carverauto/serviceradar

Fork 0

2010 bug glibc not found #2476

Merged

mfreeman451 merged 3 commits from refs/pull/2476/head into main

2025-11-24 20:55:21 +00:00

mfreeman451 commented

2025-11-24 20:53:44 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2013
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2013
Original created: 2025-11-24T20:53:44Z
Original updated: 2025-11-24T20:55:25Z
Original head: carverauto/serviceradar:2010-bug-glibc-not-found
Original base: main
Original merged: 2025-11-24T20:55:21Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix, Enhancement

Description

Fix glibc compatibility by pinning Rust base images to specific versions
Update Ubuntu base images from Jammy to Noble for improved compatibility
Add Helm values-staging.yaml for demo-staging environment configuration
Update Helm ingress configuration with TLS and className support
Improve Helm documentation with clearer installation instructions

Diagram Walkthrough

flowchart LR
  A["Rust latest images"] -->|"Pin to 1.78"| B["Rust 1.78 images"]
  C["Ubuntu Jammy base"] -->|"Upgrade to Noble"| D["Ubuntu Noble base"]
  E["Debian Bookworm slim"] -->|"Replace with Ubuntu Noble"| D
  F["Helm values.yaml"] -->|"Add staging overrides"| G["values-staging.yaml"]
  H["Ingress template"] -->|"Add TLS & className"| I["Enhanced ingress config"]

File Walkthrough

Relevant files

Bug fix

7 files

Dockerfile `Pin Rust base image to specific version`	+2/-2
Dockerfile `Pin Rust base image to specific version`	+1/-1
Dockerfile `Pin Rust base image to bookworm version`	+2/-2
Dockerfile `Pin Rust base image to specific version`	+1/-1
Dockerfile `Pin Rust base image to specific version`	+1/-1
Dockerfile `Pin Rust base image to specific version`	+1/-1
BUILD.bazel `Update base images to Ubuntu Noble`	+3/-3

Documentation

1 files

README.md
Update installation instructions and add staging guide +8/-3

Enhancement

1 files

ingress.yaml
Add TLS cluster issuer and className support +9/-0

Configuration changes

2 files

values-staging.yaml `Add staging environment configuration overrides`	+7/-0
values.yaml `Update ingress defaults and add TLS configuration`	+5/-2

Imported from GitHub pull request. Original GitHub pull request: #2013 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2013 Original created: 2025-11-24T20:53:44Z Original updated: 2025-11-24T20:55:25Z Original head: carverauto/serviceradar:2010-bug-glibc-not-found Original base: main Original merged: 2025-11-24T20:55:21Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix, Enhancement ___ ### **Description** - Fix glibc compatibility by pinning Rust base images to specific versions - Update Ubuntu base images from Jammy to Noble for improved compatibility - Add Helm values-staging.yaml for demo-staging environment configuration - Update Helm ingress configuration with TLS and className support - Improve Helm documentation with clearer installation instructions ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Rust latest images"] -->|"Pin to 1.78"| B["Rust 1.78 images"] C["Ubuntu Jammy base"] -->|"Upgrade to Noble"| D["Ubuntu Noble base"] E["Debian Bookworm slim"] -->|"Replace with Ubuntu Noble"| D F["Helm values.yaml"] -->|"Add staging overrides"| G["values-staging.yaml"] H["Ingress template"] -->|"Add TLS & className"| I["Enhanced ingress config"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><details><summary>7 files</summary><table> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to specific version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-b75c59bfd6da4d75d80935d556d016c9cd523eaa586387ea20b06924c5f2e04d">+2/-2</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to specific version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-9f8119755792e77da338d2d29ce5e1bbfeeb8f5816a3233e78a9e206bafb0b53">+1/-1</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to bookworm version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-c9344ce151703a12ea1f2521a5647d84122e8daeeb4447f663f8563fc3de9bae">+2/-2</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to specific version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-7199f3111d0ff4e1154dd5a0f2250ea0e82c39031abdf7864356570dd1007c87">+1/-1</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to specific version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-62c9619630b9f9c73e89622525098ec4722282a8499ef89df09116d0840566ae">+1/-1</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Pin Rust base image to specific version</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-7ee3f454058c8cf12947948e4f4f302e7a461b9d79bb447c15e68f4b02668647">+1/-1</a>      </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Update base images to Ubuntu Noble</code>                                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80">+3/-3</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Documentation</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>README.md</strong><dd><code>Update installation instructions and add staging guide</code>      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-c8e7e7621289da2f10b4ffd1c0ca4fd7321a19a4f18d01cc84b5fd3d06dea105">+8/-3</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Enhancement</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>ingress.yaml</strong><dd><code>Add TLS cluster issuer and className support</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-792c773fe04ab40e669611becd45c7632186e45ef92d9042b1ac3f2062a61eff">+9/-0</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Configuration changes</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>values-staging.yaml</strong><dd><code>Add staging environment configuration overrides</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-9861d6d910602b83733a279f915f934a01af77bb7cdfa956f55a00afa0bf19b6">+7/-0</a>      </td> </tr> <tr> <td><strong>values.yaml</strong><dd><code>Update ingress defaults and add TLS configuration</code>                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2013/files#diff-d4449c7cb70362554b274f81eae5a4b81a8e81df494282e383d1b7ea3871c452">+5/-2</a>      </td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-11-24 20:54:18 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2013#issuecomment-3572687284
Original created: 2025-11-24T20:54:18Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

