-
Notifications
You must be signed in to change notification settings - Fork 1.2k
added helm chart support #1762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
added helm chart support #1762
Conversation
WalkthroughAdds a complete Helm chart for Wren AI: chart metadata, defaults, templates (Deployments, Services, ConfigMaps, Secrets, PVC, Ingress), NOTES and README for installation, and dependencies on Qdrant and PostgreSQL. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Helm
participant Repo as ChartRepo (charts: qdrant, postgresql)
participant K8s
participant Wren as WrenPods
User->>Helm: helm install wren ./deployment/helm-chart
Helm->>Repo: resolve dependencies (qdrant, postgresql)
Helm->>K8s: render & apply manifests (ConfigMaps, Secrets, PVC, Services, Deployments, Ingress)
K8s->>Wren: schedule pods (ui, engine, ai-service, ibis)
K8s->>Wren: inject ConfigMaps & Secrets, mount PVC
User->>K8s: access UI/AI via Ingress / NodePort / port-forward
Wren->>K8s: connect to dependencies (postgresql, qdrant) and external APIs (OpenAI/Gemini)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal). Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 6
🧹 Nitpick comments (15)
deployment/helm-chart/templates/_helpers.tpl (1)
4-6
: Naming consistency: consider aligning helper prefixes with chart name.Helpers are defined under
"wren-ai"
, whileChart.yaml
usesname: wren
. To avoid confusion, align the helper prefix with the actual chart name (e.g., use"wren"
).deployment/helm-chart/values.yaml (1)
368-368
: Add newline at end of file.YAML requires a trailing newline at EOF. Please append a blank line to comply with POSIX and YAML specifications.
deployment/helm-chart/templates/ingress.yaml (1)
1-28
: Suppress blank manifests: use template whitespace control.Wrap conditionals with
{{- if ... }}
and{{- end }}
(note the leading/trailing hyphens) to trim unwanted newlines and prevent empty YAML documents when.Values.ui.ingress.enabled
is false.deployment/helm-chart/templates/pvc.yaml (1)
21-21
: Add newline at end-of-file.
Ensure a trailing newline for POSIX compliance and to prevent lint warnings.deployment/helm-chart/templates/secrets.yaml (1)
40-40
: Add newline at end-of-file.
Append a trailing newline to satisfy POSIX and avoid lint warnings.deployment/helm-chart/templates/ibis-deployment.yaml (1)
54-54
: Add newline at end-of-file.
Include a trailing newline to satisfy POSIX and avoid lint issues.deployment/helm-chart/templates/engine-deployment.yaml (1)
77-77
: Add newline at end-of-file.
Include a trailing newline to satisfy POSIX and avoid lint issues.deployment/helm-chart/templates/ai-service-deployment.yaml (1)
117-117
: Add newline character at end of file.
Ensure the file ends with a newline to comply with POSIX standards and avoid lint errors.deployment/helm-chart/templates/ui-deployment.yaml (2)
99-99
: Remove trailing whitespace.
Trim the extra spaces on these lines to clean up unnecessary whitespace.- - name: TELEMETRY_ENABLED + - name: TELEMETRY_ENABLED- valueFrom: + valueFrom:Also applies to: 116-116
133-133
: Add newline character at end of file.
Ensure the file ends with a newline to satisfy POSIX conventions and avoid lint errors.deployment/helm-chart/README.md (3)
7-7
: Remove trailing punctuation in headings.
Avoid ending Markdown headings with a colon for cleaner style. E.g., change## Steps to deploy:
→## Steps to deploy
.Also applies to: 14-14, 69-69
16-16
: Fix loose punctuation and spacing.
Clean up extra spaces and stray backticks in this line. E.g.,- `Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file... + `Suggestion`: Before deploying, check out the Helm values in the `deployment/helm` folder...
72-72
: Correct “its” to “it’s”.
Use the contraction “it’s” (it is) for clarity:- its less likely you need to modify them + it’s less likely you need to modify themdeployment/helm-chart/templates/configmap.yaml (2)
20-20
: Align spacing after colon.
Remove the extra space so there’s exactly one space after the colon:- IBIS_SERVER_VERSION: {{ .Values.global.versions.ibisServer | quote }} + IBIS_SERVER_VERSION: {{ .Values.global.versions.ibisServer | quote }}
214-214
: Add newline character at end of file.
Ensure the file ends with a newline to comply with POSIX standards.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (14)
deployment/helm-chart/Chart.yaml
(1 hunks)deployment/helm-chart/NOTES.txt
(1 hunks)deployment/helm-chart/README.md
(1 hunks)deployment/helm-chart/templates/_helpers.tpl
(1 hunks)deployment/helm-chart/templates/ai-service-deployment.yaml
(1 hunks)deployment/helm-chart/templates/configmap.yaml
(1 hunks)deployment/helm-chart/templates/engine-deployment.yaml
(1 hunks)deployment/helm-chart/templates/ibis-deployment.yaml
(1 hunks)deployment/helm-chart/templates/ingress.yaml
(1 hunks)deployment/helm-chart/templates/pvc.yaml
(1 hunks)deployment/helm-chart/templates/secrets.yaml
(1 hunks)deployment/helm-chart/templates/service.yaml
(1 hunks)deployment/helm-chart/templates/ui-deployment.yaml
(1 hunks)deployment/helm-chart/values.yaml
(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
deployment/helm-chart/templates/pvc.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
deployment/helm-chart/templates/ingress.yaml
[error] 2-2: syntax error: expected '', but found ''
(syntax)
[warning] 20-20: wrong indentation: expected 8 but found 10
(indentation)
deployment/helm-chart/templates/ibis-deployment.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 13-13: wrong indentation: expected 4 but found 6
(indentation)
[warning] 18-18: wrong indentation: expected 6 but found 8
(indentation)
[warning] 21-21: wrong indentation: expected 4 but found 6
(indentation)
[error] 54-54: no new line character at the end of file
(new-line-at-end-of-file)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/templates/engine-deployment.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 13-13: wrong indentation: expected 4 but found 6
(indentation)
[warning] 18-18: wrong indentation: expected 6 but found 8
(indentation)
[warning] 21-21: wrong indentation: expected 4 but found 6
(indentation)
[error] 77-77: no new line character at the end of file
(new-line-at-end-of-file)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/templates/service.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 17-17: wrong indentation: expected 2 but found 4
(indentation)
[warning] 25-25: wrong indentation: expected 2 but found 4
(indentation)
[warning] 39-39: wrong indentation: expected 2 but found 4
(indentation)
[warning] 47-47: wrong indentation: expected 2 but found 4
(indentation)
[warning] 57-57: wrong indentation: expected 2 but found 4
(indentation)
[warning] 65-65: wrong indentation: expected 2 but found 4
(indentation)
[warning] 75-75: wrong indentation: expected 2 but found 4
(indentation)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/templates/secrets.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[error] 40-40: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/templates/ai-service-deployment.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 13-13: wrong indentation: expected 4 but found 6
(indentation)
[warning] 18-18: wrong indentation: expected 6 but found 8
(indentation)
[warning] 21-21: wrong indentation: expected 4 but found 6
(indentation)
[error] 117-117: no new line character at the end of file
(new-line-at-end-of-file)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/values.yaml
[error] 19-19: trailing spaces
(trailing-spaces)
[error] 27-27: trailing spaces
(trailing-spaces)
[error] 34-34: trailing spaces
(trailing-spaces)
[error] 38-38: trailing spaces
(trailing-spaces)
[error] 52-52: trailing spaces
(trailing-spaces)
[error] 84-84: trailing spaces
(trailing-spaces)
[error] 135-135: trailing spaces
(trailing-spaces)
[error] 145-145: trailing spaces
(trailing-spaces)
[error] 162-162: trailing spaces
(trailing-spaces)
[error] 176-176: trailing spaces
(trailing-spaces)
[error] 247-247: trailing spaces
(trailing-spaces)
[error] 248-248: trailing spaces
(trailing-spaces)
[error] 287-287: trailing spaces
(trailing-spaces)
[error] 294-294: trailing spaces
(trailing-spaces)
[error] 302-302: trailing spaces
(trailing-spaces)
[warning] 347-347: wrong indentation: expected 10 but found 9
(indentation)
[error] 368-368: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/templates/configmap.yaml
[warning] 20-20: too many spaces after colon
(colons)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/templates/ui-deployment.yaml
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 13-13: wrong indentation: expected 4 but found 6
(indentation)
[warning] 18-18: wrong indentation: expected 6 but found 8
(indentation)
[warning] 21-21: wrong indentation: expected 4 but found 6
(indentation)
[error] 99-99: trailing spaces
(trailing-spaces)
[error] 116-116: trailing spaces
(trailing-spaces)
[error] 133-133: no new line character at the end of file
(new-line-at-end-of-file)
[error] 4-4: syntax error: expected , but found ''
(syntax)
🪛 LanguageTool
deployment/helm-chart/NOTES.txt
[uncategorized] ~3-~3: Loose punctuation mark.
