A Kubernetes operator for automating Renovate Bot deployments. This operator manages Renovate runs across repositories discovered from Git platforms, with a built-in web dashboard for monitoring.
- Automated Scheduling: Cron-based scheduling for discovery and Renovate runs
- Repository Discovery: Automatic discovery of repositories from Git platforms
- Per-Repository Jobs: One Kubernetes Job per repository, all running concurrently
- Web Dashboard: Real-time monitoring with Server-Sent Events, job log viewer
- OAuth2 Login: Secure web UI access via platform OIDC
- Webhook Triggers: Trigger Renovate runs from platform webhook events
| Feature | Implemented | Planned |
|---|---|---|
| Renovate platform | Gitea | Forgejo, GitLab, GitHub |
| Webhook receiver | Gitea | Forgejo, GitLab, GitHub |
| OAuth2 authentication | Gitea | Forgejo, GitLab, GitHub |
- Kubernetes cluster (1.24+)
kubectlconfigured to access your cluster- Access token of a Git platform
The Helm chart and container images are published to:
- Quay.io:
quay.io/thegeeklab/renovate-operator - Docker Hub:
docker.io/thegeeklab/renovate-operator
Install using Quay.io:
helm install renovate-operator oci://quay.io/thegeeklab/renovate-operator \
--namespace renovate-system --create-namespaceDownload install.yaml from the GitHub Releases page, then:
kubectl apply -f install.yaml- Create a Gitea token secret:
kubectl create secret generic gitea-token \
--from-literal=token=your_gitea_token_here \
--namespace renovate-system- Create a Renovator resource:
apiVersion: renovate.thegeeklab.de/v1beta1
kind: Renovator
metadata:
name: my-renovator
namespace: renovate-system
spec:
schedule: "0 2 * * *"
renovate:
platform:
type: gitea
endpoint: https://gitea.example.com
token:
secretKeyRef:
name: gitea-token
key: token
discovery:
schedule: "0 */2 * * *"
filter:
- "your-org/*"
- "!your-org/archived-*"
runner:
schedule: "0 3 * * *"kubectl apply -f renovator.yaml- Verify:
kubectl get renovator my-renovator -n renovate-system
kubectl get gitrepos -n renovate-system
kubectl logs -n renovate-system deployment/renovate-operator-controller-managerThe frontend is served by the manager pod on port 8082. There is no dedicated Kubernetes Service for the frontend in the default installation, so use port-forward directly to the pod:
kubectl port-forward -n renovate-system \
deployment/renovate-operator-controller-manager 8082:8082Then open <http://localhost:8082> in your browser.
WARNING:
GitRepoandAuthProviderresources carry finalizers that call the Git platform API to deregister webhooks and auth providers on deletion. The operator must be running and able to reach the Git platform while these resources are deleted. Removing the operator before they are fully deleted will permanently block them inTerminatingstate and leave orphaned webhooks registered on the platform.
Delete resources in this order:
# 1. Delete GitRepo resources and wait for finalizers to clear
kubectl delete gitrepos --all -n renovate-system
kubectl wait gitrepos --all --for=delete --timeout=120s -n renovate-system
# 2. Delete AuthProvider resources and wait for finalizers to clear
kubectl delete authprovider --all -n renovate-system
kubectl wait authprovider --all --for=delete --timeout=120s -n renovate-system
# 3. Delete Renovator instances
kubectl delete renovator --all -n renovate-system
# 4. Remove the operator
# If using Helm
helm uninstall renovate-operator -n renovate-system
# If using static manifest
kubectl delete -f install.yamlSpecial thanks to all contributors. If you would like to contribute, please see the instructions.
This project is heavily inspired by secustor/renovate-operator from Sebastian Poxhofer.
This project is licensed under the MIT License - see the LICENSE file for details.