Skip to content

refactor!: Modernize NetBird helm chart#46

Open
jackylamhk wants to merge 5 commits intonetbirdio:mainfrom
jackylamhk:refactor/monolith
Open

refactor!: Modernize NetBird helm chart#46
jackylamhk wants to merge 5 commits intonetbirdio:mainfrom
jackylamhk:refactor/monolith

Conversation

@jackylamhk
Copy link
Copy Markdown

@jackylamhk jackylamhk commented Mar 26, 2026

Fixes #39

Copilot AI review requested due to automatic review settings March 26, 2026 23:08
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the NetBird Helm chart to support newer NetBird server releases and configuration patterns, addressing the chart lag called out in issue #39.

Changes:

  • Bumps the chart major version and updates appVersion (NetBird) and dashboard image tag.
  • Refactors management to use a config.yaml-based configuration (with optional envsubst-based secret injection).
  • Introduces “standalone” toggles for signal/relay resources and updates ingress routing to target either standalone services or management.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
charts/netbird/values.yaml Switches management to --config /etc/netbird/config.yaml, adds configYaml + envsubst settings, adds standalone toggles, updates ports and dashboard tag.
charts/netbird/templates/management-deployment.yaml Adds envsubst init container + config volume handling; adds STUN UDP port; makes /etc/netbird mount read-only.
charts/netbird/templates/management-cm.yaml Renames management configmap data key to config.yaml and sources from management.configYaml.
charts/netbird/templates/_helpers.tpl Adds helper functions for relay/signal target service routing and adjusts selector label helpers.
charts/netbird/templates/signal-*.yaml Gates signal deployment/service/serviceaccount on signal.standalone; updates ingress backend service selection.
charts/netbird/templates/relay-*.yaml Gates relay deployment/service/serviceaccount on relay.standalone; updates ingress backend service selection.
charts/netbird/examples/aws-eks-alb-nlb/values.yaml Adds a full example values file for AWS EKS ALB/NLB with envsubst-based secret injection.
charts/netbird/examples/aws-eks-alb-nlb/README.md Adds documentation for the AWS EKS ALB/NLB example setup.
charts/netbird/README.md Updates the values table entries for the new/renamed settings and image tags.
charts/netbird/Chart.yaml Bumps chart version to 2.0.0 and updates appVersion to 0.67.1.
Comments suppressed due to low confidence (1)

charts/netbird/values.yaml:176

  • management.serviceGrpc.name defaults to grpc, but the management Deployment no longer exposes any container port named grpc (only http, metrics, and stun). As a result, enabling management.useBackwardsGrpcService will create a Service whose targetPort points to a non-existent port name and won't route traffic. Either re-introduce a grpc named port on the management container, or change the GRPC Service to target the correct port name (e.g., http) and update the related defaults/docs accordingly.
  serviceGrpc:
    ## @param management.serviceGrpc.type Service type for the management GRPC component.
    ##
    type: ClusterIP

    ## @param management.serviceGrpc.port Port for the management GRPC service.
    ##
    port: 80

    ## @param management.serviceGrpc.name Name for the management GRPC service port.
    ##
    name: grpc

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread charts/netbird/templates/management-deployment.yaml
Comment thread charts/netbird/README.md Outdated
@jackylamhk
Copy link
Copy Markdown
Author

jackylamhk commented Mar 26, 2026
edited
Loading

A few notes:

  • I'm happy to split this up into a few stacked PRs for easier review, if needed.
  • The example config.yaml is largely based on what the getting-started.sh script generated.
  • We may want to rename the management component to server, potentially.
  • The envsubst init container replaces the missing capability from the previous legacy entrypoint script; I see it as necessary as some config values have no env var override available (e.g., the relay authSecret).
  • Happy to receive feedback on the standalone splits; the UX could use some improvement but this is the best I could come up with.
  • Judging by the values.yaml annotation syntax, I assume this was originally intended to be managed by bitnami/readme-generator-for-helm. However, there are a few errors that prevent it from generating the README.md; I can open another PR to fix them too.

@jackylamhk jackylamhk mentioned this pull request Mar 26, 2026
Open
@jackylamhk jackylamhk force-pushed the refactor/monolith branch 3 times, most recently from 3125486 to 26527f5 Compare March 27, 2026 02:09
vehagn
vehagn approved these changes Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

@vehagn vehagn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the improvements! I opened some PRs which has to be changed if/when this is merged, I'll fix them after that.

I hope that the NetBird team has time to show the Helm chart some love in the coming weeks 😄

Comment thread charts/netbird/examples/aws-eks-alb-nlb/values.yaml
Comment thread charts/netbird/examples/aws-eks-alb-nlb/values.yaml
Comment thread charts/netbird/examples/aws-eks-alb-nlb/values.yaml
Comment thread charts/netbird/values.yaml
Comment thread charts/netbird/examples/aws-eks-alb-nlb/values.yaml
@@ -0,0 +1,158 @@
management:
configYaml: |-
Copy link
Copy Markdown

@vehagn vehagn Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This YAML is so much nice than the old JSON config imho. It would be nicer if it wasn't a text-block though.

Comment thread charts/netbird/examples/aws-eks-alb-nlb/values.yaml
password=${NETBIRD_STORE_DSN_PASSWORD}
encryptionKey: "${NETBIRD_DATASTORE_ENC_KEY}"
activityStore:
engine: postgres
Copy link
Copy Markdown

@vehagn vehagn Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Slightly unrelated: Could we add a PostgreSQL subchart to spin up a separate instance?

Copy link
Copy Markdown
Author

@jackylamhk jackylamhk Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could - but considering that this chart doesn't get looked at often, I would rather leave it up to Helm users to deploy separately.

@tenczardavid
Copy link
Copy Markdown

tenczardavid commented Apr 1, 2026

Any update on this PR? Can we do/help with something to move further with the update of the Helm charts so it doesn't fall behind so much with the app version and available new features?

At the moment, this situation is also misleading for users, as the official documentation pages, screenshots will be all inaccurate compared to what the chart installs. Also, the situation might become worse as the NetBird Kubernetes Operator might become out of sync with APIs at some point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@vehagn vehagn vehagn approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Helm chart is stuck on v0.46.0 — 20 minor versions behind latest (v0.66.1)

4 participants

@jackylamhk @tenczardavid @vehagn