Context: ...ervices {{ include "wren-ai.fullname" . }}-ui-svc) export NODE_IP=$(kubectl get...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~8-~8: Loose punctuation mark.
Context: ... svc -w {{ include "wren-ai.fullname" . }}-ui-svc' export SERVICE_IP=$(kubectl ...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~9-~9: Loose punctuation mark.
Context: ...pace }} {{ include "wren-ai.fullname" . }}-ui-svc --template "{{"{{ range (index ...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~12-~12: Loose punctuation mark.
Context: ...tes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance1. Get the a...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~14-~14: Loose punctuation mark.
Context: ...ervices {{ include "wren-ai.fullname" . }}-ai-service-svc) export NODE_IP=$(kub...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~19-~19: Loose punctuation mark.
Context: ... svc -w {{ include "wren-ai.fullname" . }}-ai-service-svc' export SERVICE_IP=$(...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~20-~20: Loose punctuation mark.
Context: ...pace }} {{ include "wren-ai.fullname" . }}-ai-service-svc --template "{{"{{ range...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~23-~23: Loose punctuation mark.
Context: ...tes.io/name={{ include "wren-ai.name" . }},app.kubernetes.io/instance={{ .Release...
(UNLIKELY_OPENING_PUNCTUATION)
deployment/helm-chart/README.md
[uncategorized] ~16-~16: Loose punctuation mark.
Context: ...helm ## Steps to deploy: Suggestion
: Before deploying, check out the Helm va...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~71-~71: “its” (belonging to it) seems less likely than “it’s” (it is)
Context: ...ns the core Wren AI manifest templates, its less likely you need to modify them, bu...
(AI_HYDRA_LEO_CPT_ITS_ITIS)
[grammar] ~72-~72: In the grammatical structure ‘pronoun + be/get + used + to + verb’, the verb ‘used’ is used with the gerund.
Context: ...ing helm dependency add
, and they are used to deploy third-party services alongside Wren AI....
(ADMIT_ENJOY_VB)
[uncategorized] ~77-~77: Loose punctuation mark.
Context: ... same namespace as wren-ai. - postgres
: Database that will be installed in the ...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~81-~81: Possible missing comma found.
Context: ...ame(first) and password(second) for the database respectively, separated by a colon. In ...
(AI_HYDRA_LEO_MISSING_COMMA)
[uncategorized] ~82-~82: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...erver is running in a Kubernetes cluster and it is named "wren-postgresql" in the *s...
(COMMA_COMPOUND_SENTENCE)
[uncategorized] ~122-~122: “you” seems less likely than “your” (belonging to you).
Context: ...mize some values. It can be usefull for you GitOps workflow and can be used in conj...
(AI_HYDRA_LEO_CP_YOU_YOUR)
[style] ~122-~122: ‘in conjunction with’ might be wordy. Consider a shorter alternative.
Context: ...for you GitOps workflow and can be used in conjunction with FluxCD or ArgoCD.
(EN_WORDINESS_PREMIUM_IN_CONJUNCTION_WITH)
🪛 Checkov (3.2.334)
deployment/helm-chart/values.yaml
[MEDIUM] 33-34: Basic Auth Credentials
(CKV_SECRET_4)
🪛 Gitleaks (8.26.0)
deployment/helm-chart/README.md
35-35: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 markdownlint-cli2 (0.17.2)
deployment/helm-chart/README.md
7-7: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
14-14: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
16-16: Spaces inside code span elements
null
(MD038, no-space-in-code)
69-69: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
🔇 Additional comments (28)
deployment/helm-chart/Chart.yaml (1)
1-27
: Helm chart metadata review: Approve.The
Chart.yaml
correctly definesapiVersion: v2
, chart name, version, dependencies, and maintainers. Ensure the file ends with a newline to satisfy POSIX and tooling requirements.deployment/helm-chart/templates/_helpers.tpl (1)
29-31
: Label version templating: approve.The
"wren-ai.chart"
helper formats the chart name and version correctly, replacing+
characters and enforcing DNS length limits.deployment/helm-chart/templates/ingress.yaml (1)
2-5
: Ingress spec: approve.The
apiVersion
,kind
,metadata
, and naming conventions integrate correctly with the Helm helper templates and user values.deployment/helm-chart/templates/pvc.yaml (2)
1-3
: Conditional PVC creation is clear and concise.
Using.Values.engine.persistence.enabled
to guard PVC creation aligns with best practices for optional persistence.
14-20
: Nestedif
forstorageClassName
handles the"-"
sentinel well.
The logic to set an emptystorageClassName
when the value is"-"
and quote non-empty values is precise.deployment/helm-chart/templates/secrets.yaml (1)
1-1
: Ignore YAMLlint false positive on templating.
The{{- if ... }}
syntax at file start is valid Helm template syntax; static YAML linters misinterpret it.deployment/helm-chart/templates/ibis-deployment.yaml (5)
4-4
: Ignore YAMLlint indentation and block-end warnings.
Helm templating constructs commonly trigger false-positive syntax and indentation issues in pure YAML linters.Also applies to: 7-7, 13-13, 18-18, 21-21
1-9
: Deployment metadata and replica configuration are consistent.
Theibis-server
deployment uses correct naming, labels, and a default replica fallback, aligning with other component deployments.
10-18
: Selector and Pod template labels are accurate.
