Skip to content

Instantly share code, notes, and snippets.

@stefanprodan

stefanprodan/flux2-image-updates.md

Last active April 8, 2022 07:36
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stefanprodan/597eb62756eb29e0eced665cf899b5c2 to your computer and use it in GitHub Desktop.
Save stefanprodan/597eb62756eb29e0eced665cf899b5c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
flux2-image-updates.md

Can I automate container image updates in my fleet-repo?

Assuming an app repository with ./deploy/prod/kustomization.yaml:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - deployment.yaml
  - service.yaml
  - ingress.yaml

We define a source in the fleet-infra repo of type gitrepository.source.toolkit.fluxcd.io/v1beta1 that pulls changes from the app repository every 5 minutes inside the cluster:

apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: my-app
  namespace: apps
spec:
  interval: 5m
  url: https://github.com/my-org/my-app
  ref:
    branch: main

Then we define a kustomization.kustomize.toolkit.fluxcd.io that uses the kustomization.yaml from ./deploy/prod to determine which resources to create, update or delete:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: my-app
  namespace: apps
spec:
  targetNamespace: apps
  interval: 15m
  path: "./deploy/prod"
  prune: true
  sourceRef:
    kind: GitRepository
    name: my-app

Having the container images defined in kustomization.kustomize.toolkit.fluxcd.io allows you to automate the image tag updates without modifying the kustomization.yaml in the app repository.

First we define the app container image repo:

apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
  name: my-app
  namespace: flux-system
spec:
  image: my-apps/my-app

We can define a policy that will select the latest app image release using a semver range:

apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImagePolicy
metadata:
  name: my-app
  namespace: flux-system
spec:
  imageRepositoryRef:
    name: my-app
  policy:
    semver:
      range: 1.0.x

Then we add a reference to our policy in the Kustomization manifest:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: my-app
  namespace: apps
spec:
  # .....
  images:
    - name: my-apps/my-app
      newName: my-apps/my-app
      newTag: v1.0.1 # {"$ref": "flux-system:my-app:tag"}

Finally we configure the automation controller to commit the image tag changes to the fleet-repo:

apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageUpdateAutomation
metadata:
  name: my-app
  namespace: flux-system
spec:
  checkout:
    gitRepositoryRef:
      name: my-fleet
  commit:
    authorName: UpdateBot
    authorEmail: bot@example.com
@squaremo
Copy link

You'll need an ImageRepository definition too -- the one referred to in the policy.

@stefanprodan
Copy link
Author

I've added the ImageRepository, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment