feat: add audit log object storage (S3/GCS), calendar_aligned fields, force_single_region, and allowOnAllVirtualKeys to Helm chart v2.1.28#5077
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 24 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (6)
📝 WalkthroughWalkthroughHelm schemas, examples, and templates now support audit log object storage, calendar-aligned budgets, Vertex regional settings, and related MCP configuration documentation. Changelog content and documentation navigation were updated for Helm v2.1.28. ChangesHelm configuration updates
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
calendar_aligned fields, force_single_region, and allowOnAllVirtualKeys to Helm chart v2.1.28
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (3): Last reviewed commit: "feat: new calendar alignment additions" | Re-trigger Greptile |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/changelogs/helm-v2.1.28.mdx`:
- Line 10: The changelog entry for bifrost.auditLogs.objectStorage is
overstating compression support by implying all archived batches are gzipped;
update the description so gzip is clearly controlled by the compress option and
only applies when that flag is enabled. Keep the rest of the field list intact,
and make sure the wording matches the behavior in the Helm helper and the
audit_logs.object_storage rendering.
In `@helm-charts/bifrost/values.yaml`:
- Around line 1070-1077: Clarify the object storage archival comments in
values.yaml so they match the schema semantics: the audit event batches should
be described as JSONL by default, with gzip compression and the .gz suffix only
applied when objectStorage.compress is true. Update the nearby objectStorage
example/comments around the audit-logs configuration to reflect this conditional
behavior and keep the wording aligned with the compress field.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 52b53b3b-117b-466b-a9e3-b0436f4129fd
📒 Files selected for processing (6)
docs/changelogs/helm-v2.1.28.mdxdocs/docs.jsonhelm-charts/bifrost/README.mdhelm-charts/bifrost/templates/_helpers.tplhelm-charts/bifrost/values.schema.jsonhelm-charts/bifrost/values.yaml
e1690e5 to
db41911
Compare
db41911 to
4bf0254
Compare

Summary
Adds Helm chart v2.1.28 with several new configuration fields for audit log object storage archival, Vertex AI single-region enforcement, calendar-aligned budget resets, and MCP client key access controls.
Changes
bifrost.auditLogs.objectStorage): New field to archive audit events to S3 or GCS. Supportstype,bucket,prefix,compress, and full S3 credential fields (region,endpoint,accessKeyId,secretAccessKey,sessionToken,roleArn,forcePathStyle) as well as GCS fields (projectId,credentialsJson). Renders intoaudit_logs.object_storagein the generated config.force_single_regionon Vertex key config: Whentrue, skips automatic promotion of multi-region-only models to a multi-region endpoint. Intended for provisioned throughput use cases. Renders intovertex_key_config.force_single_region.calendar_alignedon access profiles: New top-level field onbifrost.accessProfiles[*]that snaps all budget and rate-limit reset windows to calendar boundaries for the profile.calendar_alignedon budgets: Added tobifrost.accessProfiles[*].budgets[*]andbifrost.accessProfiles[*].provider_configs[*].budgets[*]. Previously blocked byadditionalProperties: falsein the schema; now matches parity withgovernance.budgets[*].calendar_aligned.calendar_alignedrendering for virtual keys: Field was accepted by schema but not emitted into the rendered config. Now correctly outputsvirtual_keys[*].calendar_aligned.allowOnAllVirtualKeyson MCP client configs: Field was already wired in the template but undocumented. Now visible invalues.yamlwith a description. Renders intomcp.client_configs[*].allow_on_all_virtual_keys.Type of change
Affected areas
How to test
Validate the Helm template rendering with the new fields:
Confirm that
audit_logs.object_storage,virtual_keys[*].calendar_aligned, andvertex_key_config.force_single_regionappear correctly in the renderedconfig.json.Breaking changes
Security considerations
The
objectStorageconfiguration accepts sensitive credential fields (accessKeyId,secretAccessKey,sessionToken,roleArn,credentialsJson). These should be provided via Kubernetes secrets or environment variable references rather than plain values invalues.yamlto avoid exposing credentials in version control.Checklist
docs/contributing/README.mdand followed the guidelines