diff --git a/kubernetes/infrastructure/controllers/renovate/cronjob.yaml b/kubernetes/infrastructure/controllers/renovate/cronjob.yaml new file mode 100644 index 0000000..a5e9924 --- /dev/null +++ b/kubernetes/infrastructure/controllers/renovate/cronjob.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: renovate + namespace: renovate + labels: + app: renovate +spec: + schedule: "0 */6 * * *" + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + template: + metadata: + labels: + app: renovate + spec: + restartPolicy: Never + containers: + - name: renovate + image: renovate/renovate:39 + env: + - name: RENOVATE_PLATFORM + value: github + - name: RENOVATE_REPOSITORIES + value: '["berezovskyi-oleksandr/homelab"]' + - name: RENOVATE_TOKEN + valueFrom: + secretKeyRef: + name: renovate + key: github-token + - name: LOG_LEVEL + value: info + resources: + requests: + memory: 512Mi + cpu: 500m + limits: + memory: 1Gi diff --git a/kubernetes/infrastructure/controllers/renovate/namespace.yaml b/kubernetes/infrastructure/controllers/renovate/namespace.yaml new file mode 100644 index 0000000..ec7c378 --- /dev/null +++ b/kubernetes/infrastructure/controllers/renovate/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: renovate diff --git a/kubernetes/infrastructure/controllers/renovate/secret.sops.yaml b/kubernetes/infrastructure/controllers/renovate/secret.sops.yaml new file mode 100644 index 0000000..67b21a0 --- /dev/null +++ b/kubernetes/infrastructure/controllers/renovate/secret.sops.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: renovate + namespace: renovate +stringData: + github-token: ENC[AES256_GCM,data:6SjztGjm1T0hNzgj3wpuqa31mdJdZItX0iZUA8l8v/4NhBmxDfMpu2YR8CyikZNcaTMhW4ty/nAYTPIBa8btGClArRV6p+aKrb9E35/LZmy5LIgg5ElZ5gaX+zIY,iv:Jx6Vwn6uaWTPw+fIsYOLJ68WSdZeHfEyq1nNYEidBZo=,tag:KTv6eABellIh9Putw2zSRw==,type:str] +sops: + age: + - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbms0RlovUkZSMXBRbzdQ + VHhla0RVbW1jVFBUQjA5Tk9rNkQzSnlCMGhNCi9BbHNGMjdVZHB2T1o5S1J0bXQv + R1lQUklQT2UrQWFSS3FUWFg4MXRqeWsKLS0tIHBUaGlUcHNPZzFPRk5mdk1BRGZT + WFpEUzFtWkcyZ0ExSno5cTBIaU5ENmsKkGzvTtT0chu+B9XfDI2vRl5FXd46NWoh + uADvff8Y3s0zwco7d4KiKQ3RNUnCQdThLBw/kJJSLf2012KgcGtwFA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-19T19:19:10Z" + mac: ENC[AES256_GCM,data:obHqpPjipCJXzO+uO6JzaaGyzKaZwsTQx0UcipJmaXHrxveUZSWNkzFlQG11Zebi9owLSZxMigz172EIV2TUiNf03/G39HrajqRDMN/rQXH335ReBLZepzqhQekSJcQ8dT7GONpIYUmfsbm/mG31yg7RYJkmaUPfZyCAnNk1EJ0=,iv:/EDy+trJqPoEuxLgiNJBeoLkP87boxWtGHu7jmo/f8g=,tag:5LkSH5eTviNIS5Q/SU46Iw==,type:str] + encrypted_regex: ^(data|stringData|email)$ + version: 3.12.1 diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..6fb0bd1 --- /dev/null +++ b/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":semanticCommits", + ], + "enabledManagers": ["kubernetes"], + "automergeType": "branch", + "ignoreTests": true, + "assignees": ["berezovskyi-oleksandr"] +}