feat(plugin-br-pix-switch): add new helm chart

[bedatty]

Midaz Pull Request Checklist

Pull Request Type

• Midaz
• Plugin Access Manager
• Plugin CRM
• Reporter
• Plugin Fees
• Plugin BR PIX Direct JD
• Plugin BR PIX Indirect BTG
• Otel Collector
• Pipeline
• Documentation
• Fetcher
• Matcher
• Flowker
• Underwriter

Note: New chart — Plugin BR Pix Switch (not yet listed in template).

Description

Add initial Helm chart for plugin-br-pix-switch — a single Go microservice for PIX switching operations.

Chart includes:

• Deployment with HTTP (4000) + gRPC (7001) dual-port service
• PostgreSQL (Bitnami v16.3) and Valkey (Bitnami v2.4.6) as subchart dependencies
• ConfigMap and Secrets for all application environment variables
• HPA, PDB, and optional Ingress
• OpenTelemetry collector integration
• Readiness (/ready) and liveness (/live) probes

Based on plugin-br-pix-direct-jd chart, simplified from 3 components to 1 (no QR code service, no CronJob).

Checklist

• I have tested these changes locally.
• I have updated the documentation accordingly.
• I have added necessary comments to the code, especially in complex areas.
• I have ensured that my changes adhere to the project's coding standards.
• I have checked for any potential security issues.
• I have ensured that all tests pass.
• I have updated the version appropriately (if applicable).
• I have confirmed this code is ready for review.

Additional Notes

• Chart validated with helm lint and helm template — all passing
• Chart version: 1.0.0, app version: 1.8.0-beta.2

[coderabbitai]

Walkthrough

A new Helm chart for plugin-br-pix-switch was added. Files include Chart.yaml, CHANGELOG.md, README, NOTES.txt, helpers.tpl, templates for Deployment, Service, ConfigMap, Secret, Ingress, HPA, PDB, values.yaml and values-template. The chart exposes HTTP port 4000 and gRPC port 7001, declares Bitnami subchart dependencies for postgresql (v16.3) and valkey (v2.4.6), and provides configurable HPA, ingress/TLS, OpenTelemetry integration, readiness/liveness probes, and options to use external DB/cache or existing secrets.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client
participant Ingress
participant Service
participant Pod as "pixSwitch Pod"
participant Postgres
participant Valkey
participant OTel as "OTel Collector"

Client->>Ingress: HTTP/gRPC request
Ingress->>Service: Route request
Service->>Pod: Forward to HTTP or gRPC port
Pod->>Postgres: DB read/write
Pod->>Valkey: Cache operations
Pod->>OTel: Export telemetry (OTLP)

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description is comprehensive, detailing chart composition (Deployment, PostgreSQL, Valkey, ConfigMap, Secrets, HPA, PDB, Ingress, OpenTelemetry, and probes), the chart version/app version, and validation steps. All relevant PR checklist items are marked complete.
Title check	✅ Passed	The PR title 'feat(plugin-br-pix-switch): add new helm chart' accurately and specifically describes the main change: introducing a new Helm chart for the plugin-br-pix-switch component. It follows conventional commit format and clearly communicates the primary objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 17

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/plugin-br-pix-switch/Chart.yaml`:
- Around line 41-44: The valkey dependency in Chart.yaml is pinned to version
2.4.6 while a sibling chart uses 2.4.7; update the valkey entry (dependency
name: valkey, field: version) to 2.4.7 to align versions across charts (unless
there is a deliberate compatibility reason), and run your chart dependency
update/helm repo update to verify compatibility after changing the version.

