From 1746e9ce261e8ff18f4498ee589ed0674280b74f Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Mon, 12 Jan 2026 19:07:40 +0100 Subject: [PATCH] added version-checker --- argocd-apps/homelab.yaml | 26 +++ version-checker-system/version-checker.yaml | 176 ++++++++++++++++++++ 2 files changed, 202 insertions(+) create mode 100644 version-checker-system/version-checker.yaml diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index e034776..088e4f1 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -943,4 +943,30 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: version-checker + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io + labels: + app.kubernetes.io/name: version-checker +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: version-checker-system + destination: + server: https://kubernetes.default.svc + namespace: version-checker-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true --- \ No newline at end of file diff --git a/version-checker-system/version-checker.yaml b/version-checker-system/version-checker.yaml new file mode 100644 index 0000000..9e02f9a --- /dev/null +++ b/version-checker-system/version-checker.yaml @@ -0,0 +1,176 @@ +# Version Checker - Container Image Version Monitoring for Kubernetes +# Namespace: version-checker-system +# +# This deploys jetstack/version-checker which monitors all container images +# running in the cluster and compares them to latest available upstream versions. +# Metrics are exposed for Prometheus scraping. +# +# Documentation: https://github.com/jetstack/version-checker +# +# Metrics exposed: +# - version_checker_is_latest_version{...} = 1 (up to date) or 0 (outdated) +# - version_checker_image_info{image, current_version, latest_version, ...} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: version-checker-system + labels: + app.kubernetes.io/name: version-checker +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: version-checker + namespace: version-checker-system + labels: + app.kubernetes.io/name: version-checker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: version-checker + labels: + app.kubernetes.io/name: version-checker +rules: + # Required to read pod specs to get container images + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list"] + # Required to check Kubernetes version (optional feature) + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: version-checker + labels: + app.kubernetes.io/name: version-checker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: version-checker +subjects: + - kind: ServiceAccount + name: version-checker + namespace: version-checker-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: version-checker + namespace: version-checker-system + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker + app.kubernetes.io/version: "v0.10.0" + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker + template: + metadata: + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker + app.kubernetes.io/version: "v0.10.0" + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/metrics" + spec: + serviceAccountName: version-checker + securityContext: + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: version-checker + image: quay.io/jetstack/version-checker:v0.10.0 + imagePullPolicy: IfNotPresent + args: + # Test ALL containers in the cluster (not just annotated ones) + - --test-all-containers + # How often to re-check versions (default: 1h) + - --image-cache-timeout=1h + # Log level + - --log-level=info + ports: + - name: metrics + containerPort: 8080 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + livenessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /readyz + port: metrics + initialDelaySeconds: 10 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: version-checker + namespace: version-checker-system + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker +spec: + type: ClusterIP + ports: + - name: metrics + port: 8080 + targetPort: metrics + protocol: TCP + selector: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker +--- +# ServiceMonitor for Prometheus Operator (if using kube-prometheus-stack) +# If you're using plain Prometheus with pod annotations, this can be removed +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: version-checker + namespace: version-checker-system + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker + # Add your Prometheus selector label if needed + # release: prometheus +spec: + selector: + matchLabels: + app.kubernetes.io/name: version-checker + namespaceSelector: + matchNames: + - version-checker-system + endpoints: + - port: metrics + interval: 5m + scrapeTimeout: 30s + path: /metrics \ No newline at end of file