Add hoppscotch Helm Chart

[ching-kuo]

User description

This commit adds the initial implementation of hoppscotch Helm chart.

---

PR Type

Enhancement

---

Description

• Added the initial implementation of the Hoppscotch Helm chart.
• Configured deployment, service, ingress, and values for the application.
• Integrated PostgreSQL as a dependency for the application.

---

Changes walkthrough 📝

Relevant files

Enhancement

Chart.yaml Initial Helm Chart Configuration for Hoppscotch                    charts/hoppscotch/Chart.yaml Added Chart.yaml for Helm chart configuration. Defined chart metadata including name, version, and dependencies. +9/-0      aio-deployment.yaml Deployment Configuration for Hoppscotch Application            charts/hoppscotch/templates/aio-deployment.yaml Created aio-deployment.yaml for deploying Hoppscotch application. Configured init containers for database migrations. Set up environment variables for application configuration. +51/-0    aio-service.yaml Service Configuration for Hoppscotch Application                  charts/hoppscotch/templates/aio-service.yaml Added aio-service.yaml to expose the application via a Kubernetes service. Defined multiple ports for different application components. +24/-0    ingress.yaml Ingress Configuration for Hoppscotch Application                  charts/hoppscotch/templates/ingress.yaml Introduced ingress.yaml for routing external traffic to the application. Configured TLS settings for secure connections. +28/-0    values.yaml Customizable Values for Hoppscotch Helm Chart                        charts/hoppscotch/values.yaml Created values.yaml for customizable Helm chart values. Included PostgreSQL configuration and application environment variables. +82/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

Summary by Sourcery

Add a Helm chart for the Hoppscotch application, configuring deployment, service, ingress, and PostgreSQL integration.

New Features:

• Introduce a Helm chart for deploying the Hoppscotch application, including configuration for deployment, service, ingress, and values.

Enhancements:

• Integrate PostgreSQL as a dependency within the Helm chart for the Hoppscotch application.

Deployment:

• Configure deployment settings for the Hoppscotch application using Helm, including init containers for database migrations and environment variables.

[ai-themis]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The values.yaml file contains sensitive data like database credentials and JWT secrets. These should be stored securely using Kubernetes secrets to prevent exposure in version control.

⚡ Key issues to review Security Concern The DATABASE_URL environment variable includes hardcoded credentials for PostgreSQL. Consider using Kubernetes secrets to manage sensitive information securely. Sensitive Information Exposure The values.yaml file contains sensitive information such as database credentials and JWT secrets. These should be managed using Kubernetes secrets to avoid exposure in version control.

[ching-kuo]

/improve

[ching-kuo]

/improve

[ching-kuo]

/improve

[ching-kuo]

/improve

[ai-themis]

PR Code Suggestions ✨

Latest suggestions up to f152175

Category	Suggestion	Score
Security	Use a more secure method for generating and managing secrets Consider using a more secure method for generating secrets, such as using a Kubernetes Secret generator or an external secret management tool, instead of hardcoding them in the values.yaml file. charts/hoppscotch/templates/secrets.yaml [12-16] data: jwt_secret: {{ .Values.hoppscotch.auth.JWT_SECRET | b64enc | quote }} session_secret: {{ .Values.hoppscotch.auth.SESSION_SECRET | b64enc | quote }} mailer_smtp_password: {{ .Values.hoppscotch.auth.MAILER_SMTP_PASSWORD | b64enc | quote }} data_encryption_key: {{ .Values.hoppscotch.auth.DATA_ENCRYPTION_KEY | b64enc | quote }} +# Consider using a Kubernetes Secret generator or an external secret management tool for better security. Suggestion importance[1-10]: 9 Why: Using a more secure method for managing secrets is crucial for protecting sensitive information, making this suggestion highly relevant for security best practices.	9
Performance	Add resource requests and limits to the container to manage resource allocation effectively Consider adding a resources section for the hoppscotch-aio container to specify resource requests and limits. This helps ensure that the container has the necessary resources to run efficiently and prevents it from consuming excessive resources. charts/hoppscotch/templates/deployment.yaml [40-92] containers: - name: hoppscotch-aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 readinessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 15 periodSeconds: 20 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.postgresql.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" .Release.Name) }} key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }} - name: DATABASE_URL value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" - name: JWT_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: jwt_secret - name: SESSION_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: session_secret - name: MAILER_SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: mailer_smtp_password - name: DATA_ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: data_encryption_key {{- range $key, $value := .Values.hoppscotch.env }} - name: {{ $key }} value: "{{ $value }}" {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + requests: + memory: "256Mi" + cpu: "500m" + limits: + memory: "512Mi" + cpu: "1000m" Suggestion importance[1-10]: 8 Why: Adding resource requests and limits is a good practice for managing resource allocation effectively, which can prevent issues related to resource exhaustion.	8
Best practice	Add a termination grace period to allow for graceful shutdown of containers Consider adding a terminationGracePeriodSeconds field under the spec section to specify the time Kubernetes should wait before forcefully terminating a container. This can help ensure that the application has enough time to gracefully shut down. charts/hoppscotch/templates/deployment.yaml [5-18] spec: replicas: 1 selector: matchLabels: app: {{ .Release.Name }}-aio template: metadata: labels: app: {{ .Release.Name }}-aio spec: + terminationGracePeriodSeconds: 30 securityContext: sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" Suggestion importance[1-10]: 7 Why: Including a termination grace period is a best practice that allows applications to shut down gracefully, reducing the risk of data loss or corruption.	7
Enhancement	Add a default backend to the Ingress resource to handle unmatched requests Consider adding a default backend to the Ingress resource to handle requests that do not match any specified rules. This can help prevent unexpected 404 errors. charts/hoppscotch/templates/ingress.yaml [10-21] spec: + defaultBackend: + service: + name: {{ .Release.Name }}-aio + port: + number: 3000 rules: - host: {{ .Values.ingress.hostname }} http: paths: - path: {{ .Values.ingress.path }} pathType: Prefix backend: service: name: {{ .Release.Name }}-aio port: number: 3000 Suggestion importance[1-10]: 6 Why: Adding a default backend enhances the Ingress configuration by providing a fallback for unmatched requests, improving user experience and error handling.	6

---

Previous suggestions

Suggestions up to commit b81f1e4

Category	Suggestion	Score
Best practice	Add resource requests and limits to the container configuration Consider adding a resources section for the hoppscotch-aio container to specify CPU and memory requests and limits. This helps ensure that the container has the necessary resources to run efficiently and can prevent resource contention on the cluster. charts/hoppscotch/templates/deployment.yaml [40-92] containers: - name: hoppscotch-aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 readinessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 15 periodSeconds: 20 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.postgresql.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" .Release.Name) }} key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }} - name: DATABASE_URL value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" - name: JWT_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: jwt_secret - name: SESSION_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: session_secret - name: MAILER_SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: mailer_smtp_password - name: DATA_ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: data_encryption_key {{- range $key, $value := .Values.hoppscotch.env }} - name: {{ $key }} value: "{{ $value }}" {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" Suggestion importance[1-10]: 9 Why: Adding resource requests and limits is a best practice that helps manage resource allocation effectively in Kubernetes, preventing potential issues with resource contention.	9
	Add a type field to the Service specification for clarity Consider adding a type field to the Service specification to explicitly define the service type (e.g., ClusterIP, NodePort, LoadBalancer) for clarity and to avoid default behavior. charts/hoppscotch/templates/service.yaml [5-20] spec: + type: ClusterIP selector: app: {{ .Release.Name }}-aio ports: - protocol: TCP port: 3000 targetPort: 3000 name: http-web-port - protocol: TCP port: 3100 targetPort: 3100 name: http-admin-port - protocol: TCP port: 3170 targetPort: 3170 name: backend-port Suggestion importance[1-10]: 8 Why: Specifying the service type enhances clarity and ensures the service behaves as expected, making it a valuable improvement.	8
Possible issue	Set pathType to a valid Kubernetes value Ensure that the pathType is set to a valid Kubernetes value such as ImplementationSpecific, Exact, or Prefix to avoid potential issues with ingress path matching. charts/hoppscotch/templates/ingress.yaml [16] -pathType: {{ .Values.ingress.pathType }} +pathType: Prefix Suggestion importance[1-10]: 7 Why: Setting a valid pathType is important for proper ingress functionality, and this suggestion addresses a potential issue that could affect routing.	7
Maintainability	Use {{- to remove whitespace before the YAML block Consider using {{- instead of {{ for the toYaml function to remove any whitespace before the YAML block, ensuring cleaner indentation. charts/hoppscotch/templates/deployment.yaml [36] +{{- toYaml .Values.hoppscotch.resources | nindent 12 }} - Suggestion importance[1-10]: 6 Why: Using {{- for cleaner indentation is a good practice for maintainability, but it does not address a critical issue.	6

