Add Weaviate guides#937
Conversation
Add user-facing documentation for KubeDB managed Weaviate, mirroring the Qdrant guide layout: quickstart, concepts, custom configuration, TLS, autoscaler (compute + storage), and ops requests (restart, reconfigure, reconfigure-tls, rotate-auth, vertical/horizontal scaling, volume expansion, storage migration). All command output is collected from a live KubeDB Weaviate cluster. Includes example manifests under docs/examples/weaviate/. Signed-off-by: Tamal Saha <tamal@appscode.com>
📝 WalkthroughWalkthroughThis PR adds an extensive set of new documentation pages and example Kubernetes YAML manifests under docs/guides/weaviate and docs/examples/weaviate. It introduces guides and examples for Weaviate concepts, quickstart, custom configuration, TLS, reconfigure operations, restart, rotate-auth, horizontal/vertical scaling, storage migration, volume expansion, and compute/storage autoscaling. ChangesWeaviate Documentation and Examples
Estimated code review effort🎯 2 (Simple) | ⏱️ ~20 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 16
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml (1)
1-37: 🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick winInconsistent
weaviate.yamlbetween horizontal and vertical scaling examples.The horizontal-scaling
weaviate.yamlincludeshealthCheckerandsecurityContext.runAsNonRoot: false, while the vertical-scaling guide's embeddedweaviate.yaml(lines 42-71) omits both. Standardize the base Weaviate manifest across all scaling examples so users get consistent instructions. As per path instructions, cross-file contract breaks should be validated.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml` around lines 1 - 37, The base Weaviate manifest is inconsistent between the horizontal and vertical scaling examples; standardize the shared `weaviate.yaml` spec so both guides use the same `healthChecker` block and the same `podTemplate.spec.containers[].securityContext.runAsNonRoot` setting. Update the embedded Weaviate manifest in the vertical-scaling example to match the horizontal-scaling `Weaviate` sample, and verify both example documents stay aligned when the manifest changes.docs/examples/weaviate/rotate-auth/weaviate-rotate-auth.yaml (1)
1-9: 🔒 Security & Privacy | 🟡 Minor | ⚡ Quick winUse an obviously placeholder value instead of a realistic-looking API key.
This base64 value looks like a real generated credential rather than a synthetic placeholder, which can trigger secret-scanning false positives and is unclear to readers whether it's safe to reuse. Consider replacing it with a clearly fake/example value.
Suggested fix
apiVersion: v1 data: - AUTHENTICATION_APIKEY_ALLOWED_KEYS: VTFVenZyVHZuejVNdzljNA== + AUTHENTICATION_APIKEY_ALLOWED_KEYS: <base64-encoded-example-api-key> kind: Secret🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/rotate-auth/weaviate-rotate-auth.yaml` around lines 1 - 9, The Secret manifest for weaviate-rotate-auth uses a base64 value that looks like a real API key, so replace the AUTHENTICATION_APIKEY_ALLOWED_KEYS data in the YAML with a clearly fake placeholder example. Keep the Secret structure intact, but use an obviously synthetic value in the same field so readers can tell it is not a reusable credential and secret scanners are less likely to flag it.
🧹 Nitpick comments (24)
docs/examples/weaviate/tls/tls.yaml (2)
11-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueFix
storageClassNameindentation.The value
longhornis over-indented, making the YAML structurally confusing. Place it on the same line as the key for clarity.storage: - storageClassName: - longhorn + storageClassName: longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/tls/tls.yaml` around lines 11 - 12, The `storageClassName` entry is indented incorrectly in the Weaviate TLS example, making the YAML hard to read; update the `storageClassName` block so `longhorn` is aligned as the value for that key. Use the `storageClassName` field in the tls.yaml example as the location to fix the indentation and keep the YAML structure clear and consistent.
25-29: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winReconsider
runAsNonRoot: false.Running as root weakens the container security posture. If Weaviate does not strictly require root, prefer
runAsNonRoot: true(or omit the override and let the container default apply).securityContext: - runAsNonRoot: false + runAsNonRoot: true🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/tls/tls.yaml` around lines 25 - 29, The Weaviate TLS example overrides the container security posture by setting runAsNonRoot to false, which may unnecessarily allow root execution. Update the weaviate container’s securityContext in the tls.yaml example to prefer non-root execution, either by setting runAsNonRoot to true or by removing the override so the default applies, and keep the change localized to the weaviate container spec.docs/guides/weaviate/reconfigure-tls/reconfigure-tls.md (2)
257-261: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueStandardize
apiGroupquoting style.The
apiGroupfield is quoted here ("cert-manager.io") but unquoted in the add-tls example (line 100). Use consistent YAML style throughout the tutorial.issuerRef: name: weaviate-new-issuer kind: Issuer - apiGroup: "cert-manager.io" + apiGroup: cert-manager.io🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/reconfigure-tls/reconfigure-tls.md` around lines 257 - 261, The tutorial uses inconsistent YAML quoting for apiGroup in the tls examples. Update the reconfigure-tls example to match the add-tls example’s style, keeping apiGroup formatting consistent throughout the guide. Use the issuerRef block in the reconfigure-tls markdown snippet as the reference point and make the quoting style uniform across all related YAML samples.
173-175: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse consistent API key placeholder style.
The rotate-auth curl example uses a literal
<api-key>placeholder, while the configure-tls guide uses$WEAVIATE_API_KEY. Prefer the env-var approach for copy-paste safety, or clearly document both.$ curl -s -o /dev/null -w "%{http_code}\n" --cacert ca.crt --cert client.crt --key client.key \ - https://localhost:8443/v1/.well-known/ready -H "Authorization: Bearer <api-key>" + https://localhost:8443/v1/.well-known/ready -H "Authorization: Bearer $WEAVIATE_API_KEY"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/reconfigure-tls/reconfigure-tls.md` around lines 173 - 175, The curl example in the reconfigure-tls guide uses a literal api key placeholder instead of the same env-var style used elsewhere. Update the Authorization header in the related curl example to match the existing placeholder convention from the configure-tls guide, and keep the usage consistent across the TLS guide examples so readers can copy-paste without editing the token value manually.docs/guides/weaviate/tls/overview.md (1)
46-46: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueClarify
clientAuthdefault behavior.The phrasing "When unset or
true, client certificate authentication is enforced" is ambiguous. Explicitly state the default value (e.g., "Defaults totrue") rather than conflating unset andtrue.- `clientAuth` (optional) controls whether the REST HTTPS listener requires clients to present a valid client certificate (mutual TLS). When unset or `true`, client certificate authentication is enforced; set it to `false` to allow clients to connect without a client certificate. + `clientAuth` (optional) controls whether the REST HTTPS listener requires clients to present a valid client certificate (mutual TLS). Defaults to `true`; set it to `false` to allow clients to connect without a client certificate.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/tls/overview.md` at line 46, Update the `clientAuth` description in the Weaviate TLS overview to state the default behavior explicitly instead of saying “when unset or true”; make it clear that `clientAuth` defaults to `true`, and keep the explanation in the same paragraph so readers can distinguish the default from the opt-out case where it is set to `false`.docs/examples/weaviate/reconfigure-tls/remove-tls.yaml (1)
4-4: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueInconsistent OpsRequest naming convention across examples.
This file and the other reconfigure-tls examples (
wvops-rotate,wvops-update-issuer) use awvops-*naming scheme, whileadd-tls.yamlusesweaviate-add-tls. Inconsistent naming across the same guide's examples is confusing for readers following the tutorial sequence.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/reconfigure-tls/remove-tls.yaml` at line 4, The OpsRequest name in this example is inconsistent with the naming used by the rest of the reconfigure-tls tutorial, so update the name in remove-tls.yaml to match the existing guide convention used by the other examples such as wvops-rotate and wvops-update-issuer. Keep the naming pattern aligned across the reconfigure-tls sample set and adjust any related identifiers if needed so readers see one consistent scheme throughout the sequence.docs/examples/weaviate/reconfigure-tls/weaviate.yaml (2)
22-23: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low value
runAsNonRoot: falsein a copy-paste doc example.Setting
runAsNonRoot: falseweakens the pod security posture and readers following this guide may copy it verbatim into production manifests. If it's only needed to demonstrate TLS reconfiguration, consider removing it or noting why it's required.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/reconfigure-tls/weaviate.yaml` around lines 22 - 23, The pod security setting in the Weaviate TLS reconfiguration example is too permissive; update the securityContext example so it does not encourage copy-pasting runAsNonRoot: false into real manifests. Adjust the example in weaviate.yaml to either remove that field or clearly annotate why it is required for this specific demo, keeping the guidance aligned with the intended TLS reconfiguration flow.
10-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueNon-standard multi-line scalar for
storageClassName.
storageClassName:followed bylonghornon an indented next line is valid YAML but inconsistent with the single-line style used elsewhere in the docs. Readers copy-pasting this could be confused by the unusual formatting.✏️ Suggested formatting fix
storage: - storageClassName: - longhorn + storageClassName: longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/reconfigure-tls/weaviate.yaml` around lines 10 - 12, The storageClassName value is formatted as an unusual multi-line scalar in the Weaviate YAML example, which is inconsistent with the rest of the docs. Update the storage section in the weaviate reconfigure-tls example so storageClassName uses the standard single-line YAML key/value style, keeping the example copy-paste friendly and matching surrounding examples.docs/examples/weaviate/reconfigure-tls/rotate-certificate.yaml (1)
10-12: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winMixing
clientAuth: falseinto the rotate-certificate example may mislead readers.Per the reconfigure-tls overview, rotation only requires
rotateCertificates: true. AddingclientAuth: falsehere implies disabling client auth is part of the rotation workflow, which isn't stated in the overview and could confuse a reader copying this example expecting a pure cert-rotation operation.✏️ Suggested simplification
tls: - clientAuth: false rotateCertificates: true🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/reconfigure-tls/rotate-certificate.yaml` around lines 10 - 12, The rotate-certificate example includes an extra tls.clientAuth setting that is unrelated to certificate rotation and may mislead readers; simplify the example in the rotate-certificates YAML so it only uses rotateCertificates: true under tls. Keep the example aligned with the reconfigure-tls overview and the rotate-certificate documentation by removing the clientAuth field from this snippet.docs/guides/weaviate/scaling/vertical-scaling/vertical-scaling.md (1)
118-120: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueVary the repetitive "specifies" sentence openings.
Three successive bullet descriptions all begin with "specifies". Reword for readability:
- - `spec.type` specifies that this is a `VerticalScaling` operation. - - `spec.databaseRef.name` specifies that we are performing the operation on `weaviate-sample`. - - `spec.verticalScaling.node` specifies the desired resources for the Weaviate nodes after scaling. + - `spec.type` indicates this is a `VerticalScaling` operation. + - `spec.databaseRef.name` identifies the target database `weaviate-sample`. + - `spec.verticalScaling.node` sets the desired resources for the Weaviate nodes after scaling.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/scaling/vertical-scaling/vertical-scaling.md` around lines 118 - 120, The three consecutive bullet descriptions in the vertical scaling guide all start with the same “specifies” phrasing, so reword them in the VerticalScaling example to vary the sentence openings and improve readability. Keep the same meaning for the fields referenced in the bullets, but make each description distinct when describing spec.type, spec.databaseRef.name, and spec.verticalScaling.node.docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml (2)
22-23: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winReconsider
runAsNonRoot: falseunless Weaviate specifically requires root.Setting
runAsNonRoot: falseallows the container to run as root, which reduces security posture. If Weaviate does not require root privileges, remove this or set it totrue. Verify this is consistent with other Weaviate examples in the documentation suite.- name: weaviate - securityContext: - runAsNonRoot: false resources:🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml` around lines 22 - 23, The Weaviate example securityContext currently allows root by setting runAsNonRoot to false; update the Weaviate YAML so the container does not run as root unless there is a documented requirement. Adjust the securityContext in the horizontal-scaling Weaviate example to remove this override or set runAsNonRoot to true, and make sure it matches the other Weaviate example manifests used in the docs.
11-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueFix inconsistent indentation of
storageClassNamevalue.The
longhornvalue is indented with 7 spaces relative tostorageClassName, while the rest of the file uses 2-space indentation. Align it on the same line or with consistent indentation:storage: storageClassName: - longhorn + longhornOr preferably:
storage: - storageClassName: - longhorn + storageClassName: longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml` around lines 11 - 12, The YAML indentation for the `storageClassName` entry is inconsistent in the Weaviate scaling example. Update the `storageClassName` field so its `longhorn` value uses the same 2-space indentation style as the rest of the file, keeping the formatting consistent around the `storageClassName` block.docs/examples/weaviate/autoscaler/storage/weaviate.yaml (1)
11-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueInconsistent YAML style for
storageClassName.
storageClassName:and its valuelonghornare split across two lines, unlike the inline style (storageClassName: longhorn) used in every other example manifest. Valid YAML, but inconsistent and could confuse readers copy-pasting this example.✏️ Proposed fix
storage: - storageClassName: - longhorn + storageClassName: longhorn accessModes:🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/autoscaler/storage/weaviate.yaml` around lines 11 - 12, The storageClassName field in the weaviate autoscaler manifest is split across two lines, unlike the inline style used in the other example manifests. Update the storageClassName entry in the YAML example to use the same inline key-value format as the other manifests so the example is consistent and easier to copy from.docs/examples/weaviate/volume-expansion/weaviate.yaml (1)
10-12: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winFix inconsistent YAML formatting for
storageClassName.The
storageClassNamevalue is split onto a separate line with extra indentation:storageClassName: longhornThis is valid but inconsistent with every other manifest in this documentation suite (e.g., the inline example in
storage-migration.mdandstorage-autoscale.mdboth usestorageClassName: longhornon one line). Unusual formatting increases the risk of future editing errors.storage: - storageClassName: - longhorn + storageClassName: longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/volume-expansion/weaviate.yaml` around lines 10 - 12, Fix the YAML formatting for the storageClassName field in the weaviate volume-expansion manifest so it matches the inline style used across the docs. Update the storage section in weaviate.yaml so storageClassName is written as a single key-value entry, keeping the same value and avoiding the extra line/indentation. This is a formatting-only cleanup for the storageClassName field.docs/guides/weaviate/autoscaler/storage/storage-autoscale.md (1)
104-110: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueOptional: Vary verb choice for readability.