In `@charts/plugin-br-pix-switch/templates/helpers.tpl`:
- Around line 34-39: The selectorLabels template
("plugin-br-pix-switch.selectorLabels") currently skips app.kubernetes.io/name
when .name is falsy; change it to always emit the app.kubernetes.io/name label
by removing the conditional and using a safe fallback (e.g., call include
"plugin-br-pix-switch.name" with .context or fall back to .Chart.Name /
.context.Chart.Name) so the label is always present alongside
app.kubernetes.io/instance: {{ .context.Release.Name }} to ensure selectors
match pods/services even when .name is not provided.
- Around line 4-6: The template "plugin-br-pix-switch.name" incorrectly calls
the Helm default function (it expects two args); replace the nested/missing-arg
usage by calling default with a fallback first (e.g., use .Chart.Name as the
fallback) and the value second, then pipe the result to trunc 63 and trimSuffix
"-"; specifically update the template that references .Values.pixSwitch.name so
it uses default .Chart.Name .Values.pixSwitch.name before applying trunc and
trimSuffix to produce the final name.
- Around line 20-22: The helper "plugin-br-pix-switch.fullname" uses the Helm
template function default with only one argument (the expression
`.Values.pixSwitch.name`), which is incorrect; update the template so `default`
receives the fallback value (for example `.Release.Name | printf "%s-%s"
.Release.Name .Chart.Name` or a literal fallback) and ensure the helper uses the
intended fallback behavior; locate the define block named
"plugin-br-pix-switch.fullname" and replace the `default .Values.pixSwitch.name`
call with `default <fallback> .Values.pixSwitch.name` (or remove `default`
entirely if `.Values.pixSwitch.name` is always set) so the expression evaluates
correctly.

In `@charts/plugin-br-pix-switch/templates/NOTES.txt`:
- Around line 41-42: The NOTES.txt template currently prints raw values
.Values.pixSwitch.autoscaling.targetCPUUtilizationPercentage and
.Values.pixSwitch.autoscaling.targetMemoryUtilizationPercentage which render as
"<no value>%" when unset; update the template to use a safe default or
conditional rendering (Helm's default or if/else) so it shows a sensible
fallback like "N/A" or "-" (e.g., wrap with default or an if test) for both
.Values.pixSwitch.autoscaling.targetCPUUtilizationPercentage and
.Values.pixSwitch.autoscaling.targetMemoryUtilizationPercentage to avoid showing
"<no value>%".

