From f80517b48a6a9b77a7722c20730736230564709d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Sep 2025 15:27:08 +0000 Subject: [PATCH 1/7] chore(deps): update toolhive images to v0.3.2 --- deploy/charts/operator/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/operator/values.yaml b/deploy/charts/operator/values.yaml index 0f57bc785..97ddf73e4 100644 --- a/deploy/charts/operator/values.yaml +++ b/deploy/charts/operator/values.yaml @@ -14,12 +14,12 @@ operator: # -- List of image pull secrets to use imagePullSecrets: [] # -- Container image for the operator - image: ghcr.io/stacklok/toolhive/operator:v0.3.0 + image: ghcr.io/stacklok/toolhive/operator:v0.3.2 # -- Image pull policy for the operator container imagePullPolicy: IfNotPresent # -- Image to use for Toolhive runners - toolhiveRunnerImage: ghcr.io/stacklok/toolhive/proxyrunner:v0.3.0 + toolhiveRunnerImage: ghcr.io/stacklok/toolhive/proxyrunner:v0.3.2 # -- Host for the proxy deployed by the operator proxyHost: 0.0.0.0 From 7dda05af8ed56d245064cb364a4dc6e522206105 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:50:20 +0000 Subject: [PATCH 2/7] chore(helm): bump chart to 0.2.15 and update OpenShift values to v0.3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Bump Helm chart version from 0.2.14 to 0.2.15 - Update appVersion from 0.3.0 to 0.3.2 - Update OpenShift values file images to v0.3.2: - operator image: v0.3.0 → v0.3.2 - proxyrunner image: v0.3.0 → v0.3.2 Co-authored-by: Chris Burns --- deploy/charts/operator/Chart.yaml | 4 ++-- deploy/charts/operator/values-openshift.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/charts/operator/Chart.yaml b/deploy/charts/operator/Chart.yaml index d7e999822..7edc708bd 100644 --- a/deploy/charts/operator/Chart.yaml +++ b/deploy/charts/operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: toolhive-operator description: A Helm chart for deploying the ToolHive Operator into Kubernetes. type: application -version: 0.2.14 -appVersion: "0.3.0" +version: 0.2.15 +appVersion: "0.3.2" diff --git a/deploy/charts/operator/values-openshift.yaml b/deploy/charts/operator/values-openshift.yaml index 347a1dc68..09e673adb 100644 --- a/deploy/charts/operator/values-openshift.yaml +++ b/deploy/charts/operator/values-openshift.yaml @@ -12,12 +12,12 @@ operator: # -- List of image pull secrets to use imagePullSecrets: [] # -- Container image for the operator - image: ghcr.io/stacklok/toolhive/operator:v0.3.0 + image: ghcr.io/stacklok/toolhive/operator:v0.3.2 # -- Image pull policy for the operator container imagePullPolicy: IfNotPresent # -- Image to use for Toolhive runners - toolhiveRunnerImage: ghcr.io/stacklok/toolhive/proxyrunner:v0.3.0 + toolhiveRunnerImage: ghcr.io/stacklok/toolhive/proxyrunner:v0.3.2 # -- Host for the proxy deployed by the operator proxyHost: 0.0.0.0 From 3c0ce86148fc094dbcc970ba7900fdc2bd829995 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:54:39 +0000 Subject: [PATCH 3/7] docs(helm): update operator chart README.md with v0.3.2 images and v0.2.15 version Co-authored-by: Chris Burns --- deploy/charts/operator/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/charts/operator/README.md b/deploy/charts/operator/README.md index 0e42773a6..02062afec 100644 --- a/deploy/charts/operator/README.md +++ b/deploy/charts/operator/README.md @@ -1,7 +1,7 @@ # ToolHive Operator Helm Chart -![Version: 0.2.14](https://img.shields.io/badge/Version-0.2.14-informational?style=flat-square) +![Version: 0.2.15](https://img.shields.io/badge/Version-0.2.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A Helm chart for deploying the ToolHive Operator into Kubernetes. @@ -62,7 +62,7 @@ The command removes all the Kubernetes components associated with the chart and | operator.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage for autoscaling | | operator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | Container security context settings for the operator | | operator.env | object | `{}` | Environment variables to set in the operator container | -| operator.image | string | `"ghcr.io/stacklok/toolhive/operator:v0.3.0"` | Container image for the operator | +| operator.image | string | `"ghcr.io/stacklok/toolhive/operator:v0.3.2"` | Container image for the operator | | operator.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for the operator container | | operator.imagePullSecrets | list | `[]` | List of image pull secrets to use | | operator.leaderElectionRole | object | `{"binding":{"name":"toolhive-operator-leader-election-rolebinding"},"name":"toolhive-operator-leader-election-role","rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]}` | Leader election role configuration | @@ -89,7 +89,7 @@ The command removes all the Kubernetes components associated with the chart and | operator.serviceAccount.labels | object | `{}` | Labels to add to the service account | | operator.serviceAccount.name | string | `"toolhive-operator"` | The name of the service account to use. If not set and create is true, a name is generated. | | operator.tolerations | list | `[]` | Tolerations for the operator pod | -| operator.toolhiveRunnerImage | string | `"ghcr.io/stacklok/toolhive/proxyrunner:v0.3.0"` | Image to use for Toolhive runners | +| operator.toolhiveRunnerImage | string | `"ghcr.io/stacklok/toolhive/proxyrunner:v0.3.2"` | Image to use for Toolhive runners | | operator.volumeMounts | list | `[]` | Additional volume mounts on the operator container | | operator.volumes | list | `[]` | Additional volumes to mount on the operator pod | From e93d770fa13be9a0b6d81283a152a4e22306e74a Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:58:56 +0000 Subject: [PATCH 4/7] fix(helm): remove invalid runAsUser key from OpenShift values The runAsUser key was missing a value in values-openshift.yaml, causing helm lint failures. OpenShift handles user ID assignment dynamically, so this key is not needed. Co-authored-by: Chris Burns --- deploy/charts/operator/values-openshift.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/charts/operator/values-openshift.yaml b/deploy/charts/operator/values-openshift.yaml index 09e673adb..1066c156e 100644 --- a/deploy/charts/operator/values-openshift.yaml +++ b/deploy/charts/operator/values-openshift.yaml @@ -50,7 +50,6 @@ operator: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: capabilities: drop: - ALL From d385498bb5be7ca55f084591166721f338273e8e Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 13:11:38 +0000 Subject: [PATCH 5/7] docs(helm): fix outdated image versions in operator chart README.md Update the generated documentation to reflect current v0.3.2 image versions in the default values table, fixing pre-commit linting failures. Co-authored-by: Chris Burns --- deploy/charts/operator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/operator/README.md b/deploy/charts/operator/README.md index 02062afec..6a2ec58ae 100644 --- a/deploy/charts/operator/README.md +++ b/deploy/charts/operator/README.md @@ -53,7 +53,7 @@ The command removes all the Kubernetes components associated with the chart and |-----|-------------|------|---------| | fullnameOverride | string | `"toolhive-operator"` | Provide a fully-qualified name override for resources | | nameOverride | string | `""` | Override the name of the chart | -| operator | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"containerSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000},"env":{},"features":{"experimental":false},"image":"ghcr.io/stacklok/toolhive/operator:v0.3.0","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"leaderElectionRole":{"binding":{"name":"toolhive-operator-leader-election-rolebinding"},"name":"toolhive-operator-leader-election-role","rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]},"livenessProbe":{"httpGet":{"path":"/healthz","port":"health"},"initialDelaySeconds":15,"periodSeconds":20},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{"runAsNonRoot":true},"ports":[{"containerPort":8080,"name":"metrics","protocol":"TCP"},{"containerPort":8081,"name":"health","protocol":"TCP"}],"proxyHost":"0.0.0.0","rbac":{"allowedNamespaces":[],"scope":"cluster"},"readinessProbe":{"httpGet":{"path":"/readyz","port":"health"},"initialDelaySeconds":5,"periodSeconds":10},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"serviceAccount":{"annotations":{},"automountServiceAccountToken":true,"create":true,"labels":{},"name":"toolhive-operator"},"tolerations":[],"toolhiveRunnerImage":"ghcr.io/stacklok/toolhive/proxyrunner:v0.3.0","volumeMounts":[],"volumes":[]}` | All values for the operator deployment and associated resources | +| operator | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"containerSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000},"env":{},"features":{"experimental":false},"image":"ghcr.io/stacklok/toolhive/operator:v0.3.2","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"leaderElectionRole":{"binding":{"name":"toolhive-operator-leader-election-rolebinding"},"name":"toolhive-operator-leader-election-role","rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]},"livenessProbe":{"httpGet":{"path":"/healthz","port":"health"},"initialDelaySeconds":15,"periodSeconds":20},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{"runAsNonRoot":true},"ports":[{"containerPort":8080,"name":"metrics","protocol":"TCP"},{"containerPort":8081,"name":"health","protocol":"TCP"}],"proxyHost":"0.0.0.0","rbac":{"allowedNamespaces":[],"scope":"cluster"},"readinessProbe":{"httpGet":{"path":"/readyz","port":"health"},"initialDelaySeconds":5,"periodSeconds":10},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"serviceAccount":{"annotations":{},"automountServiceAccountToken":true,"create":true,"labels":{},"name":"toolhive-operator"},"tolerations":[],"toolhiveRunnerImage":"ghcr.io/stacklok/toolhive/proxyrunner:v0.3.2","volumeMounts":[],"volumes":[]}` | All values for the operator deployment and associated resources | | operator.affinity | object | `{}` | Affinity settings for the operator pod | | operator.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for horizontal pod autoscaling | | operator.autoscaling.enabled | bool | `false` | Enable autoscaling for the operator | From a81c043533e64781f36ddd0b8ecebf6e99541975 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 14:16:21 +0000 Subject: [PATCH 6/7] fix(helm): add runAsUser back to values-openshift.yaml Co-authored-by: Chris Burns --- deploy/charts/operator/values-openshift.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/charts/operator/values-openshift.yaml b/deploy/charts/operator/values-openshift.yaml index 1066c156e..a0d6c2e86 100644 --- a/deploy/charts/operator/values-openshift.yaml +++ b/deploy/charts/operator/values-openshift.yaml @@ -50,6 +50,7 @@ operator: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true + runAsUser: 1000 capabilities: drop: - ALL From 3f5c1ebfed7d59e3f1e50b43a2707197f7eb24ef Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 14:25:38 +0000 Subject: [PATCH 7/7] fix(helm): remove value from runAsUser in OpenShift values Co-authored-by: Chris Burns --- deploy/charts/operator/values-openshift.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/charts/operator/values-openshift.yaml b/deploy/charts/operator/values-openshift.yaml index a0d6c2e86..09e673adb 100644 --- a/deploy/charts/operator/values-openshift.yaml +++ b/deploy/charts/operator/values-openshift.yaml @@ -50,7 +50,7 @@ operator: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1000 + runAsUser: capabilities: drop: - ALL