Four successive bullets use "specifies" (or "enables" then three "specifies"). Consider varying the verb to improve readability:
- - `spec.storage.weaviate.trigger` enables storage autoscaling for the Weaviate nodes. - - `spec.storage.weaviate.usageThreshold` specifies the used-space percentage (here, `20%`) that triggers an expansion. - - `spec.storage.weaviate.scalingThreshold` specifies the percentage by which the volume is expanded each time (here, `50%`). - - `spec.storage.weaviate.expansionMode` specifies whether the expansion is `Online` or `Offline`. + - `spec.storage.weaviate.trigger` enables storage autoscaling for the Weaviate nodes. + - `spec.storage.weaviate.usageThreshold` is the used-space percentage (here, `20%`) that triggers an expansion. + - `spec.storage.weaviate.scalingThreshold` is the percentage by which the volume is expanded each time (here, `50%`). + - `spec.storage.weaviate.expansionMode` is whether the expansion is `Online` or `Offline`.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/autoscaler/storage/storage-autoscale.md` around lines 104 - 110, The bullet list in the storage autoscale guide repeats the same verb across adjacent items, making the section feel repetitive. Update the descriptions in the doc snippet around the autoscaling field explanations, varying the wording for the entries tied to spec.databaseRef.name, spec.storage.weaviate.trigger, spec.storage.weaviate.usageThreshold, spec.storage.weaviate.scalingThreshold, spec.storage.weaviate.expansionMode, and spec.opsRequestOptions while keeping the meaning unchanged.docs/guides/weaviate/volume-expansion/overview.md (1)
35-35: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueOptional: Simplify wording.
"in order to" can be shortened to "to" for more concise prose.
- 4. Then, in order to expand the volume of the `Weaviate` cluster, the user creates a `WeaviateOpsRequest` CR with the desired volume size. + 4. Then, to expand the volume of the `Weaviate` cluster, the user creates a `WeaviateOpsRequest` CR with the desired volume size.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/volume-expansion/overview.md` at line 35, The wording in the volume-expansion overview is a bit verbose; update the sentence in the Weaviate volume expansion guide to use a shorter phrase like “to expand” instead of “in order to expand.” Keep the meaning unchanged and make the prose more concise in the same descriptive step that mentions the WeaviateOpsRequest CR.docs/examples/weaviate/autoscaler/compute/weaviate.yaml (1)
11-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueInconsistent indentation in
storageClassNamevalue.The
longhornvalue is indented with an extra space relative to the key, which is valid YAML but inconsistent with the rest of the file and the guide's rendering. Align it with the surrounding values.📝 Proposed fix
storageClassName: - longhorn + longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/autoscaler/compute/weaviate.yaml` around lines 11 - 12, The `storageClassName` entry has inconsistent indentation in the Weaviate autoscaler compute YAML. Align the `longhorn` value with the other scalar values in the same document by fixing the spacing under `storageClassName`, keeping the formatting consistent with the surrounding keys in `weaviate.yaml`.docs/guides/weaviate/autoscaler/compute/compute-autoscale.md (2)
47-76: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick winInconsistent with downloadable example manifest.
The YAML shown here differs from the downloadable example at
docs/examples/weaviate/autoscaler/compute/weaviate.yaml, which includes asecurityContext.runAsNonRoot: falseand ahealthCheckerblock. Align the guide's inline manifest with the example file, or vice versa, to prevent user confusion.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/autoscaler/compute/compute-autoscale.md` around lines 47 - 76, The inline Weaviate manifest is out of sync with the downloadable example, so update the manifest in the autoscale guide and the source example to match. Use the Weaviate spec block in the guide and the example at docs/examples/weaviate/autoscaler/compute/weaviate.yaml to align fields, especially securityContext.runAsNonRoot and the healthChecker section. Keep both manifests identical so users see the same configuration in the documentation and the downloadable file.
146-151: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueConsider adding a note about VPA memory unit representation.
The
describeoutput shows memory as1288490188800m(milli-bytes) and later as1288490188(bytes), which can confuse readers expecting1.2Gi. A brief note explaining that VPA may display memory recommendations in bytes would improve clarity.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/autoscaler/compute/compute-autoscale.md` around lines 146 - 151, Add a brief note in the autoscale guide near the VPA example that the `describe` output may show memory recommendations in raw bytes or milli-bytes (for example via the `describe` output in the `VPA` section), so readers should not expect a human-friendly unit like `1.2Gi`; clarify that this is normal VPA representation and can be converted when interpreting the values.docs/examples/weaviate/restart/weaviate.yaml (2)
12-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueFix inconsistent indentation for
storageClassNamevalue.The value
longhornis indented with 7 spaces (3 spaces after the 4-space base), while the keystorageClassName:on the previous line uses 4-space indentation. Align the value to match standard YAML block indentation.storageClassName: - longhorn + longhorn🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/restart/weaviate.yaml` at line 12, The `storageClassName` entry in the Weaviate restart YAML has inconsistent indentation for its `longhorn` value. Update the YAML block in `weaviate.yaml` so the `longhorn` value is indented consistently with the surrounding structure and aligned with the expected block indentation under `storageClassName:`.
20-24: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winReconsider
runAsNonRoot: falsein the example manifest.Setting
runAsNonRoot: falseallows the container to run as root, which reduces security posture. If Weaviate does not require root privileges, preferrunAsNonRoot: trueor remove the explicit override so the default security context applies. Verify whether this is required for the Weaviate image used.securityContext: - runAsNonRoot: false + runAsNonRoot: true🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/restart/weaviate.yaml` around lines 20 - 24, The example manifest currently forces the Weaviate container to run with runAsNonRoot set to false, which weakens the security context. Update the securityContext under the weaviate container to prefer non-root execution by setting runAsNonRoot to true or removing the override if the image already defaults appropriately. Use the weaviate container section in the restart example manifest to make this change and verify the Weaviate image does not require root privileges.docs/guides/weaviate/rotate-auth/rotate-auth.md (1)
62-72: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winAdd a warning that the example Secret contains a hardcoded key.
The inline YAML block embeds a real base64-encoded API key (
VTFVenZyVHZuejVNdzljNA==). Readers may copy this verbatim into their own clusters. Add an adjacent comment or note instructing users to generate their own key rather than reuse this example value.# WARNING: This is an example key. Generate your own secret for production use. apiVersion: v1 data: AUTHENTICATION_APIKEY_ALLOWED_KEYS: VTFVenZyVHZuejVNdzljNA==🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/weaviate/rotate-auth/rotate-auth.md` around lines 62 - 72, Add a warning next to the Secret example in the rotate-auth guide because the inline YAML uses a hardcoded base64 API key. Update the documentation snippet around the Secret manifest to clearly tell readers not to reuse the example value and to generate their own key for production use, keeping the note adjacent to the AUTHENTICATION_APIKEY_ALLOWED_KEYS example so it is hard to miss.docs/examples/weaviate/rotate-auth/weaviate.yaml (1)
11-12: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueInline
storageClassNamefor consistency.Valid YAML, but inconsistent with the single-line style used in all other example manifests in this PR.
