What's new in chart-v0.2.30
This is a daemon-version-only chart bump: appVersion advances from 0.5.26 to 0.5.27, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.5.27, and the artifacthub.io/images annotation is updated in lockstep so the Artifact Hub listing advertises the matching image. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret. The chart-v0.2.29 surface is preserved byte-for-byte.
The 0.5.27 daemon image lands a hardening pass on the CLI output paths and the daemon ack flow, alongside a TUI refactor that eliminates the UI freeze during ack/revoke (a and u keys in query inspect) and a batch of allocation-light rewrites on the analysis hot paths. From a chart perspective, the visible signal is three new operator-facing WARN-level events the daemon emits at startup or render time, none of which require a values.yaml change to silence (each one points at the configuration switch the operator can flip).
The first WARN fires at daemon startup when [daemon.cors] allowed_origins = ["*"] is combined with [daemon.ack] api_key. Wildcard CORS plus an X-API-Key auth lets any browser origin replay a captured key, which the daemon now flags loudly so production deployments can switch to an explicit origin allow-list. The chart's daemon.cors.allowedOrigins value (introduced in chart-v0.2.27) renders directly into this section, no template change is required to migrate from ["*"] to a curated list. The second WARN fires when an HTML report is rendered with --daemon-url http://... pointing at a non-loopback host, catching the "report served over HTTPS but daemon URL is HTTP" mixed-content trap before the operator opens the file. Loopback URLs (localhost, 127.0.0.1, [::1]) stay exempt because dev setups intentionally run the daemon on cleartext HTTP. The third WARN is CLI-only and fires when an operator passes --auth-header directly to perf-sentinel tempo or perf-sentinel jaeger-query instead of --auth-header-env, mirroring the existing nudge on pg-stat. None of the three is a hard error, all three are configuration-only switches the operator controls.
The CLI-side hardening covers symlink-safe write paths (the HTML report, the calibration TOML, and the diff --output file all open with O_NOFOLLOW on Unix now), terminal-injection-safe error messages (signatures, daemon URLs, and daemon-supplied bodies are sanitized through text_safety::sanitize_for_terminal consistently), control-character rejection on the Tempo and pg-stat endpoint validators, a 1 KiB cap on the ack create stdin signature read and the interactive API-key prompt, ack store parent directory tightened to 0700 on Unix, and a rewrite_compacted symlink-recheck immediately before the rename. None of those have a chart-side knob: helm upgrade from chart-v0.2.29 picks them all up automatically through the new image.
The TUI ack non-blocking refactor (perf-sentinel query inspect no longer freezes 100-300 ms on every a or u Submit) is a pure user-experience improvement on the CLI side, invisible from the daemon's HTTP API. The chart's [daemon.ack] ConfigMap-and-Secret plumbing is unaffected.
The HTTP API surface, the v0.5.21 ack Prometheus counters, the v0.5.23 [daemon.cors] config section, the v0.5.25 Scaphandre scrape counters on /metrics, the v0.5.26 deprecation warnings for the eight legacy flat keys, the ServiceMonitor rendering, the NetworkPolicy rendering, and the optional [daemon.ack] ConfigMap-and-Secret plumbing all keep their prior contracts. A helm upgrade from chart-v0.2.29 to chart-v0.2.30 is metadata-only: the new image rolls out, the daemon restarts, and operators using clean configurations see no log line beyond the standard daemon startup banner.
Changed
appVersionbumped from0.5.26to0.5.27, defaultimage.tagnow resolves toghcr.io/robintra/perf-sentinel:0.5.27. Theartifacthub.io/imagesannotation tracks the bump.- No chart-level config change.
values.yaml, every template, theServiceMonitorrendering, theNetworkPolicyrendering, the optional[daemon.ack]ConfigMap-and-Secret plumbing, the optional[daemon.cors]plumbing, and theack-toml-baselinemount are byte-for-byte identical to chart-v0.2.29.
Behavior
- No HTTP-shape change on the daemon side. The three ack endpoints, the v0.5.21 ack
/metricscounters, the v0.5.25 Scaphandre scrape counters, the/api/findings,/api/status,/api/correlations,/api/explain/*,/api/export/reportroutes, and every other route keep their v0.5.26 status codes and JSON shapes. Existing scrapers, dashboards, and automation continue to work without adjustment. - No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged. A
helm upgradefrom chart-v0.2.29 keeps the daemon's existingacks.jsonlintact, the daemon replays and atomically rewrites it at startup as it did before. - Three new operator-facing WARN events the daemon emits without a values.yaml change required. Each is a configuration-only switch the operator controls: prefer an explicit
daemon.cors.allowedOriginsover["*"]when an[daemon.ack] api_keyis set, prefer anhttps://daemon URL overhttp://when rendering reports for non-loopback hosts, prefer--auth-header-envover--auth-headerfor Tempo and Jaeger-Query CLI invocations.
Install
helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.30Upgrade an existing release:
helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.30Tightening a chart-mounted CORS configuration that was previously wildcarded. Before:
daemon:
cors:
allowedOrigins:
- "*"
ack:
apiKey: <rotate-this>After:
daemon:
cors:
allowedOrigins:
- https://reports.example.com
- https://gitlab.example.com
ack:
apiKey: <rotate-this>See docs/CONFIGURATION.md "[daemon.cors]" for the full whitelist semantics and the wildcard-with-api_key warning rationale.
Full Changelog: chart-v0.2.29...chart-v0.2.30