Skip to content

namespace added to Helm Chart#345

Open
kevin-kho wants to merge 7 commits into
NVIDIA:mainfrom
kevin-kho:kh-chart-namespace
Open

namespace added to Helm Chart#345
kevin-kho wants to merge 7 commits into
NVIDIA:mainfrom
kevin-kho:kh-chart-namespace

Conversation

@kevin-kho

@kevin-kho kevin-kho commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Description

Adds metadata.namespace to namespace scoped resources in the Helm Chart Templates.
Addresses #344

Checklist

  • I am familiar with the Contributing Guidelines.
  • New or existing tests cover these changes.
  • The documentation is up to date with these changes.
  • All commits are signed off per DCO (git commit -s).

@kevin-kho kevin-kho requested a review from dmitsh as a code owner June 8, 2026 16:14
@copy-pr-bot

copy-pr-bot Bot commented Jun 8, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@greptile-apps

greptile-apps Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds metadata.namespace: {{ .Release.Namespace }} unconditionally to all namespace-scoped Kubernetes resources across three Helm sub-charts (topograph, node-data-broker, node-observer), addressing a GitOps compatibility issue (#344) where resources applied without an explicit namespace could land in the wrong namespace.

  • Template changes (11 files): Every namespace-scoped resource type (ConfigMap, Deployment, DaemonSet, Service, ServiceAccount, HTTPRoute, Ingress, test Pods) now emits namespace: {{ .Release.Namespace }} directly in metadata; cluster-scoped resources (ClusterRole, ClusterRoleBinding) are correctly left untouched. configmap-mounts.yaml uses $.Release.Namespace (root context) which is correct inside a range loop.
  • servicemonitor.yaml intentionally excluded: The ServiceMonitor template keeps its existing namespace: {{ .Values.serviceMonitor.namespace }} so it can be deployed to a separate monitoring namespace — this is the expected Prometheus Operator pattern and is not an omission.
  • Golden test files (8 files): All snapshot tests are updated to reflect namespace: topograph in rendered output, confirming the change works correctly across all test scenarios.

Confidence Score: 5/5

Safe to merge — all namespace-scoped resources now emit an explicit namespace field, cluster-scoped RBAC resources are correctly unchanged, and the ServiceMonitor's user-configurable namespace is deliberately preserved.

The change is mechanical and consistent: every namespace-scoped resource across all three sub-charts gets the same unconditional namespace addition. The RBAC ClusterRoleBindings already reference .Release.Namespace in their subjects[].namespace field. The configmap-mounts.yaml correctly uses $.Release.Namespace for the root context inside a range loop. All 8 golden test files are updated and pass.

No files require special attention.

Important Files Changed

Filename Overview
charts/topograph/charts/node-data-broker/templates/configmap-mounts.yaml Adds namespace unconditionally using $.Release.Namespace (root context), correct inside a range loop where . is re-scoped.
charts/topograph/charts/node-data-broker/templates/daemonset.yaml Adds namespace: {{ .Release.Namespace }} to DaemonSet metadata.
charts/topograph/charts/node-observer/templates/configmap.yml Adds namespace: {{ .Release.Namespace }} to ConfigMap metadata.
charts/topograph/templates/deployment.yaml Adds namespace: {{ .Release.Namespace }} to Deployment metadata.
charts/topograph/templates/serviceaccount.yaml Adds namespace: {{ .Release.Namespace }} to ServiceAccount metadata.
tests/charts/values.yaml.golden.yaml Golden snapshot updated; namespace: topograph appears on all namespace-scoped resources, absent from cluster-scoped RBAC resources.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[helm install/upgrade] --> B{Release.Namespace}
    B --> C[namespace-scoped resources]
    C --> D[ConfigMap]
    C --> E[Deployment / DaemonSet]
    C --> F[ServiceAccount]
    C --> G[Service / HTTPRoute / Ingress]
    C --> I[Test Pods]
    D & E & F & G & I --> J[metadata.namespace set to Release.Namespace]
    B --> K[cluster-scoped resources]
    K --> L[ClusterRole]
    K --> M[ClusterRoleBinding]
    L & M --> N[no namespace field added]
    B --> O[ServiceMonitor]
    O --> P[namespace set to Values.serviceMonitor.namespace]
    J --> Q[GitOps tools apply to correct namespace]
    N --> Q
    P --> R[Prometheus Operator monitoring namespace]
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[helm install/upgrade] --> B{Release.Namespace}
    B --> C[namespace-scoped resources]
    C --> D[ConfigMap]
    C --> E[Deployment / DaemonSet]
    C --> F[ServiceAccount]
    C --> G[Service / HTTPRoute / Ingress]
    C --> I[Test Pods]
    D & E & F & G & I --> J[metadata.namespace set to Release.Namespace]
    B --> K[cluster-scoped resources]
    K --> L[ClusterRole]
    K --> M[ClusterRoleBinding]
    L & M --> N[no namespace field added]
    B --> O[ServiceMonitor]
    O --> P[namespace set to Values.serviceMonitor.namespace]
    J --> Q[GitOps tools apply to correct namespace]
    N --> Q
    P --> R[Prometheus Operator monitoring namespace]
Loading

