are added in y-scope#384.
20001020ycx added a commit to 20001020ycx/spider that referenced this pull request Jul 10, 2026
…dalone.

`ct lint` requires a values.yaml in every chart, so PR y-scope#383 could not pass its own
`task lint:helm` without one. Add the generic scaffold keys (nameOverride/fullnameOverride);
the storage/mariadb values are added in y-scope#384.

@junhaoliao junhaoliao left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the rest of the code and the title lgtm.

sorry i just caught an issue that might cause helm lint not to work (?) at https://github.com/y-scope/spider/pull/383/changes#r3567518399 . shall we fix it in the same PR / before this PR is merged?

Comment thread tools/deployment/spider-helm/templates/_helpers.tpl Outdated
Comment thread tools/deployment/spider-helm/templates/_helpers.tpl Outdated
Comment thread tools/deployment/spider-helm/templates/_helpers.tpl Outdated
Comment thread tools/deployment/spider-helm/templates/_helpers.tpl Outdated
port: {{ include "spider.databasePort" . }}
name: {{ .Values.spiderConfig.database.name | quote }}
username: {{ .Values.spiderConfig.database.username | quote }}
password: {{ .Values.spiderConfig.database.password | quote }}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLP keeps these separate: it creates a database Secret, injects its keys with secretKeyRef, and mounts the non-secret ConfigMap separately. It does not map a Secret into a ConfigMap.

Spider already creates the Secret, but MariaDB consumes it while storage reads one complete YAML file. Kubernetes cannot substitute Secret keys into ConfigMap data, so this is not only wiring. The chart-only fix is to render storage.yaml as a Secret and mount it; alternatively, add env/file credential support and use secretKeyRef like CLP.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, I DID had some concern about the security stuff when discussing with Chaoyue.

I think now I get the problem, and I think it make sense to just use env variable for consistency with CLP. I will make the rust change now before merging this PR so we dont change back and forth.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed feature is implemented in this PR

Comment thread tools/deployment/spider-helm/templates/storage-deployment.yaml
Comment thread tools/deployment/spider-helm/templates/storage-deployment.yaml
Comment thread tools/deployment/spider-helm/templates/storage-service.yaml Outdated
Comment on lines +37 to +43
# task_instance_pool_config:
# execution_manager_stale_cutoff_sec: 30
# gc_interval_sec: 5
# message_channel_capacity: 1024
# job_cache_gc_config:
# terminated_job_retention_sec: 300
# gc_interval_sec: 10

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mind explaining what these are for? would it be better to leave them uncommented so they can serve as default (fallback) values?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are advanced configurations supported by Spider, following the convention in spider.yaml. I left them commented since values.yaml serves as the default template, they're here to showcase what Spider supports, which user can override for their own k8s deployment.

Note this is contrary to clp-package's per-variable assignment: we copy the entire YAML through to the component for compatibility, which avoids maintaining that many variables and I think is a better practice for the helm chart.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are configurable options for Spider storage service. In CLP, we might need to make these fields configurable, but I'm not sure what's the best way to do it. For example, shall we directly expose this value file in CLP, or shall we map CLP-side config values to fields defined here? May need @junhaoliao's inputs.

@junhaoliao

Copy link
Copy Markdown
Member

let's use scope feat(helm) in the title for conciseness and consistency

@20001020ycx 20001020ycx changed the title feat(helm-chart): Add storage and bundled-MariaDB templates. feat(helm): Add storage and bundled-MariaDB templates. Jul 13, 2026
@20001020ycx 20001020ycx force-pushed the feat/2026-07-09-helm-storage-mariadb branch from 447b76b to 08a6359 Compare July 13, 2026 15:48
@20001020ycx 20001020ycx marked this pull request as ready for review July 13, 2026 20:55
@20001020ycx 20001020ycx requested review from a team and sitaowang1998 as code owners July 13, 2026 20:55

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
tools/deployment/spider-helm/templates/database-statefulset.yaml (1)

63-70: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

PVC storage size is hardcoded.

The 20Gi storage request should be configurable via values so users can adjust it without editing the chart template.

♻️ Suggested fix
       spec:
         accessModes: ["ReadWriteOnce"]
         resources:
           requests:
-            storage: "20Gi"
+            storage: {{ .Values.spiderConfig.database.storage | default "20Gi" | quote }}

And in values.yaml:

  database:
    # ... existing fields ...
    storage: "20Gi"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/deployment/spider-helm/templates/database-statefulset.yaml` around
lines 63 - 70, Replace the hardcoded storage request in the database
StatefulSet’s volumeClaimTemplates with the database storage value from Helm
values, and add a database.storage default of "20Gi" to values.yaml so existing
deployments retain their current size while users can override it.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tools/deployment/spider-helm/templates/database-secret.yaml`:
- Around line 11-13: Update the database credential configuration used by the
database-secret template and its corresponding values so passwords are not
supplied as predictable hardcoded defaults. Require users to provide database
and root passwords using Helm’s required-value behavior, while preserving the
existing username and secret field mappings.