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml`:
- Line 29: The DB_SSL_MODE default is currently "disable" which allows
unencrypted DB connections; update the template handling for DB_SSL_MODE (the
expression using .Values.pixSwitch.configmap.DB_SSL_MODE) to use a more secure
default such as "prefer" or "require", or add a clear inline comment above the
DB_SSL_MODE line warning that "disable" is only for local dev and must be
overridden in production; ensure the chosen safer default is applied via the
template's default filter and document the expected values ("disable", "prefer",
"require") so operators know how to override
.Values.pixSwitch.configmap.DB_SSL_MODE.
- Line 36: DB_REPLICA_SSL_MODE currently defaults to "disable"; change it to
follow the same secure default as the primary SSL setting by using the same
value or default as DB_SSL_MODE. Update the template expression for
DB_REPLICA_SSL_MODE (currently using
.Values.pixSwitch.configmap.DB_REPLICA_SSL_MODE | default "disable") to instead
default to .Values.pixSwitch.configmap.DB_SSL_MODE | default "require" (or
mirror whatever secure default DB_SSL_MODE uses), ensuring DB_REPLICA_SSL_MODE
and DB_SSL_MODE are consistent.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/deployment.yaml`:
- Around line 26-52: The container-level securityContext from values
(pixSwitch.securityContext) is not being applied; update the container spec for
the container named by include "plugin-br-pix-switch.fullname" to merge/apply
.Values.pixSwitch.securityContext (e.g. render it with toYaml and nindent to
match the container indentation) so the settings (runAsNonRoot,
readOnlyRootFilesystem, capabilities.drop, etc.) are set at the container level
rather than only at podSecurityContext; guard the block with an if so it only
renders when .Values.pixSwitch.securityContext is defined and place it alongside
env/envFrom/resources within the container definition.
- Around line 42-50: The OTEL endpoint port is hardcoded for the environment
variable OTEL_EXPORTER_OTLP_ENDPOINT; change the value expression so it uses the
configured port from .Values (the "otel-collector-lerian" block) instead of
literal 4317 — e.g. construct the value as "$(HOST_IP):<port>" where <port> is
read from .Values.otel-collector-lerian.OTEL_EXPORTER_OTLP_ENDPOINT_PORT (and
provide a default/fallback of 4317 if that value is missing) so the template
respects the values.yaml setting.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/hpa.yaml`:
- Around line 15-31: The HPA template can emit an empty metrics list when both
.Values.pixSwitch.autoscaling.targetCPUUtilizationPercentage and
.Values.pixSwitch.autoscaling.targetMemoryUtilizationPercentage are unset,
making the HPA invalid; update the template around the metrics block so it only
renders the entire metrics: section if at least one of those values is set (or
provide a sane default metric when autoscaling is enabled), by adding a
surrounding conditional that checks
.Values.pixSwitch.autoscaling.targetCPUUtilizationPercentage or
.Values.pixSwitch.autoscaling.targetMemoryUtilizationPercentage before emitting
the metrics items referenced in this diff.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/ingress.yaml`:
- Around line 4-8: The template is mutating the global .Values via set on
.Values.pixSwitch.ingress.annotations; instead, create a local annotations
variable (e.g. $annotations) from .Values.pixSwitch.ingress.annotations |
default (dict) and, when className exists and KubeVersion < 1.18 and the key is
absent, produce a new map by merging $annotations with a dict
{"kubernetes.io/ingress.class": .Values.pixSwitch.ingress.className} (use the
merge function) and use $annotations in the annotations block; keep the existing
conditionals (.Values.pixSwitch.ingress.className and semverCompare) but remove
any direct set on .Values to avoid mutating the global values.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/pdb.yaml`:
- Around line 15-19: The PDB defaults to minAvailable: 0 when
.Values.pixSwitch.pdb.maxUnavailable is not set, offering no protection; change
the default minAvailable from 0 to 1 by updating the template block that emits
minAvailable (the conditional using .Values.pixSwitch.pdb.maxUnavailable and
.Values.pixSwitch.pdb.minAvailable) so that when no value is provided it renders
minAvailable: 1 instead of 0, ensuring at least one pod remains during voluntary
disruptions.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/secrets.yaml`:
- Around line 14-18: Remove the hardcoded "lerian" defaults and make the three
secret values mandatory by using Helm's required function so deployments fail
fast if they are not provided: replace occurrences of {{
.Values.pixSwitch.secrets.DB_PASSWORD | default "lerian" ... }}, {{
.Values.pixSwitch.secrets.DB_REPLICA_PASSWORD | default "lerian" ... }}, and {{
.Values.pixSwitch.secrets.VALKEY_PASSWORD | default "lerian" ... }} with
required calls (e.g. required "DB_PASSWORD must be set in pixSwitch.secrets"
.Values.pixSwitch.secrets.DB_PASSWORD) so DB_PASSWORD, DB_REPLICA_PASSWORD, and
VALKEY_PASSWORD must be supplied (or wrap with a clear environment-based
conditional if you intentionally allow defaults in dev).