Usinginclude "wren-ai.selectorLabels"
and component-specific labelling ensures correct service selection and observability.
20-31
: Node scheduling configuration is flexible.
ParameterizingnodeSelector
,affinity
, andtolerations
viawith
blocks offers robust cluster placement control.
32-40
: Container spec forwren-ibis
is comprehensive.
Image configuration, ports, and environment variable sourcing from ConfigMaps follow chart conventions.deployment/helm-chart/templates/engine-deployment.yaml (7)
4-4
: Ignore YAMLlint false positives.
Helm Go templating triggers syntax and indentation warnings in pure YAML linters; these can be safely ignored.Also applies to: 7-7, 13-13, 18-18, 21-21
1-9
: Engine Deployment metadata and replica config look good.
Naming, labels, and default replica fallback align with chart standards.
10-18
: Selector and template labels are correctly parameterized.
Using sharedselectorLabels
and component labelling ensures pod-service binding consistency.
20-31
: Node scheduling parameters are properly exposed.
The inclusion ofnodeSelector
,affinity
, andtolerations
viawith
blocks offers flexibility for complex cluster topologies.
32-35
: Persistent volume claim volume is correctly referenced.
Volume name (wren-data
) andclaimName
match the PVC template, ensuring reliable mounts.
36-59
: Init container setup is thorough.
The bootstrap container correctly sources ConfigMap and secret values for database credentials and mounts the data volume.
60-77
: Main container config aligns with other components.
Image, ports, volume mounts, and resource blocks mirror established patterns across the chart.deployment/helm-chart/NOTES.txt (7)
3-3
: Ignore LanguageTool spurious warnings.
Loose punctuation warnings are caused by Helm templating and do not affect functionality.Also applies to: 8-8, 9-9, 12-12, 14-14, 19-19, 20-20, 23-23
2-6
: UI NodePort instructions are clear.
ExtractingNODE_PORT
andNODE_IP
and echoing the URL matches Helm post-install guidance.
7-10
: UI LoadBalancer instructions are accurate.
Advising on external IP readiness and using JSONPath for extraction is correct.
13-17
: AI Service NodePort instructions are correct.
Commands mirror the UI pattern and reference the proper service suffix.
17-21
: AI Service LoadBalancer block is fine.
It correctly notes potential delays and uses theloadBalancer.ingress
path extraction.
21-27
: AI Service ClusterIP instructions align with standards.
Pattern matches UI's fixed block and provides a consistent port-forward workflow.
29-33
: Verify AI Service port reference.
Ensure.Values.config.ports.aiService
matches the port defined in the AI Service templates. If the port lives under a different key, update accordingly.deployment/helm-chart/templates/ai-service-deployment.yaml (1)
4-4
: Ignore static-analysis indentation/syntax warnings.
These YAMLlint and syntax errors are false positives due to Helm templating and intentional indentation fornindent
. No change needed.Also applies to: 7-7, 13-13, 18-18, 21-21
deployment/helm-chart/templates/ui-deployment.yaml (1)
4-4
: Ignore static-analysis indentation/syntax warnings.
The reported indentation and syntax errors stem from Helm templating and do not reflect actual YAML issues.Also applies to: 7-7, 13-13, 18-18, 21-21
deployment/helm-chart/templates/configmap.yaml (1)
4-4
: Ignore static-analysis syntax/spacing warnings.
These errors are false positives due to Helm templating; the syntax and spacing are valid.Also applies to: 20-20
metadata: | ||
name: {{ include "wren-ai.fullname" . }}-ui-svc | ||
labels: | ||
{{- include "wren-ai.labels" . | nindent 4 }} | ||
app.kubernetes.io/component: ui | ||
spec: | ||
type: {{ .Values.ui.service.type }} | ||
ports: | ||
- port: {{ .Values.ui.service.port }} | ||
targetPort: http | ||
protocol: TCP | ||
name: http-ui | ||
selector: | ||
{{- include "wren-ai.selectorLabels" . | nindent 4 }} | ||
app.kubernetes.io/component: ui | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{ include "wren-ai.fullname" . }}-engine-svc | ||
labels: | ||
{{- include "wren-ai.labels" . | nindent 4 }} | ||
app.kubernetes.io/component: engine | ||
spec: | ||
type: {{ .Values.engine.service.type }} | ||
ports: | ||
- port: {{ .Values.engine.service.ports.engine }} | ||
targetPort: http | ||
protocol: TCP | ||
name: wren-engine | ||
- port: {{ .Values.engine.service.ports.sql }} | ||
targetPort: sql | ||
protocol: TCP | ||
name: wren-engine-sql | ||
selector: | ||
{{- include "wren-ai.selectorLabels" . | nindent 4 }} | ||
app.kubernetes.io/component: engine | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{ include "wren-ai.fullname" . }}-ai-service-svc | ||
labels: | ||
{{- include "wren-ai.labels" . | nindent 4 }} | ||
app.kubernetes.io/component: ai-service | ||
spec: | ||
type: {{ .Values.aiService.service.type }} | ||
ports: | ||
- port: {{ .Values.aiService.service.port }} | ||
targetPort: http | ||
protocol: TCP | ||
name: http | ||
selector: | ||
{{- include "wren-ai.selectorLabels" . | nindent 4 }} | ||
app.kubernetes.io/component: ai-service | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{ include "wren-ai.fullname" . }}-ibis-server-svc | ||
labels: | ||
{{- include "wren-ai.labels" . | nindent 4 }} | ||
app.kubernetes.io/component: ibis-server | ||
spec: | ||
type: {{ .Values.ibisServer.service.type }} | ||
ports: | ||
- port: {{ .Values.ibisServer.service.port }} | ||
targetPort: http | ||
protocol: TCP | ||
name: wren-ibis | ||
selector: | ||
{{- include "wren-ai.selectorLabels" . | nindent 4 }} | ||
app.kubernetes.io/component: ibis-server No newline at end of file |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix indentation across all Service definitions.
Multiple blocks (metadata
, spec
, ports
, selector
) are misaligned by 2 spaces. Nested keys should be indented by 2 spaces per level (e.g., under metadata:
, name:
and labels:
need an extra 2-space indent). Address these misalignments to ensure valid YAML parsing.
🧰 Tools
🪛 YAMLlint (1.37.1)
[warning] 7-7: wrong indentation: expected 2 but found 4
(indentation)
[warning] 17-17: wrong indentation: expected 2 but found 4
(indentation)
[warning] 25-25: wrong indentation: expected 2 but found 4
(indentation)
[warning] 39-39: wrong indentation: expected 2 but found 4
(indentation)
[warning] 47-47: wrong indentation: expected 2 but found 4
(indentation)
[warning] 57-57: wrong indentation: expected 2 but found 4
(indentation)
[warning] 65-65: wrong indentation: expected 2 but found 4
(indentation)
[warning] 75-75: wrong indentation: expected 2 but found 4
(indentation)
[error] 4-4: syntax error: expected , but found ''
(syntax)
🤖 Prompt for AI Agents
In deployment/helm-chart/templates/service.yaml from lines 3 to 75, the
indentation of keys under metadata, spec, ports, and selector is incorrect by 2
spaces. Fix this by ensuring each nested key is indented exactly 2 spaces more
than its parent key, for example, indent name and labels 2 spaces under
metadata, and similarly adjust all nested blocks consistently to maintain valid
YAML structure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
♻️ Duplicate comments (2)
deployment/helm-chart/values.yaml (2)
15-27
: Remove trailing whitespace & secure default secret management.This secrets block has trailing spaces flagged by YAMLlint, and defaults expose dummy credentials.