In `@tools/deployment/spider-helm/templates/database-statefulset.yaml`:
- Around line 22-25: Add a configurable resources block to the MariaDB container
in the database StatefulSet, sourcing requests and limits from the chart values.
Define corresponding database.resources defaults in values.yaml for CPU and
memory requests and limits, preserving Helm rendering conventions and existing
container settings.

---

Nitpick comments:
In `@tools/deployment/spider-helm/templates/database-statefulset.yaml`:
- Around line 63-70: Replace the hardcoded storage request in the database
StatefulSet’s volumeClaimTemplates with the database storage value from Helm
values, and add a database.storage default of "20Gi" to values.yaml so existing
deployments retain their current size while users can override it.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 68eaf908-f67c-4ac7-aadb-6d2cf7c39041

📥 Commits

Reviewing files that changed from the base of the PR and between 1bbb996 and 4086bfd.

📒 Files selected for processing (8)
  • tools/deployment/spider-helm/templates/_helpers.tpl
  • tools/deployment/spider-helm/templates/configmap.yaml
  • tools/deployment/spider-helm/templates/database-secret.yaml
  • tools/deployment/spider-helm/templates/database-service.yaml
  • tools/deployment/spider-helm/templates/database-statefulset.yaml
  • tools/deployment/spider-helm/templates/storage-deployment.yaml
  • tools/deployment/spider-helm/templates/storage-service.yaml
  • tools/deployment/spider-helm/values.yaml

Comment thread tools/deployment/spider-helm/templates/database-secret.yaml
Comment thread tools/deployment/spider-helm/templates/database-statefulset.yaml Outdated
Comment on lines +5 to +8
storage:
repository: "ghcr.io/y-scope/spider/storage"
pullPolicy: "Always"
tag: "main"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it allow us to switch to different versions using tag?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. an user can switch to a different version by overriding it at helm install time, e.g. helm install ... --set image.storage.tag=<version>, or through your own values file (helm install ... -f values-prod.yaml).

Once Spider starts publishing versioned image tags, we should update this default to point at a pinned release version instead of main which gets overwritten by every commit (non-stable).

@20001020ycx 20001020ycx Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And just to be clear on the user's interface:
this values.yaml is just the default set for spinning up Spider with minimal setup. A user doing more advanced tuning or a Spider developer wanting to test a specific feature set on k8s would provide their own overrides, as shown above, on top of these defaults.

Comment thread tools/deployment/spider-helm/values.yaml Outdated
Comment thread tools/deployment/spider-helm/values.yaml
Comment on lines +37 to +43
# task_instance_pool_config:
# execution_manager_stale_cutoff_sec: 30
# gc_interval_sec: 5
# message_channel_capacity: 1024
# job_cache_gc_config:
# terminated_job_retention_sec: 300
# gc_interval_sec: 10

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are configurable options for Spider storage service. In CLP, we might need to make these fields configurable, but I'm not sure what's the best way to do it. For example, shall we directly expose this value file in CLP, or shall we map CLP-side config values to fields defined here? May need @junhaoliao's inputs.

20001020ycx and others added 6 commits July 15, 2026 08:52
Adds the Spider Helm chart's templates and values: the storage gRPC service (Deployment +
Service + ConfigMap) and a bundled MariaDB (StatefulSet + Service + Secret), gated on
`spiderConfig.bundled`. Remove "database" from `bundled` to connect to an external MariaDB.
Builds on the chart scaffolding + linting from the companion PR.
Co-authored-by: Junhao Liao <junhao@junhao.ca>
…har limit.

`spider.fullname` truncates to 63, but appending `-storage`/`-config`/
`-database` afterward can exceed Kubernetes' 63-character name limit for long
release names. Introduce `spider.componentFullname`, which trims the base to
`63 - len(suffix)` before appending, and use it for all resource names,
`serviceName`, Secret/ConfigMap references, and `databaseHost`.
…ironment variables.

Stop rendering the database username/password into the storage ConfigMap.
Storage now reads them from `SPIDER_STORAGE_DB_USERNAME`/`SPIDER_STORAGE_DB_PASSWORD`
(spider-storage y-scope#397), injected via `secretKeyRef` from the database Secret. The
Secret now renders in both bundled and external modes (`root_password` stays
bundled-only) so the credentials are available regardless of deployment mode.
Co-authored-by: Junhao Liao <junhao@junhao.ca>
@20001020ycx 20001020ycx force-pushed the feat/2026-07-09-helm-storage-mariadb branch from e43f5f1 to bcd7223 Compare July 15, 2026 17:12
@20001020ycx 20001020ycx requested a review from junhaoliao July 15, 2026 17:17

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
tools/deployment/spider-helm/templates/database-secret.yaml (1)

10-13: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Default database credentials are weak and hardcoded in values.

The default values are predictable and visible in the chart source. If deployed without overriding, the bundled MariaDB will have known credentials. Consider using required to force users to set passwords, or generate random defaults.