In `@charts/plugin-br-pix-switch/values.yaml`:
- Around line 94-95: The tolerations field in values.yaml is using the wrong
type (object) — change the tolerations entry from an empty object to an empty
list so Kubernetes templates receive a list: replace the current tolerations: {}
with tolerations: [] and ensure any templates reading .Values.tolerations expect
a list (e.g., iterate over it) so adding tolerations later will work correctly.
- Around line 133-137: The values.yaml default sets DB_SSL_MODE to "disable",
which is insecure for production; change the default DB_SSL_MODE value from
"disable" to a secure mode such as "require" (or "verify-full" if server cert
validation is available) and add a short comment in values.yaml next to the
DB_SSL_MODE entry explaining that "disable" is only for local/dev use and that
production should use a secure mode; alternatively, if changing the default is
undesirable, update documentation (README or chart notes) to clearly state that
DB_SSL_MODE must be set to a secure value in production and show example values
("require" / "verify-full").
- Around line 184-219: Update the insecure PostgreSQL defaults: set
postgresql.global.security.allowInsecureImages to false (or add a clear comment
that true is only for development), replace the floating postgresql.image.tag
"latest" with a pinned, specific image tag, and stop using a hardcoded secret by
changing postgresql.auth.password to a placeholder like "CHANGE_ME" and ensure
secrets are sourced from a vault/secretRef in production; modify the values for
postgresql.global.security.allowInsecureImages, postgresql.image.tag, and
postgresql.auth.password accordingly.
- Around line 221-231: The values.yaml currently enables valkey with
auth.disabled and image.tag set to "latest", which is unsafe for production;
update the valkey block so auth.enabled is true (or document enabling via
valkey.auth.enabled) and replace image.tag "latest" with a specific, pinned
version (or expose valkey.image.tag for overrides), and ensure any deployment
manifests reference valkey.auth.* to require credentials—adjust values under the
valkey key (valkey.auth.enabled and valkey.image.tag / valkey.image.repository)
and add clear defaults or comments for secure production settings.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9a8793ab-fb14-46cd-a4a0-b5c4330b772d

📥 Commits

Reviewing files that changed from the base of the PR and between e4aec41 and 8977d4b.

📒 Files selected for processing (14)

• charts/plugin-br-pix-switch/CHANGELOG.md
• charts/plugin-br-pix-switch/Chart.yaml
• charts/plugin-br-pix-switch/README.md
• charts/plugin-br-pix-switch/templates/NOTES.txt
• charts/plugin-br-pix-switch/templates/helpers.tpl
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/deployment.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/hpa.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/ingress.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/pdb.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/secrets.yaml
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/service.yaml
• charts/plugin-br-pix-switch/values-template.yaml
• charts/plugin-br-pix-switch/values.yaml

All comments addressed. 3 valid suggestions applied in commit 86b7f17 (securityContext, tolerations type, NOTES defaults). 14 dismissed — follow established repo patterns.

[guimoreirar]

LGTM

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/plugin-br-pix-switch/templates/NOTES.txt`:
- Around line 18-19: The NOTES template currently points users to /health but
the container readiness/liveness probes are defined as /ready and /live; update
the NOTES.txt line that constructs the curl URL (the template using include
"plugin-br-pix-switch.fullname" and .Values.pixSwitch.service.port) to use
/ready (or /live if you prefer liveness) to match the probe paths, or
alternatively add/verify a /health handler in the application; ensure the URL
path in the template and the probes in Deployment (readiness/liveness) are
consistent.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/deployment.yaml`:
- Around line 55-66: The livenessProbe currently has initialDelaySeconds: 5
while readinessProbe uses initialDelaySeconds: 10, which can cause liveness
failures before the app is marked ready; update the deployment.yaml template so
the livenessProbe.initialDelaySeconds is set to at least the
readinessProbe.initialDelaySeconds (e.g., set livenessProbe.initialDelaySeconds
to 10) or reduce readinessProbe.initialDelaySeconds to match, keeping the same
httpGet paths (/live and /ready) and port reference ({{
.Values.pixSwitch.service.port }}).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6fa3a773-8a23-4b69-8bd6-06e3f24602ca

📥 Commits

Reviewing files that changed from the base of the PR and between 8977d4b and 86b7f17.

📒 Files selected for processing (3)

• charts/plugin-br-pix-switch/templates/NOTES.txt
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/deployment.yaml
• charts/plugin-br-pix-switch/values.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Health endpoint path may be incorrect.

The NOTES show curl http://...{{ .Values.pixSwitch.service.port }}/health, but the deployment.yaml defines probes for /ready and /live endpoints. Verify that /health exists, or update to use /ready for consistency.