Reviews (6): Last reviewed commit: "ran make chart-test-update-golden" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 8, 2026
View reviewed changes
Comment thread charts/topograph/templates/deployment.yaml Outdated
Comment on lines +8 to +10
{{- if ne .Release.Namespace "default" }}
namespace: {{ .Release.Namespace }}
{{- end}}

@greptile-apps greptile-apps Bot Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Non-standard conditional omits namespace for default

Every changed template guards the namespace field with {{- if ne .Release.Namespace "default" }}, which means rendering with --namespace default (or no --namespace flag) produces manifests without an explicit namespace: field. When those manifests are applied through a GitOps tool such as ArgoCD or Flux, the resource is placed into whatever the cluster's contextual default namespace is rather than default — recreating the very bug (#344) this PR intends to fix, just scoped to that one namespace.

The Helm-recommended pattern is to emit the namespace unconditionally: namespace: {{ .Release.Namespace }}. The same conditional appears in all 11 files changed by this PR.

@kevin-kho kevin-kho Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was to retain compatibility with how helm template functioned before.

If user specifies namespace=default or omits it, they are free to kubectl apply to any namespace they choose.

If namespace: default is in the manifest, it must be applied to the default namespace.

Can remove the conditional if we are fine with changing the default behavior.

@resker

resker commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Thanks for filing both the issue and the fix, @kevin-kho — the direction looks right to me. A few items though:

1. Conditional guard should be removed

The current pattern:

{{- if ne .Release.Namespace "default" }}
  namespace: {{ .Release.Namespace }}
{{- end }}

re-introduces the original bug for anyone deploying to the default namespace via kubectl apply or a GitOps tool — the namespace field is omitted and the context default wins. The standard Helm pattern is unconditional:

namespace: {{ .Release.Namespace }}

Kubernetes accepts an explicit namespace: default without issue, and it removes the ambiguity entirely.

2. Test Pod template coverage

charts/topograph/templates/tests/test-healthz.yaml and charts/topograph/templates/tests/test-metrics.yaml are namespace-scoped resources and need the same treatment.

3. Gap created by recent merge

PR #347 (merged after this PR was filed) added charts/topograph/charts/node-data-broker/templates/configmap-mounts.yaml — a new namespace-scoped ConfigMap template that also needs namespace:. Because it renders inside a {{- range }} loop, it should use $.Release.Namespace (root context):

metadata:
  name: {{ include "node-data-broker.configMapMountName" (dict "root" $ "name" .name) }}
  namespace: {{ $.Release.Namespace }}

4. Rebase needed

The PR is based on f046a7b; main is now at 3e1c472 (3 commits ahead). A rebase will be needed before merge, and the golden test files in tests/charts/ will need to be regenerated with make chart-test-update-golden after all template changes are in.

@kevin-kho kevin-kho force-pushed the kh-chart-namespace branch from 305166a to 389b030 Compare June 16, 2026 21:41
kevin-kho added 7 commits June 16, 2026 14:57
@kevin-kho
added namespace to topograph chart
5c4995d 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
added namespace to topograph node-observer chart
09955fa 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
added namespace to topograph node-data-broker chart
b867bdd 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
removed conditional guard for helm chart namespace
d93237e 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
added namespace to test-healthz and test-metrics
64dc946 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
added namespace to configmap-mounts.yaml
88622df 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho
ran make chart-test-update-golden
a06a005 
Signed-off-by: Kevin Ho <kevinkh08@gmail.com>
@kevin-kho kevin-kho force-pushed the kh-chart-namespace branch from 3968c50 to a06a005 Compare June 16, 2026 22:01
@kevin-kho

kevin-kho commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for the review @resker. I've made the changes on the following commits:

  1. Conditional guard should be removed: d93237e

  2. Test Pod template coverage 64dc946

  3. Gap created by recent merge 88622df

  4. Rebase needed a06a005

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmitsh dmitsh Awaiting requested review from dmitsh dmitsh is a code owner

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevin-kho @resker