diff --git a/cli/Dockerfile b/cli/Dockerfile
index b121641325b653e8d9c9bb33d41c6749d8000fb1..740a4f351050e28bdbcabe229ec3e5fba066c499 100644
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,13 +1,14 @@
 # kubectl CLI cache
 FROM docker.io/library/fedora:35 as kubectl
 
-ARG KUBECTL_RELEASE=v1.22.0
-ENV KUBECTL_RELEASE=${KUBECTL_RELEASE}
-
-RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_RELEASE}/bin/linux/amd64/kubectl" \
-    && curl -LO "https://dl.k8s.io/release/${KUBECTL_RELEASE}/bin/linux/amd64/kubectl-convert" \
-    && curl -LO "https://dl.k8s.io/${KUBECTL_RELEASE}/bin/linux/amd64/kubectl.sha256" \
-    && curl -LO "https://dl.k8s.io/${KUBECTL_RELEASE}/bin/linux/amd64/kubectl-convert.sha256" \
+# renovate: datasource=github-releases depName=kubernetes/kubernetes
+ARG KUBECTL_VERSION=v1.22.0
+ENV KUBECTL_VERSION=${KUBECTL_VERSION}
+
+RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" \
+    && curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" \
+    && curl -LO "https://dl.k8s.io/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256" \
+    && curl -LO "https://dl.k8s.io/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert.sha256" \
     && echo "$(<kubectl.sha256) kubectl" | sha256sum --check \
     && echo "$(<kubectl-convert.sha256) kubectl-convert" | sha256sum --check \
     && install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl \
@@ -16,55 +17,61 @@ RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_RELEASE}/bin/linux/amd64/kubec
 # Helm CLI cache
 FROM docker.io/library/fedora:35 as helm
 
-ARG HELM_RELEASE=v3.6.3
-ENV HELM_RELEASE=${HELM_RELEASE}
+# renovate: datasource=github-releases depName=helm/helm
+ARG HELM_VERSION=v3.6.3
+ENV HELM_VERSION=${HELM_VERSION}
 
-RUN curl -L "https://get.helm.sh/helm-${HELM_RELEASE}-linux-amd64.tar.gz" | tar xvzf - linux-amd64/helm --strip-components=1 \
+RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" | tar xvzf - linux-amd64/helm --strip-components=1 \
     && install -o root -g root -m 0755 helm /usr/local/bin/helm
 
 # Flux CLI cache
 FROM docker.io/library/fedora:35 as flux
 
-ARG FLUX_RELEASE=0.26.0
-ENV FLUX_RELEASE=${FLUX_RELEASE}
+# renovate: datasource=github-releases depName=fluxcd/flux2
+ARG FLUX_VERSION=0.26.0
+ENV FLUX_VERSION=${FLUX_VERSION}
 
-RUN curl -L https://github.com/fluxcd/flux2/releases/download/v${FLUX_RELEASE}/flux_${FLUX_RELEASE}_linux_amd64.tar.gz | tar xvzf - flux \
+RUN curl -L https://github.com/fluxcd/flux2/releases/download/v${FLUX_VERSION}/flux_${FLUX_VERSION}_linux_amd64.tar.gz | tar xvzf - flux \
     && install -o root -g root -m 0755 flux /usr/local/bin/flux
 
 # kustomize CLI cache
 FROM docker.io/library/fedora:35 as kustomize
 
-ARG KUSTOMIZE_RELEASE=4.1.3
-ENV KUSTOMIZE_RELEASE=${KUSTOMIZE_RELEASE}
+# renovate: datasource=github-releases depName=kubernetes-sigs/kustomize
+ARG KUSTOMIZE_VERSION=4.1.3
+ENV KUSTOMIZE_VERSION=${KUSTOMIZE_VERSION}
 
-RUN curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_RELEASE}/kustomize_v${KUSTOMIZE_RELEASE}_linux_amd64.tar.gz | tar xvzf - kustomize \
+RUN curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | tar xvzf - kustomize \
     && install -o root -g root -m 0755 kustomize /usr/local/bin/kustomize
 
 # kubeval CLI cache
 FROM docker.io/library/fedora:35 as kubeval
 
-ARG KUBEVAL_RELEASE=v0.16.1
-ENV KUBEVAL_RELEASE=${KUBEVAL_RELEASE}
+# renovate: datasource=github-releases depName=instrumenta/kubeval
+ARG KUBEVAL_VERSION=v0.16.1
+ENV KUBEVAL_VERSION=${KUBEVAL_VERSION}
 
-RUN curl -L https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_RELEASE}/kubeval-linux-amd64.tar.gz | tar xvzf - kubeval \
+RUN curl -L https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz | tar xvzf - kubeval \
     && install -o root -g root -m 0755 kubeval /usr/local/bin/kubeval
 
 # SOPS CLI cache
 FROM docker.io/library/fedora:35 as sops
 
-ARG SOPS_RELEASE=v3.7.1
-ENV SOPS_RELEASE=${SOPS_RELEASE}
+# renovate: datasource=github-releases depName=mozilla/sops
+ARG SOPS_VERSION=v3.7.1
+ENV SOPS_VERSION=${SOPS_VERSION}
 
-RUN curl -L https://github.com/mozilla/sops/releases/download/${SOPS_RELEASE}/sops-${SOPS_RELEASE}.linux > ./sops \
+RUN curl -L https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux > ./sops \
     && install -o root -g root -m 0755 sops /usr/local/bin/sops
 
 # yq CLI cache
 FROM docker.io/library/fedora:35 as yq
 
-ARG YQ_RELEASE=v4.6.1
-ENV YQ_RELEASE=${YQ_RELEASE}
+# renovate: datasource=github-releases depName=mikefarah/yq
+ARG YQ_VERSION=v4.6.1
+ENV YQ_VERSION=${YQ_VERSION}
 
-RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_RELEASE}/yq_linux_amd64 > ./yq \
+RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 > ./yq \
     && install -o root -g root -m 0755 yq /usr/local/bin/yq
 
 
diff --git a/renovate.json b/renovate.json
index 58fb3634265a43f72ab69dae5851e4a8e774a802..d1501c0d53fbba05070319ac70655be5272da22a 100644
--- a/renovate.json
+++ b/renovate.json
@@ -4,7 +4,8 @@
     "config:base",
     "docker:enableMajor",
     ":disableDependencyDashboard",
-    ":prHourlyLimitNone"
+    ":prHourlyLimitNone",
+    "regexManagers:dockerfileVersions"
   ],
   "prConcurrentLimit": 10,
   "semanticCommits": "enabled",