chore(main): [bot] release base-cluster:11.0.0

[teutonet-bot]

🤖 I have created a release beep boop

11.0.0 (2025-12-10)

⚠ BREAKING CHANGES

• base-cluster/monitoring: grafana-tempo-distributed would need s3 (#1875)

Features

• base-cluster/flux: use centralised helmRepositories template (#1845) (60658ed)

Bug Fixes

• base-cluster/monitoring: grafana-tempo-distributed would need s3 (#1875) (df5c372)
• base-cluster/monitoring: increase limit of grafana sidecar (#1878) (fb1ebc6)
• base-cluster: correctly set image repository (#1848) (0e108dc)

Miscellaneous Chores

• base-cluster/dependencies: update common docker tag to v1.7.0 (#1872) (b50ea98)
• base-cluster/dependencies: update helm release reflector to v9.1.44 (#1861) (2cfe4e5)

---

This PR was generated with Release Please. See documentation.

Summary by CodeRabbit

• Breaking Changes

  • grafana-tempo-distributed now requires S3 configuration

• New Features

  • Centralized helmRepositories template management

• Bug Fixes

  • Increased Grafana sidecar limit
  • Corrected image repository reference

• Chores

  • Updated dependencies and component versions

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@teutonet-bot has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 23 minutes and 14 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f254bf9 and 400eff6.

📒 Files selected for processing (1)

• charts/base-cluster/Chart.yaml (2 hunks)

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Bump release for charts/base-cluster from v10.1.2 to v11.0.0: updated Chart.yaml version, added a 11.0.0 changelog entry (breaking change for grafana-tempo requiring S3 / singleBinary), and updated the release-please manifest to reference the new chart version.

Changes

Cohort / File(s)	Summary
Release manifest \.github/release-please/manifest.json	Updated charts/base-cluster version reference from 10.1.2 → 11.0.0.
Chart metadata charts/base-cluster/Chart.yaml	Bumped chart version from 10.1.2 → 11.0.0.
Changelog charts/base-cluster/CHANGELOG.md	Added 11.0.0 release notes documenting a breaking change (grafana-tempo migration requiring S3 / singleBinary), features, bug fixes, and chores; existing 10.1.2 entry unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Review focus:
  • Verify Chart.yaml version matches the manifest entry.
  • Validate changelog wording aligns with linked issue (#1875) describing the grafana-tempo migration.

Possibly related PRs

• chore(main): [bot] release base-cluster:8.0.0 #1398 — Similar release bump for charts/base-cluster (Chart.yaml, manifest, changelog).
• chore(main): [bot] release base-cluster:8.2.0 #1530 — Another release update touching charts/base-cluster metadata and changelog.
• fix(base-cluster/monitoring)!: grafana-tempo-distributed would need s3 #1875 — Implements the grafana-tempo migration (tempo-distributed → tempo) referenced in the new changelog.

Suggested labels

autorelease: tagged

Suggested reviewers

• tasches
• cwrau
• marvinWolff

Poem

🐇 I hopped through Chart and changelog, swift and spry,

Ten became eleven beneath my sky.
Tempo shifted, S3 now calls,
Manifests updated, no more stalls.
A carrot for CI — jump, deploy, and fly!

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: a release of base-cluster version 11.0.0, which is the primary objective of this automated release PR.
Linked Issues check	✅ Passed	The PR implements the coding requirements from issue #1875: upgrading Grafana Tempo from tempo-distributed to tempo, flattening tracing configuration, and adjusting deployment defaults as specified.
Out of Scope Changes check	✅ Passed	All changes are in-scope: version bumps in manifest and Chart.yaml, and changelog updates documenting the 11.0.0 release with its associated fixes and features from linked issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @teutonet-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request is an automated release by the teutonet-bot for the base-cluster Helm chart, upgrading it to version 11.0.0. This major version bump signifies a substantial update, incorporating several breaking changes, a wide array of new features, and numerous bug fixes across various components of the cluster infrastructure. It also includes comprehensive dependency updates to ensure the chart remains current and stable.

