Automated Dependency Updates for Kustomize (original) (raw)
Categories: kubernetes
Renovate supports updating Kustomize dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: /(^|/)kustomization\.ya?ml$/.
For details on how to extend a manager's managerFilePatterns value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: docker, git-tags, github-tags, helm.
Dependency types¶
This manager extracts the following depType values:
| depType | Description |
|---|---|
| Kustomization | Kustomization resource referencing remote bases or images |
| Component | Kustomize Component resource referencing remote bases or images |
| HelmChart | Helm chart embedded in a kustomization file via helmCharts |
Default config¶
{ "managerFilePatterns": [ "/(^|/)kustomization\\.ya?ml$/" ], "pinDigests": false }
Additional Information¶
Renovate can manage these parts of the kustomization.yaml file:
- remote resources
- image tags
- components
- helm charts
- remote bases (deprecated since Kustomize
v2.1.0)
How It Works¶
- Renovate searches in each repository for any
kustomization.yamlfiles - Dependencies are extracted from remote bases, image tags and Helm charts
- Renovate resolves the dependency's source repository and checks if there are SemVer tags
- If Renovate finds an update, then it updates the
kustomization.yamlfile
This manager uses three depTypes to allow fine-grained control of which dependencies are upgraded:
- Component
- Kustomization
- HelmChart
- OCIChart
Helm charts inflation¶
Renovate will inflate helm charts referenced in a kustomization if any of the following is true:
- The version Renovate is upgrading from was inflated, OR
- The
kustomizeInflateHelmChartsoption inpostUpdateOptionsis enabled
Note: To prevent Renovate from updating dependencies in the expanded charts, you'll need to manually exclude the folders from Helm managers. For example:
{ "packageRules": [ { "matchFileNames": ["**/charts/**"], "matchManagers": ["helmv3", "helm-values"], "enabled": false } ] }
Limitations¶
- Using HTTPS to fetch the repositories is not tested
- The keys for the image tags can be in any order
`- name: image/name newTag: v0.0.1
or
- newTag: v0.0.1 name: image/name `
- Digests can be pinned in
newTagordigest:
`- name: image/name newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
without a version, digests are tracked as :latest
- name: image/name digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f `
- The image's repository can be changed with
newName:
`- name: image/name newName: custom-image/name:v0.0.1
- name: image/name newName: custom-image/name:v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name newName: custom-image/name@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name newName: custom-image/name newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name newName: custom-image/name digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f `
- Images with values ignored by Kustomize will be skipped to avoid ambiguity:
`# bad: skipped because newTag: is ignored when digest: is set
- name: image/name newTag: v0.0.1 digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
good:
- name: image/name newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f `