platform-base 1.11.0 charts promotion #316
Conversation
nashtapu-tibco
requested review from
arakshit-tibco,
ashundi-tibco,
bngai-tibco,
Copilot,
gajoshi-tibco,
isinghra-tibco,
loki-mine,
pagarwal-tibco,
sasahoo-tibco,
sgantaya,
slaxmika-tibco and
syan-tibco
There was a problem hiding this comment.
Pull Request Overview
This pull request updates the TIBCO Platform Helm charts to version 1.11.0, bringing comprehensive upgrades across the platform ecosystem including version bumps for core charts, enhanced database configuration for auditsafe, improved security contexts, and updated image tags for better performance and security.
- Upgrades all key chart dependencies from 1.10.x to 1.11.x series
- Refactors auditsafe to support separate read/write database endpoints and improved security
- Updates base images and supporting container versions throughout the platform
Reviewed Changes
Copilot reviewed 87 out of 87 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| charts/platform-base/values.yaml | Version updates for fluentbit and messaging components |
| charts/platform-base/charts/tp-cp-prometheus/*.yaml | Major prometheus chart upgrade with new features and API updates |
| charts/platform-base/charts/tp-cp-o11y/*.yaml | O11y service version bumps and configuration updates |
| charts/platform-base/charts/tp-cp-infra/*.yaml | Infrastructure services image tag updates |
| charts/platform-base/charts/tp-cp-core/**/*.yaml | Core platform services upgrades and new environment variables |
| charts/platform-base/charts/tp-cp-auditsafe/*.yaml | Database configuration refactoring and security enhancements |
| charts/platform-base/Chart.yaml | Main chart version update to 1.11.0-alpha.154 |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| securityContext: | ||
| runAsNonRoot: false | ||
| runAsUser: 0 | ||
| allowPrivilegeEscalation: false | ||
| readOnlyRootFilesystem: true | ||
| capabilities: | ||
| drop: | ||
| - ALL |
There was a problem hiding this comment.
The fluentbit security context configuration has been modified to remove runAsNonRoot: false and runAsUser: 0, but this may cause issues if fluentbit requires root access for log collection. Consider adding runAsNonRoot: true and runAsUser: 1000 to explicitly set non-root execution.
|
|
||
| - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} | ||
| image: {{ include "tp-cp-prometheus.image.registry" .}}{{"/"}}{{ include "tp-cp-prometheus.image.repository" .}}{{"/"}}hawk-prometheus:{{ .Values.server.image.tag }} | ||
| image: {{ include "tp-cp-prometheus.image.registry" .}}{{"/"}}{{ include "tp-cp-prometheus.image.repository" .}}{{"/"}}infra-prometheus:{{ .Values.server.image.tag }} |
There was a problem hiding this comment.
The image name has changed from hawk-prometheus to infra-prometheus. Ensure this image exists in the container registry and contains the same functionality as the previous image to avoid runtime failures.
| {{- if .Values.auditsafe.securityContext }} | ||
| securityContext: | ||
| {{- toYaml .Values.global.tibco.logging.fluentbit.securityContext | nindent 12 }} | ||
| {{- toYaml .Values.auditsafe.securityContext | nindent 12 }} |
There was a problem hiding this comment.
The security context reference has changed from .Values.global.tibco.logging.fluentbit.securityContext to .Values.auditsafe.securityContext, but auditsafe.securityContext is not defined in the values.yaml file. This will result in no security context being applied to the fluentbit container.
nashtapu-tibco
added
chart-build
…structure, o11y-service, oauth2-proxy-manifests, tp-dp-monitor-agent, workshop docs & scripts (#311) * platform-1.11: artifactmanager, dp-configure-namespace, dp-core-infrastructure, o11y-service, oauth2-proxy-manifests, platform-bootstrap, tp-dp-monitor-agent * platform-1.11: artifactmanager, dp-configure-namespace, dp-core-infrastructure, o11y-service, oauth2-proxy-manifests, platform-bootstrap, tp-dp-monitor-agent * platform-1.11: workshop docs * Reverted folder platform-bootstrap to main * platform-1.11: ha-proxy chart version update
…319) * publish tp-cp-recipes and integration for bw and flogo 1.11 release
nashtapu-tibco
changed the title
This pull request updates the TIBCO Platform Helm charts to the 1.11.x release series, bringing in new features, dependency upgrades, and several configuration improvements across multiple charts. The changes include version bumps for core charts and dependencies, enhancements to database configuration and resource management, and updates to image versions for improved security and performance.
Major version upgrades and dependency updates:
platform-basechart and all key dependencies (e.g.,tp-cp-infra,tp-cp-o11y,tp-cp-configuration,tp-cp-recipes,tp-cp-core,tp-cp-core-ops,tp-cp-core-finops,tp-cp-integration,tp-cp-tibcohub-contrib,tibco-cp-messaging,tp-cp-hawk,tp-cp-hawk-console-recipes,tp-cp-cli,tp-cp-alertmanager,tp-cp-prometheus,dp-oauth2proxy-recipes,tp-cp-auditsafe) to the 1.11.x series, ensuring compatibility and access to the latest features and fixes. [1] [2] [3] [4] [5] [6] [7] [8]Database configuration and environment improvements:
tp-cp-auditsafeto support separate read/write database endpoints and pool sizes, including new environment variables for read/write hosts and ports, and pool size configuration via configmap. This also improves support for replica regions. [1] [2] [3]Image and resource updates:
common-distroless-base-debian-debug,common-fluentbit,infra-container-image-extractor) to newer versions for security and performance improvements across multiple charts. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Resource and security enhancements:
readOnlyRootFilesystem, dropped capabilities, CPU/memory limits) for better container security and resource management, especially intp-cp-auditsafe. [1] [2]Capability and release metadata updates:
values.yaml,Chart.yaml, and template files to reflect the new 1.11.x releases, ensuring accurate metadata and traceability. [1] [2] [3] [4] [5] [6] [7] [8] [9]These updates collectively modernize the platform, improve reliability, and lay the groundwork for future enhancements.