feat: Add renovate-operator
This commit is contained in:
parent
0633deb983
commit
631143f9f8
SSH key fingerprint:
SHA256:B5tYaxBExaDm74r1px9iVeZ6F/ZDiyiy9SbBqfZYrvg
7 changed files with 108 additions and 0 deletions
|
|
@ -99,3 +99,22 @@ spec:
|
|||
selfHeal: true
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: renovate-operator
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://code.peterg.nl/wheatley/kubernetes.git
|
||||
path: k8s-peterg/renovate-operator
|
||||
targetRevision: HEAD
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: renovate-operator
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
|
|
|
|||
18
k8s-peterg/renovate-operator/kustomization.yaml
Normal file
18
k8s-peterg/renovate-operator/kustomization.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: renovate-operator
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- policies.yaml
|
||||
- renovate-job.yaml
|
||||
- secrets.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: renovate-operator
|
||||
repo: https://helm.mogenius.com/public
|
||||
namespace: renovate-operator
|
||||
releaseName: renovate-operator
|
||||
version: "4.7.0"
|
||||
valuesFile: values.yaml
|
||||
5
k8s-peterg/renovate-operator/namespace.yaml
Normal file
5
k8s-peterg/renovate-operator/namespace.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: renovate-operator
|
||||
17
k8s-peterg/renovate-operator/policies.yaml
Normal file
17
k8s-peterg/renovate-operator/policies.yaml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
kind: NetworkPolicy
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: allow-internet-only
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- to:
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
except:
|
||||
- 10.0.0.0/8
|
||||
- 192.168.0.0/16
|
||||
- 172.16.0.0/12
|
||||
23
k8s-peterg/renovate-operator/renovate-job.yaml
Normal file
23
k8s-peterg/renovate-operator/renovate-job.yaml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
apiVersion: renovate-operator.mogenius.com/v1alpha1
|
||||
kind: RenovateJob
|
||||
metadata:
|
||||
name: renovate
|
||||
namespace: renovate-operator
|
||||
spec:
|
||||
schedule: "*/15 * * * *"
|
||||
provider:
|
||||
name: forgejo
|
||||
endpoint: https://code.peterg.nl/api/v1/
|
||||
secretRef: renovate-operator-secrets
|
||||
parallelism: 1
|
||||
skipForks: true
|
||||
extraEnv:
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
- name: RENOVATE_ONBOARDING
|
||||
value: "true"
|
||||
- name: RENOVATE_AUTODISCOVER
|
||||
value: "true"
|
||||
- name: RENOVATE_GIT_AUTHOR
|
||||
value: "Renovate <renovate@peterg.nl>"
|
||||
22
k8s-peterg/renovate-operator/secrets.yaml
Normal file
22
k8s-peterg/renovate-operator/secrets.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: renovate-operator-secrets
|
||||
namespace: renovate-operator
|
||||
spec:
|
||||
refreshInterval: "15s"
|
||||
secretStoreRef:
|
||||
name: vault-wheatley
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: renovate-operator-secrets
|
||||
data:
|
||||
- secretKey: RENOVATE_TOKEN
|
||||
remoteRef:
|
||||
key: /secrets/managed/renovate/token
|
||||
property: RENOVATE_TOKEN
|
||||
- secretKey: GITHUB_COM_TOKEN
|
||||
remoteRef:
|
||||
key: /secrets/managed/renovate/token
|
||||
property: GITHUB_COM_TOKEN
|
||||
4
k8s-peterg/renovate-operator/values.yaml
Normal file
4
k8s-peterg/renovate-operator/values.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue