Skip to content

chore(release): v0.3.0#44

Merged
jesmarcannao merged 1 commit into
mainfrom
chore/release-v0.3.0
Jun 15, 2026
Merged

chore(release): v0.3.0#44
jesmarcannao merged 1 commit into
mainfrom
chore/release-v0.3.0

Conversation

@jesmarcannao

@jesmarcannao jesmarcannao commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Release-prep version bump so we can tag v0.3.0 from main (26 commits since v0.2.5, all additive/backward-compatible).

Charts bumped:

  • proxysql-operator: 0.2.5 → 0.3.0 (version + appVersion)
  • proxysql-cluster: 0.1.0 → 0.2.0 (changed since v0.2.5)
  • proxysql: unchanged

What's in v0.3.0 (highlights): richer query rules (#19), mysql_hostgroup_attributes (#20), proxysql.cnf → Secret (#21), networking knobs — annotations/session-affinity/TCP keepalive (#28), Fluent Bit logging sidecar (#29), proxysql_servers peer auto-populate (#39), example flavors + operator docs. CRD changes are additive only.

After merge, tag v0.3.0 on main → release.yaml publishes the image (ghcr) + charts (helm repo) + a GitHub Release.

Cut to let ProxySQL SaaS consume a published operator instead of building from a local clone.

Summary by CodeRabbit

  • Chores
    • Updated ProxySQL cluster Helm chart to v0.2.0
    • Updated ProxySQL operator Helm chart to v0.3.0

Cut a release from main (26 commits since v0.2.5, all additive/backward-compatible):
- richer query rules: rewriting, mirroring, caching, chaining (#19)
- mysql_hostgroup_attributes (#20)
- bootstrap proxysql.cnf moves from ConfigMap to Secret (#21)
- service annotations, session affinity, TCP keepalive sysctls (#28)
- optional Fluent Bit logging sidecar with query-log shipping (#29)
- auto-populate proxysql_servers peers when spec list empty (#39)
- backend example flavors + operator documentation set

CRD changes are additive only (new optional fields) -> minor bump.

proxysql-operator: 0.2.5 -> 0.3.0 (version + appVersion)
proxysql-cluster:  0.1.0 -> 0.2.0 (changed since v0.2.5; appVersion/ProxySQL 3.0 unchanged)
proxysql:          unchanged (0.1.0)
@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Version metadata bumped in two Helm charts: proxysql-cluster from 0.1.0 to 0.2.0, and proxysql-operator from 0.2.5 to 0.3.0 (both version and appVersion).

Changes

Helm Chart Version Bumps

Layer / File(s) Summary
Chart version and appVersion bumps
charts/proxysql-cluster/Chart.yaml, charts/proxysql-operator/Chart.yaml
proxysql-cluster chart version bumped from 0.1.0 to 0.2.0; proxysql-operator chart version and appVersion both bumped from 0.2.5 to 0.3.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'chore(release): v0.3.0' clearly and specifically identifies the main change—preparing the v0.3.0 release with Helm chart version bumps.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/release-v0.3.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/proxysql-cluster/Chart.yaml`:
- Line 5: The test Pod in the test connection template violates the PSA
restricted security context by running with runAsUser set to 65534 instead of
the required uid 999. Update the securityContext in the test Pod specification
to set runAsUser to 999 to match the PSA restricted profile that is properly
implemented in the main StatefulSet and other resources. This ensures
consistency across all Pod specifications and compliance with the restricted
security context.

In `@charts/proxysql-operator/Chart.yaml`:
- Around line 5-6: The podSecurityContext in values.yaml is missing required
fields for PSA restricted profile compliance. Add runAsUser: 999 and runAsGroup:
999 to the existing podSecurityContext configuration alongside the existing
runAsNonRoot, readOnlyRootFilesystem, capability drops, and seccomp settings.
Additionally, add fsGroup: 999 to podSecurityContext if the operator writes to
mounted volumes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 107e5d69-9152-44f6-965a-cbfb7c61d419

📥 Commits

Reviewing files that changed from the base of the PR and between 0ec0638 and c1b0e0b.

