chore(deps): update docker images

The Renovate config in this repository needs migrating. Typically this
is because one or more configuration options you are using have been
renamed.

You don't need to merge this PR right away, because Renovate will
continue to migrate these fields internally each time it runs. But later
some of these fields may be fully deprecated and the migrations removed.
So it's a good idea to merge this migration PR soon.



#### [PLEASE
NOTE](https://docs.renovatebot.com/configuration-options#configmigration):
JSON5 config file migrated! All comments & trailing commas were removed.

🔕 **Ignore**: Close this PR and you won't be reminded about config
migration again, but one day your current config may no longer be valid.

❓ Got questions? Does something look wrong to you? Please don't hesitate
to [request help
here](https://redirect.github.com/renovatebot/renovate/discussions).


---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

charts/operator/templates/clusterrolebinding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "homelab-operator.fullname" . }}
+  name: '{{ include "homelab-operator.fullname" . }}'
 subjects:
-- kind: ServiceAccount
-  name: {{ include "homelab-operator.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: '{{ include "homelab-operator.serviceAccountName" . }}'
+    namespace: "{{ .Release.Namespace }}"
 roleRef:
   kind: ClusterRole
-  name: {{ include "homelab-operator.fullname" . }}
+  name: '{{ include "homelab-operator.fullname" . }}'
   apiGroup: rbac.authorization.k8s.io

charts/operator/templates/deployment.yaml

@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "homelab-operator.fullname" . }}
+  namespace: "{{ .Release.Namespace }}"
   labels:
     {{- include "homelab-operator.labels" . | nindent 4 }}
 spec:

charts/operator/templates/serviceaccount.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "homelab-operator.serviceAccountName" . }}
+  namespace: "{{ .Release.Namespace }}"
   labels:
     {{- include "homelab-operator.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}

charts/operator/values.yaml

@@ -6,7 +6,7 @@ image:
   repository: ghcr.io/morten-olsen/homelab-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: main@sha256:df20d7e4f48bd886cef63ab882de9c6df76b0b297724d1cdf3a79aba8de6f896
+  tag: main@sha256:6ccd49971ca0c230f42c9c7b52197c853c87b77a89f66dc7791335191fb79054
 
 imagePullSecrets: []
 nameOverride: ""

images/backup/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine/git:latest@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3
+FROM alpine/git:latest@sha256:63d6641dc22922b38b8c19780d2308879ef29a8fb9766ddb90f7e4c9ddeefad3
 # or a more specific image like a Debian slim or Ubuntu base image.
 RUN apk add --no-cache restic fuse-overlayfs
 WORKDIR /app

images/operator/Dockerfile

@@ -1,6 +1,8 @@
 FROM node:23-slim@sha256:86191b94d2a163be41f3dc7fe5e5fcaca8ba2f1be7275d98a06343483c17414a
 RUN corepack enable
+WORKDIR /app
 COPY package.json pnpm-lock.yaml ./
+COPY patches ./patches
 RUN pnpm install --frozen-lockfile --prod
 COPY . .
 CMD ["node", "src/index.ts"]

images/operator/package.json

@@ -49,7 +49,7 @@
       "sqlite3"
     ],
     "patchedDependencies": {
-      "@kubernetes/client-node": "patches/@kubernetes__client-node.patch"
+      "@kubernetes/client-node": "./patches/@kubernetes__client-node.patch"
     }
   },
   "scripts": {

images/operator/src/bootstrap/bootstrap.ts

@@ -31,11 +31,11 @@ class BootstrapService {
 
   public ensure = async () => {
     await this.namespaces.ensure();
-    await this.repos.ensure();
-    await this.releases.ensure();
-    await this.cloudflareTunnel.ensure({
-      spec: {},
-    });
+    // await this.repos.ensure();
+    // await this.releases.ensure();
+    // await this.cloudflareTunnel.ensure({
+    //  spec: {},
+    //});
   };
 }
 

images/operator/src/index.ts

@@ -8,7 +8,7 @@ import { homelab } from '#resources/homelab/homelab.ts';
 const services = new Services();
 const resourceService = services.get(ResourceService);
 