🟢

No security concerns identified

No security vulnerabilities detected by AI analysis. Human verification advised for critical code.

Ticket Compliance

🟡

🎫 #2010

🟢	Resolve container startup failures caused by missing or incompatible glibc versions.
	Adjust build/runtime images to be compatible with required libc/glibc versions across components.
	Provide Helm configuration updates if needed to align with new base images and environments.
⚪	Ensure ServiceRadar services (otel, rperf-checker, trapd) start successfully in the demo Kubernetes namespace after Helm rollout.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

⚪

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No audit logs: The added Helm ingress configuration and image/base changes do not introduce or reference
logging of critical actions, which may be handled elsewhere but is not evident in this
diff.

Referred Code

metadata:
  name: {{ include "serviceradar.fullname" . }}
  annotations:
    external-dns.alpha.kubernetes.io/hostname: {{ .Values.ingress.host | quote }}
    {{- if and .Values.ingress.tls.enabled .Values.ingress.tls.clusterIssuer }}
    cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }}
    {{- end }}
    {{- with .Values.ingress.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  {{- if .Values.ingress.className }}
  ingressClassName: {{ .Values.ingress.className | quote }}
  {{- end }}
  {{- if .Values.ingress.tls.enabled }}
  tls:
    - secretName: {{ .Values.ingress.tls.secretName | quote }}
      hosts:
        - {{ .Values.ingress.host | quote }}

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Missing error paths: The Dockerfiles and Helm values add entrypoints and configuration but do not show handling
for failures at runtime; this may be managed by the application, which is not visible in
this diff.

Referred Code

COPY packaging/profiler/config/profiler.toml ./profiler/profiler.toml

USER serviceradar
EXPOSE 8080

CMD ["/usr/local/bin/serviceradar-profiler", "--config", "/etc/serviceradar/profiler/profiler.toml"]

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
User error detail: The added documentation and configuration do not demonstrate user-facing error messaging
behavior; this may be controlled by application code not present in the diff.

Referred Code


Usage:

1) Install chart into the public demo (defaults point at `demo.serviceradar.cloud` with TLS from `carverauto-issuer`):
  helm install serviceradar ./helm/serviceradar \
    -n demo --create-namespace

2) Install into demo-staging with the provided overrides:
  helm install serviceradar-staging ./helm/serviceradar \
    -n demo-staging --create-namespace \
    -f values-staging.yaml

Notes:
- Ingress TLS is on by default; adjust `ingress.host`, `ingress.tls.secretName`, or `ingress.tls.clusterIssuer` as needed for your cluster.
- A pre-install hook auto-generates `serviceradar-secrets` (JWT/API key, admin password + bcrypt hash) unless you disable it with `--set secrets.autoGenerate=false`. If you disable it, create the secret yourself at `secrets.existingSecretName` (default `serviceradar-secrets`).
- The chart does not generate image pull secrets; create `ghcr-io-cred` (or override `image.registryPullSecret`).
- The SPIRE controller manager sidecar can be disabled with `--set spire.controllerManager.enabled=false` if you do not need webhook-managed entries.

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Ingress security: While TLS and className settings were added, the diff does not show validation or security
controls for external inputs which may exist in the application layer not shown here.

