chore(deps): update docker.io/library/node docker tag to v25

.gitea/workflows/generate-readme.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:24.10.0-alpine
+      image: docker.io/library/node:25.0.0-alpine
     runs-on:
     - ubuntu-latest
     steps:

.gitea/workflows/markdown-linters.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:24.10.0-alpine
+      image: docker.io/library/node:25.0.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
@@ -31,7 +31,7 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:24.10.0-alpine
+      image: docker.io/library/node:25.0.0-alpine
     runs-on:
     - ubuntu-latest
     steps:

Makefile

@@ -10,7 +10,7 @@ HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
 NODE_IMAGE_REPOSITORY?=library/node
-NODE_IMAGE_VERSION?=24.10.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
+NODE_IMAGE_VERSION?=25.0.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
 NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
 
 # MISSING DOT

README.md

@@ -16,10 +16,7 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
 helm and use it to deploy the exporter. It also contains further configuration examples.
 
 Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
-helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
+helm chart is tested for deployment scenarios with **ArgoCD**.
-*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
-concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
-separate [chapter](#argocd).
 
 ## Helm: configuration and installation
 
@@ -47,7 +44,7 @@ helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > valu
 A complete list of available helm chart versions can be displayed via the following command:
 
 ```bash
-helm search repo reposilite --versions
+helm search repo athens-proxy --versions
 ```
 
 The helm chart also contains a persistent volume claim definition. It persistent volume claim is not enabled by default.
@@ -142,6 +139,20 @@ deployment:
     secret.reloader.stakater.com/reload: "athens-proxy-tls"
 ```
 
+If the application is rolled out using ArgoCD, a rolling update from stakater's
+[reloader](https://github.com/stakater/Reloader) can lead to a drift. ArgoCD will attempt to restore the original state
+with a rolling update. To avoid this, instead of a rolling update triggered by the reloader, a restart of the pod can be
+initiated. Further information are available in the official
+[README](https://github.com/stakater/Reloader?tab=readme-ov-file#4-%EF%B8%8F-workload-specific-rollout-strategy) of
+stakater's reloader.
+
+```diff
+  deployment:
+    annotations:
+      reloader.stakater.com/auto: "true"
++     reloader.stakater.com/rollout-strategy: "restart"
+```
+
 #### Network policies
 
 Network policies can only take effect, when the used CNI plugin support network policies. The chart supports no custom
@@ -196,62 +207,51 @@ networkPolicies:
 
 ## ArgoCD
 
-### Daily execution of rolling updates
+### Example Application
 
-The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
+An application resource for the Helm chart is defined below. It serves as an example for your own deployment.
-connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
-Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments). Please ensure, that no
-third party application modifies the config maps or secret afterwards.
 
-The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
+```yaml
-content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
+apiVersion: argoproj.io/v1alpha1
-Helm render order, different timestamps).
+kind: Application
-
+spec:
-This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
+  destination:
-can lead to unnecessary notifications from ArgoCD.
+    server: https://kubernetes.default.svc
-
+    namespace: athens-proxy
-To avoid this, the annotation with the shasum can be ignored. However, this negates the mechanism of [Automatically Roll
+  ignoreDifferences:
-Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
+  - group: apps
-
+    kind: Deployment
-Below is a diff that adds the `Application` to ignore all annotations with the prefix `checksum`.
+    jqPathExpressions:
-
+    # When HPA is enabled, ensure that a modification of the replicas does not lead to a
-> [!WARNING]
+    # drift.
-> Configurations of `ignoreDifferences` always refer to the determination of a drift and whether a possible sync is
+      - '.spec.replicas'
-> necessary. If the selected attributes should also be ignored in deployment afterwards, define
+    # Ensure that changes of the annotations or environment variables added or modified by
-> `RespectIgnoreDifferences=true` in your `Application` resource. Further information can be found in the ArgoCD
+    # stakater's reloader does not lead to a drift.
-> [documentation](https://argo-cd.readthedocs.io/en/latest/user-guide/sync-options/#respect-ignore-differences-configs).
+    - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
-
+    - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
-```diff
+  sources:
-  apiVersion: argoproj.io/v1alpha1
+  - repoURL: https://charts.cryptic.systems/volker.raschek
-  kind: Application
+    chart: athens-proxy
-  spec:
+    targetRevision: '0.*'
-+   ignoreDifferences:
+    helm:
-+   - group: apps
+      valueFiles:
-+     kind: Deployment
+      - $values/values.yaml
-+     jqPathExpressions:
+      releaseName: athens-proxy
-+     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
+  syncPolicy:
-```
+    automated:
-
+      prune: true
-The definition of ignoreDifferences ensures that annotations with the prefix checksum are ignored during a diff.
+      selfHeal: true
-
+    managedNamespaceMetadata:
-> [!TIP]
+      annotations: {}
-> If the [reloader](https://github.com/stakater/Reloader) is configured as described in section [TLS certificate
+      labels: {}
-> rotation](#tls-certificate-rotation), ensure that the shasum defined as annotation or environment variable is also
+    syncOptions:
-> ignored. The [reloader](https://github.com/stakater/Reloader) will modify the deployment based on his configuration
+    - ApplyOutOfSyncOnly=true
-> and append additional annotations or environment variables containing the shasum. Below are some examples how to adapt
+    - CreateNamespace=true
-> the `ignoreDifferences` configuration to ignore only the annotations and environment variables of stakater's
+    - FailOnSharedResource=false
-> [reloader](https://github.com/stakater/Reloader).
+    - Replace=false
-
+    - RespectIgnoreDifferences=false
-```diff
+    - ServerSideApply=true
-  apiVersion: argoproj.io/v1alpha1
+    - Validate=true
-  kind: Application
-  spec:
-    ignoreDifferences:
-    - group: apps
-      kind: Deployment
-      jqPathExpressions:
-+     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("reloader")))'
-+     - '.spec.template.spec.containers[].env[] | select(.name | startswith("STAKATER_"))'
 ```
 
 ## Parameters