Suggestions up to commit 4ecab93

Category	Suggestion	Score
Resource management	Add resource requests and limits to the container to manage resource allocation effectively Consider adding a resources section for the containers to specify resource requests and limits, ensuring that the application has the necessary resources and does not exceed the available capacity. charts/hoppscotch/templates/deployment.yaml [40-92] containers: - name: hoppscotch-aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 readinessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 15 periodSeconds: 20 env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.postgresql.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" .Release.Name) }} key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }} - name: DATABASE_URL value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" - name: JWT_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: jwt_secret - name: SESSION_SECRET valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: session_secret - name: MAILER_SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: mailer_smtp_password - name: DATA_ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} key: data_encryption_key {{- range $key, $value := .Values.hoppscotch.env }} - name: {{ $key }} value: "{{ $value }}" {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" Suggestion importance[1-10]: 8 Why: Adding resource requests and limits is crucial for managing resource allocation effectively in Kubernetes, which can prevent resource exhaustion and ensure stability.	8
Configuration flexibility	Use a configurable image pull policy to provide flexibility in deployment configurations Consider using {{ .Values.hoppscotch.image.pullPolicy | default "IfNotPresent" }} for the imagePullPolicy to allow flexibility in configuring the pull policy through values. charts/hoppscotch/templates/deployment.yaml [22] -imagePullPolicy: IfNotPresent +imagePullPolicy: {{ .Values.hoppscotch.image.pullPolicy | default "IfNotPresent" }} Suggestion importance[1-10]: 7 Why: Using a configurable image pull policy enhances flexibility in deployment configurations, allowing users to customize behavior without modifying the template directly.	7

Suggestions up to commit 3f7cd5e

Category	Suggestion	Score
Best practice	Add a readiness probe to the container to ensure the application is ready before serving traffic Consider adding a readiness probe to the aio container to ensure that the application is ready to serve traffic before it starts receiving requests. This can help prevent downtime during deployments. charts/hoppscotch/templates/aio-deployment.yaml [40-47] containers: - name: aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 - containerPort: 80 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 10 Suggestion importance[1-10]: 8 Why: Adding a readiness probe is a best practice that enhances the application's reliability during deployments, ensuring it only receives traffic when fully ready.	8
Resilience	Add a liveness probe to the container to restart it if it becomes unresponsive Add a liveness probe to the aio container to automatically restart the container if it becomes unresponsive, which can improve the application's resilience. charts/hoppscotch/templates/aio-deployment.yaml [40-47] containers: - name: aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 - containerPort: 80 + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 20 Suggestion importance[1-10]: 8 Why: Including a liveness probe is crucial for maintaining application uptime, as it allows for automatic recovery from unresponsive states.	8
Performance	Increase the number of replicas for better availability and load balancing Consider setting replicas to a higher number to ensure high availability and load balancing of the application, especially in production environments. charts/hoppscotch/templates/aio-deployment.yaml [6] -replicas: 1 +replicas: 3 Suggestion importance[1-10]: 7 Why: Increasing the number of replicas improves availability and load distribution, which is important for production environments, though it may not be critical for all applications.	7
Robustness	Modify the command to handle errors during execution in the init container Ensure that the command and args fields in the initContainers section are correctly configured to handle potential errors during the execution of the command. charts/hoppscotch/templates/aio-deployment.yaml [37-39] command: [ "/bin/sh", "-c" ] args: - - "pnpx prisma migrate deploy" + - "set -e; pnpx prisma migrate deploy" Suggestion importance[1-10]: 6 Why: Modifying the command to handle errors enhances the robustness of the initialization process, which is beneficial but not as critical as other suggestions.	6

