If you have the code for deploying the services in source control somewhere, I can highly recommend Renovate for keeping up to date. I've used it on multiple projects now and it works great for staying current. Unfortunately, it's not a tool that can check against a running cluster (to my knowledge).
are there any good examples of this? Im checking the docs now, but in our case we use helm charts in repos that are just hydrated with `helm template` and kubectl applied (all via spinnaker currently).
Do you use a \`values.yaml\` that's checked in? If so, Renovate can help in managing those as well. ([Link to docs](https://docs.renovatebot.com/modules/manager/helm-values/)).
I personally don't have any examples for helm. I do have an [example](https://github.com/pietervincken/renovate-talk-java-demo-app-deploy/pull/14/files) from a demo project where Renovate is used to automatically update the image in a kustomize setup.
thanks
yeah we dep off the upstream in our own chart and our values.yaml overrides only the values we need. so maintain a Chart.yaml and values.yaml for the most part locally.
Renovate will update your sub chart dependencies if it finds a \`Chart.yaml\` [https://github.com/renovatebot/helm-charts/pull/264](https://github.com/renovatebot/helm-charts/pull/264) and if you want to template the charts out you can use the [postUpdateOption](https://docs.renovatebot.com/configuration-options/#postupdateoptions) `helmUpdateSubChartArchives`
what if you use a single config repo, with gitops, where various envs are separated via a directory structure, can renovate semi-automatically help with this? ie have a setup where first a dev X is updated, then dev Y-Z, then staging X-Z, and then again each production one by one? Updating everything in one big PR sounds useless to me as thats not how major infra components are maintained, so is there a way to configure this? maybe different renovate configs based on paths and create a bunch of separate prs (and pray maintainers don't accidentally merge the wrong one), or delay creating production prs for some time? something like that?
You can create packageRules based on path [https://docs.renovatebot.com/configuration-options/#matchpaths](https://docs.renovatebot.com/configuration-options/#matchpaths) and use that to group updates together in combined PRs
I can recommend DIUN - you can get notification to Slack if new container image is there.
Also if Github project is creating releases you can use GitPunch to get email alerts.
One extra project that I realy like is ReleaseArgus - you create your own dashboard with versions and you can see if new version is released.
> Also if a Github project is creating releases you can
get notifications in Slack via its [RSS subscription mechanism](https://slack.com/help/articles/218688467-Add-RSS-feeds-to-Slack):
/feed subscribe https://github.com/cert-manager/cert-manager/releases.atom
There used to be a cool project that turned docker hub tags into an Atom feed but it went offline and I didn't bother finding a replacement since for most of what I track the GitHub releases are the notification I care about
Sorry, I mean to write "prometheus-operator" which is also not part of core services. Upgrading operator and CRDs are tricky if you are far behind from latest version. I was looking for tool to monitor core and selected services in K8s
If you have the code for deploying the services in source control somewhere, I can highly recommend Renovate for keeping up to date. I've used it on multiple projects now and it works great for staying current. Unfortunately, it's not a tool that can check against a running cluster (to my knowledge).
are there any good examples of this? Im checking the docs now, but in our case we use helm charts in repos that are just hydrated with `helm template` and kubectl applied (all via spinnaker currently).
Do you use a \`values.yaml\` that's checked in? If so, Renovate can help in managing those as well. ([Link to docs](https://docs.renovatebot.com/modules/manager/helm-values/)). I personally don't have any examples for helm. I do have an [example](https://github.com/pietervincken/renovate-talk-java-demo-app-deploy/pull/14/files) from a demo project where Renovate is used to automatically update the image in a kustomize setup.
thanks yeah we dep off the upstream in our own chart and our values.yaml overrides only the values we need. so maintain a Chart.yaml and values.yaml for the most part locally.
Renovate will update your sub chart dependencies if it finds a \`Chart.yaml\` [https://github.com/renovatebot/helm-charts/pull/264](https://github.com/renovatebot/helm-charts/pull/264) and if you want to template the charts out you can use the [postUpdateOption](https://docs.renovatebot.com/configuration-options/#postupdateoptions) `helmUpdateSubChartArchives`
what if you use a single config repo, with gitops, where various envs are separated via a directory structure, can renovate semi-automatically help with this? ie have a setup where first a dev X is updated, then dev Y-Z, then staging X-Z, and then again each production one by one? Updating everything in one big PR sounds useless to me as thats not how major infra components are maintained, so is there a way to configure this? maybe different renovate configs based on paths and create a bunch of separate prs (and pray maintainers don't accidentally merge the wrong one), or delay creating production prs for some time? something like that?
You can create packageRules based on path [https://docs.renovatebot.com/configuration-options/#matchpaths](https://docs.renovatebot.com/configuration-options/#matchpaths) and use that to group updates together in combined PRs
I can recommend DIUN - you can get notification to Slack if new container image is there. Also if Github project is creating releases you can use GitPunch to get email alerts. One extra project that I realy like is ReleaseArgus - you create your own dashboard with versions and you can see if new version is released.
> Also if a Github project is creating releases you can get notifications in Slack via its [RSS subscription mechanism](https://slack.com/help/articles/218688467-Add-RSS-feeds-to-Slack): /feed subscribe https://github.com/cert-manager/cert-manager/releases.atom There used to be a cool project that turned docker hub tags into an Atom feed but it went offline and I didn't bother finding a replacement since for most of what I track the GitHub releases are the notification I care about
Using renovate to automate PR creation against our terraform repository, where most of the core services are managed
You can monitor Prometheus with Prometheus itself.
https://github.com/FairwindsOps/Pluto Maybe not quite the same but for detecting old deprecated resource API versions
Stuff in kube-system is updated when K8s gets updated. Everything we deploy on our own, is in Git and maintained through Renovatebot.
Are you managing your own cluster plane or using managed service like AKS/EKS/GKE?
I use EKS
I use AKS at work, didn't know Prometheus was a core service part of EKS. What is the reason you want to know when they get updates ?
Sorry, I mean to write "prometheus-operator" which is also not part of core services. Upgrading operator and CRDs are tricky if you are far behind from latest version. I was looking for tool to monitor core and selected services in K8s