Upgrade Advisory

This documentation is for Flux (v1) and Helm Operator (v1). Both projects are in maintenance mode and will soon reach end-of-life. We strongly recommend you familiarise yourself with the newest Flux and start looking at your migration path.

For documentation regarding the latest Flux, please refer to this section.

Automated deployment of new container images

Flux can be used to automate container image updates in your cluster. Flux periodically scans the pods running in your cluster and builds a list of all container images. Using the image pull secrets, it connects to the container registries, pulls the images metadata and stores the image tag list in memcached.

You can enable the automate image tag updates by annotating your deployments, statefulsets, daemonsets or cronjobs objects. You can also control what tags should be considered for an update by using glob, regex or semantic version expressions.

Examples

What follows is a list of examples on how you can control the image update automation. If you’re using Helm releases please see the Helm Operator integration docs.

Turn on automation based on timestamp:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
spec:
  template:
    spec:
      containers:
      - name: app
        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the app container when you push a new image tag, be it my-app:1.0.1 or my-app:9e3bdaf.

Restrict image updates with sem ver:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
    fluxcd.io/tag.app: semver:~1.0
spec:
  template:
    spec:
      containers:
      - name: app
        image: docker.io/org/my-app:1.0.0

The above configuration will make Flux update the image when you push an image tag that matches the semantic version expression e.g my-app:1.0.1 but not my-app:1.2.0.

Flux also support all the other ranges and operators available here in addition to the ~ range.

Restrict image to deploy prerelease version up until myapp:1.0.0 but not myapp:1.0.1:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
    fluxcd.io/tag.app: "semver: >= 1.0.0-rc.0, <1.0.1"
spec:
  template:
    spec:
      containers:
      - name: app
        image: docker.io/org/my-app:1.0.0-rc.1

Restrict image updates with glob and regex expressions:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    fluxcd.io/automated: "true"
    fluxcd.io/tag.sidecar: regex:^stg.*
    fluxcd.io/tag.app: glob:dev-*
spec:
  template:
    spec:
      containers:
      - name: sidecar
        image: docker.io/org/my-proxy:stg-4s7bsgv
      - name: app
        image: docker.io/org/my-app:dev-9e3bdaf

The above configuration will make Flux update the sidecar when you push a tag for the my-proxy image that begins with stg. For the app container, Flux will update it when you push a tag for the my-app image that begins with dev-.

To target a specific container the annotation format is fluxcd.io/tag.<CONTAINER>: <TYPE>:<EXPRESSION>.

You can turn off the automation with fluxcd.io/automated: "false" or with fluxcd.io/locked: "true".

Last modified 2021-06-02: Adapt flux docs to show up properly - add relevant frontmatter for docs to show up - configure version info - bring navbar partial closer to what's upstream effectively re-add version selector and all - Legacy docs use 'docs' template, but we show a warning at the top. Plus some small display fixes. - change old notes to new alerts - adapt nav to be like on docs.fluxcd.io, re-add requirements.md (c1afa31)