Harden deployment pipeline and manifests

[TylrDn]

Summary

• remove unsafe os.chdir usage in example serializer
• pin GitHub Actions to SHAs and configure kubectl/helm with kubeconfig
• pin vLLM image and add S3 credential support in Helm and Knative manifests
• document observability and add RBAC and NetworkPolicy examples

Testing

• PYTHONPATH=. pytest (fails: ModuleNotFoundError: No module named 'serializer')
• PYTHONPATH=. python examples/tensorizer/serialize_and_load.py --local-only (fails: ProxyError: Unable to connect to proxy)

---

https://chatgpt.com/codex/tasks/task_e_68b258c4e4d88323bc6b8a983da4b21f

Summary by Sourcery

Harden the deployment pipeline by pinning CI dependencies and images, configuring kubectl and Helm with kubeconfig, and extending charts and services with S3 credential support. Include Kubernetes RBAC and NetworkPolicy examples, update observability docs, and secure the example HTTP server.

New Features:

• Add support for S3 credential injection in Helm and Knative manifests

Enhancements:

• Pin GitHub Actions, Docker, Trivy, kubectl, and Helm actions to specific SHAs and configure kubeconfig in CI
• Pin vLLM container image versions and update ArgoCD app to track the main branch
• Replace unsafe os.chdir usage in the example HTTP server with a handler-based directory configuration

Documentation:

• Clarify Prometheus scraping step in observability documentation

Chores:

• Add Kubernetes RBAC and NetworkPolicy example manifests

Summary by CodeRabbit

• New Features
  • Optional AWS S3 credentials via Kubernetes Secret for deployments and Knative.
  • Added NetworkPolicy to allow app traffic (ingress 8000, egress 443).
  • Introduced ServiceAccount, Role, and RoleBinding for scoped permissions.
• Documentation
  • Clarified Prometheus scraping of vLLM on port 8000 and noted Docker Compose brings up Prometheus and Grafana.
• Chores
  • Upgraded container image to v0.2.2.
  • Improved CI/CD with pinned actions and Kubernetes tooling; Argo CD now tracks main.
• Refactor
  • Example HTTP server now serves a directory without changing the working directory.

[sourcery-ai]

Reviewer's Guide

This PR hardens the deployment pipeline and Kubernetes manifests by pinning all GitHub Actions and container images to fixed SHAs or versions, replacing unsafe directory changes in the example server, injecting S3 credentials into Helm and Knative deployments, clarifying observability setup, pinning ArgoCD revision, and adding RBAC and NetworkPolicy examples.

Class diagram for updated serve_file function in serializer example

classDiagram
    class serve_file {
      +path: str
      +port: int
      +returns: threading.Thread
      -directory: str
      -handler: SimpleHTTPRequestHandler (with directory)
      -server: ThreadingHTTPServer
      +thread: threading.Thread
    }

Loading

File-Level Changes

Change	Details	Files
Pin GitHub Actions and configure cluster tools with kubeconfig	Pin checkout, setup-buildx, trivy and docker/login actions to specific SHAs Add steps to install kubectl and Helm at fixed versions Configure kubeconfig from secret in the workflow	.github/workflows/build-and-deploy.yml
Replace unsafe os.chdir usage in example serializer	Remove os.chdir call Use SimpleHTTPRequestHandler’s directory argument via functools.partial	examples/tensorizer/serialize_and_load.py
Pin vLLM image versions and add S3 credential support	Update default image tag in Helm values.yaml to 0.2.2 Introduce s3.secretName and conditional AWS env vars in Helm deployment Pin Knative service image to 0.2.2 and inject AWS credentials env	helm/tensorizer-vllm/values.yaml helm/tensorizer-vllm/templates/deployment.yaml k8s/knative-service.yaml
Clarify observability documentation	Highlight Prometheus scrape configuration for vLLM on port 8000 Reorder and renumber bullet points in observability.md	docs/observability.md
Add Kubernetes RBAC and NetworkPolicy examples	Create ServiceAccount, Role, and RoleBinding manifest Define NetworkPolicy allowing ingress on port 8000 and egress on 443	k8s/rbac.yaml k8s/networkpolicy.yaml
Pin ArgoCD application revision	Change targetRevision from HEAD to main in ArgoCD App manifest	gitops/argocd/app.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This PR pins GitHub Actions to SHAs, sets up kubectl/Helm with fixed versions, configures kubeconfig from a secret, and adjusts CI steps. It updates Helm chart values and templates to optionally inject S3 credentials, updates Kubernetes manifests (image version, env, RBAC, NetworkPolicy), tweaks GitOps targetRevision, modifies an example HTTP server, and updates observability docs.

Changes

Cohort / File(s)	Summary
CI/CD workflow hardening .github/workflows/build-and-deploy.yml	Actions pinned to SHAs; added kubectl v1.28.3 and Helm v3.12.3 setup; kubeconfig written from KUBECONFIG_DATA; updated Trivy and Docker login actions; Helm upgrade reformatted to multi-line.
Helm chart: optional S3 credentials + image pin helm/tensorizer-vllm/templates/deployment.yaml, helm/tensorizer-vllm/values.yaml	Adds conditional env for AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY from a Secret when .Values.s3.secretName is set; adds s3.secretName to values; pins image to vllm/vllm:0.2.2.
Kubernetes manifests: image/env + policies k8s/knative-service.yaml, k8s/networkpolicy.yaml, k8s/rbac.yaml	Knative service image updated to vllm/vllm:0.2.2 and env vars sourced from s3-credentials; adds NetworkPolicy permitting ingress TCP:8000 and egress TCP:443; adds ServiceAccount, Role (pods get/list), and RoleBinding.
GitOps target revision gitops/argocd/app.yaml	Changes spec.source.targetRevision from HEAD to main.
Docs: observability guidance docs/observability.md	Notes Prometheus must scrape vLLM on port 8000; reorders Loki mention; clarifies the example brings up Prometheus and Grafana via Docker Compose.
Example: HTTP server behavior examples/tensorizer/serialize_and_load.py	Replaces os.chdir(dir) with a directory-bound SimpleHTTPRequestHandler via functools.partial and ThreadingHTTPServer; function signature unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions
  participant K8s as Kubernetes API
  participant Helm as Helm CLI

  Dev->>GH: Push / Dispatch workflow
  GH->>GH: Checkout (pinned SHA)
  GH->>GH: Setup Buildx (pinned SHA)
  GH->>GH: Setup kubectl v1.28.3 / Helm v3.12.3
  GH->>GH: Decode and write kubeconfig
  GH->>GH: Scan image (Trivy pinned)
  GH->>GH: Docker login (pinned)
  GH->>Helm: helm upgrade --install ...
  Helm->>K8s: Apply/Update resources
  K8s-->>GH: Status/Result

Loading

sequenceDiagram
  autonumber
  participant User as Chart Values
  participant Helm as Helm Template
  participant K8s as Deployment

  User->>Helm: values.yaml (image tag, s3.secretName)
  alt s3.secretName set
    Helm->>K8s: Deployment with env AWS_* from Secret
  else not set
    Helm->>K8s: Deployment without AWS_* env
  end
  note over K8s: Container runs with vllm/vllm:0.2.2

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• docs: add CoreWeave full stack examples #1 — Also updates the same CI workflow and the tensorizer example server code, indicating closely related implementation changes.

Poem

Hop hop, new SHAs lock tight,
Charts unfurl with S3 in sight.
Ports and policies set just so,
Knative hums, containers go.
Grafana sings on eight-zero-oh,
I thump approval—ship it, yo! 🐇🚀

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 046fedf and 758a845.

