I think the confusion is also because it&#x27;s a comparison of Community Self-Hosted (CE) vs the pure Open Source CLI - the latter is what works without license keyI&#x27;ll see if I can help with clarifying this in the table!(I&#x27;m a Renovate maintainer and employee at Mend)

It is nice to see more work on renovate but your comparison, especially the points on filtering, license keys and discovery, seems misleading for at least GitLab.Both work with mend&#x27;s renovate WITHOUT a license key, see also <a href="https:&#x2F;&#x2F;gitlab.com&#x2F;renovate-bot&#x2F;renovate-runner" rel="nofollow">https:&#x2F;&#x2F;gitlab.com&#x2F;renovate-bot&#x2F;renovate-runner</a>. As it is just a scheduled pipeline then you can also adjust frequency, timeouts and more.

Presumably a CR can be validated by k8s against a schema and will fail at an early step. I admit I like the operator-pattern.

I’m curious to know why this requires a whole CRD + operator setup, instead of just being a deployment that watches config(s) somewhere?

Renovate lets you configure most things in each repos individual config file.I can only imagine a set of intersecting edge cases where operator pattern is the most logical solution…Edit: good answers here. <a href="https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;kubernetes&#x2F;comments&#x2F;1r1u7um&#x2F;renovate_the_kubernetesnative_way&#x2F;o4sa061&#x2F;" rel="nofollow">https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;kubernetes&#x2F;comments&#x2F;1r1u7um&#x2F;renovat...</a>

Can you step back further and explain what Renovate and its competitors like Mend actually do, and what kind of tasks people use them for?

There&#x27;s several benefits we had in mind when building this (after using self-hosted Renovate ourselves): 
k8s-native approach: It uses CRDs, so that Renovate configs are Kubernetes resources. You can manage them more easily&#x2F;granular with Argo&#x2F;Flux&#x2F;kubectl as part of existing workflows instead of a Cronjob. 
Job isolation: The operator spawns individual jobs per repo instead of one run. If a repo is stuck it doesn&#x27;t block everything else. 
Webhook support: repos get updated immediately, not just on the next cron cycle. 
Visibility: There&#x27;s a light-weight, built-in UI showing repos, job status, and progress.There&#x27;s more on the Github repo, we added a full list of features and benefits to the readme.Of course, in the end it comes down to individual preferences :) Not saying one way is better than the other. We just felt that for us, the operator-based approach would work better and we&#x27;re happy if the project is benefitial for others as well!

I&#x27;m struggling to see how this operator helps-- is there some scenario that I cannot imagine that others are dealing with where this operator is useful? Specifically, what problems does this solve?

news.ycombinator.com&#x2F;item?id=43677067

So that&#x27;s an in-cluster supply chain attack enabler? :)

Show HN: Renovate – The Kubernetes-Native Way