Referred Code

spec:
  {{- if .Values.ingress.className }}
  ingressClassName: {{ .Values.ingress.className | quote }}
  {{- end }}
  {{- if .Values.ingress.tls.enabled }}
  tls:
    - secretName: {{ .Values.ingress.tls.secretName | quote }}
      hosts:
        - {{ .Values.ingress.host | quote }}

Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2013#issuecomment-3572687284 Original created: 2025-11-24T20:54:18Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟡</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2010>#2010</a></summary> <table width='100%'><tbody> <tr><td rowspan=3>🟢</td> <td>Resolve container startup failures caused by missing or incompatible glibc versions.</td></tr> <tr><td>Adjust build/runtime images to be compatible with required libc/glibc versions across <br>components.</td></tr> <tr><td>Provide Helm configuration updates if needed to align with new base images and <br>environments.</td></tr> <tr><td rowspan=1>⚪</td> <td>Ensure ServiceRadar services (otel, rperf-checker, trapd) start successfully in the demo <br>Kubernetes namespace after Helm rollout.</td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=2>🟢</td><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=4>⚪</td> <td><details> <summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2013/files#diff-792c773fe04ab40e669611becd45c7632186e45ef92d9042b1ac3f2062a61effR4-R22'><strong>No audit logs</strong></a>: The added Helm ingress configuration and image/base changes do not introduce or reference <br>logging of critical actions, which may be handled elsewhere but is not evident in this <br>diff.<br> <details open><summary>Referred Code</summary> ```yaml metadata: name: {{ include "serviceradar.fullname" . }} annotations: external-dns.alpha.kubernetes.io/hostname: {{ .Values.ingress.host | quote }} {{- if and .Values.ingress.tls.enabled .Values.ingress.tls.clusterIssuer }} cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }} {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} {{- end }} {{- if .Values.ingress.tls.enabled }} tls: - secretName: {{ .Values.ingress.tls.secretName | quote }} hosts: - {{ .Values.ingress.host | quote }} ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2013/files#diff-c9344ce151703a12ea1f2521a5647d84122e8daeeb4447f663f8563fc3de9baeR67-R72'><strong>Missing error paths</strong></a>: The Dockerfiles and Helm values add entrypoints and configuration but do not show handling <br>for failures at runtime; this may be managed by the application, which is not visible in <br>this diff.<br> <details open><summary>Referred Code</summary> ```txt COPY packaging/profiler/config/profiler.toml ./profiler/profiler.toml USER serviceradar EXPOSE 8080 CMD ["/usr/local/bin/serviceradar-profiler", "--config", "/etc/serviceradar/profiler/profiler.toml"] ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2013/files#diff-c8e7e7621289da2f10b4ffd1c0ca4fd7321a19a4f18d01cc84b5fd3d06dea105R10-R26'><strong>User error detail</strong></a>: The added documentation and configuration do not demonstrate user-facing error messaging <br>behavior; this may be controlled by application code not present in the diff.<br> <details open><summary>Referred Code</summary> ```markdown Usage: 1) Install chart into the public demo (defaults point at `demo.serviceradar.cloud` with TLS from `carverauto-issuer`): helm install serviceradar ./helm/serviceradar \ -n demo --create-namespace 2) Install into demo-staging with the provided overrides: helm install serviceradar-staging ./helm/serviceradar \ -n demo-staging --create-namespace \ -f values-staging.yaml Notes: - Ingress TLS is on by default; adjust `ingress.host`, `ingress.tls.secretName`, or `ingress.tls.clusterIssuer` as needed for your cluster. - A pre-install hook auto-generates `serviceradar-secrets` (JWT/API key, admin password + bcrypt hash) unless you disable it with `--set secrets.autoGenerate=false`. If you disable it, create the secret yourself at `secrets.existingSecretName` (default `serviceradar-secrets`). - The chart does not generate image pull secrets; create `ghcr-io-cred` (or override `image.registryPullSecret`). - The SPIRE controller manager sidecar can be disabled with `--set spire.controllerManager.enabled=false` if you do not need webhook-managed entries. ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2013/files#diff-792c773fe04ab40e669611becd45c7632186e45ef92d9042b1ac3f2062a61effR14-R22'><strong>Ingress security</strong></a>: While TLS and className settings were added, the diff does not show validation or security <br>controls for external inputs which may exist in the application layer not shown here.<br> <details open><summary>Referred Code</summary> ```yaml spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} {{- end }} {{- if .Values.ingress.tls.enabled }} tls: - secretName: {{ .Values.ingress.tls.secretName | quote }} hosts: - {{ .Values.ingress.host | quote }} ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-11-24 20:55:16 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2013#issuecomment-3572691664
