Update Kubernetes Playground to Spring Boot 4 #26
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Kubernetes playground components to Spring Boot 4 and refreshes related Helm chart configuration for local deployment.
Changes:
- Bump Spring Boot parent to
4.0.1across sample apps and update related Spring Boot Admin / Spring Cloud versions. - Update Helm charts (Traefik + Spring Cloud Kubernetes Discovery Server) to use configurable namespaces/images and refresh RBAC.
- Adjust default container pull behavior and minor documentation/config updates.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| kubernetes/helm-charts/traefik/values.yaml | Introduces chart values for namespace and Traefik image. |
| kubernetes/helm-charts/traefik/templates/service.yaml | Sets Service namespaces from chart values. |
| kubernetes/helm-charts/traefik/templates/role.yaml | Updates ClusterRole rules (incl. EndpointSlices/nodes). |
| kubernetes/helm-charts/traefik/templates/role-binding.yaml | Templates the ServiceAccount namespace in the binding subject. |
| kubernetes/helm-charts/traefik/templates/deployment.yaml | Sets Deployment namespace from values and makes image configurable. |
| kubernetes/helm-charts/traefik/README.md | Updates install command usage. |
| kubernetes/helm-charts/spring-cloud-kubernetes-discoveryserver/values.yaml | Updates Discovery Server image and pull policy. |
| kubernetes/helm-charts/spring-cloud-kubernetes-discoveryserver/templates/role.yaml | Removes hardcoded namespace from Role metadata. |
| kubernetes/helm-charts/spring-cloud-kubernetes-discoveryserver/templates/role-binding.yaml | Adds templated subject namespace. |
| kubernetes/helm-charts/spring-cloud-kubernetes-discoveryserver/README.md | Updates install command usage. |
| kubernetes/helm-charts/spring-boot-app/values.yaml | Changes default pull policy and minor values cleanup. |
| kubernetes/helm-charts/spring-boot-admin/values.yaml | Changes default pull policy. |
| kubernetes/apps/spring-boot-admin-kubernetes/src/main/resources/application.yml | Adjusts commented default for SBA public URL. |
| kubernetes/apps/spring-boot-admin-kubernetes/pom.xml | Bumps Spring Boot / SBA / Spring Cloud versions. |
| kubernetes/apps/spring-boot-admin-kubernetes/deployment/values.yml | Removes hardcoded namespace from deployment values. |
| kubernetes/apps/spring-boot-admin-fabric8/pom.xml | Bumps Spring Boot / SBA / Spring Cloud versions. |
| kubernetes/apps/spring-boot-admin-fabric8/deployment/values.yml | Removes hardcoded namespace from deployment values. |
| kubernetes/apps/spring-boot-admin-discoveryclient/pom.xml | Bumps Spring Boot / SBA / Spring Cloud versions. |
| kubernetes/apps/spring-boot-admin-discoveryclient/deployment/values.yml | Removes hardcoded namespace from deployment values. |
| kubernetes/apps/hello-world/pom.xml | Bumps Spring Boot parent version. |
| kubernetes/apps/health-simulator/src/main/java/de/codecentric/healthsimulator/health/HealthIndicatorSimulation.java | Updates health-related imports for Spring Boot 4. |
| kubernetes/apps/health-simulator/src/main/java/de/codecentric/healthsimulator/health/HealthController.java | Updates Status import for Spring Boot 4. |
| kubernetes/apps/health-simulator/pom.xml | Bumps Spring Boot parent version. |
| kubernetes/README.md | Adds namespace/context and troubleshooting commands; adds Traefik image pull note. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| apiVersion: apps/v1 | ||
| metadata: | ||
| name: traefik-deployment | ||
| namespace: {{ .Values.namespace }} |
There was a problem hiding this comment.
Using .Values.namespace on the Deployment will break installs where the Helm release namespace differs (e.g., helm install -n foo while Values.namespace remains default). In this chart the ServiceAccount template has no metadata.namespace, so it will be created in the release namespace, while this Deployment is created in .Values.namespace, causing serviceAccountName: traefik-account to be missing at runtime. Prefer .Release.Namespace for namespacing, or ensure all namespaced resources (ServiceAccount/Deployment/Services/etc.) use the same namespace source consistently.
| namespace: {{ .Values.namespace }} | |
| namespace: {{ .Release.Namespace }} |
| metadata: | ||
| name: traefik-dashboard-service | ||
| namespace: {{ .Values.namespace }} | ||
|
|
There was a problem hiding this comment.