- Strip all trailing whitespace in this block.
- Consider defaulting to
useExistingSecret: true
for production or omitting dummy values.
338-348
: Fix indentation of Qdrant TLS hosts.The dash under
tls.hosts
is one space too few, causing parse errors. Align it with other list items.Example diff:
tls: - - hosts: - - qdrant-ai.myhost.net + - hosts: + - qdrant-ai.myhost.net secretName: qdrant-ai.myhost.net-tls
🧹 Nitpick comments (3)
deployment/helm-chart/values.yaml (2)
278-283
: Inconsistent secret property naming in PostgreSQL auth.You use
existingSecret
here butexistingSecretName
in the top-levelsecrets
section. Unify these keys to avoid confusion.Example:
postgresql: auth: - existingSecret: "wren-secret" + existingSecretName: "wren-secret" secretKeys: adminPasswordKey: "PG_ADMIN_PASSWORD" userPasswordKey: "PG_PASSWORD"
1-369
: Remove trailing whitespace throughout the file.Multiple lines contain trailing spaces flagged by YAMLlint. Strip them globally to ensure lint passes.
deployment/helm-chart/templates/configmap.yaml (1)
15-21
: Too many spaces after colon.Line 20 has two spaces before the value, triggering a YAMLlint warning. Standardize to one.
Example:
- IBIS_SERVER_VERSION: {{ .Values.global.versions.ibisServer | quote }} + IBIS_SERVER_VERSION: {{ .Values.global.versions.ibisServer | quote }}
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
deployment/helm-chart/templates/configmap.yaml
(1 hunks)deployment/helm-chart/values.yaml
(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
deployment/helm-chart/templates/configmap.yaml
[warning] 20-20: too many spaces after colon
(colons)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/values.yaml
[error] 19-19: trailing spaces
(trailing-spaces)
[error] 27-27: trailing spaces
(trailing-spaces)
[error] 34-34: trailing spaces
(trailing-spaces)
[error] 38-38: trailing spaces
(trailing-spaces)
[error] 52-52: trailing spaces
(trailing-spaces)
[error] 84-84: trailing spaces
(trailing-spaces)
[error] 135-135: trailing spaces
(trailing-spaces)
[error] 145-145: trailing spaces
(trailing-spaces)
[error] 162-162: trailing spaces
(trailing-spaces)
[error] 176-176: trailing spaces
(trailing-spaces)
[error] 247-247: trailing spaces
(trailing-spaces)
[error] 248-248: trailing spaces
(trailing-spaces)
[error] 287-287: trailing spaces
(trailing-spaces)
[error] 294-294: trailing spaces
(trailing-spaces)
[error] 302-302: trailing spaces
(trailing-spaces)
[warning] 347-347: wrong indentation: expected 10 but found 9
(indentation)
🪛 Checkov (3.2.334)
deployment/helm-chart/values.yaml
[MEDIUM] 33-34: Basic Auth Credentials
(CKV_SECRET_4)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
♻️ Duplicate comments (4)
deployment/helm-chart/README.md (1)
35-43
: Replace placeholder API keys with generic placeholders.The README includes realistic-looking API keys that could pose security risks. These should be replaced with clear placeholders.
Apply this diff to address the security concern:
-OPENAI_API_KEY=<Paste OPENAI_API_KEY here> +OPENAI_API_KEY=<YOUR_OPENAI_API_KEY> -LANGFUSE_PUBLIC_KEY=<Paste LANGFUSE_PUBLIC_KEY here> +LANGFUSE_PUBLIC_KEY=<YOUR_LANGFUSE_PUBLIC_KEY> -LANGFUSE_SECRET_KEY=<Paste LANGFUSE_SECRET_KEY here> +LANGFUSE_SECRET_KEY=<YOUR_LANGFUSE_SECRET_KEY> -POSTHOG_API_KEY=<Paste POSTHOG_API_KEY here> +POSTHOG_API_KEY=<YOUR_POSTHOG_API_KEY>deployment/helm-chart/values.yaml (2)
140-142
: Missingglobal.namespace
(duplicate from previous review)Templates reference
.Values.global.namespace
, but the key is still absent. Either add it here or wrap references withdefault .Release.Namespace
.
347-349
: Wrong indentation intls.hosts
list (duplicate)The dash before
- qdrant-ai.myhost.net
is indented 9 spaces; YAML expects 10. Helm fails to render. Fix as previously suggested.deployment/helm-chart/templates/configmap.yaml (1)
60-76
: Model keys mismatch (duplicate of prior feedback)
context_window_size
,kwargs.maxTokens
, andkwargs.seed
are rendered here but not present invalues.yaml
. Helm will output empty values, breaking the AI-service config.Either add the keys to every model item in
values.yaml
or guard withdefault
:- context_window_size: {{ .contextWindowSize }} +{{- if .contextWindowSize }} + context_window_size: {{ .contextWindowSize }} +{{- end }}Same for
maxTokens
,seed
.
🧹 Nitpick comments (14)
deployment/helm-chart/templates/secrets.yaml (1)
1-42
: Fix formatting issue - missing newline at end of file.The secret template logic is correct and properly handles conditional secret creation with base64 encoding. However, there's a formatting issue that should be addressed.
Apply this diff to fix the formatting:
{{- end }} -{{- end }} +{{- end }} +deployment/helm-chart/templates/engine-deployment.yaml (1)
1-78
: Fix formatting issue - missing newline at end of file.The deployment template is well-structured with proper use of init containers, persistent volumes, and environment variable configuration. The logic is sound and follows Kubernetes best practices.
Apply this diff to fix the formatting:
{{- end }} +
deployment/helm-chart/templates/ui-deployment.yaml (3)
100-100
: Remove trailing spaces.- valueFrom: + valueFrom:
117-117
: Remove trailing spaces.- valueFrom: + valueFrom:
1-134
: Fix formatting issue - missing newline at end of file.The UI deployment template is comprehensive and well-configured with proper environment variable management. The extensive configuration supports the UI component's needs effectively.
Apply this diff to fix the formatting:
{{- end }} +
deployment/helm-chart/README.md (2)
16-16
: Fix markdown formatting in suggestion callout.-`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file and modify them to suit your Kubernetes environment. +**Suggestion**: Before deploying, check out the Helm values in the `deployment/helm` file and modify them to suit your Kubernetes environment.