Original created: 2025-11-24T20:55:16Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Align build environment with runtime To improve consistency and reduce potential library mismatches, change the build image for `rperf-client` from `rust:1.78-bullseye` to `rust:1.78-bookworm` in its Dockerfile. docker/images/BUILD.bazel [805-813] -oci_image( - name = "rperf_client_image_amd64", - base = "@debian_bookworm_slim_linux_amd64//:debian_bookworm_slim_linux_amd64", - tars = [":common_tools_amd64", ":rperf_client_layer_amd64"], - entrypoint = ["/usr/local/bin/entrypoint.sh"], - cmd = ["/usr/local/bin/serviceradar-rperf-checker", "--config", "/etc/serviceradar/checkers/rperf.json"], - env = { - "RUST_LOG": "info", - }, -) +# In cmd/checkers/rperf-client/Dockerfile +# FROM rust:1.78-bullseye AS builder +FROM rust:1.78-bookworm AS builder Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a potential build/runtime environment mismatch and proposes a valid change to improve consistency and prevent future library issues, which is a good practice for maintainability.	Medium
General	Support namespaced cert-manager issuers Enhance the Ingress template to support namespaced cert-manager `Issuer` resources in addition to the existing `ClusterIssuer`, making the Helm chart more flexible. helm/serviceradar/templates/ingress.yaml [8-10] `-{{- if and .Values.ingress.tls.enabled .Values.ingress.tls.clusterIssuer }} +{{- if .Values.ingress.tls.enabled }} +{{- if .Values.ingress.tls.clusterIssuer }} cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer \| quote }} +{{- else if .Values.ingress.tls.issuer }} +cert-manager.io/issuer: {{ .Values.ingress.tls.issuer \| quote }} +{{- end }} {{- end }}` Apply / Chat Suggestion importance[1-10]: 6 __ Why: This is a good suggestion for enhancing the Helm chart's flexibility by supporting namespace-scoped `Issuer` resources, which improves usability for different cluster setups.	Low
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2013#issuecomment-3572691664 Original created: 2025-11-24T20:55:16Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>General</td> <td> <details><summary>Align build environment with runtime</summary> ___ **To improve consistency and reduce potential library mismatches, change the build <br>image for <code>rperf-client</code> from <code>rust:1.78-bullseye</code> to <code>rust:1.78-bookworm</code> in its <br>Dockerfile.** [docker/images/BUILD.bazel [805-813]](https://github.com/carverauto/serviceradar/pull/2013/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R805-R813) ```diff -oci_image( - name = "rperf_client_image_amd64", - base = "@debian_bookworm_slim_linux_amd64//:debian_bookworm_slim_linux_amd64", - tars = [":common_tools_amd64", ":rperf_client_layer_amd64"], - entrypoint = ["/usr/local/bin/entrypoint.sh"], - cmd = ["/usr/local/bin/serviceradar-rperf-checker", "--config", "/etc/serviceradar/checkers/rperf.json"], - env = { - "RUST_LOG": "info", - }, -) +# In cmd/checkers/rperf-client/Dockerfile +# FROM rust:1.78-bullseye AS builder +FROM rust:1.78-bookworm AS builder ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies a potential build/runtime environment mismatch and proposes a valid change to improve consistency and prevent future library issues, which is a good practice for maintainability. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Support namespaced cert-manager issuers</summary> ___ **Enhance the Ingress template to support namespaced cert-manager <code>Issuer</code> resources <br>in addition to the existing <code>ClusterIssuer</code>, making the Helm chart more flexible.** [helm/serviceradar/templates/ingress.yaml [8-10]](https://github.com/carverauto/serviceradar/pull/2013/files#diff-792c773fe04ab40e669611becd45c7632186e45ef92d9042b1ac3f2062a61effR8-R10) ```diff -{{- if and .Values.ingress.tls.enabled .Values.ingress.tls.clusterIssuer }} +{{- if .Values.ingress.tls.enabled }} +{{- if .Values.ingress.tls.clusterIssuer }} cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }} +{{- else if .Values.ingress.tls.issuer }} +cert-manager.io/issuer: {{ .Values.ingress.tls.issuer | quote }} +{{- end }} {{- end }} ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: This is a good suggestion for enhancing the Helm chart's flexibility by supporting namespace-scoped `Issuer` resources, which improves usability for different cluster setups. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>