🔒️ Suggested fix using `required`
 stringData:
-  username: {{ .Values.spiderConfig.database.username | quote }}
-  password: {{ .Values.spiderConfig.database.password | quote }}
-  {{- if has "database" .Values.spiderConfig.bundled }}
-  root_password: {{ .Values.spiderConfig.database.root_password | quote }}
-  {{- end }}
+  username: {{ required "spiderConfig.database.username must be set" .Values.spiderConfig.database.username | quote }}
+  password: {{ required "spiderConfig.database.password must be set" .Values.spiderConfig.database.password | quote }}
+  {{- if has "database" .Values.spiderConfig.bundled }}
+  root_password: {{ required "spiderConfig.database.root_password must be set" .Values.spiderConfig.database.root_password | quote }}
+  {{- end }}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/deployment/spider-helm/templates/database-secret.yaml` around lines 10
- 13, Update the database credential references in the database secret template
to require explicitly configured passwords instead of accepting predictable
chart defaults. Apply this to the bundled MariaDB root password and the regular
database password while preserving username rendering and the existing
bundled-database condition.
🧹 Nitpick comments (2)
tools/deployment/spider-helm/values.yaml (1)

10-12: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low value

Consider using IfNotPresent for pinned image tags.

Using Always for a fixed version tag like 10.11.16 forces unnecessary network requests to check the registry. Consider changing it to IfNotPresent to optimize startup time and reduce network overhead.

♻️ Proposed refactor
   database:
     repository: "mariadb"
-    pullPolicy: "Always"
+    pullPolicy: "IfNotPresent"
     tag: "10.11.16"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/deployment/spider-helm/values.yaml` around lines 10 - 12, Update the
pullPolicy setting alongside the pinned tag "10.11.16" from Always to
IfNotPresent, while leaving the repository and tag unchanged.
tools/deployment/spider-helm/templates/database-statefulset.yaml (1)

68-70: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Make the PVC storage size configurable.

Hardcoding the persistent volume claim storage size to 20Gi restricts flexibility for users with different storage needs. Consider exposing this as a configuration value (e.g., spiderConfig.database.persistence.size).

♻️ Proposed refactor
         resources:
           requests:
-            storage: "20Gi"
+            storage: {{ .Values.spiderConfig.database.persistence.size | quote }}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tools/deployment/spider-helm/templates/database-statefulset.yaml` around
lines 68 - 70, Replace the hardcoded "20Gi" value in the database StatefulSet
persistence resources with the configurable
spiderConfig.database.persistence.size value, preserving the existing storage
request structure and allowing the chart configuration to control PVC capacity.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tools/deployment/spider-helm/templates/database-statefulset.yaml`:
- Around line 24-26: Add a configurable resources block to the database
container in the StatefulSet, sourcing it from the database values configuration
and preserving Helm’s standard requests and limits structure. Define
corresponding database.resources defaults in values.yaml for CPU and memory
requests and limits.
- Around line 52-59: Update the &health-check probe command to avoid passing
MYSQL_PASSWORD as a --password argument: invoke the database check through a
shell and expose the password via the MYSQL_PWD environment variable, using
shell $VAR expansion rather than kubelet $(VAR) expansion. Preserve the existing
host, port, and user settings.

---

Duplicate comments:
In `@tools/deployment/spider-helm/templates/database-secret.yaml`:
- Around line 10-13: Update the database credential references in the database
secret template to require explicitly configured passwords instead of accepting
predictable chart defaults. Apply this to the bundled MariaDB root password and
the regular database password while preserving username rendering and the
existing bundled-database condition.

---

Nitpick comments:
In `@tools/deployment/spider-helm/templates/database-statefulset.yaml`:
- Around line 68-70: Replace the hardcoded "20Gi" value in the database
StatefulSet persistence resources with the configurable
spiderConfig.database.persistence.size value, preserving the existing storage
request structure and allowing the chart configuration to control PVC capacity.

In `@tools/deployment/spider-helm/values.yaml`:
- Around line 10-12: Update the pullPolicy setting alongside the pinned tag
"10.11.16" from Always to IfNotPresent, while leaving the repository and tag
unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 0359adea-a601-414d-9960-79bc99ff4846

📥 Commits

Reviewing files that changed from the base of the PR and between e43f5f1 and bcd7223.

📒 Files selected for processing (8)
  • tools/deployment/spider-helm/templates/_helpers.tpl
  • tools/deployment/spider-helm/templates/configmap.yaml
  • tools/deployment/spider-helm/templates/database-secret.yaml
  • tools/deployment/spider-helm/templates/database-service.yaml
  • tools/deployment/spider-helm/templates/database-statefulset.yaml
  • tools/deployment/spider-helm/templates/storage-deployment.yaml
  • tools/deployment/spider-helm/templates/storage-service.yaml
  • tools/deployment/spider-helm/values.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • tools/deployment/spider-helm/templates/_helpers.tpl

Comment thread tools/deployment/spider-helm/templates/database-statefulset.yaml
Comment thread tools/deployment/spider-helm/templates/database-statefulset.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants