Automated Dependency Updates for Kustomize
Categories: kubernetes
Renovate supports updating Kustomize dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)kustomization\.ya?ml$.
For details on how to extend a manager's fileMatch value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: docker, git-tags, github-tags, helm.
Default config¶
{
"fileMatch": [
"(^|/)kustomization\\.ya?ml$"
],
"pinDigests": false
}
Additional Information¶
Renovate can manage these parts of the kustomization.yaml file:
- remote resources
- image tags
- components
- helm charts
- remote bases (deprecated since Kustomize
v2.1.0)
How It Works
- Renovate searches in each repository for any
kustomization.yamlfiles - Dependencies are extracted from remote bases, image tags and Helm charts
- Renovate resolves the dependency's source repository and checks if there are SemVer tags
- If Renovate finds an update, then it updates the
kustomization.yamlfile
This manager uses three depTypes to allow fine-grained control of which dependencies are upgraded:
- Component
- Kustomization
- HelmChart
- OCIChart
Limitations
- Using HTTPS to fetch the repositories is not tested
- The keys for the image tags can be in any order
- name: image/name
newTag: v0.0.1
# or
- newTag: v0.0.1
name: image/name
- Digests can be pinned in
newTagordigest:
- name: image/name
newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
# without a version, digests are tracked as :latest
- name: image/name
digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- The image's repository can be changed with
newName:
- name: image/name
newName: custom-image/name:v0.0.1
- name: image/name
newName: custom-image/name:v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name
newName: custom-image/name@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name
newName: custom-image/name
newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- name: image/name
newName: custom-image/name
digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
- Images with values ignored by Kustomize will be skipped to avoid ambiguity:
# bad: skipped because newTag: is ignored when digest: is set
- name: image/name
newTag: v0.0.1
digest: sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
# good:
- name: image/name
newTag: v0.0.1@sha256:3eeba3e2caa30d2aba0fd78a34c1bbeebaa1b96c7aa3c95ec9bac44163c5ca4f
Open items¶
The below list of features were current when this page was generated on April 25, 2024.