updatebot: Updates for latest version

The latest version of `updatebot` has two major changes: 1. Projects can encompass multiple images, eliminating the need for multiple configuration files and CronJobs. Projects are now defined in a YAML documen, since the data structure is very nested and is cumbersome to express in TOML. 2. Pull requests can now include a diff of the resources that will change if the PR is merged. This requires the `kubectl` and `diff` programs (which are not currently included in the _updatebot_ container image, so we bind-mount them from the host) and permission to compare the local manifests using the Kubernetes API. Oddly, computing the diff requires permission to use the PATCH method, even though the client is not requesting any changes. This is apparently a long-standing bug ([issue #981][0]) that may or may not ever be fixed. [0]: https://github.com/kubernetes/kubectl/issues/981
2024-09-08 19:54:58 -05:00
parent 431395f18f
commit f17ad4f779
7 changed files with 134 additions and 248 deletions
--- a/updatebot/kustomization.yaml
+++ b/updatebot/kustomization.yaml
@@ -8,28 +8,27 @@ labels:
    app.kubernetes.io/component: updatebot
    app.kubernetes.io/instance: updatebot
    app.kubernetes.io/part-of: updatebot
+  includeTemplates: true

 resources:
 - namespace.yaml
+- rbac.yaml
 - updatebot.yaml
 - secrets.yaml

 configMapGenerator:
 - name: updatebot-projects
  files:
-  - home-assistant.toml=projects/home-assistant.toml
-  - firefly-iii.toml=projects/firefly-iii.toml
-  - paperless-ngx.toml=projects/paperless-ngx.toml
+  - config.yml
  options:
    disableNameSuffixHash: true
+    labels:
+      app.kubernetes.io/name: updatebot-projects

 - name: ssh-known-hosts
  files:
  - ssh_known_hosts
  options:
    disableNameSuffixHash: true
-
---
-images:
- image: git.pyrocufflink.net/infra/updatebot
-  newTag: dev
+    labels:
+      app.kubernetes.io/name: ssh-known-hosts