Suggestions up to commit 9e80703

Category	Suggestion	Score
Security	Use Kubernetes Secrets to manage sensitive information like database credentials Consider using a more secure method to handle sensitive information like database credentials, such as using Kubernetes Secrets instead of hardcoding them in the environment variables. charts/hoppscotch/templates/aio-deployment.yaml [24-25] - name: DATABASE_URL - value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:{{ .Values.postgresql.global.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" + valueFrom: + secretKeyRef: + name: hoppscotch-db-secret + key: database_url Suggestion importance[1-10]: 9 Why: This suggestion addresses a significant security concern by recommending the use of Kubernetes Secrets instead of hardcoding sensitive information in environment variables.	9
	Externalize sensitive environment variables to Kubernetes Secrets for enhanced security Consider externalizing sensitive environment variables like JWT_SECRET and SESSION_SECRET to Kubernetes Secrets for enhanced security. charts/hoppscotch/values.yaml [32-37] -JWT_SECRET: "secret1233" -SESSION_SECRET: "add some secret here" +JWT_SECRET: {{ .Values.secrets.jwtSecret }} +SESSION_SECRET: {{ .Values.secrets.sessionSecret }} Suggestion importance[1-10]: 9 Why: This suggestion significantly enhances security by recommending the use of Kubernetes Secrets for sensitive environment variables, similar to the first suggestion.	9
Reliability	Add retry logic to the initContainers section to handle potential failures during database initialization Ensure that the initContainers section has proper error handling and retry logic to handle potential failures during the database initialization process. charts/hoppscotch/templates/aio-deployment.yaml [19-34] initContainers: - name: init-db image: "{{ .Values.aio.image.repository }}:{{ .Values.aio.image.tag }}" imagePullPolicy: IfNotPresent ... command: [ "/bin/sh", "-c" ] args: - - "pnpx prisma migrate deploy" + - "until pnpx prisma migrate deploy; do echo 'Retrying...'; sleep 5; done" Suggestion importance[1-10]: 7 Why: Adding retry logic improves the reliability of the deployment process, making it more robust against transient errors during database initialization.	7
Maintainability	Use more descriptive names for service ports to improve readability Consider using a more descriptive name for the service ports to improve readability and maintainability. charts/hoppscotch/templates/aio-service.yaml [22-24] - protocol: TCP port: 3080 targetPort: 80 - name: web-port + name: http-web-port Suggestion importance[1-10]: 5 Why: While this suggestion improves code readability and maintainability, it addresses a minor issue compared to security or reliability concerns.	5

[knowlet]

@sourcery-ai review

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR introduces a new Helm chart for deploying Hoppscotch, implementing a complete Kubernetes deployment solution. The implementation includes all necessary Kubernetes resources with PostgreSQL integration, proper secret management, and configurable deployment options through values.yaml.

Entity relationship diagram for Hoppscotch Helm Chart

erDiagram
    CHART ||--o{ DEPLOYMENT : includes
    CHART ||--o{ SERVICE : includes
    CHART ||--o{ INGRESS : includes
    CHART ||--o{ VALUES : includes
    CHART ||--o{ SECRETS : includes
    CHART ||--o{ POSTGRESQL : depends_on

    CHART {
        string name
        string version
        string appVersion
    }

    DEPLOYMENT {
        string name
        int replicas
        string image
    }

    SERVICE {
        string name
        string type
        int port
    }

    INGRESS {
        string name
        string hostname
        bool tls
    }

    VALUES {
        string postgresql
        string hoppscotch
    }

    SECRETS {
        string jwt_secret
        string session_secret
    }

    POSTGRESQL {
        string name
        string version
    }

Loading

File-Level Changes

Change	Details	Files
Implemented core Helm chart configuration and dependencies	Defined chart metadata and version information Added PostgreSQL as a dependency with version 16.0.1 Created Chart.lock for dependency version locking	charts/hoppscotch/Chart.yaml charts/hoppscotch/Chart.lock
Set up deployment configuration with init containers and environment management	Configured deployment with readiness and liveness probes Implemented init container for database migrations Set up environment variable injection from values and secrets Added security context configuration for privileged ports	charts/hoppscotch/templates/deployment.yaml
Implemented networking and service configuration	Created ClusterIP service with multiple port configurations Set up ingress with TLS support and path configuration Defined service ports for web, admin, and backend components	charts/hoppscotch/templates/service.yaml charts/hoppscotch/templates/ingress.yaml
Established secret management system	Created template for managing sensitive credentials Implemented secret generation for JWT, session, and encryption keys Added support for external secret references	charts/hoppscotch/templates/secrets.yaml
Created comprehensive values configuration	Set up PostgreSQL configuration options Defined application environment variables and defaults Added customizable ingress and TLS settings Configured image repository and tag settings	charts/hoppscotch/values.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @ching-kuo - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider moving sensitive values (JWT_SECRET, SESSION_SECRET, etc.) out of values.yaml into a separate secrets management solution or using existing secrets. Hardcoding these in values.yaml is a security risk.
• Add resource limits and requests to the deployment spec to ensure proper resource management and prevent potential container resource exhaustion.

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟡 Security: 1 issue found
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 issue (security): Default secrets should not be included in the values file

Including default secrets in the values file poses a security risk if users forget to change them. Consider removing the default values and requiring users to provide their own secrets, or generate them automatically.

[sourcery-ai]

issue (performance): Missing container resource limits

Resource limits should be defined to prevent potential resource exhaustion. Consider adding appropriate CPU and memory limits based on the application's requirements.