feat(container)!: Update image ghcr.io/home-operations/k8s-sidecar (1.30.11 → 2.0.3)

[yo-renovate]

This PR contains the following updates:

Package	Update	Change
ghcr.io/home-operations/k8s-sidecar (source)	major	1.30.11 -> 2.0.3

---

Release Notes

kiwigrid/k8s-sidecar (ghcr.io/home-operations/k8s-sidecar)

v2.0.3

Compare Source

Build

• Drop support for ppc64le (#​445)
• Drop support for s390x (#​444)

Enhancements

• Add health endpoint with readiness and liveness probes (#​416)

• New /healthz Endpoint: A new HTTP endpoint is available on port 8080 (configurable via the HEALTH_PORT environment variable)

  • Readiness Probe:

    • The sidecar now reports as "ready" (HTTP 200) only after the initial synchronization of all configured resources is complete
    • This prevents the main application container from starting or receiving traffic prematurely, ensuring all configuration files are present at startup

  • Liveness Probe:

    • The probe continuously monitors the sidecar's health by checking two critical conditions:
      • Kubernetes API Contact: Verifies that the sidecar has had successful contact with the Kubernetes API within the last 60 seconds
      • Watcher Process Health: Ensures that all internal watcher subprocesses are running correctly
    • If any check fails, the probe fails, signaling Kubernetes to restart the container

• Reduced Log Noise: Access logs for frequent /healthz requests are automatically filtered out to keep application logs clean and focused

• Fail-Fast on Process Death: The main process now exits immediately if a critical watcher subprocess dies, ensuring a prompt restart by Kubernetes

Testing

• The CI pipeline has been enhanced with new tests to validate this functionality:
  • A test to confirm the Uvicorn health server starts successfully
  • A liveness test that simulates a watcher process failure and asserts that Kubernetes restarts the pod as expected
  • A Kubernetes Config load test for Sleep and Watch based sidecar

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[yo-renovate]

--- HelmRelease: observability/grafana Deployment: observability/grafana

+++ HelmRelease: observability/grafana Deployment: observability/grafana

@@ -57,13 +57,13 @@

           subPath: download_dashboards.sh
         - name: storage
           mountPath: /var/lib/grafana
       enableServiceLinks: true
       containers:
       - name: grafana-sc-dashboard
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        image: ghcr.io/home-operations/k8s-sidecar:2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
         imagePullPolicy: IfNotPresent
         env:
         - name: METHOD
           value: WATCH
         - name: LABEL
           value: grafana_dashboard
@@ -97,13 +97,13 @@

           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
         - name: sc-dashboard-volume
           mountPath: /tmp/dashboards
       - name: grafana-sc-datasources
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        image: ghcr.io/home-operations/k8s-sidecar:2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
         imagePullPolicy: IfNotPresent
         env:
         - name: METHOD
           value: WATCH
         - name: LABEL
           value: grafana_datasource
--- HelmRelease: observability/gatus Deployment: observability/gatus

+++ HelmRelease: observability/gatus Deployment: observability/gatus

@@ -62,13 +62,13 @@

         - name: NAMESPACE
           value: ALL
         - name: RESOURCE
           value: both
         - name: UNIQUE_FILENAMES
           value: 'true'
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        image: ghcr.io/home-operations/k8s-sidecar:2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
         name: init-config
         restartPolicy: Always
         volumeMounts:
         - mountPath: /config
           name: config
         - mountPath: /config/config.yaml
--- HelmRelease: observability/loki StatefulSet: observability/loki

+++ HelmRelease: observability/loki StatefulSet: observability/loki

@@ -84,13 +84,13 @@

         - name: storage
           mountPath: /var/loki
         - name: sc-rules-volume
           mountPath: /rules/fake
         resources: {}
       - name: loki-sc-rules
-        image: ghcr.io/home-operations/k8s-sidecar:1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        image: ghcr.io/home-operations/k8s-sidecar:2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
         imagePullPolicy: IfNotPresent
         env:
         - name: METHOD
           value: WATCH
         - name: LABEL
           value: loki_rule

[yo-renovate]

--- kubernetes/apps/observability/loki/app Kustomization: observability/loki HelmRelease: observability/loki

+++ kubernetes/apps/observability/loki/app Kustomization: observability/loki HelmRelease: observability/loki

@@ -74,13 +74,13 @@

     resultsCache:
       enabled: false
     sidecar:
       enableUniqueFilenames: true
       image:
         repository: ghcr.io/home-operations/k8s-sidecar
-        tag: 1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        tag: 2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
       rules:
         folder: /rules/fake
         searchNamespace: ALL
     singleBinary:
       persistence:
         enabled: true
--- kubernetes/apps/observability/grafana/app Kustomization: observability/grafana HelmRelease: observability/grafana

+++ kubernetes/apps/observability/grafana/app Kustomization: observability/grafana HelmRelease: observability/grafana

@@ -223,10 +223,10 @@

         label: grafana_datasource
         labelValue: ''
         searchNamespace: ALL
       image:
         registry: ghcr.io
         repository: home-operations/k8s-sidecar
-        tag: 1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+        tag: 2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
     testFramework:
       enabled: false
 
--- kubernetes/apps/observability/gatus/app Kustomization: observability/gatus HelmRelease: observability/gatus

+++ kubernetes/apps/observability/gatus/app Kustomization: observability/gatus HelmRelease: observability/gatus

@@ -77,13 +77,13 @@

               METHOD: WATCH
               NAMESPACE: ALL
               RESOURCE: both
               UNIQUE_FILENAMES: true
             image:
               repository: ghcr.io/home-operations/k8s-sidecar
-              tag: 1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12
+              tag: 2.0.3@sha256:7978b5a757b1cb4f1b0d1c61cf135030b9353a9841457d81c8106eb1cdfe3b4b
             restartPolicy: Always
           init-db:
             envFrom:
             - secretRef:
                 name: gatus-secret
             image: