Conversation
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @jjmata, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the self-hosting documentation for the Sure application by introducing a comprehensive guide for deployment on Kubernetes using Helm. The new guide provides detailed instructions and best practices, covering everything from initial setup and configuration to advanced topics like high-availability profiles, secrets management, and operational procedures such as updates, backups, and troubleshooting. This addition aims to streamline the deployment process for users looking to self-host Sure in a Kubernetes environment. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive Helm installation guide for deploying Sure on Kubernetes, covering installation, configuration, secrets management, updates, backups, and troubleshooting. It also correctly updates the docs.json file to include the new guide in the navigation. The new documentation is well-structured and provides valuable information for users looking to self-host with Helm.
| -n sure \ | ||
| --set image.tag=v1.2.3 \ | ||
| --set rails.secret.enabled=true \ | ||
| --set rails.secret.values.SECRET_KEY_BASE=$(openssl rand -hex 32) |
There was a problem hiding this comment.
The quickstart uses SECRET_KEY_BASE=$(openssl rand -hex 32) directly in the helm upgrade command. While convenient for a quick test, this method is not recommended for production environments as the secret is passed directly on the command line and not managed securely. It would be better to guide users to create a Kubernetes Secret beforehand and reference it, as demonstrated in the "Secrets management" section, or add a stronger warning about this being for development only.
| ```yaml | ||
| image: | ||
| repository: ghcr.io/we-promise/sure | ||
| tag: "v1.0.0" |
There was a problem hiding this comment.
For production deployments, image.pullPolicy: Always is generally recommended to ensure that the latest image for a given tag is always used, especially if mutable tags like stable are ever considered. While v1.0.0 is a fixed tag, explicitly setting Always can prevent issues if the image in the local cache is somehow corrupted or outdated.
pullPolicy: Always
| encryptionEnv: | ||
| enabled: true | ||
| settings: | ||
| SELF_HOSTED: "true" |
There was a problem hiding this comment.
These settings (encryptionEnv and SELF_HOSTED) are introduced without explanation. Briefly describing what encryptionEnv and SELF_HOSTED do, and why they are enabled/set to "true" in this profile, would improve clarity for users.
| name: sure-db | ||
| instances: 1 | ||
| storage: | ||
| size: 8Gi |
There was a problem hiding this comment.
The storageClassName: longhorn assumes that the Longhorn storage provisioner is installed and configured in the Kubernetes cluster. It would be beneficial to add a note advising users to ensure this storage class exists or to replace it with an appropriate storage class available in their cluster.
| managed: | ||
| enabled: true | ||
| mode: replication | ||
| replicas: 3 |
There was a problem hiding this comment.
In a "Simple single-node" profile, having 3 Redis replicas might be excessive for development or small deployments, potentially consuming more resources than necessary. Consider reducing the default to 1 replica for a truly minimal setup, or clarify the rationale for 3 replicas in this "simple" context.
replicas: 1
| # Rails secrets | ||
| SECRET_KEY_BASE: "__SET_SECRET__" | ||
|
|
||
| # Active Record Encryption keys (required for self-hosted mode) | ||
| ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "__SET_SECRET__" | ||
| ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "__SET_SECRET__" | ||
| ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "__SET_SECRET__" | ||
|
|
||
| # Redis password | ||
| redis-password: "__SET_SECRET__" |
There was a problem hiding this comment.
For the SECRET_KEY_BASE, ACTIVE_RECORD_ENCRYPTION_*, and redis-password placeholders, it would be helpful to provide example commands for generating secure random strings, similar to the openssl rand -hex 32 example for SECRET_KEY_BASE in the quickstart. This helps users generate strong secrets rather than using weak or default values.
| PRIMARY_POD=$(kubectl get pod -n sure -l cnpg.io/cluster=sure-db,role=primary -o name) | ||
|
|
||
| # Create a backup | ||
| kubectl exec -n sure $PRIMARY_POD -- pg_dump -U sure sure_production > backup.sql |
There was a problem hiding this comment.
The backup and restore commands assume a PostgreSQL user sure and database sure_production. It would be prudent to add a note that these values might need to be adjusted if the user has customized POSTGRES_USER or POSTGRES_DB in their Helm chart configuration.
| ``` | ||
|
|
||
| <Warning> | ||
| This will not delete PersistentVolumeClaims. To completely remove all data, manually delete the PVCs after uninstalling. |
There was a problem hiding this comment.
The command kubectl delete pvc -n sure --all is very broad. If other applications or components share the sure namespace and have their own PVCs, this command would delete them as well. It would be safer to provide a more targeted deletion command, perhaps using labels specific to the Sure application's PVCs, or to explicitly warn users about the potential for unintended data loss if other PVCs exist in the namespace.
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 96b47fe3f4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
self-hosting-helm.mdx
Outdated
| kubectl create ns sure || true | ||
|
|
||
| # Install chart with a pinned image tag | ||
| helm upgrade --install sure charts/sure \ |
There was a problem hiding this comment.
If a user follows the “Download the Helm chart” flow, helm upgrade --install sure charts/sure will fail because the extracted archive doesn’t include a charts/sure path; that path only exists when cloning the repository. This means the quickstart (and the update section with the same path) won’t work for the download/extract method unless you point Helm at the extracted chart directory or the .tgz file (e.g. ./sure-helm-chart.tgz).
Useful? React with 👍 / 👎.
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
Co-Authored-By: mintlify[bot] <109931778+mintlify[bot]@users.noreply.github.com>
1 participant
Created a comprehensive guide for deploying Sure on Kubernetes using the official Helm chart. The guide covers installation, configuration, deployment profiles, secrets management, updates, backups, and troubleshooting.
Files changed:
self-hosting-helm.mdx- New Helm installation guidedocs.json- Added new page to "Getting started" navigation