71-71
: Fix grammar - use "it's" instead of "its".-manifests the core Wren AI manifest templates, its less likely you need to modify them, but check just in case +manifests the core Wren AI manifest templates, it's less likely you need to modify them, but check just in casedeployment/helm-chart/templates/ai-service-deployment.yaml (3)
37-40
: Mount path but no read-only flag
config-volume
contains static configuration; mounting it read-only avoids accidental mutation inside the container:- - name: config-volume - mountPath: /app/data + - name: config-volume + mountPath: /app/data + readOnly: true
71-78
: Hard-coded UI endpoint duplicates value in ConfigMap
WREN_UI_ENDPOINT
is set here from.Values.config.endpoints.ui
, but the ConfigMap already defines the same variable. Keeping both increases drift risk. Consider removing it from one place and referencing via the shared ConfigMap only.
118-118
: Add a final newlinePOSIX tools expect a trailing newline; add one to avoid lint errors.
deployment/helm-chart/values.yaml (2)
20-42
: Strip trailing whitespace to pass YAMLlintMultiple lines in this block (and throughout the file) end with spaces, breaking CI. Run
yq eval
oryamllint -d relaxed
locally and remove the trailing blanks.
369-369
: Terminate file with a newlineAdd a final newline to satisfy linters and Git diff hygiene.
deployment/helm-chart/templates/configmap.yaml (2)
20-20
: Extra spaces after colon
IBIS_SERVER_VERSION:
has two spaces before the value, flagged by YAMLlint. Remove the extra space for consistency.
54-224
: ConfigMap too large—considerConfigMap+Secret
or mounted file
config.yaml
is ~300 lines; large ConfigMaps hit the 1 MiB limit quickly and are hard to diff. Storing the file in avalues
template and mounting via projected volume or a separate chart sub-directory is cleaner.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (8)
deployment/helm-chart/README.md
(1 hunks)deployment/helm-chart/templates/_helpers.tpl
(1 hunks)deployment/helm-chart/templates/ai-service-deployment.yaml
(1 hunks)deployment/helm-chart/templates/configmap.yaml
(1 hunks)deployment/helm-chart/templates/engine-deployment.yaml
(1 hunks)deployment/helm-chart/templates/secrets.yaml
(1 hunks)deployment/helm-chart/templates/ui-deployment.yaml
(1 hunks)deployment/helm-chart/values.yaml
(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
deployment/helm-chart/templates/ai-service-deployment.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 14-14: wrong indentation: expected 4 but found 6
(indentation)
[warning] 19-19: wrong indentation: expected 6 but found 8
(indentation)
[warning] 22-22: wrong indentation: expected 4 but found 6
(indentation)
[error] 118-118: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/templates/configmap.yaml
[warning] 20-20: too many spaces after colon
(colons)
[error] 4-4: syntax error: expected , but found ''
(syntax)
deployment/helm-chart/templates/engine-deployment.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 14-14: wrong indentation: expected 4 but found 6
(indentation)
[warning] 19-19: wrong indentation: expected 6 but found 8
(indentation)
[warning] 22-22: wrong indentation: expected 4 but found 6
(indentation)
[error] 78-78: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/templates/secrets.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[error] 42-42: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/templates/ui-deployment.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 14-14: wrong indentation: expected 4 but found 6
(indentation)
[warning] 19-19: wrong indentation: expected 6 but found 8
(indentation)
[warning] 22-22: wrong indentation: expected 4 but found 6
(indentation)
[error] 100-100: trailing spaces
(trailing-spaces)
[error] 117-117: trailing spaces
(trailing-spaces)
[error] 134-134: no new line character at the end of file
(new-line-at-end-of-file)
deployment/helm-chart/values.yaml
[error] 20-20: trailing spaces
(trailing-spaces)
[error] 28-28: trailing spaces
(trailing-spaces)
[error] 35-35: trailing spaces
(trailing-spaces)
[error] 39-39: trailing spaces
(trailing-spaces)
[error] 53-53: trailing spaces
(trailing-spaces)
[error] 85-85: trailing spaces
(trailing-spaces)
[error] 136-136: trailing spaces
(trailing-spaces)
[error] 146-146: trailing spaces
(trailing-spaces)
[error] 163-163: trailing spaces
(trailing-spaces)
[error] 177-177: trailing spaces
(trailing-spaces)
[error] 248-248: trailing spaces
(trailing-spaces)
[error] 249-249: trailing spaces
(trailing-spaces)
[error] 288-288: trailing spaces
(trailing-spaces)
[error] 295-295: trailing spaces
(trailing-spaces)
[error] 303-303: trailing spaces
(trailing-spaces)
[warning] 348-348: wrong indentation: expected 10 but found 9
(indentation)
[error] 369-369: no new line character at the end of file
(new-line-at-end-of-file)
🪛 LanguageTool
deployment/helm-chart/README.md
[uncategorized] ~16-~16: Loose punctuation mark.
Context: ...helm ## Steps to deploy: Suggestion
: Before deploying, check out the Helm va...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~71-~71: “its” (belonging to it) seems less likely than “it’s” (it is)
Context: ...ns the core Wren AI manifest templates, its less likely you need to modify them, bu...
(AI_HYDRA_LEO_CPT_ITS_ITIS)
[grammar] ~72-~72: In the grammatical structure ‘pronoun + be/get + used + to + verb’, the verb ‘used’ is used with the gerund.
Context: ...ing helm dependency add
, and they are used to deploy third-party services alongside Wren AI....
(ADMIT_ENJOY_VB)
[uncategorized] ~77-~77: Loose punctuation mark.
Context: ... same namespace as wren-ai. - postgres
: Database that will be installed in the ...
(UNLIKELY_OPENING_PUNCTUATION)
[uncategorized] ~81-~81: Possible missing comma found.
Context: ...ame(first) and password(second) for the database respectively, separated by a colon. In ...
(AI_HYDRA_LEO_MISSING_COMMA)
[uncategorized] ~82-~82: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...erver is running in a Kubernetes cluster and it is named "wren-postgresql" in the *s...
(COMMA_COMPOUND_SENTENCE)
[uncategorized] ~87-~87: You might be missing the article “the” here.
Context: ...the Steps to deploy
section to deploy Wren AI app into your k8s. ```shell minikube...
(AI_EN_LECTOR_MISSING_DETERMINER_THE)
[uncategorized] ~122-~122: “you” seems less likely than “your” (belonging to you).
Context: ...mize some values. It can be usefull for you GitOps workflow and can be used in conj...
(AI_HYDRA_LEO_CP_YOU_YOUR)
[style] ~122-~122: ‘in conjunction with’ might be wordy. Consider a shorter alternative.
Context: ...for you GitOps workflow and can be used in conjunction with FluxCD or ArgoCD.
(EN_WORDINESS_PREMIUM_IN_CONJUNCTION_WITH)
🪛 markdownlint-cli2 (0.17.2)
deployment/helm-chart/README.md
7-7: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
14-14: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
16-16: Spaces inside code span elements
null
(MD038, no-space-in-code)
69-69: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
🪛 Checkov (3.2.334)
deployment/helm-chart/values.yaml
[MEDIUM] 34-35: Basic Auth Credentials
(CKV_SECRET_4)
🔇 Additional comments (3)
deployment/helm-chart/templates/_helpers.tpl (1)
1-62
: LGTM! Well-structured Helm template helpers.The template helpers follow Helm best practices and provide consistent naming, labeling, and secret management across the chart. The implementation correctly handles:
- DNS-compliant name truncation and trimming
- Standard Kubernetes labels
- Flexible secret name resolution
These helpers provide a solid foundation for the other templates in the chart.
deployment/helm-chart/templates/ai-service-deployment.yaml (2)
93-95
:CONFIG_PATH
must align with mounted fileThe volume mounts
/app/data/config.yaml
, matching the default value. If users overrideaiService.env.configPath
, the file may not exist. Guard with a default:value: {{ default "/app/data/config.yaml" .Values.aiService.env.configPath | quote }}
11-14
: Fix selector / matchLabels indentation
matchLabels
is two levels deep underselector
, so keys beneath it should be indented 8 spaces, not 6. Helm’snindent 6
macro produces invalid YAML:- {{- include "wren-ai.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: ai-service + {{- include "wren-ai.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: ai-serviceRunning
helm template . | kubeval
currently fails. Adjust the indent or change the helper tonindent 8
.Likely an incorrect or invalid review comment.
{{- $secretName := include "wren-ai.secretName" . }} | ||
apiVersion: apps/v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Insert a YAML document start to silence linter syntax error
YAMLlint flags a “syntax error: expected the node content, but found ‘-’” on line 1.
Add an explicit document delimiter/blank line after the local template assignment so the rendered YAML starts cleanly:
{{- $secretName := include "wren-ai.secretName" . }}
+
+---
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
{{- $secretName := include "wren-ai.secretName" . }} | |
apiVersion: apps/v1 | |
{{- $secretName := include "wren-ai.secretName" . }} | |
--- | |
apiVersion: apps/v1 |
🧰 Tools
🪛 YAMLlint (1.37.1)
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
🤖 Prompt for AI Agents
In deployment/helm-chart/templates/ai-service-deployment.yaml at lines 1 to 2,
the YAML linter reports a syntax error due to the local template assignment line
not being separated from the YAML content. Fix this by adding a YAML document
start delimiter (---) or a blank line immediately after the local template
assignment line to ensure the rendered YAML begins cleanly and resolves the
linter syntax error.
# If qdrant.enabled is true, qdrantHost defaults to {{ Release.Name }}-qdrant | ||
qdrantHost: "" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Empty qdrantHost
leads to wrong ENV when qdrant disabled
When qdrant.enabled=false
and documentStore.qdrantHost
is empty, the deployment still defaults to <release>-qdrant
, which won’t resolve. Make the default conditional:
qdrantHost: "{{- if .Values.qdrant.enabled }}{{ .Release.Name }}-qdrant{{- end }}"
🤖 Prompt for AI Agents
In deployment/helm-chart/values.yaml around lines 69 to 71, the qdrantHost is
set to an empty string which causes the deployment to default to
<release>-qdrant even when qdrant.enabled is false, leading to an incorrect
environment variable. Fix this by making the qdrantHost default conditional on
qdrant.enabled being true, using Helm templating syntax to set qdrantHost to
"{{- if .Values.qdrant.enabled }}{{ .Release.Name }}-qdrant{{- end }}".
secrets: | ||
# Option 1: Use existing secret (recommended for production) | ||
useExistingSecret: true | ||
annotations: {} | ||
existingSecretName: "wren-secret" | ||
|
||
# Option 2: Create secret from values (for development/testing) | ||
# Set useExistingSecret to false and provide values below | ||
createFromValues: false | ||
values: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Plain-text dummy secrets are committed
OPENAI_API_KEY
, GEMINI_API_KEY
, PG_PASSWORD
, etc. sit in the repo—even though marked dummy, they encourage bad practice and can be mistakenly deployed.
Provide only the keys, empty by default, or move them to secrets.values.example
excluded via .helmignore
.
- GEMINI_API_KEY: "dummy"
+ # GEMINI_API_KEY: ""
Committable suggestion skipped: line range outside the PR's diff.
🧰 Tools
🪛 YAMLlint (1.37.1)
[error] 20-20: trailing spaces
(trailing-spaces)
🤖 Prompt for AI Agents
In deployment/helm-chart/values.yaml around lines 15 to 24, remove all dummy
secret values such as OPENAI_API_KEY, GEMINI_API_KEY, and PG_PASSWORD from the
file to avoid committing sensitive data. Instead, provide only the keys with
empty default values or move these secret values to a separate file like
secrets.values.example, which should be excluded from the repository using
.helmignore. This prevents accidental deployment of dummy secrets and encourages
better secret management practices.
@aryankumar04 when will this change be merged? Good work 🚀 |
Co-authored-by: Dario Nascimento <[email protected]>
Co-authored-by: Dario Nascimento <[email protected]>
Co-authored-by: Dario Nascimento <[email protected]>
Hey @dnascimento , Thanks for your reviews, I have commited the suggested changes. @wwwy3y3 Can you please check this PR ? Thanks in advance! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
♻️ Duplicate comments (1)
deployment/helm-chart/README.md (1)
34-43
: Secrets now look sanitized — good.Previous gitleaks concern appears addressed; keys are placeholders. Keep it that way.
🧹 Nitpick comments (7)
deployment/helm-chart/README.md (7)
98-105
: Remove duplicate external-dns install; add provider note.external-dns is installed twice; keep the parameterized one. Also remind users to set a provider (e.g., AWS/GCP/Cloudflare) or skip for Minikube.
-helm install external-dns bitnami/external-dns -helm install \ - external-dns bitnami/external-dns \ +helm install \ + external-dns bitnami/external-dns \ --namespace external-dns \ --version 7.5.2 \ --create-namespace \ - --set installCRDs=true + --set provider=<your-dns-provider> \ + --set txtOwnerId=wren-minikube +# For local Minikube without a real DNS provider, you can skip external-dns.
4-4
: Tighten up grammar, headings, and markdownlint nits.Fix typos and MD026/MD038 warnings; improves readability.
-3. Secrets vales can be deployed together or separately. +3. Secrets values can be deployed together or separately. -## Dependencies used in this kustomization: +## Dependencies used in this setup -## Steps to deploy: +## Steps to deploy -`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file and modify them to suit your Kubernetes environment. +`Suggestion`: Before deploying, review the Helm values in `deployment/helm-chart` and modify them to suit your Kubernetes environment. -### Notes on Helm: +### Notes on Helm -- `deployment/helm/values.yaml` is the main file responsible for versions of other apps such as Qdrant and PostgreSQL, version of your Wren AI app. It also combines resourses from the manifest such as ConfigMaps, Deployments, and Services. And example Ingress and Secrets. +- `deployment/helm-chart/values.yaml` is the main file responsible for versions of other apps such as Qdrant and PostgreSQL, and your Wren AI app. It also combines resources from the manifests such as ConfigMaps, Deployments, Services, example Ingress, and Secrets. -# GitOps Patches +# GitOps patchesAlso applies to: 7-7, 14-14, 16-16, 69-69, 70-70, 121-121
45-55
: Quote secret literals to avoid word-splitting; keep namespace flag first.Safer for values containing special chars or spaces.
