feat: Add renovate-operator

2026-05-06 17:12:49 +02:00 · 2026-05-06 17:12:49 +02:00 · 631143f9f8
commit 631143f9f8
parent 0633deb983
7 changed files with 108 additions and 0 deletions
--- a/k8s-peterg/argocd/applications-peterg.yaml
+++ b/k8s-peterg/argocd/applications-peterg.yaml
@ -99,3 +99,22 @@ spec:
      selfHeal: true
    syncOptions:
      - ServerSideApply=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: renovate-operator
  namespace: argocd
 spec:
  project: default
  source:
    repoURL: https://code.peterg.nl/wheatley/kubernetes.git
    path: k8s-peterg/renovate-operator
    targetRevision: HEAD
  destination:
    server: https://kubernetes.default.svc
    namespace: renovate-operator
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/k8s-peterg/renovate-operator/kustomization.yaml
+++ b/k8s-peterg/renovate-operator/kustomization.yaml
@ -0,0 +1,18 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: renovate-operator
 resources:
  - namespace.yaml
  - policies.yaml
  - renovate-job.yaml
  - secrets.yaml
 helmCharts:
  - name: renovate-operator
    repo: https://helm.mogenius.com/public
    namespace: renovate-operator
    releaseName: renovate-operator
    version: "4.7.0"
    valuesFile: values.yaml
--- a/k8s-peterg/renovate-operator/namespace.yaml
+++ b/k8s-peterg/renovate-operator/namespace.yaml
@ -0,0 +1,5 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: renovate-operator
--- a/k8s-peterg/renovate-operator/policies.yaml
+++ b/k8s-peterg/renovate-operator/policies.yaml
@ -0,0 +1,17 @@
 ---
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
  name: allow-internet-only
 spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
            except:
              - 10.0.0.0/8
              - 192.168.0.0/16
              - 172.16.0.0/12
--- a/k8s-peterg/renovate-operator/renovate-job.yaml
+++ b/k8s-peterg/renovate-operator/renovate-job.yaml
@ -0,0 +1,23 @@
 ---
 apiVersion: renovate-operator.mogenius.com/v1alpha1
 kind: RenovateJob
 metadata:
  name: renovate
  namespace: renovate-operator
 spec:
  schedule: "*/15 * * * *"
  provider:
    name: forgejo
    endpoint: https://code.peterg.nl/api/v1/
  secretRef: renovate-operator-secrets
  parallelism: 1
  skipForks: true
  extraEnv:
    - name: LOG_LEVEL
      value: debug
    - name: RENOVATE_ONBOARDING
      value: "true"
    - name: RENOVATE_AUTODISCOVER
      value: "true"
    - name: RENOVATE_GIT_AUTHOR
      value: "Renovate <renovate@peterg.nl>"
--- a/k8s-peterg/renovate-operator/secrets.yaml
+++ b/k8s-peterg/renovate-operator/secrets.yaml
@ -0,0 +1,22 @@
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: renovate-operator-secrets
  namespace: renovate-operator
 spec:
  refreshInterval: "15s"
  secretStoreRef:
    name: vault-wheatley
    kind: ClusterSecretStore
  target:
    name: renovate-operator-secrets
  data:
    - secretKey: RENOVATE_TOKEN
      remoteRef:
        key: /secrets/managed/renovate/token
        property: RENOVATE_TOKEN
    - secretKey: GITHUB_COM_TOKEN
      remoteRef:
        key: /secrets/managed/renovate/token
        property: GITHUB_COM_TOKEN
--- a/k8s-peterg/renovate-operator/values.yaml
+++ b/k8s-peterg/renovate-operator/values.yaml
@ -0,0 +1,4 @@
 metrics:
  enabled: true
  serviceMonitor:
    enabled: false