✏️ Proposed fix

   In-cluster access (HTTP):
-    curl http://{{ include "plugin-br-pix-switch.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.pixSwitch.service.port }}/health
+    curl http://{{ include "plugin-br-pix-switch.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.pixSwitch.service.port }}/ready

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	In-cluster access (HTTP):
	curl http://{{ include "plugin-br-pix-switch.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.pixSwitch.service.port }}/health
	In-cluster access (HTTP):
	curl http://{{ include "plugin-br-pix-switch.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.pixSwitch.service.port }}/ready

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/plugin-br-pix-switch/templates/NOTES.txt` around lines 18 - 19, The
NOTES template currently points users to /health but the container
readiness/liveness probes are defined as /ready and /live; update the NOTES.txt
line that constructs the curl URL (the template using include
"plugin-br-pix-switch.fullname" and .Values.pixSwitch.service.port) to use
/ready (or /live if you prefer liveness) to match the probe paths, or
alternatively add/verify a /health handler in the application; ensure the URL
path in the template and the probes in Deployment (readiness/liveness) are
consistent.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Liveness probe may trigger restarts before readiness is established.

The liveness probe starts at 5 seconds (initialDelaySeconds: 5) while the readiness probe starts at 10 seconds (initialDelaySeconds: 10). If the application takes longer than 5 seconds to become ready, the liveness probe could fail and restart the pod before readiness is even checked.

Consider aligning the delays so liveness starts at or after readiness:

⏱️ Proposed fix

           readinessProbe:
             httpGet:
               path: /ready
               port: {{ .Values.pixSwitch.service.port }}
             initialDelaySeconds: 10
             periodSeconds: 5
           livenessProbe:
-            initialDelaySeconds: 5
+            initialDelaySeconds: 10
             periodSeconds: 5
             httpGet:
               path: /live
               port: {{ .Values.pixSwitch.service.port }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	readinessProbe:
	httpGet:
	path: /ready
	port: {{ .Values.pixSwitch.service.port }}
	initialDelaySeconds: 10
	periodSeconds: 5
	livenessProbe:
	initialDelaySeconds: 5
	periodSeconds: 5
	httpGet:
	path: /live
	port: {{ .Values.pixSwitch.service.port }}
	readinessProbe:
	httpGet:
	path: /ready
	port: {{ .Values.pixSwitch.service.port }}
	initialDelaySeconds: 10
	periodSeconds: 5
	livenessProbe:
	initialDelaySeconds: 10
	periodSeconds: 5
	httpGet:
	path: /live
	port: {{ .Values.pixSwitch.service.port }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/deployment.yaml`
around lines 55 - 66, The livenessProbe currently has initialDelaySeconds: 5
while readinessProbe uses initialDelaySeconds: 10, which can cause liveness
failures before the app is marked ready; update the deployment.yaml template so
the livenessProbe.initialDelaySeconds is set to at least the
readinessProbe.initialDelaySeconds (e.g., set livenessProbe.initialDelaySeconds
to 10) or reduce readinessProbe.initialDelaySeconds to match, keeping the same
httpGet paths (/live and /ready) and port reference ({{
.Values.pixSwitch.service.port }}).

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/plugin-br-pix-switch/README.md`:
- Around line 16-17: Update the README prerequisite that currently lists
"Kubernetes 1.19+" to "Kubernetes 1.25+" to reflect required API versions;
locate the prerequisites section in README.md where the lines "Kubernetes 1.19+"
and "Helm 3.x" appear and replace the Kubernetes version string, and optionally
add a short note that policy/v1 (PodDisruptionBudget) and autoscaling/v2
(HorizontalPodAutoscaler) require K8s 1.25+ (and 1.23+ respectively) to justify
the change.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml`:
- Around line 19-25: The defaults for PLUGIN_AUTH_ADDRESS and DB_HOST hardcode
the namespace "midaz-plugins"; change their default expressions to use the
release namespace dynamically by replacing the fixed hostnames with printf using
.Release.Namespace (e.g. replace the default for PLUGIN_AUTH_ADDRESS with
default (printf "http://plugin-access-manager-auth.%s.svc.cluster.local:4000"
.Release.Namespace) and for DB_HOST with default (printf
"plugin-br-pix-switch-postgresql.%s.svc.cluster.local" .Release.Namespace)),
keeping the surrounding Helm pipeline (| default ... | quote) and the same value
keys (.Values.pixSwitch.configmap.PLUGIN_AUTH_ADDRESS, DB_HOST).
- Line 10: The VERSION value in templates/plugin-br-pix-switch/configmap.yaml is
hard-coded and may drift from Chart.yaml; update the template to derive the
version from the chart metadata (use .Chart.AppVersion or .Chart.Version as
appropriate) instead of the literal, and apply the same change to the duplicate
at the other occurrence (the VERSION field at line ~55) so both entries read
from the chart metadata with a sensible default fallback.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 77ea16c4-3e4f-4d2d-8525-91dc05e7cb96