Suggested fix
storage: - storageClassName: - longhorn + storageClassName: longhorn accessModes:🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/rotate-auth/weaviate.yaml` around lines 11 - 12, The storageClassName field in the Weaviate example manifest is written in a multi-line block, which is inconsistent with the single-line style used elsewhere in the PR. Update the manifest in the rotate-auth example so the storageClassName entry is inline, matching the formatting used by the other example YAML files and keeping the manifest style consistent.docs/examples/weaviate/reconfigure/minio-secret.yaml (1)
8-9: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winReplace the demo MinIO credentials with obvious placeholders.
These values are copy-pasteable as-is, which nudges readers toward known credentials in real clusters. Please switch them to explicit replace-me placeholders in the example.
Suggested change
stringData: - AWS_ACCESS_KEY_ID: minio - AWS_SECRET_ACCESS_KEY: minio123 + AWS_ACCESS_KEY_ID: REPLACE_ME_ACCESS_KEY + AWS_SECRET_ACCESS_KEY: REPLACE_ME_SECRET_KEY🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/weaviate/reconfigure/minio-secret.yaml` around lines 8 - 9, The example MinIO credentials in the weaviate reconfigure secret should not be copy-pasteable real values; update the literal values for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the minio-secret.yaml example to explicit replace-me placeholders. Keep the change limited to the demo secret fields so readers are clearly prompted to substitute their own credentials.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/examples/weaviate/autoscaler/compute/weaviate.yaml`:
- Around line 22-23: Remove the explicit runAsNonRoot: false setting from the
Weaviate example manifest and align the securityContext used in the downloadable
YAML with the one shown in the compute-autoscale tutorial. Update the
weaviate.yaml manifest so the weaviate container no longer runs as root by
default, and make sure any extra fields like healthChecker/securityContext match
the documented example or are removed if they are not part of the tutorial.
Reference the manifest’s securityContext block in the Weaviate autoscaler
example when making the change.
In `@docs/examples/weaviate/configuration/cus-conf.yaml`:
- Around line 10-12: The storage configuration example has a malformed
storageClassName scalar in the Weaviate config snippet, which makes the YAML
invalid. Update the storage block in the example so storageClassName is
represented as a single valid scalar value, keeping the surrounding storage
section intact. Use the storage and storageClassName fields in the configuration
example as the anchor for the fix.
In `@docs/examples/weaviate/configuration/cus-inline-conf.yaml`:
- Around line 10-12: The storage configuration example has a malformed
storageClassName scalar in the Weaviate inline config snippet, making the YAML
invalid. Fix the storage block in the configuration example so storageClassName
is written as a proper single YAML value under storage, using the existing
example section to locate it. Ensure the published manifest is valid YAML and
can be applied as written.
In `@docs/examples/weaviate/configuration/weaviate-custom-config-secret.yaml`:
- Around line 5-14: The example configuration in the Weaviate custom secret
guide is effectively unauthenticated because it enables anonymous access while
disabling both authorization modes. Update the example around the auth-related
section so it is not a risky copy/paste default: either remove the
authentication/authorization block from the sample entirely, or replace it with
a secured configuration and add a clear warning plus a separate secured variant
in the guide. Use the existing configuration section as the anchor when
adjusting the example.
In `@docs/guides/weaviate/concepts/weaviate.md`:
- Around line 42-43: The Weaviate sample is missing the required auth secret
kind field, causing CRD validation to fail. Update the sample under the Weaviate
spec so that the authSecret block includes spec.authSecret.kind alongside
spec.authSecret.name, using the existing Weaviate configuration example as the
reference point.
In `@docs/guides/weaviate/configuration/using-config-file.md`:
- Around line 13-23: Replace both generic “[here]” links in the Weaviate config
guide with descriptive anchor text so the markdown is accessible and
self-explanatory. Update the intro link and the KubeDB operator setup link in
using-config-file.md to use meaningful labels that describe the destination,
keeping the existing targets unchanged.
- Line 36: Clarify the Weaviate config mount path in the documentation so it
consistently refers to either the file or the directory. Update the wording
around the configuration in the using-config-file guide, especially the text
near the mount description, and make the path references in the later examples
match the same symbolized location (/weaviate-config/conf.yaml) or the correct
directory form used by the mount. Ensure the docs around spec.configuration and
the conf.yaml references are aligned so readers can tell exactly what path to
inspect.
In `@docs/guides/weaviate/quickstart/quickstart.md`:
- Around line 493-496: The AppBinding.spec.secret example includes unsupported
fields that do not match the CRD schema. Update the quickstart sample by
removing the apiGroup and kind entries from the secret block and keep only the
supported secret reference fields in the AppBinding example.
- Around line 373-376: The quickstart secret output includes a real base64 API
key value in the AUTHENTICATION_APIKEY_ALLOWED_KEYS field, which must be
redacted before committing. Update the example in the weaviate quickstart
snippet to use a clearly fake placeholder value while keeping the surrounding
AUTHENTICATION_APIKEY_* fields and formatting intact so the documented output
remains representative without exposing credentials.
In `@docs/guides/weaviate/README.md`:
- Line 16: The onboarding link text currently uses generic wording that fails
accessibility checks and gives no context to screen readers. Update the link
text in the Weaviate guide README and the matching copy in the shared Weaviate
concept and quickstart docs to use descriptive anchor text instead of “here,”
keeping the link target the same while making the wording clear and consistent
across those markdown files.
In `@docs/guides/weaviate/reconfigure/_index.md`:
- Around line 1-10: The front matter for the Weaviate reconfigure landing page
is missing the section navigation identifier, which makes it inconsistent with
the sibling guide pages. Update the page’s front matter in the Reconfigure
section to include section_menu_id: guides alongside the existing title and menu
fields, so it participates in the same guides navigation contract as the other
reconfigure docs.
In `@docs/guides/weaviate/reconfigure/overview.md`:
- Line 13: The link text in the opening sentence is too generic; update the
markdown in this overview so the destination is named directly instead of using
“here.” Keep the existing target in the same sentence, but make the anchor text
descriptive and specific in the `overview.md` content.
In `@docs/guides/weaviate/reconfigure/reconfigure.md`:
- Around line 13-23: Replace the generic “here” link text in the Weaviate
reconfigure guide with descriptive anchor text so the markdown is accessible and
easier to scan. Update the introductory link near the top and the setup link in
the “Before You Begin” section in the reconfigure.md document, keeping the same
destinations but using clear, descriptive labels instead of “[here]”.
- Around line 63-65: The reconfigure guide is missing the deploy step that
creates the sample Weaviate resource before the helper resources section. Update
the reconfigure workflow in the markdown to include the apply step for the
`weaviate-sample` manifest before any `WeaviateOpsRequest` or
readiness-dependent actions, so the documented sequence actually creates and
waits on the `Weaviate` CR as intended.
