Skip to content

Automated Dependency Updates for Flux

Categories: cd, kubernetes

Renovate supports updating Flux dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (?:^|/)gotk-components\.ya?ml$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: github-releases, git-refs, github-tags, gitlab-tags, git-tags, bitbucket-tags, helm, docker.

Default config

{
  "fileMatch": [
    "(?:^|/)gotk-components\\.ya?ml$"
  ]
}

Additional Information

This manager parses Flux YAML manifests and supports:

  1. HelmRelease resources
  2. 'GitRepository' resources
  3. 'OCIRepository' resources
  4. Flux system manifests

HelmRelease support

Extracts helm dependencies from HelmRelease resources.

The flux manager extracts helm dependencies for HelmRelease resources linked to HelmRepository or GitRepository sources. Renovate supports OCI HelmRepository sources, those with type: oci. Renovate will then extract the docker dependencies for the referenced HelmRelease resources.

In addition, for the flux manager to properly link HelmRelease and HelmRepository resources, both of the following conditions must be met:

  1. The HelmRelease resource must either have its metadata.namespace property set or its spec.chart.spec.sourceRef.namespace property set
  2. The referenced HelmRepository resource must have its metadata.namespace property set

Namespaces will not be inferred from the context (e.g. from the parent Kustomization).

Renovate updates HelmRelease resources coming from GitRepository by updating the GitRepository resource.

GitRepository support

Renovate can update git references from GitRepository resources.

The flux manager only updates GitRepository fields that have a tag or commit key.

Kustomization support

Renovate can update image^1 references from Kustomization resources.

OCIRepository support

Renovate can update oci references from OCIRepository resources.

The flux manager only updates OCIRepository fields that have a digest or tag key. If tag and digest exist then digest takes precedence.

Flux system manifests support

Renovate supports updating Flux system manifests generated during Flux installation. System manifests are identified via being named gotk-components.y(a)ml and containing comment headers as generated by flux bootstrap.

Warning

Renovate cannot identify the use of custom bootstrap flags, such as --cluster-domain. In such a scenario Renovate's PR will overwrite these values with the Flux defaults. See issue #13952 on GitHub for more information.

Updating system manifests requires that either:

  1. The flux tool is pre-installed, or
  2. You run a Docker image based on containerbase, such as the official Renovate images, and have binarySource=install configured

Default fileMatch

By default, the flux manager only matches **/gotk-components.y(a)ml. So it only checks system manifest files generated by the flux bootstrap command.

This is because there is no commonly accepted file/directory naming convention for Flux manifests and we don't want to check every single *.yaml file in repositories just in case some of them have Flux definitions.

If most .yaml files in your repository are Flux manifests, then you could add this to your config:

{
  "flux": {
    "fileMatch": ["\\.yaml$"]
  }
}

If instead you have all your Flux manifests inside a flux/ directory, you would add this:

{
  "flux": {
    "fileMatch": ["flux/.+\\.yaml$"]
  }
}

Versioning

If you need to change the versioning format, read the versioning documentation to learn more.

Open items

The below list of features were current when this page was generated on October 12, 2024.

Feature requests

  • Let flux manager update tags and digests (flux currently ignores tags) #29768
  • improve flux manager with custom flags #13952