📥 Commits

Reviewing files that changed from the base of the PR and between 86b7f17 and 85bd001.

📒 Files selected for processing (5)

• README.md
• charts/plugin-br-pix-switch/Chart.yaml
• charts/plugin-br-pix-switch/README.md
• charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml
• charts/plugin-br-pix-switch/values.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify API versions used by this chart's templates to confirm minimum Kubernetes version.
rg -n '^\s*apiVersion:\s*' charts/plugin-br-pix-switch/templates -g '*.yaml'
rg -n '^\s*kind:\s*(HorizontalPodAutoscaler|PodDisruptionBudget|Ingress)\s*$' charts/plugin-br-pix-switch/templates -g '*.yaml' -C2

Repository: LerianStudio/helm

Length of output: 2533

---

Update the Kubernetes minimum version in the prerequisite from 1.19+ to 1.25+.

The chart uses policy/v1 for PodDisruptionBudget (introduced in K8s 1.25) and autoscaling/v2 for HorizontalPodAutoscaler (introduced in K8s 1.23). When these features are enabled, the cluster must support K8s 1.25 or later.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/plugin-br-pix-switch/README.md` around lines 16 - 17, Update the
README prerequisite that currently lists "Kubernetes 1.19+" to "Kubernetes
1.25+" to reflect required API versions; locate the prerequisites section in
README.md where the lines "Kubernetes 1.19+" and "Helm 3.x" appear and replace
the Kubernetes version string, and optionally add a short note that policy/v1
(PodDisruptionBudget) and autoscaling/v2 (HorizontalPodAutoscaler) require K8s
1.25+ (and 1.23+ respectively) to justify the change.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Derive app version values from chart metadata to prevent drift.

Line 10 and Line 55 duplicate a literal app version; these can diverge from Chart.yaml over time.

♻️ Suggested refactor

-  VERSION: {{ .Values.pixSwitch.configmap.VERSION | default "1.0.0-beta.1" | quote }}
+  VERSION: {{ .Values.pixSwitch.configmap.VERSION | default .Chart.AppVersion | quote }}

-  OTEL_RESOURCE_SERVICE_VERSION: {{ .Values.pixSwitch.configmap.OTEL_RESOURCE_SERVICE_VERSION | default "1.0.0-beta.1" | quote }}
+  OTEL_RESOURCE_SERVICE_VERSION: {{ .Values.pixSwitch.configmap.OTEL_RESOURCE_SERVICE_VERSION | default .Chart.AppVersion | quote }}

Also applies to: 55-55

🧰 Tools

🪛 YAMLlint (1.38.0)

[error] 10-10: too many spaces inside braces

(braces)

---

[error] 10-10: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml` at
line 10, The VERSION value in templates/plugin-br-pix-switch/configmap.yaml is
hard-coded and may drift from Chart.yaml; update the template to derive the
version from the chart metadata (use .Chart.AppVersion or .Chart.Version as
appropriate) instead of the literal, and apply the same change to the duplicate
at the other occurrence (the VERSION field at line ~55) so both entries read
from the chart metadata with a sensible default fallback.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid hardcoded midaz-plugins in default service DNS endpoints.