In `@docs/guides/weaviate/scaling/horizontal-scaling/horizontal-scaling.md`:
- Around line 42-60: The inline Weaviate manifest in the horizontal-scaling
guide is out of sync with the example YAML, so update the embedded spec in the
markdown to match the downloadable file used by the docs. In the `Weaviate`
example block, include the missing `podTemplate` (with its `securityContext` and
resource settings) and `healthChecker`, or explicitly note that the inline
manifest is a simplified version. Use the existing `Weaviate` manifest snippet
in the guide and the referenced `weaviate.yaml` example as the source of truth.
In `@docs/guides/weaviate/storage-migration/storage-migration.md`:
- Around line 86-100: The Weaviate storage-migration example is inconsistent
because the guide references a WeaviateOpsRequest with a migration block that is
missing from the actual ops-request manifest. Update the referenced example in
the storage-migration docs so the WeaviateOpsRequest manifest includes the full
spec.migration stanza, or adjust the guide text/snippet to match the contents of
ops-request.yaml; use the WeaviateOpsRequest and migration fields as the anchor
points when making the fix.
---
Outside diff comments:
In `@docs/examples/weaviate/rotate-auth/weaviate-rotate-auth.yaml`:
- Around line 1-9: The Secret manifest for weaviate-rotate-auth uses a base64
value that looks like a real API key, so replace the
AUTHENTICATION_APIKEY_ALLOWED_KEYS data in the YAML with a clearly fake
placeholder example. Keep the Secret structure intact, but use an obviously
synthetic value in the same field so readers can tell it is not a reusable
credential and secret scanners are less likely to flag it.
In `@docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml`:
- Around line 1-37: The base Weaviate manifest is inconsistent between the
horizontal and vertical scaling examples; standardize the shared `weaviate.yaml`
spec so both guides use the same `healthChecker` block and the same
`podTemplate.spec.containers[].securityContext.runAsNonRoot` setting. Update the
embedded Weaviate manifest in the vertical-scaling example to match the
horizontal-scaling `Weaviate` sample, and verify both example documents stay
aligned when the manifest changes.
---
Nitpick comments:
In `@docs/examples/weaviate/autoscaler/compute/weaviate.yaml`:
- Around line 11-12: The `storageClassName` entry has inconsistent indentation
in the Weaviate autoscaler compute YAML. Align the `longhorn` value with the
other scalar values in the same document by fixing the spacing under
`storageClassName`, keeping the formatting consistent with the surrounding keys
in `weaviate.yaml`.
In `@docs/examples/weaviate/autoscaler/storage/weaviate.yaml`:
- Around line 11-12: The storageClassName field in the weaviate autoscaler
manifest is split across two lines, unlike the inline style used in the other
example manifests. Update the storageClassName entry in the YAML example to use
the same inline key-value format as the other manifests so the example is
consistent and easier to copy from.
In `@docs/examples/weaviate/reconfigure-tls/remove-tls.yaml`:
- Line 4: The OpsRequest name in this example is inconsistent with the naming
used by the rest of the reconfigure-tls tutorial, so update the name in
remove-tls.yaml to match the existing guide convention used by the other
examples such as wvops-rotate and wvops-update-issuer. Keep the naming pattern
aligned across the reconfigure-tls sample set and adjust any related identifiers
if needed so readers see one consistent scheme throughout the sequence.
In `@docs/examples/weaviate/reconfigure-tls/rotate-certificate.yaml`:
- Around line 10-12: The rotate-certificate example includes an extra
tls.clientAuth setting that is unrelated to certificate rotation and may mislead
readers; simplify the example in the rotate-certificates YAML so it only uses
rotateCertificates: true under tls. Keep the example aligned with the
reconfigure-tls overview and the rotate-certificate documentation by removing
the clientAuth field from this snippet.
In `@docs/examples/weaviate/reconfigure-tls/weaviate.yaml`:
- Around line 22-23: The pod security setting in the Weaviate TLS
reconfiguration example is too permissive; update the securityContext example so
it does not encourage copy-pasting runAsNonRoot: false into real manifests.
Adjust the example in weaviate.yaml to either remove that field or clearly
annotate why it is required for this specific demo, keeping the guidance aligned
with the intended TLS reconfiguration flow.
- Around line 10-12: The storageClassName value is formatted as an unusual
multi-line scalar in the Weaviate YAML example, which is inconsistent with the
rest of the docs. Update the storage section in the weaviate reconfigure-tls
example so storageClassName uses the standard single-line YAML key/value style,
keeping the example copy-paste friendly and matching surrounding examples.
In `@docs/examples/weaviate/reconfigure/minio-secret.yaml`:
- Around line 8-9: The example MinIO credentials in the weaviate reconfigure
secret should not be copy-pasteable real values; update the literal values for
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the minio-secret.yaml example to
explicit replace-me placeholders. Keep the change limited to the demo secret
fields so readers are clearly prompted to substitute their own credentials.
In `@docs/examples/weaviate/restart/weaviate.yaml`:
- Line 12: The `storageClassName` entry in the Weaviate restart YAML has
inconsistent indentation for its `longhorn` value. Update the YAML block in
`weaviate.yaml` so the `longhorn` value is indented consistently with the
surrounding structure and aligned with the expected block indentation under
`storageClassName:`.
- Around line 20-24: The example manifest currently forces the Weaviate
container to run with runAsNonRoot set to false, which weakens the security
context. Update the securityContext under the weaviate container to prefer
non-root execution by setting runAsNonRoot to true or removing the override if
the image already defaults appropriately. Use the weaviate container section in
the restart example manifest to make this change and verify the Weaviate image
does not require root privileges.
In `@docs/examples/weaviate/rotate-auth/weaviate.yaml`:
- Around line 11-12: The storageClassName field in the Weaviate example manifest
is written in a multi-line block, which is inconsistent with the single-line
style used elsewhere in the PR. Update the manifest in the rotate-auth example
so the storageClassName entry is inline, matching the formatting used by the
other example YAML files and keeping the manifest style consistent.
In `@docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml`:
- Around line 22-23: The Weaviate example securityContext currently allows root
by setting runAsNonRoot to false; update the Weaviate YAML so the container does
not run as root unless there is a documented requirement. Adjust the
securityContext in the horizontal-scaling Weaviate example to remove this
override or set runAsNonRoot to true, and make sure it matches the other
Weaviate example manifests used in the docs.
- Around line 11-12: The YAML indentation for the `storageClassName` entry is
inconsistent in the Weaviate scaling example. Update the `storageClassName`
field so its `longhorn` value uses the same 2-space indentation style as the
rest of the file, keeping the formatting consistent around the
`storageClassName` block.
In `@docs/examples/weaviate/tls/tls.yaml`:
- Around line 11-12: The `storageClassName` entry is indented incorrectly in the
Weaviate TLS example, making the YAML hard to read; update the
`storageClassName` block so `longhorn` is aligned as the value for that key. Use
the `storageClassName` field in the tls.yaml example as the location to fix the
indentation and keep the YAML structure clear and consistent.
- Around line 25-29: The Weaviate TLS example overrides the container security
posture by setting runAsNonRoot to false, which may unnecessarily allow root
execution. Update the weaviate container’s securityContext in the tls.yaml
example to prefer non-root execution, either by setting runAsNonRoot to true or
by removing the override so the default applies, and keep the change localized
to the weaviate container spec.
In `@docs/examples/weaviate/volume-expansion/weaviate.yaml`:
- Around line 10-12: Fix the YAML formatting for the storageClassName field in
the weaviate volume-expansion manifest so it matches the inline style used
across the docs. Update the storage section in weaviate.yaml so storageClassName
is written as a single key-value entry, keeping the same value and avoiding the
extra line/indentation. This is a formatting-only cleanup for the
storageClassName field.
In `@docs/guides/weaviate/autoscaler/compute/compute-autoscale.md`:
- Around line 47-76: The inline Weaviate manifest is out of sync with the
downloadable example, so update the manifest in the autoscale guide and the
source example to match. Use the Weaviate spec block in the guide and the
example at docs/examples/weaviate/autoscaler/compute/weaviate.yaml to align
fields, especially securityContext.runAsNonRoot and the healthChecker section.
Keep both manifests identical so users see the same configuration in the
documentation and the downloadable file.
- Around line 146-151: Add a brief note in the autoscale guide near the VPA
example that the `describe` output may show memory recommendations in raw bytes
or milli-bytes (for example via the `describe` output in the `VPA` section), so
readers should not expect a human-friendly unit like `1.2Gi`; clarify that this
is normal VPA representation and can be converted when interpreting the values.
In `@docs/guides/weaviate/autoscaler/storage/storage-autoscale.md`:
- Around line 104-110: The bullet list in the storage autoscale guide repeats
the same verb across adjacent items, making the section feel repetitive. Update
the descriptions in the doc snippet around the autoscaling field explanations,
varying the wording for the entries tied to spec.databaseRef.name,
spec.storage.weaviate.trigger, spec.storage.weaviate.usageThreshold,
spec.storage.weaviate.scalingThreshold, spec.storage.weaviate.expansionMode, and
spec.opsRequestOptions while keeping the meaning unchanged.
In `@docs/guides/weaviate/reconfigure-tls/reconfigure-tls.md`:
- Around line 257-261: The tutorial uses inconsistent YAML quoting for apiGroup
in the tls examples. Update the reconfigure-tls example to match the add-tls
example’s style, keeping apiGroup formatting consistent throughout the guide.
Use the issuerRef block in the reconfigure-tls markdown snippet as the reference
point and make the quoting style uniform across all related YAML samples.
- Around line 173-175: The curl example in the reconfigure-tls guide uses a
literal api key placeholder instead of the same env-var style used elsewhere.
Update the Authorization header in the related curl example to match the
existing placeholder convention from the configure-tls guide, and keep the usage
consistent across the TLS guide examples so readers can copy-paste without
editing the token value manually.
In `@docs/guides/weaviate/rotate-auth/rotate-auth.md`:
- Around line 62-72: Add a warning next to the Secret example in the rotate-auth
guide because the inline YAML uses a hardcoded base64 API key. Update the
documentation snippet around the Secret manifest to clearly tell readers not to
reuse the example value and to generate their own key for production use,
keeping the note adjacent to the AUTHENTICATION_APIKEY_ALLOWED_KEYS example so
it is hard to miss.
In `@docs/guides/weaviate/scaling/vertical-scaling/vertical-scaling.md`:
- Around line 118-120: The three consecutive bullet descriptions in the vertical
scaling guide all start with the same “specifies” phrasing, so reword them in
the VerticalScaling example to vary the sentence openings and improve
readability. Keep the same meaning for the fields referenced in the bullets, but
make each description distinct when describing spec.type, spec.databaseRef.name,
and spec.verticalScaling.node.
In `@docs/guides/weaviate/tls/overview.md`:
- Line 46: Update the `clientAuth` description in the Weaviate TLS overview to
state the default behavior explicitly instead of saying “when unset or true”;
make it clear that `clientAuth` defaults to `true`, and keep the explanation in
the same paragraph so readers can distinguish the default from the opt-out case
where it is set to `false`.
In `@docs/guides/weaviate/volume-expansion/overview.md`:
- Line 35: The wording in the volume-expansion overview is a bit verbose; update
the sentence in the Weaviate volume expansion guide to use a shorter phrase like
“to expand” instead of “in order to expand.” Keep the meaning unchanged and make
the prose more concise in the same descriptive step that mentions the
WeaviateOpsRequest CR.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 38d93488-1711-4d70-808c-05c18b70d4e0
📒 Files selected for processing (77)
docs/examples/weaviate/autoscaler/compute/weaviate-compute-autoscaler.yamldocs/examples/weaviate/autoscaler/compute/weaviate.yamldocs/examples/weaviate/autoscaler/storage/weaviate-storage-autoscaler.yamldocs/examples/weaviate/autoscaler/storage/weaviate.yamldocs/examples/weaviate/configuration/cus-conf.yamldocs/examples/weaviate/configuration/cus-inline-conf.yamldocs/examples/weaviate/configuration/weaviate-custom-config-secret.yamldocs/examples/weaviate/quickstart/weaviate-sample.yamldocs/examples/weaviate/reconfigure-tls/add-tls.yamldocs/examples/weaviate/reconfigure-tls/remove-tls.yamldocs/examples/weaviate/reconfigure-tls/rotate-certificate.yamldocs/examples/weaviate/reconfigure-tls/update-issuer.yamldocs/examples/weaviate/reconfigure-tls/weaviate-new-issuer.yamldocs/examples/weaviate/reconfigure-tls/weaviate.yamldocs/examples/weaviate/reconfigure/minio-secret.yamldocs/examples/weaviate/reconfigure/new-weaviate-config.yamldocs/examples/weaviate/reconfigure/ops-request.yamldocs/examples/weaviate/reconfigure/weaviate.yamldocs/examples/weaviate/restart/ops-request.yamldocs/examples/weaviate/restart/weaviate.yamldocs/examples/weaviate/rotate-auth/ops-request.yamldocs/examples/weaviate/rotate-auth/weaviate-rotate-auth.yamldocs/examples/weaviate/rotate-auth/weaviate.yamldocs/examples/weaviate/scaling/horizontal-scaling/scale-down.yamldocs/examples/weaviate/scaling/horizontal-scaling/scale-up.yamldocs/examples/weaviate/scaling/horizontal-scaling/weaviate.yamldocs/examples/weaviate/scaling/vertical-scaling/ops-request.yamldocs/examples/weaviate/scaling/vertical-scaling/weaviate.yamldocs/examples/weaviate/storage-migration/ops-request.yamldocs/examples/weaviate/storage-migration/weaviate.yamldocs/examples/weaviate/tls/issuer.yamldocs/examples/weaviate/tls/tls.yamldocs/examples/weaviate/volume-expansion/ops-request.yamldocs/examples/weaviate/volume-expansion/weaviate.yamldocs/guides/weaviate/README.mddocs/guides/weaviate/_index.mddocs/guides/weaviate/autoscaler/_index.mddocs/guides/weaviate/autoscaler/compute/_index.mddocs/guides/weaviate/autoscaler/compute/compute-autoscale.mddocs/guides/weaviate/autoscaler/compute/overview.mddocs/guides/weaviate/autoscaler/storage/_index.mddocs/guides/weaviate/autoscaler/storage/overview.mddocs/guides/weaviate/autoscaler/storage/storage-autoscale.mddocs/guides/weaviate/concepts/_index.mddocs/guides/weaviate/concepts/catalog.mddocs/guides/weaviate/concepts/weaviate.mddocs/guides/weaviate/configuration/_index.mddocs/guides/weaviate/configuration/using-config-file.mddocs/guides/weaviate/quickstart/_index.mddocs/guides/weaviate/quickstart/quickstart.mddocs/guides/weaviate/reconfigure-tls/_index.mddocs/guides/weaviate/reconfigure-tls/overview.mddocs/guides/weaviate/reconfigure-tls/reconfigure-tls.mddocs/guides/weaviate/reconfigure/_index.mddocs/guides/weaviate/reconfigure/overview.mddocs/guides/weaviate/reconfigure/reconfigure.mddocs/guides/weaviate/restart/_index.mddocs/guides/weaviate/restart/restart.mddocs/guides/weaviate/rotate-auth/_index.mddocs/guides/weaviate/rotate-auth/overview.mddocs/guides/weaviate/rotate-auth/rotate-auth.mddocs/guides/weaviate/scaling/_index.mddocs/guides/weaviate/scaling/horizontal-scaling/_index.mddocs/guides/weaviate/scaling/horizontal-scaling/horizontal-scaling.mddocs/guides/weaviate/scaling/horizontal-scaling/overview.mddocs/guides/weaviate/scaling/vertical-scaling/_index.mddocs/guides/weaviate/scaling/vertical-scaling/overview.mddocs/guides/weaviate/scaling/vertical-scaling/vertical-scaling.mddocs/guides/weaviate/storage-migration/_index.mddocs/guides/weaviate/storage-migration/overview.mddocs/guides/weaviate/storage-migration/storage-migration.mddocs/guides/weaviate/tls/_index.mddocs/guides/weaviate/tls/configure-tls.mddocs/guides/weaviate/tls/overview.mddocs/guides/weaviate/volume-expansion/_index.mddocs/guides/weaviate/volume-expansion/overview.mddocs/guides/weaviate/volume-expansion/volume-expansion.md
| securityContext: | ||
| runAsNonRoot: false |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Security concern: runAsNonRoot: false runs Weaviate as root.
