2026-02-16 17:02:56 -08:00
---
title: Review Services
Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221)
## Summary
- Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1
- Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime)
- Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding
- Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged
- Updates ArgoCD app definition from multi-source Helm to single directory source
## Prerequisite
- Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅
- Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1`
## Deployment and Testing
- [ ] Build and push container image: `mise run container-release homepage v1.10.1`
- [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage`
- [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net
- [ ] Verify k8s autodiscovery works (services appear on dashboard)
- [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.)
- [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/221
2026-02-19 18:29:19 -08:00
modified: 2026-02-19
2026-03-07 09:03:08 -08:00
last-reviewed: 2026-03-07
2026-02-16 17:02:56 -08:00
tags:
- how-to
- maintenance
- services
---
# Review Services
How to periodically review BlumeOps services for version freshness and upgrade opportunities.
## Review by Staleness
Show services sorted by when they were last reviewed (most stale first):
```bash
mise run service-review
```
This reads the tracking file at `service-versions.yaml` (repo root) and sorts by the `last-reviewed` field. Services without a review date float to the top. The script shows a staleness table and then displays the most stale service with a review checklist.
To show more entries in the table:
```bash
2026-02-22 10:20:11 -08:00
mise run service-review --limit 30
2026-02-16 17:02:56 -08:00
```
To filter by service type:
```bash
2026-02-22 10:20:11 -08:00
mise run service-review --type argocd
mise run service-review --type ansible
mise run service-review --type hybrid
2026-02-16 17:02:56 -08:00
```
## Review Process by Service Type
2026-03-07 09:03:08 -08:00
### ArgoCD Services (`type: argocd`)
2026-02-16 17:02:56 -08:00
1. Check the upstream releases page for new versions
2026-03-07 09:03:08 -08:00
2. Compare to the image tag in `argocd/manifests/<service>/kustomization.yaml` (`images[].newTag` )
2026-02-16 17:02:56 -08:00
3. Review the upstream changelog for breaking changes
2026-03-07 09:03:08 -08:00
4. If the service uses a custom-built container, also check the base image for security updates and follow [[build-container-image]] to rebuild
5. If upgrading, update the manifest and follow [[deploy-k8s-service]]
2026-02-16 17:02:56 -08:00
2026-03-07 09:03:08 -08:00
### Ansible Services (`type: ansible`)
2026-02-16 17:02:56 -08:00
1. Check the upstream releases page for new versions
2. Review the role's vars/defaults for version pins in `ansible/roles/<service>/`
3. If upgrading, update the version and dry-run: `mise run provision-indri -- --tags <service> --check --diff`
4. Follow [[add-ansible-role]] patterns for role changes
2026-03-07 09:03:08 -08:00
### NixOS Services (`type: nixos`)
1. Check the upstream project for new releases
2. Review the Nix derivation or flake input for version pins
3. If upgrading, update and deploy via `mise run provision-ringtail`
Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221)
## Summary
- Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1
- Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime)
- Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding
- Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged
- Updates ArgoCD app definition from multi-source Helm to single directory source
## Prerequisite
- Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅
- Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1`
## Deployment and Testing
- [ ] Build and push container image: `mise run container-release homepage v1.10.1`
- [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage`
- [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net
- [ ] Verify k8s autodiscovery works (services appear on dashboard)
- [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.)
- [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/221
2026-02-19 18:29:19 -08:00
## Version Tracking Convention
2026-03-07 09:03:08 -08:00
The `current-version` field in `service-versions.yaml` tracks the **upstream application version ** , not the container image tag. For services with custom-built containers, the container image tag (e.g., `v1.0.0` ) is decoupled from the contained app version (e.g., `v1.10.1` ). This allows container rebuilds (base image updates, build fixes) without implying an upstream version change.
Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221)
## Summary
- Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1
- Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime)
- Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding
- Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged
- Updates ArgoCD app definition from multi-source Helm to single directory source
## Prerequisite
- Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅
- Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1`
## Deployment and Testing
- [ ] Build and push container image: `mise run container-release homepage v1.10.1`
- [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage`
- [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net
- [ ] Verify k8s autodiscovery works (services appear on dashboard)
- [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.)
- [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/221
2026-02-19 18:29:19 -08:00
2026-02-16 17:02:56 -08:00
## Marking a Service as Reviewed
After reviewing, edit `service-versions.yaml` (repo root) and update the service entry:
```yaml
- name: prometheus
type: argocd
last-reviewed: 2026-02-16
current-version: "v3.9.1"
upstream-source: https://github.com/prometheus/prometheus/releases
```
Commit this change alongside any upgrades you make during the review.
## Related
- [[review-documentation]] - Periodically review documentation cards
- [[deploy-k8s-service]] - Deploy changes to Kubernetes services
- [[build-container-image]] - Build and release custom container images
- [[add-ansible-role]] - Add or modify Ansible roles
