Failed Attempt at using Renovate bot to upgrade config connector operator.
Since config-connector doesn't provide a helm chart, the idea was to define a Flux GitRepository resource pointing to the official config-connector repository and a flux kustomization resource pointing to the relevant location on the repo where operator configurations are stored. Renovate bot would then submit a PR to update the tag defined within the GitRepository resource, thereby upgrading the operator in the cluster once it's PR was merged.
Even though the CRDs are present, the repository doesn't seem to store the complete operator configuration. For example, this kustomization file within the ./operator/config/autopilot-manager/ patches the resources using a manager_image_patch.yaml, however, the repository instead only stores a manager_image_patch_template.yaml file which is used during runtime to produce a manager_image_patch.yaml. This runtime hydration won't be possible within Flux.
Another possible target is ./install-bundles to directly configure the controller and CRDs, but all of it's sub-directories have hostPort defined in their relevant deployment manifests which doesn't play well with GKE Autopilot constraints.
Google only supports the distribution of config-connector manifests via it's storage bucket. Although it's possible to directly point to it using a Flux Bucket source, it raises the following error -
> k describe bucket -n flux-system
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning BucketOperationFailed 11m (x66 over 14h) source-controller fetch from bucket 'configconnector-operator' failed: failed to get '1.120.1/release-bundle.tar.gz' object: googleapi: Error 412: The type of authentication token used for this request requires that Uniform Bucket Level Access be enabled., conditionNotMet