-kubectl create secret generic wren-secret \ +kubectl create secret generic wren-secret -n wren \ --from-literal=OPENAI_API_KEY=$OPENAI_API_KEY \ - --from-literal=PG_USERNAME=$PG_USERNAME \ - --from-literal=PG_PASSWORD=$PG_PASSWORD \ - --from-literal=PG_ADMIN_PASSWORD=$PG_ADMIN_PASSWORD \ - --from-literal=PG_URL=$PG_URL \ - --from-literal=LANGFUSE_PUBLIC_KEY=$LANGFUSE_PUBLIC_KEY \ - --from-literal=LANGFUSE_SECRET_KEY=$LANGFUSE_SECRET_KEY \ - --from-literal=POSTHOG_API_KEY=$POSTHOG_API_KEY \ - --from-literal=USER_UUID=$USER_UUID \ - -n wren + --from-literal=PG_USERNAME="$PG_USERNAME" \ + --from-literal=PG_PASSWORD="$PG_PASSWORD" \ + --from-literal=PG_ADMIN_PASSWORD="$PG_ADMIN_PASSWORD" \ + --from-literal=PG_URL="$PG_URL" \ + --from-literal=LANGFUSE_PUBLIC_KEY="$LANGFUSE_PUBLIC_KEY" \ + --from-literal=LANGFUSE_SECRET_KEY="$LANGFUSE_SECRET_KEY" \ + --from-literal=POSTHOG_API_KEY="$POSTHOG_API_KEY" \ + --from-literal=USER_UUID="$USER_UUID"
76-77
: Use consistent namespace wording.Docs say “same namespace as wren-ai” but earlier we created namespace wren. Align wording.
-Starting with wren-ui version 0.6.0 by default the postgres database is used for wren-ui in this helm chart and will be installed in the same namespace as wren-ai. -- `postgres`: Database that will be installed in the same namespace as wren-ai. You *must* update `PG_URL` in the Secret manifest. +Starting with wren-ui version 0.6.0 the PostgreSQL database is used for wren-ui in this chart and will be installed in the same namespace (wren). +- `postgres`: Database installed in the same namespace (wren). You *must* update `PG_URL` in the Secret manifest.
86-117
: Minikube guidance: add brief TLS/Ingress note and MetalLB IP pool pointer.Without TLS config and an address pool, users may stall. Consider a short note.
Suggested addendum (after MetalLB enable):
minikube addons enable metallb +# Configure a MetalLB address pool (example range depends on your network): +# https://minikube.sigs.k8s.io/docs/handbook/addons/metallb/ ... helm repo add jetstack https://charts.jetstack.io ... kubectl get pods -n cert-manager + +# When deploying with TLS, ensure your values set ingress.tls and provide a DNS name. +# For local tests without DNS, you can use a self-signed ClusterIssuer in cert-manager.
1-6
: Call out authentication options.You already warn about running without auth. Link or mention supported auth patterns (Ingress basic auth, OIDC, or upstream auth) so users can secure deployments.
32-43
: Optional: avoid shell history leaks for secrets.Use read -s or env files; recommend SealedSecrets/ExternalSecrets for production.
Example:
-OPENAI_API_KEY=<YOUR_OPENAI_API_KEY> +read -r -s OPENAI_API_KEY # paste and press Enter; value stays out of shell history +echoAnd consider describing SealedSecrets/ExternalSecrets alternatives.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
deployment/helm-chart/README.md
(1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.17.2)
deployment/helm-chart/README.md
7-7: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
14-14: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
16-16: Spaces inside code span elements
(MD038, no-space-in-code)
69-69: Trailing punctuation in heading
Punctuation: ':'
(MD026, no-trailing-punctuation)
`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file and modify them to suit your Kubernetes environment. | ||
|
||
The `deployment/helm` folder contains a `values.yaml` file that will inflate the manifests into a `deployment/helm/template` files used to deploy the app to your Kubernetes cluster. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix path inconsistencies: use deployment/helm-chart everywhere.
Current text mixes deployment/helm and deployment/helm-chart, and the -f path points to a non-existent file. This will cause failed installs.
Apply:
-`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm ` file and modify them to suit your Kubernetes environment.
+`Suggestion`: Before deploying, check out the Helm values in the `deployment/helm-chart` folder and modify them to suit your Kubernetes environment.
-The `deployment/helm` folder contains a `values.yaml` file that will inflate the manifests into a `deployment/helm/template` files used to deploy the app to your Kubernetes cluster.
+The `deployment/helm-chart` folder contains a `values.yaml` file that renders templates under `deployment/helm-chart/templates` used to deploy the app to your Kubernetes cluster.
-# Download Wren AI dependency charts like Qdrant or postgresql
-helm dependency build ./deployment/helm-chart
+# Download Wren AI dependency charts like Qdrant or PostgreSQL
+helm dependency build deployment/helm-chart
# Deploy Wren AI with Helm
-helm upgrade --install wrenai ./deployment/helm-chart \
+helm upgrade --install wrenai deployment/helm-chart \
--namespace wren \
- -f deployment/helm/values.yaml \
+ -f deployment/helm-chart/values.yaml \
-### Notes on Helm:
-- `deployment/helm/values.yaml` is the main file responsible for versions of other apps such as Qdrant and PostgreSQL, version of your Wren AI app. It also combines resourses from the manifest such as ConfigMaps, Deployments, and Services. And example Ingress and Secrets.
-- `deployment/helm/template` is the manifests folder that contains the core Wren AI manifest templates, its less likely you need to modify them, but check just in case
-- `deployment/helm/charts` is directory contains any dependent Helm charts (subcharts) required by Wren AI, such as PostgreSQL or Qdrant. These dependencies are either added manually or using `helm dependency add`, and they are used to deploy third-party services alongside Wren AI.
-- `deployment/helm/Chart.yaml` This file defines the metadata for the Helm chart used to deploy Wren AI. It includes the chart name, version, application version, dependencies and a description. Helm uses this file to identify and manage the chart during installation and upgrades.
+### Notes on Helm
+- `deployment/helm-chart/values.yaml` is the main file responsible for versions of other apps such as Qdrant and PostgreSQL, and the Wren AI app. It also combines resources from the manifests such as ConfigMaps, Deployments, Services, example Ingress, and Secrets.
+- `deployment/helm-chart/templates` contains the core Wren AI manifest templates; it’s less likely you need to modify them—verify first.
+- `deployment/helm-chart/charts` contains dependent Helm charts (subcharts) required by Wren AI, such as PostgreSQL or Qdrant. These are added via `helm dependency add` and deployed alongside Wren AI.
+- `deployment/helm-chart/Chart.yaml` defines chart metadata (name, version, appVersion, dependencies, description) used during install/upgrade.
Also applies to: 58-65, 69-74
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)
16-16: Spaces inside code span elements
(MD038, no-space-in-code)
🤖 Prompt for AI Agents
In deployment/helm-chart/README.md around lines 16 to 19 (also apply same fixes
to lines 58-65 and 69-74), update all occurrences of the incorrect path
"deployment/helm" to the canonical "deployment/helm-chart", and fix any example
-f flags or file references so they point to the existing
deployment/helm-chart/values.yaml (and template references to
deployment/helm-chart/templates or deployment/helm-chart/templates/* as
appropriate); ensure every mention and command uses the exact same
deployment/helm-chart path so installs reference real files.