📒 Files selected for processing (2)
  • charts/proxysql-cluster/Chart.yaml
  • charts/proxysql-operator/Chart.yaml

description: ProxySQL control-plane (StatefulSet, persistent) for operator-managed ProxySQL Clusters
type: application
version: 0.1.0
version: 0.2.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check pod specifications in proxysql-cluster templates for PSA restricted compliance

# Find all template files
fd -e yaml -e yml 'charts/proxysql-cluster/templates' | while read file; do
  echo "=== File: $file ==="
  cat "$file"
  echo ""
done

Repository: ProxySQL/proxysql-on-k8s

Length of output: 506


🏁 Script executed:

#!/bin/bash
# Description: Check pod specifications in proxysql-cluster templates for PSA restricted compliance

# Find all template files using corrected fd syntax
fd . 'charts/proxysql-cluster/templates' -e yaml -e yml | while read file; do
  echo "=== File: $file ==="
  cat "$file"
  echo ""
done

Repository: ProxySQL/proxysql-on-k8s

Length of output: 11711


🏁 Script executed:

cat charts/proxysql-cluster/values.yaml

Repository: ProxySQL/proxysql-on-k8s

Length of output: 3881


Chart version bump to 0.2.0 is correct.

The version field update from 0.1.0 to 0.2.0 appropriately signals a minor version release.

Pod specifications in the main StatefulSet properly implement PSA restricted security context: the defaults in values.yaml set runAsNonRoot=true, uid/gid=999, readOnlyRootFilesystem=true, all capabilities dropped, and seccomp profile set to RuntimeDefault. Values overrides flow correctly through all templates, and label/selector consistency is preserved across all resources.

However, the test Pod in charts/proxysql-cluster/templates/tests/test-connection.yaml violates the uid requirement by using runAsUser: 65534 instead of the required 999. Update this to match the PSA restricted profile.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/proxysql-cluster/Chart.yaml` at line 5, The test Pod in the test
connection template violates the PSA restricted security context by running with
runAsUser set to 65534 instead of the required uid 999. Update the
securityContext in the test Pod specification to set runAsUser to 999 to match
the PSA restricted profile that is properly implemented in the main StatefulSet
and other resources. This ensures consistency across all Pod specifications and
compliance with the restricted security context.

Source: Coding guidelines

Comment on lines +5 to +6
version: 0.3.0
appVersion: "0.3.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check pod specifications in proxysql-operator templates for PSA restricted compliance

# Find all template files
fd -e yaml -e yml 'charts/proxysql-operator/templates' | while read file; do
  echo "=== File: $file ==="
  cat "$file"
  echo ""
done

Repository: ProxySQL/proxysql-on-k8s

Length of output: 510


🏁 Script executed:

#!/bin/bash
# List all template files in the proxysql-operator templates directory
fd . 'charts/proxysql-operator/templates' -e yaml -e yml

Repository: ProxySQL/proxysql-on-k8s

Length of output: 335


🏁 Script executed:

#!/bin/bash
# Read the deployment.yaml to check pod specifications
cat 'charts/proxysql-operator/templates/deployment.yaml'

Repository: ProxySQL/proxysql-on-k8s

Length of output: 3176


🏁 Script executed:

#!/bin/bash
# Find values files for proxysql-operator chart
fd . 'charts/proxysql-operator' -name 'values*.yaml' -o -name 'values*.yml'

Repository: ProxySQL/proxysql-on-k8s

Length of output: 299


🏁 Script executed:

#!/bin/bash
# Find values files for proxysql-operator chart
find 'charts/proxysql-operator' -name 'values*.yaml'

Repository: ProxySQL/proxysql-on-k8s

Length of output: 105


🏁 Script executed:

#!/bin/bash
# Read values.yaml to check security context configuration
cat 'charts/proxysql-operator/values.yaml'

Repository: ProxySQL/proxysql-on-k8s

Length of output: 1683


PSA restricted pod security context is incomplete in charts/proxysql-operator/values.yaml.

The chart's podSecurityContext is missing required runAsUser: 999 and runAsGroup: 999 fields mandated by the PSA restricted profile. While the template correctly delegates security context to values and the existing configuration includes runAsNonRoot: true, readOnlyRootFilesystem: true, capability drops, and seccomp set to RuntimeDefault, the uid/gid specification must be added to achieve full PSA restricted compliance.

Add the following to podSecurityContext in charts/proxysql-operator/values.yaml:

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 999
  runAsGroup: 999
  seccompProfile:
    type: RuntimeDefault

Also add fsGroup: 999 if the operator writes to mounted volumes.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/proxysql-operator/Chart.yaml` around lines 5 - 6, The
podSecurityContext in values.yaml is missing required fields for PSA restricted
profile compliance. Add runAsUser: 999 and runAsGroup: 999 to the existing
podSecurityContext configuration alongside the existing runAsNonRoot,
readOnlyRootFilesystem, capability drops, and seccomp settings. Additionally,
add fsGroup: 999 to podSecurityContext if the operator writes to mounted
volumes.

Source: Coding guidelines

@jesmarcannao jesmarcannao merged commit 720a162 into main Jun 15, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants