Image Automation Controllers - fluxcd/flux2

Image Automation Controllers in Flux2

Flux2 is a GitOps toolkit for Kubernetes, which provides a controller-based approach to managing and deploying applications. Image automation is an essential aspect of Flux2, which enables automating image updates in a GitOps way. This guide covers the Image Automation Controllers, ImageRepository, ImagePolicy, and ImageUpdateAutomation, and how to use them to automate image updates.

Key Technologies and Dependencies

Flux2 uses various technologies and dependencies, including:

• Kubernetes API Extension System
• Git
• Helm
• Prometheus
• GitOps
• Kustomize
• Alpine Linux
• Go
• Docker
• YAML

Videos

• Flux is Incubating + The Road Ahead (https://www.youtube.com/watch?v=va1iho7O4WQ)
• App Delivery in Cloud Native: Where are We? What’s Next? - Lei Zhang, Alibaba & Alois Reitbauer (https://www.youtube.com/watch?v=74VpVe-pZx0)

Online Documentation

• Flux2 E2E documentation (https://fluxcd.io/flux/flux-e2e)
• Flux2 contributing documentation (https://fluxcd.io/contributing/flux)
• Flux2 components documentation (https://fluxcd.io/flux/components/image)
• Flux2 migration documentation (https://fluxcd.io/flux/migration)

Image Automation Controllers

Image Automation Controllers in Flux2 are responsible for automating image updates in a GitOps way. The Image Automation Controllers include:

• Image Reflector Controller
• Image Automation Controller

Image Reflector Controller

The Image Reflector Controller watches for changes in the configured image repositories and updates the cluster’s image index. The Image Reflector Controller supports various image registries, including Docker Hub, Google Container Registry (GCR), Amazon Elastic Container Registry (ECR), and Azure Container Registry (ACR).

Image Automation Controller

The Image Automation Controller watches for updates in the configured image repositories and creates Git commits to apply updates to the cluster. The Image Automation Controller works with the Image Reflector Controller to determine when updates are available and apply them to the cluster.

ImageRepository

ImageRepository is a custom resource definition (CRD) in Flux2 that defines an image repository. The ImageRepository resource specifies the registry, repository, and reference to use for the images. The ImageRepository resource supports various image registries, including Docker Hub, Google Container Registry (GCR), Amazon Elastic Container Registry (ECR), and Azure Container Registry (ACR).

Example: ImageRepository

Here’s an example of an ImageRepository resource that defines a Docker Hub repository:

apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageRepository
metadata:
name: my-image-repository
namespace: flux-system
spec:
interval: 1h0m0s
image:
registry: docker.io
repository: my-username/my-repository
reference: my-tag

ImagePolicy

ImagePolicy is a CRD in Flux2 that defines a policy for image updates. The ImagePolicy resource specifies the policy rules for image updates, including the maximum allowed age for an image and the allowed image tags.

Example: ImagePolicy

Here’s an example of an ImagePolicy resource that defines a policy for image updates:

apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImagePolicy
metadata:
name: my-image-policy
namespace: flux-system
spec:
policy:
maxAge: 168h0m0s
allowedTags:
- my-tag
- latest

ImageUpdateAutomation

ImageUpdateAutomation is a CRD in Flux2 that defines an automation for image updates. The ImageUpdateAutomation resource specifies the policy and schedule for image updates.

Example: ImageUpdateAutomation

Here’s an example of an ImageUpdateAutomation resource that defines an automation for image updates:

apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: my-image-update-automation
namespace: flux-system
spec:
imageRepositoryRef:
name: my-image-repository
imagePolicyRef:
name: my-image-policy
schedule: 0 0 * * *

Incident Management

During an incident, you may wish to stop Flux from pushing image updates to Git. You can suspend the image automation directly in-cluster:

flux suspend image update flux-system

Or by editing the ImageUpdateAutomation manifest in Git:

kind: ImageUpdateAutomation
metadata:
name: flux-system
namespace: flux-system
spec:
suspend: true

Once the incident is resolved, you can resume automation with:

flux resume image update flux-system

If you wish to pause the automation for a particular image only, you can suspend/resume the image scanning:

flux suspend image repository podinfo

Conclusion

Image automation is an essential aspect of Flux2, which enables automating image updates in a GitOps way. The Image Automation Controllers, ImageRepository, ImagePolicy, and ImageUpdateAutomation are the key components of Flux2’s image automation. By using these components, you can ensure that your cluster’s images are up-to-date and secure.

References

• Flux2 E2E documentation (https://fluxcd.io/flux/flux-e2e)
• Flux2 contributing documentation (https://fluxcd.io/contributing/flux)
• Flux2 components documentation (https://fluxcd.io/flux/components/image)
• Flux2 migration documentation (https://fluxcd.io/flux/migration)
• Flux2 Helm Controller documentation (https://fluxcd.io/flux/components/helm/)
• Flux2 Kustomize Controller documentation (https://fluxcd.io/flux/components/kustomize/)
• Flux2 Notification Controller documentation (https://fluxcd.io/flux/components/notification/)
• Flux2 Source Controller documentation (https://fluxcd.io/flux/components/source/)