Line 19 and Line 25 embed a fixed namespace in defaults. This will break out-of-the-box connectivity when installing into any other namespace.

💡 Proposed fix

-  PLUGIN_AUTH_ADDRESS: {{ .Values.pixSwitch.configmap.PLUGIN_AUTH_ADDRESS | default "http://plugin-access-manager-auth.midaz-plugins.svc.cluster.local:4000" | quote }}
+  PLUGIN_AUTH_ADDRESS: {{ .Values.pixSwitch.configmap.PLUGIN_AUTH_ADDRESS | default (printf "http://plugin-access-manager-auth.%s.svc.cluster.local:4000" .Release.Namespace) | quote }}

-  DB_HOST: {{ .Values.pixSwitch.configmap.DB_HOST | default "plugin-br-pix-switch-postgresql.midaz-plugins.svc.cluster.local" | quote }}
+  DB_HOST: {{ .Values.pixSwitch.configmap.DB_HOST | default (printf "%s-postgresql.%s.svc.cluster.local" (include "plugin-br-pix-switch.fullname" .) .Release.Namespace) | quote }}

🧰 Tools

🪛 YAMLlint (1.38.0)

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 22-22: too many spaces inside braces

(braces)

---

[error] 22-22: too many spaces inside braces

(braces)

---

[error] 25-25: too many spaces inside braces

(braces)

---

[error] 25-25: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@charts/plugin-br-pix-switch/templates/plugin-br-pix-switch/configmap.yaml`
around lines 19 - 25, The defaults for PLUGIN_AUTH_ADDRESS and DB_HOST hardcode
the namespace "midaz-plugins"; change their default expressions to use the
release namespace dynamically by replacing the fixed hostnames with printf using
.Release.Namespace (e.g. replace the default for PLUGIN_AUTH_ADDRESS with
default (printf "http://plugin-access-manager-auth.%s.svc.cluster.local:4000"
.Release.Namespace) and for DB_HOST with default (printf
"plugin-br-pix-switch-postgresql.%s.svc.cluster.local" .Release.Namespace)),
keeping the surrounding Helm pipeline (| default ... | quote) and the same value
keys (.Values.pixSwitch.configmap.PLUGIN_AUTH_ADDRESS, DB_HOST).

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pr-title.yml:
- Line 41: The PR title scope validation was updated to include
"plugin-br-pix-switch" but the labeler rules weren't updated; add a matching
labeler rule in the labeler configuration to map changes under
charts/plugin-br-pix-switch/** to the same label used by other plugins. Update
the labeler.yaml entry (the rules block that contains plugin-* patterns) to
include a new rule for "plugin-br-pix-switch" pointing to the appropriate label,
mirroring the existing plugin rule format so PRs that touch
charts/plugin-br-pix-switch/** are auto-labeled.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 33f10428-bd78-447b-843a-a87b2f0027f0

📥 Commits

Reviewing files that changed from the base of the PR and between 85bd001 and 01af30e.

📒 Files selected for processing (3)

• .github/pull_request_template.md
• .github/workflows/gptchangelog.yml
• .github/workflows/pr-title.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add matching labeler rule for plugin-br-pix-switch.

Line 41 updates PR title scope validation, but .github/configs/labeler.yaml:25-31 still lacks a plugin-br-pix-switch path rule. This can cause PRs to pass title lint while missing expected auto-labeling for charts/plugin-br-pix-switch/**.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-title.yml at line 41, The PR title scope validation was
updated to include "plugin-br-pix-switch" but the labeler rules weren't updated;
add a matching labeler rule in the labeler configuration to map changes under
charts/plugin-br-pix-switch/** to the same label used by other plugins. Update
the labeler.yaml entry (the rules block that contains plugin-* patterns) to
include a new rule for "plugin-br-pix-switch" pointing to the appropriate label,
mirroring the existing plugin rule format so PRs that touch
charts/plugin-br-pix-switch/** are auto-labeled.