From 3d7580dc3a25f8965da3a6e3c0533ce38e4c020c Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Thu, 7 May 2026 15:15:54 +0200 Subject: [PATCH] feat(renovate-operator): Fix ratelimits --- k8s-peterg/renovate-operator/configmap.yaml | 22 +++++++++++++++++++ .../renovate-operator/kustomization.yaml | 1 + .../renovate-operator/renovate-job.yaml | 9 ++++++++ k8s-peterg/renovate-operator/secrets.yaml | 22 +++++++++++++++++++ k8s-peterg/renovate-operator/values.yaml | 4 ++++ 5 files changed, 58 insertions(+) create mode 100644 k8s-peterg/renovate-operator/configmap.yaml diff --git a/k8s-peterg/renovate-operator/configmap.yaml b/k8s-peterg/renovate-operator/configmap.yaml new file mode 100644 index 0000000..5a6053c --- /dev/null +++ b/k8s-peterg/renovate-operator/configmap.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: renovate-config + namespace: renovate-operator +data: + config.json: |- + { + "hostRules": [ + { + "matchHost": "docker.io", + "username": "{{ env.DOCKER_USERNAME}}", + "password": "{{ env.DOCKER_TOKEN }}" + }, + { + "matchHost": "registry-1.docker.io", + "username": "{{ env.DOCKER_USERNAME}}", + "password": "{{ env.DOCKER_TOKEN }}" + } + ] + } diff --git a/k8s-peterg/renovate-operator/kustomization.yaml b/k8s-peterg/renovate-operator/kustomization.yaml index 62d9440..17e99a5 100644 --- a/k8s-peterg/renovate-operator/kustomization.yaml +++ b/k8s-peterg/renovate-operator/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization namespace: renovate-operator resources: + - configmap.yaml - namespace.yaml # - policies.yaml - renovate-job.yaml diff --git a/k8s-peterg/renovate-operator/renovate-job.yaml b/k8s-peterg/renovate-operator/renovate-job.yaml index 3ef991c..1fdcfc7 100644 --- a/k8s-peterg/renovate-operator/renovate-job.yaml +++ b/k8s-peterg/renovate-operator/renovate-job.yaml @@ -13,6 +13,13 @@ spec: secretRef: renovate-operator-secrets parallelism: 1 skipForks: true + extraVolumes: + - name: renovate-config + configMap: + name: renovate-config + extraVolumeMounts: + - name: renovate-config + mountPath: /opt/renovate extraEnv: - name: LOG_LEVEL value: debug @@ -22,3 +29,5 @@ spec: value: "true" - name: RENOVATE_GIT_AUTHOR value: "Renovate " + - name: RENOVATE_CONFIG_FILE + value: /opt/renovate/config.json diff --git a/k8s-peterg/renovate-operator/secrets.yaml b/k8s-peterg/renovate-operator/secrets.yaml index 543f6f2..8dba422 100644 --- a/k8s-peterg/renovate-operator/secrets.yaml +++ b/k8s-peterg/renovate-operator/secrets.yaml @@ -20,3 +20,25 @@ spec: remoteRef: key: /secrets/managed/renovate/token property: GITHUB_COM_TOKEN +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: renovate-operator-docker-login + namespace: renovate-operator +spec: + refreshInterval: "15s" + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: renovate-operator-docker-login + data: + - secretKey: DOCKER_USERNAME + remoteRef: + key: /secrets/managed/renovate/docker + property: DOCKER_USERNAME + - secretKey: DOCKER_TOKEN + remoteRef: + key: /secrets/managed/renovate/docker + property: DOCKER_PASSWORD diff --git a/k8s-peterg/renovate-operator/values.yaml b/k8s-peterg/renovate-operator/values.yaml index 979c844..88eaa44 100644 --- a/k8s-peterg/renovate-operator/values.yaml +++ b/k8s-peterg/renovate-operator/values.yaml @@ -4,6 +4,10 @@ metrics: serviceMonitor: enabled: false +image: + imagePullSecrets: + - name: renovate-operator-docker-login + route: enabled: true hostnames: