billimek · Copilot · Sep 18, 2025 · Sep 18, 2025 · Sep 18, 2025 · Sep 25, 2025
diff --git a/.github/scripts/update_crds_local.py b/.github/scripts/update_crds_local.py
@@ -1,6 +1,7 @@
 import os
 import re
 import subprocess
+
 # Get the GitHub workspace path, defaulting to current dir if not set (for local runs)
 workspace_path = os.environ.get("GITHUB_WORKSPACE", os.getcwd())
 
@@ -52,4 +53,4 @@
     except Exception as e:
         print(f"An unexpected error occurred with {url}: {e}")
 
-print("CRD update process finished.")
+print("CRD update process finished.")
diff --git a/setup/README.md b/setup/README.md
@@ -10,7 +10,7 @@ Contains Helmfile configurations for initial cluster bootstrapping, including CN
 
 ### `/setup/crds`
 
-Custom Resource Definitions required before Flux can deploy applications. These are invoked during normal flux kustomization reconcilliation loops and are required to be housed outside the normal `kubernetes/` tree in order to ensure that the custom types are present before they are attempted to be used. It is structured this way so that unsightly proliferation of kustomization files throughout the repo is avoided.
+Custom Resource Definitions required before Flux can deploy applications. These are vendored locally and managed by a FluxCD Kustomization. Renovate tracks upstream versions, and a GitHub workflow automatically downloads updated CRDs when versions change. This ensures CRDs are available before applications that depend on them while providing a proper upgrade path through GitOps.
 
 ### `/setup/flux`
 

diff --git a/setup/crds/kustomization.yaml b/setup/crds/kustomization.yaml
@@ -23,85 +23,16 @@ resources:
   # https://github.com/kubernetes-csi/external-snapshotter/raw/v8.3.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
   - ./vendor/kubernetes-csi_external-snapshotter/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
 
-  # ┌──────────────────┐
-  # │ volsync          │
-  # └──────────────────┘
-  # renovate: datasource=github-releases depName=backube/volsync
-  # https://github.com/backube/volsync/raw/v0.12.0/config/crd/bases/volsync.backube_replicationdestinations.yaml
-  - ./vendor/backube_volsync/volsync.backube_replicationdestinations.yaml
-  # renovate: datasource=github-releases depName=backube/volsync
-  # https://github.com/backube/volsync/raw/v0.12.0/config/crd/bases/volsync.backube_replicationsources.yaml
-  - ./vendor/backube_volsync/volsync.backube_replicationsources.yaml
-
-  # ┌──────────────────────────────┐
-  # │ node-feature-discovery       │
-  # └──────────────────────────────┘
-  # renovate: datasource=github-releases depName=kubernetes-sigs/node-feature-discovery
-  # https://github.com/kubernetes-sigs/node-feature-discovery/raw/v0.17.3/deployment/helm/node-feature-discovery/crds/nfd-api-crds.yaml
-  - ./vendor/kubernetes-sigs_node-feature-discovery/nfd-api-crds.yaml
-
   # ┌──────────────────┐
   # │ gateway-api      │
   # └──────────────────┘
   # renovate: datasource=github-releases depName=kubernetes-sigs/gateway-api
   # https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml
   - ./vendor/kubernetes-sigs_gateway-api/experimental-install.yaml
 
-  # ┌──────────────────┐
-  # │ rook-ceph        │
-  # └──────────────────┘
-  # renovate: datasource=github-releases depName=rook/rook
-  # https://github.com/rook/rook/raw/v1.18.2/deploy/examples/crds.yaml
-  - ./vendor/rook_rook/crds.yaml
-
   # ┌──────────────────────────────────┐
   # │ system-upgrade-controller        │
   # └──────────────────────────────────┘
   # renovate: datasource=github-releases depName=rancher/system-upgrade-controller
   # https://github.com/rancher/system-upgrade-controller/releases/download/v0.16.3/crd.yaml
-  - ./vendor/rancher_system-upgrade-controller/crd.yaml
-
-  # ┌──────────────────┐
-  # │ cnpg             │
-  # └──────────────────┘
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_backups.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_backups.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_clusterimagecatalogs.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_clusterimagecatalogs.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_clusters.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_clusters.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_databases.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_databases.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_imagecatalogs.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_imagecatalogs.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_poolers.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_poolers.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_publications.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_publications.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_scheduledbackups.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_scheduledbackups.yaml
-  # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-  # https://github.com/cloudnative-pg/cloudnative-pg/raw/v1.27.0/config/crd/bases/postgresql.cnpg.io_subscriptions.yaml
-  - ./vendor/cloudnative-pg_cloudnative-pg/postgresql.cnpg.io_subscriptions.yaml
-
-  # ┌──────────────────┐
-  # │ emqx             │
-  # └──────────────────┘
-  # renovate: datasource=github-releases depName=emqx/emqx-operator
-  # https://github.com/emqx/emqx-operator/releases/download/2.2.29/crds.yaml
-  - ./vendor/emqx_emqx-operator/crds.yaml
-
-  # ┌──────────────────────┐
-  # │ silence-operator     │
-  # └──────────────────────┘
-  # renovate: datasource=github-releases depName=giantswarm/silence-operator
-  # https://raw.githubusercontent.com/giantswarm/silence-operator/refs/tags/v0.19.0/config/crd/bases/observability.giantswarm.io_silences.yaml
-  - ./vendor/giantswarm_silence-operator/observability.giantswarm.io_silences.yaml
+  - ./vendor/rancher_system-upgrade-controller/crd.yaml