```shell | ||
# Clone the repository with Helm chart | ||
git clone https://github.com/Canner/WrenAI.git | ||
cd WrenAI | ||
|
||
# Create namespace | ||
kubectl create namespace wren | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
Verify chart/secret wiring matches docs.
Ensure templates reference wren-secret
and the exact key names (OPENAI_API_KEY, PG_URL, etc.), and that NOTES/values align with README.
Also applies to: 58-67, 69-74, 75-85
🏁 Script executed:
#!/bin/bash
# Confirm secret refs and values paths
rg -n -C2 -g 'deployment/helm-chart/**' \
-e 'secretKeyRef:\s*name:\s*wren-secret' \
-e 'key:\s*(OPENAI_API_KEY|PG_URL|PG_USERNAME|PG_PASSWORD|PG_ADMIN_PASSWORD|LANGFUSE_PUBLIC_KEY|LANGFUSE_SECRET_KEY|POSTHOG_API_KEY|USER_UUID)'
echo "---- Check values file and NOTES paths ----"
rg -n -C1 -g 'deployment/helm-chart/**' 'values.yaml|wren-secret|ingress|tls|postgresql'
Length of output: 15247
Update README secret creation to match chart templates' secret keys
- Templates reference the secret via {{ $secretName }} (values.yaml sets existingSecretName/existingSecret = "wren-secret": deployment/helm-chart/values.yaml:19,283) and expect these keys: OPENAI_API_KEY (or GEMINI_API_KEY alternative), PG_URL, PG_USERNAME, PG_PASSWORD, USER_UUID, POSTHOG_API_KEY, LANGFUSE_PUBLIC_KEY, LANGFUSE_SECRET_KEY — see deployment/helm-chart/templates/{ai-service-deployment.yaml,ui-deployment.yaml,engine-deployment.yaml}.
- README's example only creates wren-secret with OPENAI_API_KEY (deployment/helm-chart/README.md:45-46). Update README/NOTES to create all required secret keys or clearly document which keys are optional/conditional (e.g., GEMINI vs OPENAI, Langfuse/PostHog).
🤖 Prompt for AI Agents
In deployment/helm-chart/README.md around lines 20 to 27, the README currently
only shows creating the namespace and later creates a secret with just
OPENAI_API_KEY; update the README/NOTES to either (A) show creating the expected
Kubernetes secret (wren-secret) populated with all keys referenced by the chart
templates—OPENAI_API_KEY (or GEMINI_API_KEY alternative), PG_URL, PG_USERNAME,
PG_PASSWORD, USER_UUID, POSTHOG_API_KEY, LANGFUSE_PUBLIC_KEY,
LANGFUSE_SECRET_KEY—or (B) clearly document which keys are optional and which
are mutually exclusive (e.g., GEMINI vs OPENAI, Langfuse vs PostHog) and where
to set existingSecretName/values; adjust examples and NOTES accordingly so the
secret names/keys match deployment/helm-chart/templates and values.yaml.
# MODIFY/GENERATE values of secret and apply kubectl command to create secret (recommended for production) | ||
|
||
# Generate secure passwords | ||
OPENAI_API_KEY=<Paste OPENAI_API_KEY here> | ||
PG_USERNAME=wrenai | ||
PG_PASSWORD=$(openssl rand -base64 32) | ||
PG_ADMIN_PASSWORD=$(openssl rand -base64 32) | ||
PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai | ||
LANGFUSE_PUBLIC_KEY=<Paste LANGFUSE_PUBLIC_KEY here> | ||
LANGFUSE_SECRET_KEY=<Paste LANGFUSE_SECRET_KEY here> | ||
POSTHOG_API_KEY=<Paste POSTHOG_API_KEY here> | ||
USER_UUID=$(openssl rand -base64 32) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Standardize PostgreSQL credentials and PG_URL; fix mismatch with examples.
Variables (PG_USERNAME/PG_PASSWORD) don’t match PG_URL (wrenai-user:wrenai-pass
). Also the bullet claims both creds are “postgres.” This will break connections.
Apply:
-# Generate secure passwords
-OPENAI_API_KEY=<Paste OPENAI_API_KEY here>
-PG_USERNAME=wrenai
-PG_PASSWORD=$(openssl rand -base64 32)
-PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
-PG_URL=postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai
+# Generate secrets (sample: app user + admin user)
+OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
+PG_USERNAME=wrenai_user
+PG_PASSWORD=$(openssl rand -base64 32)
+PG_ADMIN_PASSWORD=$(openssl rand -base64 32)
+# Build PG_URL from variables to avoid drift
+PG_URL="postgres://${PG_USERNAME}:${PG_PASSWORD}@wren-postgresql:5432/wrenai"
LANGFUSE_PUBLIC_KEY=<Paste LANGFUSE_PUBLIC_KEY here>
LANGFUSE_SECRET_KEY=<Paste LANGFUSE_SECRET_KEY here>
POSTHOG_API_KEY=<Paste POSTHOG_API_KEY here>
USER_UUID=$(openssl rand -base64 32)
-Example: `PG_URL: "postgres://wrenai-user:wrenai-pass@wren-postgresql:5432/wrenai"`
+Example: `PG_URL: "postgres://<DB_USER>:<DB_PASSWORD>@wren-postgresql:5432/wrenai"`
- `postgres://` This is the protocol. It tells the system that you’re connecting to a PostgreSQL database.
-- `wrenai-user:wrenai-pass` These are the username(first) and password(second) for the database respectively, separated by a colon. In this case, both the username and password are “postgres”.
+- `<DB_USER>:<DB_PASSWORD>` Username (first) and password (second) separated by a colon.
- `@wren-postgresql` This is the hostname of the database server. "wren-postgresql" means the database server is running in a Kubernetes cluster and it is named "wren-postgresql" in the *same* namespace. If you are using another namespace you must provide the full hostname, example: `wren-postgresql.wren.svc.cluster.local`, "wren" is the namespace name, "svc.cluster.local" is the default domain name for Kubernetes services no need to change it.
- `:5432` This is the port number. PostgreSQL servers listen on port 5432 by default.
-- `/wrenai` This is the name of the database you’re connecting to. In this case, the database name is `wrenai`. It can be found in the helm values file in the auth.database parameter.
+- `/wrenai` Database name. See the Helm values under the PostgreSQL subchart (auth.database).
Also applies to: 79-85
🤖 Prompt for AI Agents
deployment/helm-chart/README.md lines 32-43 (also apply same fix at 79-85):
PG_USERNAME/PG_PASSWORD values do not match the hardcoded credentials in PG_URL
and the doc wrongly states both creds are “postgres”; update the README so
PG_URL is constructed from the PG_USERNAME and PG_PASSWORD variables (remove the
hardcoded wrenai-user:wrenai-pass), ensure the example credentials and
descriptive bullet correctly reflect the actual variable names/values, and
mirror these same corrections in the section at lines 79-85.
condition: qdrant.enabled | ||
- name: postgresql | ||
version: "15.5.30" | ||
repository: "https://charts.bitnami.com/bitnami" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/bitnami/charts
this was deprecated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, let me update it with most used opensource postgressql chart available. Thanks @dnascimento
Summary by CodeRabbit
New Features
Documentation
Chores