Setting runAsNonRoot: false explicitly allows the container to run as root, which violates the principle of least privilege and increases the attack surface. Unless Weaviate specifically requires root privileges (which should be documented), remove this or set it to true.
Additionally, this example manifest includes securityContext and healthChecker fields that are absent from the same manifest shown in the tutorial at compute-autoscale.md lines 48–76, creating an inconsistency between the downloadable example and the documented YAML.
🛡️ Proposed fix
securityContext:
- runAsNonRoot: false
+ runAsNonRoot: true📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| securityContext: | |
| runAsNonRoot: false | |
| securityContext: | |
| runAsNonRoot: true |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/examples/weaviate/autoscaler/compute/weaviate.yaml` around lines 22 -
23, Remove the explicit runAsNonRoot: false setting from the Weaviate example
manifest and align the securityContext used in the downloadable YAML with the
one shown in the compute-autoscale tutorial. Update the weaviate.yaml manifest
so the weaviate container no longer runs as root by default, and make sure any
extra fields like healthChecker/securityContext match the documented example or
are removed if they are not part of the tutorial. Reference the manifest’s
securityContext block in the Weaviate autoscaler example when making the change.
| storage: | ||
| storageClassName: | ||
| longhorn |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
Fix the malformed storageClassName field.
This scalar is split across two lines, so the example is not valid YAML and the guide’s kubectl apply step will fail.
Proposed fix
storage:
- storageClassName:
- longhorn
+ storageClassName: longhorn📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| storage: | |
| storageClassName: | |
| longhorn | |
| storage: | |
| storageClassName: longhorn |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/examples/weaviate/configuration/cus-conf.yaml` around lines 10 - 12, The
storage configuration example has a malformed storageClassName scalar in the
Weaviate config snippet, which makes the YAML invalid. Update the storage block
in the example so storageClassName is represented as a single valid scalar
value, keeping the surrounding storage section intact. Use the storage and
storageClassName fields in the configuration example as the anchor for the fix.
| storage: | ||
| storageClassName: | ||
| longhorn |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
Fix the malformed storageClassName field.
This scalar is split across two lines, so the example is not valid YAML and the published manifest cannot be applied as written.
Proposed fix
storage:
- storageClassName:
- longhorn
+ storageClassName: longhorn📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| storage: | |
| storageClassName: | |
| longhorn | |
| storage: | |
| storageClassName: longhorn |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/examples/weaviate/configuration/cus-inline-conf.yaml` around lines 10 -
12, The storage configuration example has a malformed storageClassName scalar in
the Weaviate inline config snippet, making the YAML invalid. Fix the storage
block in the configuration example so storageClassName is written as a proper
single YAML value under storage, using the existing example section to locate
it. Ensure the published manifest is valid YAML and can be applied as written.
| authentication: | ||
| anonymous_access: | ||
| enabled: true | ||
| oidc: | ||
| enabled: false | ||
| authorization: | ||
| admin_list: | ||
| enabled: false | ||
| rbac: | ||
| enabled: false |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Avoid publishing an unauthenticated config as the default example.
This sample enables anonymous access while disabling both authorization modes, so anyone who can reach the service can use it without authentication. For a general-purpose configuration guide, that is a risky copy/paste default. Please either remove the auth block from the example or add an explicit warning and a secured variant in the guide.
Safer example
stringData:
conf.yaml: |-
---
- authentication:
- anonymous_access:
- enabled: true
- oidc:
- enabled: false
- authorization:
- admin_list:
- enabled: false
- rbac:
- enabled: false
-
query_defaults:
limit: 400
debug: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| authentication: | |
| anonymous_access: | |
| enabled: true | |
| oidc: | |
| enabled: false | |
| authorization: | |
| admin_list: | |
| enabled: false | |
| rbac: | |
| enabled: false |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/examples/weaviate/configuration/weaviate-custom-config-secret.yaml`
around lines 5 - 14, The example configuration in the Weaviate custom secret
guide is effectively unauthenticated because it enables anonymous access while
disabling both authorization modes. Update the example around the auth-related
section so it is not a risky copy/paste default: either remove the
authentication/authorization block from the sample entirely, or replace it with
a secured configuration and add a clear warning plus a separate secured variant
in the guide. Use the existing configuration section as the anchor when
adjusting the example.
| authSecret: | ||
| name: weaviate-sample-auth |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🔴 Critical | ⚡ Quick win
Add the required spec.authSecret.kind field to this sample.
This code block is currently merge-blocking: CI reports ValidationError(Weaviate.spec.authSecret): missing required field "kind". spec.authSecret.name alone does not satisfy the CRD schema here.
Suggested fix
authSecret:
+ kind: Secret
name: weaviate-sample-auth📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| authSecret: | |
| name: weaviate-sample-auth | |
| authSecret: | |
| kind: Secret | |
| name: weaviate-sample-auth |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/concepts/weaviate.md` around lines 42 - 43, The Weaviate
sample is missing the required auth secret kind field, causing CRD validation to
fail. Update the sample under the Weaviate spec so that the authSecret block
includes spec.authSecret.kind alongside spec.authSecret.name, using the existing
Weaviate configuration example as the reference point.
