feat(container)!: Update image ghcr.io/home-operations/k8s-sidecar (1.30.9 → 2.5.0)

[bot-akira]

This PR contains the following updates:

Package	Update	Change
ghcr.io/home-operations/k8s-sidecar (source)	major	1.30.9 → 2.5.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

kiwigrid/k8s-sidecar (ghcr.io/home-operations/k8s-sidecar)

v2.5.0

Compare Source

🚀 Features

• feat: add DISABLE_X509_STRICT_VERIFICATION env var
  • PR: #​474

v2.4.0

Compare Source

🚀 Features

• Ensure health server supports dual-stack
  • PR: #​511

v2.3.0

Compare Source

🚀 Features

• feat: removes fastapi for liveness probe, using ThreadingHTTPServer now
• feat: batch fetching secrets/configmaps, rather than getting them all at once
  • PR: #​506

📦 Dependencies

• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0
  • PR: #​503
• build(deps): bump github/codeql-action from 4.31.9 to 4.31.10
  • PR: #​508

v2.2.3

Compare Source

v2.2.2

Compare Source

📦 Dependencies

• Bump uvicorn from 0.38.0 to 0.40.0 in /src
  • PR: #​497

v2.2.1

Compare Source

📦 Dependencies

• Bump softprops/action-gh-release from 2.4.2 to 2.5.0
  • PR: #​477
• Bump github/codeql-action from 4.31.5 to 4.31.8
  • PR: #​491
• Bump actions/download-artifact from 6.0.0 to 7.0.0
  • PR: #​494
• Bump actions/upload-artifact from 5.0.0 to 6.0.0
  • PR: #​492
• Bump actions/stale from 10.1.0 to 10.1.1
  • PR: #​482
• Bump fastapi from 0.122.0 to 0.128.0 in /src
  • PR: #​501

v2.2.0

Compare Source

🚀 Features

• feat: Use threads instead of processes for watchers
  • PR: #​490

📦 Dependencies

• Bump actions/checkout from 6.0.0 to 6.0.1
  • PR: #​480

v2.1.4

Compare Source

📦 Dependencies

• Bump actions/checkout from 5.0.1 to 6.0.0
  • PR: #​472
• Bump actions/upload-artifact from 4.6.2 to 5.0.0
  • PR: #​459
• Bump actions/download-artifact from 5.0.0 to 6.0.0
  • PR: #​456
• Bump fastapi from 0.121.0 to 0.122.0 in /src
  • PR: #​470

v2.1.3

Compare Source

📦 Dependencies

• Bump github/codeql-action from 4.31.2 to 4.31.3
  • PR: #​466
• Bump actions/checkout from 5.0.0 to 5.0.1
  • PR: #​467
• Bump softprops/action-gh-release from 2.4.1 to 2.4.2
  • PR: #​463
• Bump github/codeql-action from 4.31.3 to 4.31.5
  • PR: #​471

v2.1.2

Compare Source

📦 Dependencies

• Bump mikepenz/release-changelog-builder-action from 6.0.0 to 6.0.1
  • PR: #​458
• Bump docker/setup-qemu-action from 3.6.0 to 3.7.0
  • PR: #​457
• Bump fastapi from 0.115.2 to 0.121.0 in /src
  • PR: #​452

v2.1.1

Compare Source

📦 Dependencies

• Bump mikepenz/release-changelog-builder-action from 6.0.0 to 6.0.1
  • PR: #​458
• Bump docker/setup-qemu-action from 3.6.0 to 3.7.0
  • PR: #​457
• Bump fastapi from 0.115.2 to 0.121.0 in /src
  • PR: #​452

v2.1.0

Compare Source

🚀 Features

• wyn_skip_init: - add flag to skip initial request to REQ_URL when using WATCH
  • PR: #​433

📦 Dependencies

• Bump actions/upload-artifact from 4 to 5
  • PR: #​439
• Bump actions/download-artifact from 5 to 6
  • PR: #​440

v2.0.3

Compare Source

Build

• Drop support for ppc64le (#​445)
• Drop support for s390x (#​444)

Enhancements

• Add health endpoint with readiness and liveness probes (#​416)

• New /healthz Endpoint: A new HTTP endpoint is available on port 8080 (configurable via the HEALTH_PORT environment variable)

  • Readiness Probe:

    • The sidecar now reports as "ready" (HTTP 200) only after the initial synchronization of all configured resources is complete
    • This prevents the main application container from starting or receiving traffic prematurely, ensuring all configuration files are present at startup

  • Liveness Probe:

    • The probe continuously monitors the sidecar's health by checking two critical conditions:
      • Kubernetes API Contact: Verifies that the sidecar has had successful contact with the Kubernetes API within the last 60 seconds
      • Watcher Process Health: Ensures that all internal watcher subprocesses are running correctly
    • If any check fails, the probe fails, signaling Kubernetes to restart the container

• Reduced Log Noise: Access logs for frequent /healthz requests are automatically filtered out to keep application logs clean and focused

• Fail-Fast on Process Death: The main process now exits immediately if a critical watcher subprocess dies, ensuring a prompt restart by Kubernetes

Testing

• The CI pipeline has been enhanced with new tests to validate this functionality:
  • A test to confirm the Uvicorn health server starts successfully
  • A liveness test that simulates a watcher process failure and asserts that Kubernetes restarts the pod as expected
  • A Kubernetes Config load test for Sleep and Watch based sidecar

v1.30.11

Compare Source

⚠️ YANKED/UNSTABLE ⚠️: Do not use 1.30.11 due to #​431
Use 1.30.9 as latest stable

📦 Dependencies

• Bump python-json-logger from 3.3.0 to 4.0.0 in /src
  • PR: #​424

v1.30.10

Compare Source

⚠️ YANKED/UNSTABLE ⚠️: Do not use 1.30.10 due to #​431
Use 1.30.9 as latest stable

📦 Dependencies

• Bump requests from 2.32.4 to 2.32.5 in /src
  • PR: #​418

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[bot-akira]

--- kubernetes/apps/observability/gatus/app Kustomization: observability/gatus HelmRelease: observability/gatus

+++ kubernetes/apps/observability/gatus/app Kustomization: observability/gatus HelmRelease: observability/gatus

@@ -84,13 +84,13 @@

               METHOD: WATCH
               NAMESPACE: ALL
               RESOURCE: both
               UNIQUE_FILENAMES: true
             image:
               repository: ghcr.io/home-operations/k8s-sidecar
-              tag: 1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
+              tag: 2.5.0@sha256:ae958215a6124c6d09dbf6cf568dc72176791bfba8630f4300d4eaaf1caa5b10
             resources:
               limits:
                 memory: 128Mi
               requests:
                 cpu: 10m
             restartPolicy: Always
--- kubernetes/apps/observability/loki/app Kustomization: observability/loki HelmRelease: observability/loki

+++ kubernetes/apps/observability/loki/app Kustomization: observability/loki HelmRelease: observability/loki

@@ -82,13 +82,13 @@

     resultsCache:
       enabled: false
     sidecar:
       enableUniqueFilenames: true
       image:
         repository: ghcr.io/home-operations/k8s-sidecar
-        tag: 1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
+        tag: 2.5.0@sha256:ae958215a6124c6d09dbf6cf568dc72176791bfba8630f4300d4eaaf1caa5b10
       rules:
         folder: /rules/fake
         searchNamespace: ALL
     singleBinary:
       persistence:
         enabled: true

[bot-akira]

--- HelmRelease: observability/loki StatefulSet: observability/loki

+++ HelmRelease: observability/loki StatefulSet: observability/loki

@@ -88,13 +88,13 @@

         - name: storage
           mountPath: /var/loki
         - name: sc-rules-volume
           mountPath: /rules/fake
         resources: {}
       - name: loki-sc-rules
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
+        image: ghcr.io/home-operations/k8s-sidecar:2.5.0@sha256:ae958215a6124c6d09dbf6cf568dc72176791bfba8630f4300d4eaaf1caa5b10
         imagePullPolicy: IfNotPresent
         env:
         - name: METHOD
           value: WATCH
         - name: LABEL
           value: loki_rule
--- HelmRelease: observability/gatus Deployment: observability/gatus

+++ HelmRelease: observability/gatus Deployment: observability/gatus

@@ -66,13 +66,13 @@

         - name: NAMESPACE
           value: ALL
         - name: RESOURCE
           value: both
         - name: UNIQUE_FILENAMES
           value: 'true'
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
+        image: ghcr.io/home-operations/k8s-sidecar:2.5.0@sha256:ae958215a6124c6d09dbf6cf568dc72176791bfba8630f4300d4eaaf1caa5b10
         name: init-config
         resources:
           limits:
             memory: 128Mi
           requests:
             cpu: 10m

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.