These Services are hard-pinned to .Values.namespace. If a user installs the chart into another namespace via --namespace, Helm will still create the Services in .Values.namespace (defaulting to default), which is surprising and can split resources across namespaces. Consider using .Release.Namespace (or omitting metadata.namespace) to keep resources aligned with the release namespace, or clearly document/enforce that --namespace and Values.namespace must match.
| - kind: ServiceAccount | ||
| name: traefik-account | ||
| namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount. | ||
| namespace: {{ .Values.namespace }} |
There was a problem hiding this comment.
The ClusterRoleBinding subject namespace is taken from .Values.namespace. If the release is installed into a different namespace (or if values are changed independently), the binding may grant permissions to the wrong ServiceAccount namespace and Traefik will fail due to missing RBAC. Prefer .Release.Namespace here, or ensure the ServiceAccount and all workloads are created in the exact same namespace source.
| namespace: {{ .Values.namespace }} | |
| namespace: {{ .Release.Namespace }} |
| - kind: ServiceAccount | ||
| name: spring-cloud-kubernetes-discoveryserver | ||
| name: spring-cloud-kubernetes-discoveryserver | ||
| namespace: {{ .Values.namespace }} |
There was a problem hiding this comment.
This RoleBinding now hardcodes the subject namespace to .Values.namespace, but the chart’s ServiceAccount/Role templates don’t set metadata.namespace while the Deployment/Service templates do. That can split resources across namespaces and cause the Deployment’s serviceAccountName/RBAC to fail unless users keep --namespace and Values.namespace perfectly aligned. Prefer using .Release.Namespace consistently across all templates (or remove explicit namespaces altogether).
| namespace: {{ .Values.namespace }} | |
| namespace: {{ .Release.Namespace }} |
| ## Install Spring Cloud Kubernetes Discovery Server | ||
| ```bash | ||
| helm upgrade --install spring-cloud-kubernetes-discoveryserver . | ||
| helm upgrade --install spring-cloud-kubernetes-discoveryserver . -f values.yaml |
There was a problem hiding this comment.
helm upgrade --install spring-cloud-kubernetes-discoveryserver . already includes the chart’s values.yaml automatically. The added -f values.yaml is redundant unless you expect users to run the command from outside the chart directory; in that case, prefer an explicit relative path or clarify the required working directory.
| env: | ||
| SPRING_BOOT_ADMIN_UI_TITLE: Spring Boot Admin - Kubernetes | ||
| image: spring-boot-admin | ||
| # do not pull image but use locally built image, not recommended for production | ||
| pullPolicy: Never | ||
| pullPolicy: Always | ||
| updateStrategy: RollingUpdate |
There was a problem hiding this comment.
Same issue as spring-boot-app: defaulting pullPolicy to Always will likely break the local build + install scripts (they build images locally and don’t push to a registry). Unless the project now requires an image registry, default to IfNotPresent/Never for the playground, or set deployment.pullPolicy in the per-app deployment/values.yml files.
| namespace: default | ||
|
|
There was a problem hiding this comment.
Adding namespace as a values-driven setting for this chart is risky because Helm already has a first-class release namespace. With the templates now using .Values.namespace, installing with helm install -n <ns> will still default resources to default unless users remember to also override namespace in values. Consider removing namespace from values and relying on .Release.Namespace (or leaving metadata.namespace unset) to avoid misconfiguration.
| namespace: default |
| ## Install Traefik | ||
| ```bash | ||
| helm upgrade --install traefik . | ||
| helm upgrade --install traefik . -f values.yaml |
There was a problem hiding this comment.
helm upgrade --install traefik . already loads the chart’s embedded values.yaml by default. Adding -f values.yaml is redundant (and may confuse users into thinking it’s required). If the intent is to run from a different working directory, consider using an explicit path (e.g., -f helm-charts/traefik/values.yaml) or document that users should cd into the chart dir before running the command.
| helm upgrade --install traefik . -f values.yaml | |
| helm upgrade --install traefik . |
| - services | ||
| - endpoints | ||
| - secrets | ||
| - nodes |
There was a problem hiding this comment.
This ClusterRole now grants access to the nodes resource. That is a significant privilege increase (cluster-wide node inventory) compared to typical Traefik RBAC for the Kubernetes Ingress provider. If Traefik v3 doesn’t strictly require node access for your configuration, consider removing nodes to follow least-privilege; otherwise, please document why it’s needed (e.g., which feature/flag requires it).
| - nodes |
No description provided.