-await resourceService.install(...Object.values(homelab));
+// await resourceService.install(...Object.values(homelab));
 await resourceService.register(...Object.values(resources));
 
 const bootstrapService = services.get(BootstrapService);

images/operator/src/resources/homelab/authentik-server/authentik-server.ts

@@ -168,7 +168,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
         chart: {
           spec: {
             chart: 'authentik',
-            version: '2025.6.4',
+            version: '2025.10.3',
             sourceRef: {
               apiVersion: 'source.toolkit.fluxcd.io/v1',
               kind: 'HelmRepository',

images/operator/src/resources/homelab/oidc-client/oidc-client.ts

@@ -79,7 +79,7 @@ class OIDCClient extends CustomResource<typeof specSchema> {
       clientId: this.name,
       configuration: new URL(`/application/o/${this.appName}/.well-known/openid-configuration`, url).toString(),
       configurationIssuer: new URL(`/application/o/${this.appName}/`, url).toString(),
-      authorization: new URL(`/application/o/${this.appName}/authorize/`, url).toString(),
+      authorization: new URL(`/application/o/authorize/`, url).toString(),
       token: new URL(`/application/o/${this.appName}/token/`, url).toString(),
       userinfo: new URL(`/application/o/${this.appName}/userinfo/`, url).toString(),
       endSession: new URL(`/application/o/${this.appName}/end-session/`, url).toString(),

images/operator/src/resources/homelab/postgres-cluster/postgres-cluster.ts

@@ -108,7 +108,7 @@ class PostgresCluster extends CustomResource<typeof specSchema> {
             containers: [
               {
                 name: this.name,
-                image: 'postgres:17',
+                image: 'pgvector/pgvector:pg17-trixie',
                 ports: [{ containerPort: 5432, name: 'postgres' }],
                 env: [
                   { name: 'POSTGRES_PASSWORD', valueFrom: { secretKeyRef: { name: secretName, key: 'password' } } },

images/operator/src/resources/resources.ts

@@ -11,7 +11,7 @@ const resources = {
   ...flux,
   ...certManager,
   ...istio,
-  ...homelab,
+  // ...homelab,
 } satisfies Record<string, ResourceClass<ExpectedAny>>;
 
 export { resources };

renovate.json5

@@ -1,28 +1,35 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base"
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  extends: [
+    'config:recommended',
   ],
-  "packageRules": [
+  packageRules: [
     {
-      "groupName": "Docker images",
-      "groupSlug": "dockerimages",
-      "matchDatasources": ["docker"],
-      "pinDigests": true
-    }
-  ],
-  "helm-values": {
-    "fileMatch": ["^charts/.*/values\\.yaml$"]
-  },
-  "regexManagers": [
-    {
-      "fileMatch": ["^charts/.*/values\\.yaml$"],
-      "matchStrings": [
-        "repository:\s*'(?<depName>.*?)'\n\s*tag:\s*'(?<currentValue>.*?)'",
-        "repository:\s*\"(?<depName>.*?)\"\n\s*tag:\s*\"(?<currentValue>.*?)\"",
-        "repository:\s*(?<depName>.*?)\n\s*tag:\s*(?<currentValue>.*)"
+      groupName: 'Docker images',
+      groupSlug: 'dockerimages',
+      matchDatasources: [
+        'docker',
       ],
-      "datasourceTemplate": "docker"
-    }
-  ]
+      pinDigests: true,
+    },
+  ],
+  'helm-values': {
+    managerFilePatterns: [
+      '/^charts/.*/values\\.yaml$/',
+    ],
+  },
+  customManagers: [
+    {
+      customType: 'regex',
+      managerFilePatterns: [
+        '/^charts/.*/values\\.yaml$/',
+      ],
+      matchStrings: [
+        "repository:s*'(?<depName>.*?)'\ns*tag:s*'(?<currentValue>.*?)'",
+        'repository:s*"(?<depName>.*?)"\ns*tag:s*"(?<currentValue>.*?)"',
+        'repository:s*(?<depName>.*?)\ns*tag:s*(?<currentValue>.*)',
+      ],
+      datasourceTemplate: 'docker',
+    },
+  ],
 }

skaffold.yaml

@@ -4,10 +4,9 @@ metadata:
   name: homelab-operator
 
 build:
-  cluster: {}
   artifacts:
-    - image: homelaboperator
-      context: .
+    - image: zot.olsen.cloud/homelaboperator
+      context: ./images/operator
       docker:
         dockerfile: Dockerfile
 
@@ -16,9 +15,10 @@ manifests:
     releases:
       - name: homelab-operator
         chartPath: charts/operator
+        namespace: homelab
         setValueTemplates:
-          image.repository: '{{.IMAGE_REPO_homelaboperator}}'
-          image.tag: '{{.IMAGE_TAG_homelaboperator}}'
+          image.repository: "zot.local/homelaboperator"
+          image.tag: "{{.IMAGE_TAG_zot_olsen_cloud_homelaboperator}}"
 
 deploy:
   # Use kubectl to apply the manifests.