Add xxxxl memory template#622
Conversation
Signed-off-by: sBouzols <sylvain.bouzols@gmail.com>
📝 WalkthroughWalkthroughThis PR introduces a new Kubernetes Deployment patch for the gridsuite XXXXL memory profile. The manifest configures a single container with a Java heap size of 3072m via ChangesXXXXL Memory Configuration
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@k8s/components/gridsuite/patches/memory/deployments-springboot-memory-xxxxl.yaml`:
- Around line 1-17: The new memory patch file
deployments-springboot-memory-xxxxl.yaml is not registered in the gridsuite
kustomization so it will never be applied; update
k8s/components/gridsuite/kustomization.yaml to add this patch under patches (or
patchesStrategicMerge) and add an annotationSelector entry for
gridsuite.org/memory=memory-xxxxl so Deployments annotated for memory-xxxxl pick
it up, and while editing the patch file consider adding a container-level
securityContext (e.g., to the container named "main") if your base manifests do
not already supply the required defaults.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f834edee-8cf1-4744-adfa-9e83f127a52a
📒 Files selected for processing (1)
k8s/components/gridsuite/patches/memory/deployments-springboot-memory-xxxxl.yaml
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: not-important | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: main | ||
| env: | ||
| - name: JAVA_TOOL_OPTIONS | ||
| value: "-Xmx3072m" | ||
| resources: | ||
| requests: | ||
| memory: "4540Mi" | ||
| limits: | ||
| memory: "4540Mi" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Locate gridsuite kustomization files =="
fd -p 'kustomization.yaml' k8s/components/gridsuite
echo
echo "== Show memory patch registrations around gridsuite section =="
sed -n '90,190p' k8s/components/gridsuite/kustomization.yaml
echo
echo "== Verify XXXXL patch + selector are present =="
rg -n -C2 'deployments-springboot-memory-xxxxl\.yaml|annotationSelector:\s*gridsuite\.org/memory=memory-xxxxl' k8s/components/gridsuite/kustomization.yamlRepository: gridsuite/deployment
Length of output: 2993
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -n --hidden --no-ignore -S 'deployments-springboot-memory-xxxxl\.yaml|memory-xxxxl' k8s/components/gridsuiteRepository: gridsuite/deployment
Length of output: 46
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== kustomization.yaml line count =="
wc -l k8s/components/gridsuite/kustomization.yaml
echo
echo "== Any 'xxxxl' references in gridsuite kustomization =="
rg -n --hidden --no-ignore -S 'xxxxl' k8s/components/gridsuite/kustomization.yaml || true
echo
echo "== List all deployments-springboot-memory patch registrations =="
rg -n --hidden --no-ignore -S 'patches/memory/deployments-springboot-memory-' k8s/components/gridsuite/kustomization.yaml
echo
echo "== Does the XXXXL patch file exist? =="
fd -t f 'deployments-springboot-memory-xxxxl\.yaml' k8s/components/gridsuite/patches/memory || true
echo
echo "== Any memory selector for memory-xxxxl anywhere in gridsuite component =="
rg -n --hidden --no-ignore -S 'memory-xxxxl' k8s/components/gridsuite || trueRepository: gridsuite/deployment
Length of output: 1204
Wiring check: XXXXL memory patch is not registered in k8s/components/gridsuite/kustomization.yaml
k8s/components/gridsuite/kustomization.yamlregisters memory patches up todeployments-springboot-memory-xxxl.yamlanddeployments-springboot-memory-{l,xl,xxl}-forking.yaml, but it has nopatches/memory/deployments-springboot-memory-xxxxl.yamlentry and noannotationSelector: gridsuite.org/memory=memory-xxxxl.- This means
k8s/components/gridsuite/patches/memory/deployments-springboot-memory-xxxxl.yamlwill not be applied to any Deployments via this kustomization. - The snippet also lacks container
securityContext; if the base doesn’t already set defaults, consider adding it.
🧰 Tools
🪛 Checkov (3.2.530)
[medium] 1-17: Containers should not run with allowPrivilegeEscalation
(CKV_K8S_20)
[medium] 1-17: Minimize the admission of root containers
(CKV_K8S_23)
🪛 Trivy (0.69.3)
[error] 9-17: Root file system is not read-only
Container 'main' of Deployment 'not-important' should set 'securityContext.readOnlyRootFilesystem' to true
Rule: KSV-0014
(IaC/Kubernetes)
[error] 9-17: Default security context configured
container not-important in default namespace is using the default security context
Rule: KSV-0118
(IaC/Kubernetes)
[error] 7-17: Default security context configured
deployment not-important in default namespace is using the default security context, which allows root privileges
Rule: KSV-0118
(IaC/Kubernetes)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@k8s/components/gridsuite/patches/memory/deployments-springboot-memory-xxxxl.yaml`
around lines 1 - 17, The new memory patch file
deployments-springboot-memory-xxxxl.yaml is not registered in the gridsuite
kustomization so it will never be applied; update
k8s/components/gridsuite/kustomization.yaml to add this patch under patches (or
patchesStrategicMerge) and add an annotationSelector entry for
gridsuite.org/memory=memory-xxxxl so Deployments annotated for memory-xxxxl pick
it up, and while editing the patch file consider adding a container-level
securityContext (e.g., to the container named "main") if your base manifests do
not already supply the required defaults.
PR Summary