carverauto/serviceradar

Fork 0

doc updates for helm #2552

Merged

mfreeman451 merged 3 commits from refs/pull/2552/head into main

2025-12-12 21:47:19 +00:00

mfreeman451 commented

2025-12-12 21:44:35 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2113
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2113
Original created: 2025-12-12T21:44:35Z
Original updated: 2025-12-12T21:47:55Z
Original head: carverauto/serviceradar:chore/doc_update_helm
Original base: main
Original merged: 2025-12-12T21:47:19Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Documentation

Description

Update Helm deployment documentation with OCI chart best practices
Add official GHCR chart location and installation examples
Include quick start guide for inspecting and deploying charts
Clarify image tag versioning and registry credential setup

Diagram Walkthrough

flowchart LR
  A["README.md"] -->|"Add OCI chart examples"| B["Helm deployment docs"]
  C["helm-configuration.md"] -->|"Add quick start guide"| B
  D["helm/serviceradar/README.md"] -->|"Update usage instructions"| B
  B -->|"Clarify versioning & credentials"| E["Improved user guidance"]

File Walkthrough

Relevant files

Documentation

README.md `Enhance Helm deployment examples and OCI guidance` README.md Updated Helm chart description to emphasize official OCI artifact in GHCR Replaced basic installation examples with comprehensive pinned release and mutable image tracking examples Added version numbering clarification (chart vs image tags) Added notes about registry pull secrets configuration	+21/-11
helm-configuration.md `Add OCI chart quick start and deployment guidance` docs/docs/helm-configuration.md Reordered deployment methods to prioritize official OCI chart over local checkout Added new "OCI chart quick start" section with helm show commands Included examples for pinned releases and mutable image tracking Clarified development vs production deployment approaches	+12/-1
README.md `Update chart documentation to reflect official status` helm/serviceradar/README.md Changed title from "Preview" to official status Removed outdated scaffolding notes and planned work items Added official OCI/GHCR chart location and ArgoCD repository URL Updated usage examples to show OCI chart installation as primary method Simplified and clarified installation instructions with version pinning	+15/-16

Imported from GitHub pull request. Original GitHub pull request: #2113 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2113 Original created: 2025-12-12T21:44:35Z Original updated: 2025-12-12T21:47:55Z Original head: carverauto/serviceradar:chore/doc_update_helm Original base: main Original merged: 2025-12-12T21:47:19Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Documentation ___ ### **Description** - Update Helm deployment documentation with OCI chart best practices - Add official GHCR chart location and installation examples - Include quick start guide for inspecting and deploying charts - Clarify image tag versioning and registry credential setup ___ ### Diagram Walkthrough ```mermaid flowchart LR A["README.md"] -->|"Add OCI chart examples"| B["Helm deployment docs"] C["helm-configuration.md"] -->|"Add quick start guide"| B D["helm/serviceradar/README.md"] -->|"Update usage instructions"| B B -->|"Clarify versioning & credentials"| E["Improved user guidance"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Documentation</td><td><table> <tr> <td> <details> <summary>README.md<dd><code>Enhance Helm deployment examples and OCI guidance</code>                </dd></summary> <hr> README.md <ul><li>Updated Helm chart description to emphasize official OCI artifact in GHCR <li> Replaced basic installation examples with comprehensive pinned release and mutable image tracking examples <li> Added version numbering clarification (chart vs image tags) <li> Added notes about registry pull secrets configuration</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2113/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5">+21/-11</a>  </td> </tr> <tr> <td> <details> <summary>helm-configuration.md<dd><code>Add OCI chart quick start and deployment guidance</code>                </dd></summary> <hr> docs/docs/helm-configuration.md <ul><li>Reordered deployment methods to prioritize official OCI chart over local checkout <li> Added new "OCI chart quick start" section with helm show commands <li> Included examples for pinned releases and mutable image tracking <li> Clarified development vs production deployment approaches</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2113/files#diff-51555a7c78ec9263c9ef8d0962899612840cb45463536072ab97a2cae256068f">+12/-1</a>    </td> </tr> <tr> <td> <details> <summary>README.md<dd><code>Update chart documentation to reflect official status</code>        </dd></summary> <hr> helm/serviceradar/README.md <ul><li>Changed title from "Preview" to official status <li> Removed outdated scaffolding notes and planned work items <li> Added official OCI/GHCR chart location and ArgoCD repository URL <li> Updated usage examples to show OCI chart installation as primary method <li> Simplified and clarified installation instructions with version pinning</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2113/files#diff-c8e7e7621289da2f10b4ffd1c0ca4fd7321a19a4f18d01cc84b5fd3d06dea105">+15/-16</a>  </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-12-12 21:44:58 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648246552
Original created: 2025-12-12T21:44:58Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Docs Only Change: The PR adds documentation-only changes with no new executable code to evaluate for audit logging coverage. Referred Code ServiceRadar provides an official Helm chart for Kubernetes deployments, published to GHCR as an OCI artifact. ```bash # Inspect chart metadata and default values helm show chart oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 helm show values oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 > values.yaml # Install a pinned release (recommended) helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \ --version 1.0.75 \ -n serviceradar --create-namespace \ --set global.imageTag="v1.0.75" # Track mutable images (staging/dev): pulls :latest and forces re-pull helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \ --version 1.0.75 \ -n serviceradar --create-namespace \ --set global.imageTag="latest" \ --set global.imagePullPolicy="Always" ... (clipped 7 lines) </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> Objective: Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> Status: <br><a href='https://github.com/carverauto/serviceradar/pull/2113/files#diff-51555a7c78ec9263c9ef8d0962899612840cb45463536072ab97a2cae256068fR10-R24'><strong>No Code Paths</strong></a>: Only documentation was modified, so error handling and edge case management in runtime <br>code cannot be assessed from this PR.<br> <details open><summary>Referred Code</summary> ```markdown - Deploy from the official OCI chart (recommended): - `helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 -n serviceradar --create-namespace -f my-values.yaml` - Deploy from a repo checkout (development): - `helm upgrade --install serviceradar ./helm/serviceradar -n serviceradar -f my-values.yaml` - Quick overrides without a file: add `--set` flags (examples below). OCI chart quick start - Inspect chart metadata and defaults: - `helm show chart oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75` - `helm show values oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 > values.yaml` - Pin images to a release tag (recommended): - `--set global.imageTag="v1.0.75"` - Track mutable images (staging/dev): - `--set global.imageTag="latest" --set global.imagePullPolicy="Always"` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Config Mentions Secrets: The docs reference image pull secrets and auto-generated credentials but add no code to validate or secure inputs; runtime handling cannot be verified from this PR. Referred Code - Ingress TLS is on by default; adjust `ingress.host`, `ingress.tls.secretName`, or `ingress.tls.clusterIssuer` as needed for your cluster. - A pre-install hook auto-generates `serviceradar-secrets` (JWT/API key, admin password + bcrypt hash) unless you disable it with `--set secrets.autoGenerate=false`. If you disable it, create the secret yourself at `secrets.existingSecretName` (default `serviceradar-secrets`). - The chart does not generate image pull secrets; create `ghcr-io-cred` (or override `image.registryPullSecret`). - The SPIRE controller manager sidecar can be disabled with `--set spire.controllerManager.enabled=false` if you do not need webhook-managed entries. Learn more about managing compliance generic rules or creating your own custom rules
	Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648246552 Original created: 2025-12-12T21:44:58Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=3>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=3>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2113/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R76-R103'>Docs Only Change</a>: The PR adds documentation-only changes with no new executable code to evaluate for audit logging coverage. <details open><summary>Referred Code</summary> ```markdown ServiceRadar provides an official Helm chart for Kubernetes deployments, published to GHCR as an OCI artifact. ```bash # Inspect chart metadata and default values helm show chart oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 helm show values oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 > values.yaml # Install a pinned release (recommended) helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \ --version 1.0.75 \ -n serviceradar --create-namespace \ --set global.imageTag="v1.0.75" # Track mutable images (staging/dev): pulls :latest and forces re-pull helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar \ --version 1.0.75 \ -n serviceradar --create-namespace \ --set global.imageTag="latest" \ --set global.imagePullPolicy="Always" ``` ... (clipped 7 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2113/files#diff-51555a7c78ec9263c9ef8d0962899612840cb45463536072ab97a2cae256068fR10-R24'>No Code Paths</a>: Only documentation was modified, so error handling and edge case management in runtime code cannot be assessed from this PR. <details open><summary>Referred Code</summary> ```markdown - Deploy from the official OCI chart (recommended): - `helm upgrade --install serviceradar oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 -n serviceradar --create-namespace -f my-values.yaml` - Deploy from a repo checkout (development): - `helm upgrade --install serviceradar ./helm/serviceradar -n serviceradar -f my-values.yaml` - Quick overrides without a file: add `--set` flags (examples below). OCI chart quick start - Inspect chart metadata and defaults: - `helm show chart oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75` - `helm show values oci://ghcr.io/carverauto/charts/serviceradar --version 1.0.75 > values.yaml` - Pin images to a release tag (recommended): - `--set global.imageTag="v1.0.75"` - Track mutable images (staging/dev): - `--set global.imageTag="latest" --set global.imagePullPolicy="Always"` ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2113/files#diff-c8e7e7621289da2f10b4ffd1c0ca4fd7321a19a4f18d01cc84b5fd3d06dea105R25-R28'>Config Mentions Secrets</a>: The docs reference image pull secrets and auto-generated credentials but add no code to validate or secure inputs; runtime handling cannot be verified from this PR. <details open><summary>Referred Code</summary> ```markdown - Ingress TLS is on by default; adjust `ingress.host`, `ingress.tls.secretName`, or `ingress.tls.clusterIssuer` as needed for your cluster. - A pre-install hook auto-generates `serviceradar-secrets` (JWT/API key, admin password + bcrypt hash) unless you disable it with `--set secrets.autoGenerate=false`. If you disable it, create the secret yourself at `secrets.existingSecretName` (default `serviceradar-secrets`). - The chart does not generate image pull secrets; create `ghcr-io-cred` (or override `image.registryPullSecret`). - The SPIRE controller manager sidecar can be disabled with `--set spire.controllerManager.enabled=false` if you do not need webhook-managed entries. ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-12-12 21:45:36 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648247940
Original created: 2025-12-12T21:45:36Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add missing Helm dependency update flag Add the `--dependency-update` flag to the local `helm upgrade --install` command example to ensure chart dependencies are fetched before installation. helm/serviceradar/README.md [20-22] `helm upgrade --install serviceradar ./helm/serviceradar \ + --dependency-update \ -n serviceradar --create-namespace \ --set global.imageTag="v1.0.75"` Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly adds the `--dependency-update` flag to the local Helm installation command, which is a best practice to ensure chart dependencies are handled, improving the reliability of the documented development process.	Low
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648247940 Original created: 2025-12-12T21:45:36Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=1>Possible issue</td> <td> <details><summary>Add missing Helm dependency update flag</summary> ___ **Add the <code>--dependency-update</code> flag to the local <code>helm upgrade --install</code> command example to ensure chart dependencies are fetched before installation.** [helm/serviceradar/README.md [20-22]](https://github.com/carverauto/serviceradar/pull/2113/files#diff-c8e7e7621289da2f10b4ffd1c0ca4fd7321a19a4f18d01cc84b5fd3d06dea105R20-R22) ```diff helm upgrade --install serviceradar ./helm/serviceradar \ + --dependency-update \ -n serviceradar --create-namespace \ --set global.imageTag="v1.0.75" ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly adds the `--dependency-update` flag to the local Helm installation command, which is a best practice to ensure chart dependencies are handled, improving the reliability of the documented development process. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>

mfreeman451 commented

2025-12-12 21:46:43 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648250923
Original created: 2025-12-12T21:46:43Z

Added an explicit ArgoCD Application example for consuming the OCI chart (repoURL without oci://, chart + targetRevision, helm.values with global.imageTag). All touched markdown kept ASCII-only.

Imported GitHub PR comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2113#issuecomment-3648250923 Original created: 2025-12-12T21:46:43Z --- Added an explicit ArgoCD Application example for consuming the OCI chart (repoURL without oci://, chart + targetRevision, helm.values with global.imageTag). All touched markdown kept ASCII-only.