You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: In charts/digger-backend/templates/backend-deployment.yaml, the newly added resources: stanza is indented with nindent 10, which does not line up with the container spec’s field hierarchy. This can generate invalid YAML or place the block under the wrong parent, causing the chart to render incorrectly or Kubernetes to reject the manifest.
💡 Recommendation: Adjust the indentation to match the other container-level fields. For example, if env: is indented 8 spaces, you should use nindent 8 on the resources: key and nindent 10 (or matching the existing pattern) on its contents. Example:
{{- with .Values.digger.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
Run helm template locally to verify correct nesting and no YAML errors.
Description: The chart uses {{- with .Values.digger.resources }} to decide whether to emit the resources: block. In Go templating, empty maps are considered “empty” and skip the block—but developers or users might assume an empty map ({}) still renders. This subtlety can cause confusion in tests or when overriding values.
💡 Recommendation: Either document this behavior clearly in values.yaml (e.g. “set to null to disable”) or change the condition to explicitly check for a non-nil map, e.g.:
{{- if and (kindIs "map" .Values.digger.resources) (gt (len .Values.digger.resources) 0) }}
resources:
{{- toYaml .Values.digger.resources | nindent 8 }}
{{- end }}
Description: The deployment template does not define any securityContext at the Pod or container level. Without a runAsNonRoot, readOnlyRootFilesystem, or dropped capabilities policy, containers may run as root and request more privileges than necessary, violating least-privilege principles.
💡 Recommendation: Add a securityContext block to either the Pod spec or the individual container spec. For example:
Description: By shipping resources: {} as the default in values.yaml, consumers of the chart may forget to specify CPU/memory requests and limits, which can lead to resource contention or unexpected evictions in a multi-tenant cluster.
💡 Recommendation: Provide recommended default resource requests and limits in values.yaml (or document them in the chart’s README) to enforce sensible defaults. For example:
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NitriKx
force-pushed
the
allow-to-define-resources
branch
from
This PR allows to customise the requests and limits for the backend deployment