Highlights

• Major Version Release: This pull request marks the automated release of base-cluster version 11.0.0, signifying a substantial update with breaking changes, new features, and bug fixes.
• Breaking Changes Introduced: Notable breaking changes include the integration of k8up as a backup provider, enhanced configuration capabilities for Alertmanager, making Traefik the default ingress controller, and migrating Promtail to Alloy for monitoring.
• New Features Added: New features span across various components, such as enabling CertificateOwnerRef and OCI repository usage for cert-manager, adding alerts for suspended Flux resources, and numerous improvements to ingress, Kyverno, logging, monitoring, RBAC, and tracing functionalities.
• Extensive Bug Fixes: A wide range of bug fixes have been implemented, addressing issues like Velero secret creation, certificate usage, descheduler behavior, external-dns deployment, ingress timeouts, Kyverno syntax migration, Loki retention settings, and various monitoring and RBAC configurations.
• Dependency Updates: Numerous dependencies have been updated, including common docker tags, kubectl, curl, flux-cli, grafana-image-renderer, external-dns, grafana-tempo, and various Helm releases such as Alloy, Descheduler, Kube-Prometheus-Stack, Kyverno, Loki, Metrics-Server, OAuth2-Proxy, Reflector, Tempo-Distributed, Tetragon, Traefik, and Trivy-Operator.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is an automated release for base-cluster:11.0.0. The changes correctly update the version in manifest.json and Chart.yaml. However, there are a couple of issues. The CHANGELOG.md file includes a cumulative log of all changes from much older versions, which makes it very long and hard to read. Additionally, a source URL in Chart.yaml still points to the previous version's tag. I've added comments with suggestions to address these points.

[gemini-code-assist]

The changelog for version 11.0.0 appears to be cumulative, including changes from many previous versions (e.g., 7.1.0 through 10.1.2). This makes the release notes for 11.0.0 excessively long and confusing.

For example, it includes entries for previous releases like:

• * **main:** [bot] release base-cluster:10.1.2 ([#1841]...)
• * **main:** [bot] release base-cluster:7.1.0 ([#1237]...)

The changelog for a new version should ideally only list the changes introduced since the last version (10.1.2). This seems to be a configuration issue with how release-please is generating the changelog. It would be beneficial to correct this to ensure release notes are concise and accurate.

[gemini-code-assist]

The sources URL on line 19 was not updated along with the version bump. It still points to the tag for the previous version (v10.1.2) and should be updated to point to v11.0.0.

Suggestion:

On line 19, please change:

  - https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v10.1.2/charts/base-cluster

to:

  - https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v11.0.0/charts/base-cluster

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

charts/base-cluster/README.md (8)

92-96: Typo: “period restarting” → “periodic restarting”.

- the descheduler might lead to period restarting of random pods.
+ the descheduler might lead to periodic restarting of random pods.

---

333-335: Typo: “you cluster” → “your cluster”.

- so be aware that kyverno will need more resources in you cluster.
+ so be aware that kyverno will need more resources in your cluster.

---

242-246: Typo: “HelmRepositoy`s” → “HelmRepositories”.

-- You can create [`HelmRepositoy`s](#global); `.global.helmRepositories.<name>.url=<url>`
+- You can create [`HelmRepositories`](#global); `.global.helmRepositories.<name>.url=<url>`

---

396-398: Consistency: capitalize “Gateway API”.

- but you can use [gateway api](https://gateway-api.sigs.k8s.io)
+ but you can use [Gateway API](https://gateway-api.sigs.k8s.io)

---

3151-3154: Formatting: unmatched backtick in description.

- **Description:** Configuration of the `storageCostAnalysis dashboard
+ **Description:** Configuration of the `storageCostAnalysis` dashboard

---

4405-4416: Grammar: “it's” → “its”.

- **Description:** A map of a ClusterRole name to it's rules
+ **Description:** A map of a ClusterRole name to its rules

---

4594-4601: Grammar: “it's” → “its”.

- **Description:** A map of an account to it's (Cluster-)Roles
+ **Description:** A map of an account to its (Cluster-)Roles

---

4619-4624: Grammar: “it's” → “its”.

- **Description:** A map of a role to it's intended namespaces
+ **Description:** A map of a role to its intended namespaces

🧹 Nitpick comments (3)

charts/base-cluster/README.md (3)

907-913: Pin external schema reference to a tag/commit to avoid drift.
Linking “Defined in” to main can change under readers’ feet across releases. Prefer a tag or commit SHA matching 10.2.0.

- **Defined in**            | https://raw.githubusercontent.com/teutonet/teutonet-helm-charts/main/charts/common/values.schema.json#/$defs/helmRepositories
+ **Defined in**            | https://raw.githubusercontent.com/teutonet/teutonet-helm-charts/<tag-or-sha>/charts/common/values.schema.json#/$defs/helmRepositories

---

1676-1680: Markdown lint: wrap bare URLs or convert to links.
Convert plain URLs to <...> or text for MD034; keeps style consistent (MD049).

- **Description:** See https://grafana.com/docs/grafana/latest/...
+ **Description:** See <https://grafana.com/docs/grafana/latest/...>

- **Description:** This needs to follow flux's way of writing this url, see https://fluxcd.io/flux/components/source/gitrepositories/#url
+ **Description:** This needs to follow Flux's URL format; see <https://fluxcd.io/flux/components/source/gitrepositories/#url>

Also applies to: 3994-3999

---

4136-4141: Update default git branch from "master" to "main" or document the choice.

The schema default for the branch property is set to "master" in values.schema.json (line 1206). Since most repositories now use "main" as the default branch, either update this default to align with current conventions or add a comment explaining why "master" is retained.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb569a0 and bfc1e12.

📒 Files selected for processing (4)

• .github/release-please/manifest.json (1 hunks)
• charts/base-cluster/CHANGELOG.md (1 hunks)
• charts/base-cluster/Chart.yaml (3 hunks)
• charts/base-cluster/README.md (37 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/release-please/manifest.json
• charts/base-cluster/CHANGELOG.md

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-07-24T09:56:41.380Z

Learnt from: cwrau
Repo: teutonet/teutonet-helm-charts PR: 1601
File: charts/base-cluster/templates/dns/external-dns.yaml:33-39
Timestamp: 2025-07-24T09:56:41.380Z
Learning: In the teutonet-helm-charts base-cluster chart, secret names like "external-dns" for Cloudflare provider are intentionally hard-coded. Users who need custom secret names should use Helm's `valuesFrom` feature to override values rather than expecting dedicated fields in values.yaml. This design keeps the values.yaml clean while still allowing full customization flexibility.

Applied to files:

• charts/base-cluster/README.md
• charts/base-cluster/Chart.yaml

📚 Learning: 2025-07-24T09:41:28.072Z

Learnt from: cwrau
Repo: teutonet/teutonet-helm-charts PR: 1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The official kubernetes-sigs/metrics-server Helm chart pins the image tag to a specific version in its values.yaml by default, ensuring reproducible deployments without requiring explicit tag specification in consuming charts.

Applied to files:

• charts/base-cluster/README.md
• charts/base-cluster/Chart.yaml

📚 Learning: 2025-07-24T09:49:40.961Z

Learnt from: cwrau
Repo: teutonet/teutonet-helm-charts PR: 1602
File: charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml:38-40
Timestamp: 2025-07-24T09:49:40.961Z
Learning: Official Helm charts like oauth2-proxy manage image versioning automatically through their Chart.yaml appVersion field, making manual tag pinning in consumer values unnecessary and potentially harmful. The chart version itself provides reproducibility by ensuring the correct image tag is used.

Applied to files:

• charts/base-cluster/README.md
• charts/base-cluster/Chart.yaml

📚 Learning: 2025-07-24T09:41:28.072Z

Learnt from: cwrau
Repo: teutonet/teutonet-helm-charts PR: 1604
File: charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml:20-21
Timestamp: 2025-07-24T09:41:28.072Z
Learning: The kubernetes-sigs/metrics-server Helm chart uses `v{{ .Chart.AppVersion }}` as the default image tag when `image.tag` is empty, which provides pinned versioning through the chart's AppVersion rather than using floating tags like "latest".

Applied to files:

• charts/base-cluster/Chart.yaml

🪛 markdownlint-cli2 (0.18.1)

charts/base-cluster/README.md

454-454: Bare URL used

(MD034, no-bare-urls)

---

457-457: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

457-457: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

911-911: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: update metadata file for release
• GitHub Check: lint helm chart (base-cluster)

🔇 Additional comments (6)

charts/base-cluster/Chart.yaml (3)

19-22: ✓ Version and sources correctly updated for release.

The version bump (10.1.2 → 10.2.0), sources URL, and common dependency (1.7.0) are all consistent and properly reflect the release metadata. This resolves the prior review concern about the sources URL needing an update.

---

34-34: ✓ Reflector image version correctly updated.

The containerImage for reflector has been properly bumped from 9.1.42 to 9.1.44 as documented in the PR objectives.

---

47-47: Verify that kube-janitor is an intentional new chart dependency.

A new artifacthub image entry for docker.io/hjacobs/kube-janitor:23.7.0 appears on line 47. The PR description doesn't explicitly mention kube-janitor as a new addition, though the changelog notes three updates (flux helmRepositories feature and two dependency bumps). Please confirm this is an expected part of the v10.2.0 release.

charts/base-cluster/README.md (3)

3-3: LGTM: version badge updated to 10.2.0 matches release.

---

249-251: LGTM: Source Code link points to tagged base-cluster-v10.2.0.

---

258-259: Chart.yaml correctly specifies common 1.7.0 — requirements table alignment verified.

The base-cluster Chart.yaml dependencies section matches the README.md requirements table exactly:

• Repository: oci://ghcr.io/teutonet/teutonet-helm-charts
• Version: 1.7.0