Problem
The clean-install-smoke gate (#44 in artifact-keeper-test) currently encodes a 14-flag --set override list in scripts/clean-install-smoke.sh to disable subsystems the smoke can't satisfy (RDS, External Secrets, ingress, ServiceMonitor, edge, Trivy, Dependency-Track, NetworkPolicy, etc.).
When the chart adds a new external-dep feature default-on (e.g., a future notifications.enabled defaulting to true), this gate breaks silently on the next chart bump. The smoke's override list and the chart's defaults have no shared source of truth.
Acceptance criteria
- New
charts/artifact-keeper/values-smoke.yaml overlay that disables every external dep the smoke can't satisfy
- Documents in comments WHY each override exists (so a future chart change can review and update consciously)
- The clean-install-smoke script switches from inline
--set to helm install -f values-production.yaml -f values-smoke.yaml --set <only-the-image-tags>
- helm-ci.yml renders the chart with values-smoke.yaml and lints it as a tested overlay
Tracking
Phase 1 of Hardening Core. Follows from senior review on artifact-keeper-test#49.
Problem
The
clean-install-smokegate (#44 in artifact-keeper-test) currently encodes a 14-flag--setoverride list inscripts/clean-install-smoke.shto disable subsystems the smoke can't satisfy (RDS, External Secrets, ingress, ServiceMonitor, edge, Trivy, Dependency-Track, NetworkPolicy, etc.).When the chart adds a new external-dep feature default-on (e.g., a future
notifications.enableddefaulting to true), this gate breaks silently on the next chart bump. The smoke's override list and the chart's defaults have no shared source of truth.Acceptance criteria
charts/artifact-keeper/values-smoke.yamloverlay that disables every external dep the smoke can't satisfy--settohelm install -f values-production.yaml -f values-smoke.yaml --set <only-the-image-tags>Tracking
Phase 1 of Hardening Core. Follows from senior review on artifact-keeper-test#49.