You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR is mainly for #2975, but it also partially cleans up #2932 by making the README ingress example controller-neutral.
Rationale
Local kind testing showed two real Helm chart bugs: the server deployment was not getting the documented default podSecurityContext, and the UI health probes were hitting a route
that returns 404.
What changed?
On a clean Helm install, the server deployment rendered the wrong pod security context because the template looked for server.podSecurityContext even though the chart defines podSecurityContext at the root. The UI deployment also used / for liveness and readiness probes, but the web UI returns 404 on that path, so Kubernetes kept restarting the pod.
The fix makes the server deployment use the root podSecurityContext value and changes the UI probe path to /auth/sign-in, which returns 200. I also updated the chart README to
clarify the ServiceMonitor prerequisite, note the local io_uring caveat seen during testing, and use more controller-neutral ingress wording.
Local Execution
Partially passed.
helm lint ./helm/charts/iggy passed.
helm install iggy ./helm/charts/iggy -n iggy-test --create-namespace --set server.serviceMonitor.enabled=false was run on a local kind cluster.
After the template changes, the server deployment rendered the expected root podSecurityContext, and the UI became healthy with /auth/sign-in as the probe path.
Full local startup still did not fully pass because the server hit a separate io_uring / runtime Invalid argument failure on kind. That looks like a different issue and is not
fixed in this change.
Pre-commit hooks not ran. prek was not installed/configured in this checkout, and only the sample git hooks were present.
AI Usage
Tool used: OpenAI Codex / ChatGPT.
Scope: investigation, small Helm template changes, README updates, and drafting the issue/PR text.
Verification: I ran helm lint, installed the chart on local kind, inspected rendered pod specs, checked pod logs and Kubernetes events, and verified the UI route behavior with
local HTTP checks.
Yes, I can explain every line of the change if asked.
avirajkhare00
changed the title
Fix Helm chart install guidance and deployment defaults
fix: Helm chart install guidance and deployment defaults
Mar 19, 2026
Also, should we clean up comments from values.yaml, otherwise there will always be documentation drift between two
Good point. For this PR, the values.yaml comment and README are consistent (both describe serviceMonitor as opt-in for Prometheus Operator users), so there's no immediate drift. But you're right that maintaining descriptions in both places long-term is fragile. The # -- comments in values.yaml follow the helm-docs convention -- the standard approach is to auto-generate the README parameter table from those comments so there's a single source of truth. That would be a nice follow-up but shouldn't block this PR. @avirajkhare00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
avirajkhare00
changed the title
Which issue does this PR close?
Closes #
#2975
This PR is mainly for #2975, but it also partially cleans up #2932 by making the README ingress example controller-neutral.
Rationale
Local
kindtesting showed two real Helm chart bugs: the server deployment was not getting the documented defaultpodSecurityContext, and the UI health probes were hitting a routethat returns
404.What changed?
On a clean Helm install, the server deployment rendered the wrong pod security context because the template looked for
server.podSecurityContexteven though the chart definespodSecurityContextat the root. The UI deployment also used/for liveness and readiness probes, but the web UI returns404on that path, so Kubernetes kept restarting the pod.The fix makes the server deployment use the root
podSecurityContextvalue and changes the UI probe path to/auth/sign-in, which returns200. I also updated the chart README toclarify the
ServiceMonitorprerequisite, note the localio_uringcaveat seen during testing, and use more controller-neutral ingress wording.Local Execution
helm lint ./helm/charts/iggypassed.helm install iggy ./helm/charts/iggy -n iggy-test --create-namespace --set server.serviceMonitor.enabled=falsewas run on a localkindcluster.podSecurityContext, and the UI became healthy with/auth/sign-inas the probe path.io_uring/ runtimeInvalid argumentfailure onkind. That looks like a different issue and is notfixed in this change.
prekwas not installed/configured in this checkout, and only the sample git hooks were present.AI Usage
helm lint, installed the chart on localkind, inspected rendered pod specs, checked pod logs and Kubernetes events, and verified the UI route behavior withlocal HTTP checks.