📒 Files selected for processing (9)

• .github/workflows/build-and-deploy.yml (1 hunks)
• docs/observability.md (1 hunks)
• examples/tensorizer/serialize_and_load.py (2 hunks)
• gitops/argocd/app.yaml (1 hunks)
• helm/tensorizer-vllm/templates/deployment.yaml (1 hunks)
• helm/tensorizer-vllm/values.yaml (1 hunks)
• k8s/knative-service.yaml (1 hunks)
• k8s/networkpolicy.yaml (1 hunks)
• k8s/rbac.yaml (1 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/validate-and-secure-tensorized-model-deployment-7mt506

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The networkpolicy egress rule only allows traffic to other pods in the cluster, so you’ll need to explicitly allow external S3 endpoints (via CIDR or egress gateway) if you intend to lock down internet access.
• Pinning ArgoCD’s targetRevision to “main” still tracks a moving branch—consider using a specific tag or commit SHA for more reproducible deployments.
• CI is currently failing with ModuleNotFoundError in the examples; please update the serializer import paths or PYTHONPATH configuration so the pytest suite and example scripts pass.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- The networkpolicy egress rule only allows traffic to other pods in the cluster, so you’ll need to explicitly allow external S3 endpoints (via CIDR or egress gateway) if you intend to lock down internet access.
- Pinning ArgoCD’s targetRevision to “main” still tracks a moving branch—consider using a specific tag or commit SHA for more reproducible deployments.
- CI is currently failing with ModuleNotFoundError in the examples; please update the serializer import paths or PYTHONPATH configuration so the pytest suite and example scripts pass.

## Individual Comments

### Comment 1
<location> `k8s/networkpolicy.yaml:12` </location>
<code_context>
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+        - protocol: TCP
+          port: 8000
+  egress:
+    - to:
</code_context>

<issue_to_address>
NamespaceSelector with empty match allows traffic from all namespaces.

If broad access is intended, please document the reasoning. Otherwise, restrict the namespaceSelector to limit access and enhance security.

Suggested implementation:

```
    - from:
        - namespaceSelector:
            matchLabels:
              name: allowed-namespace
      ports:
        - protocol: TCP
          port: 8000

```

```
    - to:
        - namespaceSelector:
            matchLabels:
              name: allowed-namespace
      ports:
        - protocol: TCP
          port: 443

```
</issue_to_address>

### Comment 2
<location> `helm/tensorizer-vllm/values.yaml:4` </location>
<code_context>
+image: "vllm/vllm:0.2.2"
 modelURI: "s3://my-bucket/models/tiny-gpt2.tensors"
 host: "vllm.example.com"
+s3:
+  secretName: ""
</code_context>

<issue_to_address>
Default s3.secretName is empty; clarify expected behavior or provide a default.

An empty s3.secretName could cause deployment failures if not set. Please document this requirement or set a sensible default.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 suggestion (security): NamespaceSelector with empty match allows traffic from all namespaces.

If broad access is intended, please document the reasoning. Otherwise, restrict the namespaceSelector to limit access and enhance security.

Suggested implementation:

    - from:
        - namespaceSelector:
            matchLabels:
              name: allowed-namespace
      ports:
        - protocol: TCP
          port: 8000

    - to:
        - namespaceSelector:
            matchLabels:
              name: allowed-namespace
      ports:
        - protocol: TCP
          port: 443

[sourcery-ai]

suggestion: Default s3.secretName is empty; clarify expected behavior or provide a default.

An empty s3.secretName could cause deployment failures if not set. Please document this requirement or set a sensible default.

[chatgpt-codex-connector]

Codex Review: Here are some suggestions.

Reply with @codex fix comments to fix any unresolved comments.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

[chatgpt-codex-connector]

[P1] Egress policy isolates pod from S3 and other external endpoints

The new NetworkPolicy only permits egress traffic to Kubernetes namespaces (namespaceSelector: {}) on port 443. Because no ipBlock is specified, any traffic destined for external addresses such as S3 or other internet services is denied once this policy is applied. Since the Helm chart and examples depend on fetching tensor files from S3, pods using this policy will fail to start or load models due to network denial. Consider adding an egress rule that allows traffic to external IPs (and DNS) or documenting that additional policies are required.

Useful? React with 👍 / 👎.