Source: Pipeline failures
| section_menu_id: guides | ||
| --- | ||
|
|
||
| > New to KubeDB? Please start [here](/docs/README.md). |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Use descriptive link text instead of here.
This is harder to understand out of context and was correctly flagged by markdownlint. Name the destination directly.
Suggested change
-> New to KubeDB? Please start [here](/docs/README.md).
+> New to KubeDB? Please start with the [KubeDB introduction](/docs/README.md).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| > New to KubeDB? Please start [here](/docs/README.md). | |
| > New to KubeDB? Please start with the [KubeDB introduction](/docs/README.md). |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 13-13: Link text should be descriptive
(MD059, descriptive-link-text)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/reconfigure/overview.md` at line 13, The link text in
the opening sentence is too generic; update the markdown in this overview so the
destination is named directly instead of using “here.” Keep the existing target
in the same sentence, but make the anchor text descriptive and specific in the
`overview.md` content.
Source: Linters/SAST tools
| > New to KubeDB? Please start [here](/docs/README.md). | ||
|
|
||
| # Reconfigure Weaviate | ||
|
|
||
| This guide will show you how to use the `KubeDB` Ops Manager to reconfigure a Weaviate cluster. | ||
|
|
||
| ## Before You Begin | ||
|
|
||
| - At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. | ||
|
|
||
| - Install `KubeDB` in your cluster following the steps [here](/docs/setup/README.md). |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Replace the generic [here] link text.
Both occurrences trigger the markdownlint accessibility warning and are harder to scan in rendered docs. Please use descriptive link text instead.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 13-13: Link text should be descriptive
(MD059, descriptive-link-text)
[warning] 23-23: Link text should be descriptive
(MD059, descriptive-link-text)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/reconfigure/reconfigure.md` around lines 13 - 23,
Replace the generic “here” link text in the Weaviate reconfigure guide with
descriptive anchor text so the markdown is accessible and easier to scan. Update
the introductory link near the top and the setup link in the “Before You Begin”
section in the reconfigure.md document, keeping the same destinations but using
clear, descriptive labels instead of “[here]”.
Source: Linters/SAST tools
| Let's create the `Weaviate` CR and wait for it to become `Ready`. | ||
|
|
||
| ## Prepare Reconfigure Helper Resources |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Add the missing deploy step before the reconfigure workflow.
This section never actually creates weaviate-sample. If readers follow the page as written, the later WeaviateOpsRequest is created against a database that does not exist.
Proposed fix
Let's create the `Weaviate` CR and wait for it to become `Ready`.
+
+```bash
+$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/weaviate/reconfigure/weaviate.yaml
+weaviate.kubedb.com/weaviate-sample created
+```📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Let's create the `Weaviate` CR and wait for it to become `Ready`. | |
| ## Prepare Reconfigure Helper Resources | |
| Let's create the `Weaviate` CR and wait for it to become `Ready`. | |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/reconfigure/reconfigure.md` around lines 63 - 65, The
reconfigure guide is missing the deploy step that creates the sample Weaviate
resource before the helper resources section. Update the reconfigure workflow in
the markdown to include the apply step for the `weaviate-sample` manifest before
any `WeaviateOpsRequest` or readiness-dependent actions, so the documented
sequence actually creates and waits on the `Weaviate` CR as intended.
| ```yaml | ||
| apiVersion: kubedb.com/v1alpha2 | ||
| kind: Weaviate | ||
| metadata: | ||
| name: weaviate-sample | ||
| namespace: demo | ||
| spec: | ||
| version: 1.33.1 | ||
| replicas: 3 | ||
| storageType: Durable | ||
| storage: | ||
| storageClassName: longhorn | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| deletionPolicy: WipeOut | ||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Embedded Weaviate CR does not match the example file.
The inline Weaviate manifest omits the podTemplate (with securityContext and resource settings) and healthChecker that are present in the corresponding example file at docs/examples/weaviate/scaling/horizontal-scaling/weaviate.yaml. Since the doc note at Line 36 states that YAML files are stored in the GitHub repository, the embedded manifest should be consistent with the downloadable example to avoid confusion.
Please either align the embedded YAML with the example file or add a note that the inline version is simplified.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/scaling/horizontal-scaling/horizontal-scaling.md` around
lines 42 - 60, The inline Weaviate manifest in the horizontal-scaling guide is
out of sync with the example YAML, so update the embedded spec in the markdown
to match the downloadable file used by the docs. In the `Weaviate` example
block, include the missing `podTemplate` (with its `securityContext` and
resource settings) and `healthChecker`, or explicitly note that the inline
manifest is a simplified version. Use the existing `Weaviate` manifest snippet
in the guide and the referenced `weaviate.yaml` example as the source of truth.
| ```yaml | ||
| apiVersion: ops.kubedb.com/v1alpha1 | ||
| kind: WeaviateOpsRequest | ||
| metadata: | ||
| name: storage-migration | ||
| namespace: demo | ||
| spec: | ||
| type: StorageMigration | ||
| databaseRef: | ||
| name: weaviate-sample | ||
| timeout: 10m | ||
| migration: | ||
| storageClassName: local-path | ||
| oldPVReclaimPolicy: Delete | ||
| ``` |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🔴 Critical | ⚖️ Poor tradeoff
Critical: Example manifest mismatch — migration section missing from referenced ops-request.yaml.
The guide shows a WeaviateOpsRequest with spec.migration.storageClassName and spec.migration.oldPVReclaimPolicy, but the actual example file at docs/examples/weaviate/storage-migration/ops-request.yaml (shown in the relevant code snippets) contains only type, databaseRef, and timeout — the entire migration block is absent. Users following the tutorial by applying the remote manifest will submit an incomplete ops request.
Update the example manifest to include the migration stanza, or update the guide to match the actual file contents.
# Missing from docs/examples/weaviate/storage-migration/ops-request.yaml:
migration:
storageClassName: local-path
oldPVReclaimPolicy: Delete🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/weaviate/storage-migration/storage-migration.md` around lines 86
- 100, The Weaviate storage-migration example is inconsistent because the guide
references a WeaviateOpsRequest with a migration block that is missing from the
actual ops-request manifest. Update the referenced example in the
storage-migration docs so the WeaviateOpsRequest manifest includes the full
spec.migration stanza, or adjust the guide text/snippet to match the contents of
ops-request.yaml; use the WeaviateOpsRequest and migration fields as the anchor
points when making the fix.
Overview
Adds user-facing documentation for KubeDB managed Weaviate, mirroring the existing Qdrant guide layout and Postgres documentation style. All command output embedded in these pages was collected from a live KubeDB Weaviate cluster.
Contents
Guide pages (
docs/guides/weaviate/):WeaviateandWeaviateVersionCRDsconf.yamlEach ops/autoscaler topic follows the Qdrant
overview.md+ worked-example split.Example manifests (
docs/examples/weaviate/) for every guide.Notes
describeoutput; its live auto-trigger depends on thevolume_used_percentagecustom metric being served in the cluster. The underlyingVolumeExpansionmechanism it uses is demonstrated live in the Volume Expansion guide.Summary by CodeRabbit