admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

renovate: default-allow + codify ArgoCD auto-sync in git

Browse Source 
Two coordinated changes — open PR only, do NOT merge until dry-run passes.

1) admin-system/renovate.yaml: flip packageRules from Tier 1 allowlist to
   default-allow with safety gates. Adds prHourlyLimit=8 + prConcurrentLimit=8
   to throttle the first wave. New rules (7 total, order-sensitive):
   - "*"                    : 3-day stability gate (minimumReleaseAge)
   - minor/patch            : automerge via platformAutomerge
   - major                  : dependencyDashboardApproval (manual gate)
   - k3s-bundled (3 images) : disabled (ride k3s upgrades)
   - critical-core (6 imgs) : automerge=false (Viktor merges manually)
     - gitea/gitea, ghcr.io/goauthentik/{server,ldap,proxy},
       ghcr.io/cloudnative-pg/cloudnative-pg, quay.io/argoproj/argocd
     - ArgoCD + authentik /ldap and /proxy are no-ops (not pinned in repo)
   - termix                 : versioning=loose, extractVersion for "release-X.Y.Z"
   - wanderer-db + -web     : groupName=wanderer (one PR, prevents file race)
   enabledManagers unchanged ([kubernetes, helm-values]) — keeps Helmfile-
   managed infra invisible.

2) argocd-apps/homelab.yaml: codify per-app auto-sync intent in git
   (currently lives only on live CRs via UI — DR risk).
   - 35 existing bare-AUTO apps: add `automated: {enabled: true}` (matches live).
   - jarr, version-checker: add `automated: {enabled: true, prune: true,
     selfHeal: true}` (flipping MANUAL -> AUTO so Renovate merges deploy).
   - Untouched: admin-tools, authentik, cnpg-operator, root-apps (already
     have strict automated in git); monitoring, infrastructure, felhom,
     gitea, pihole, database-system (explicitly kept MANUAL per Viktor).
   NOTE: root-apps does NOT enforce syncPolicy.automated drift between git
   and live, so jarr + version-checker will also need a one-off kubectl
   patch after merge to actually become AUTO live. Done in go-live step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-06-05 07:07:39 +02:00
parent 0f592bc626
commit c308c0a85e
2 changed files with 121 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argocd-apps/homelab.yaml
+78
View File
@@ -47,6 +47,8 @@ spec:
server: https://kubernetes.default.svc
namespace: servarr-system
syncPolicy:
automated:
enabled: true
# Start with manual sync until you're comfortable
# automated:
# prune: true
@@ -82,6 +84,8 @@ spec:
server: https://kubernetes.default.svc
namespace: paperless-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -104,6 +108,8 @@ spec:
server: https://kubernetes.default.svc
namespace: actualbudget-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -126,6 +132,8 @@ spec:
server: https://kubernetes.default.svc
namespace: audiobookshelf-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -148,6 +156,8 @@ spec:
server: https://kubernetes.default.svc
namespace: bookstack-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -170,6 +180,8 @@ spec:
server: https://kubernetes.default.svc
namespace: immich-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -214,6 +226,8 @@ spec:
server: https://kubernetes.default.svc
namespace: nextcloud-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -236,6 +250,8 @@ spec:
server: https://kubernetes.default.svc
namespace: outline-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -258,6 +274,8 @@ spec:
server: https://kubernetes.default.svc
namespace: tandoor-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -280,6 +298,8 @@ spec:
server: https://kubernetes.default.svc
namespace: uptimekuma-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -302,6 +322,8 @@ spec:
server: https://kubernetes.default.svc
namespace: vaultwarden-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -369,6 +391,8 @@ spec:
server: https://kubernetes.default.svc
namespace: pihole-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
@@ -397,6 +421,8 @@ spec:
server: https://kubernetes.default.svc
namespace: mediaserver-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
---
@@ -418,6 +444,8 @@ spec:
server: https://kubernetes.default.svc
namespace: calibre-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -440,6 +468,8 @@ spec:
server: https://kubernetes.default.svc
namespace: adventurelog-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -592,6 +622,8 @@ spec:
server: https://kubernetes.default.svc
namespace: termix-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -614,6 +646,8 @@ spec:
server: https://kubernetes.default.svc
namespace: privatebin-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -636,6 +670,8 @@ spec:
server: https://kubernetes.default.svc
namespace: headlamp-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -658,6 +694,8 @@ spec:
server: https://kubernetes.default.svc
namespace: homepage-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -680,6 +718,8 @@ spec:
server: https://kubernetes.default.svc
namespace: code-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -702,6 +742,8 @@ spec:
server: https://kubernetes.default.svc
namespace: plantit-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -724,6 +766,8 @@ spec:
server: https://kubernetes.default.svc
namespace: fileshare-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -746,6 +790,8 @@ spec:
server: https://kubernetes.default.svc
namespace: arcade-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -768,6 +814,8 @@ spec:
server: https://kubernetes.default.svc
namespace: workout-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -790,6 +838,8 @@ spec:
server: https://kubernetes.default.svc
namespace: wanderer-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -812,6 +862,8 @@ spec:
server: https://kubernetes.default.svc
namespace: opengist-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -834,6 +886,8 @@ spec:
server: https://kubernetes.default.svc
namespace: zipline-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -856,6 +910,8 @@ spec:
server: https://kubernetes.default.svc
namespace: crafty-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -878,6 +934,8 @@ spec:
server: https://kubernetes.default.svc
namespace: booking-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -900,6 +958,8 @@ spec:
server: https://kubernetes.default.svc
namespace: web-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -922,6 +982,8 @@ spec:
server: https://kubernetes.default.svc
namespace: control-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -944,6 +1006,8 @@ spec:
server: https://kubernetes.default.svc
namespace: glance-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- PruneLast=true
@@ -967,6 +1031,10 @@ spec:
server: https://kubernetes.default.svc
namespace: version-checker-system
syncPolicy:
automated:
enabled: true
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1033,6 +1101,8 @@ spec:
server: https://kubernetes.default.svc
namespace: orsi-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1075,6 +1145,8 @@ spec:
server: https://kubernetes.default.svc
namespace: kisfenyo-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1096,6 +1168,8 @@ spec:
server: https://kubernetes.default.svc
namespace: office-system
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
@@ -1118,6 +1192,10 @@ spec:
server: https://kubernetes.default.svc
namespace: jarrs-system
syncPolicy:
automated:
enabled: true
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- PruneLast=true