Erich Blume
b876e39981
## Summary - Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1 - Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime) - Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding - Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged - Updates ArgoCD app definition from multi-source Helm to single directory source ## Prerequisite - Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git ✅ - Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1` ## Deployment and Testing - [ ] Build and push container image: `mise run container-release homepage v1.10.1` - [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage` - [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net - [ ] Verify k8s autodiscovery works (services appear on dashboard) - [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.) - [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/221
2.9 KiB
| title | modified | tags | |||
|---|---|---|---|---|---|
| Review Services | 2026-02-19 |
|
Review Services
How to periodically review BlumeOps services for version freshness and upgrade opportunities.
Review by Staleness
Show services sorted by when they were last reviewed (most stale first):
mise run service-review
This reads the tracking file at service-versions.yaml (repo root) and sorts by the last-reviewed field. Services without a review date float to the top. The script shows a staleness table and then displays the most stale service with a review checklist.
To show more entries in the table:
mise run service-review -- --limit 30
To filter by service type:
mise run service-review -- --type argocd
mise run service-review -- --type ansible
mise run service-review -- --type hybrid
Review Process by Service Type
ArgoCD Services
- Check the upstream releases page for new versions
- Compare to the image tag or Helm chart version in
argocd/manifests/<service>/ - Review the upstream changelog for breaking changes
- If upgrading, update the manifest and follow deploy-k8s-service
Helm Chart Services
Same as ArgoCD, but also check for new chart versions in the mirrored chart repos under argocd/manifests/<service>/charts/.
Hybrid Services (Custom Container + ArgoCD)
- Check the upstream project for new releases
- Check the base image for security updates
- If rebuilding, follow build-container-image to tag and release
- Update the ArgoCD manifest with the new image tag
Ansible Services
- Check the upstream releases page for new versions
- Review the role's vars/defaults for version pins in
ansible/roles/<service>/ - If upgrading, update the version and dry-run:
mise run provision-indri -- --tags <service> --check --diff - Follow add-ansible-role patterns for role changes
Version Tracking Convention
The current-version field in service-versions.yaml tracks the upstream application version, not the container image tag. For hybrid services, the container image tag (e.g., v1.0.0) is decoupled from the contained app version (e.g., v1.10.1). This allows container rebuilds (base image updates, build fixes) without implying an upstream version change.
Marking a Service as Reviewed
After reviewing, edit service-versions.yaml (repo root) and update the service entry:
- name: prometheus
type: argocd
last-reviewed: 2026-02-16
current-version: "v3.9.1"
upstream-source: https://github.com/prometheus/prometheus/releases
Commit this change alongside any upgrades you make during the review.
Related
- review-documentation - Periodically review documentation cards
- deploy-k8s-service - Deploy changes to Kubernetes services
- build-container-image - Build and release custom container images
- add-ansible-role - Add or modify Ansible roles