{"id":"7ab42f16-ab15-4f21-a43d-f6f556eb8267","task":"Configure Flux CD image update automation with ImagePolicy semver filtering and ImageUpdateAutomation to auto-commit image tag bumps to Git","domain":"Flux CD","steps":["Install the Flux image-reflector-controller and image-automation-controller components using flux bootstrap or flux install with the --components-extra flag","Create an ImageRepository resource pointing to the container registry URL and configure imagePullSecrets if the registry is private; set an interval for how often Flux polls for new tags","Create an ImagePolicy resource that references the ImageRepository and defines a semver filter such as range: '>=1.0.0 <2.0.0' to select only non-breaking patch and minor releases","Annotate the Kubernetes Deployment manifest in Git with a marker comment such as # {\"$imagepolicy\": \"flux-system:app-policy\"} on the image tag line so the automation controller knows which field to update","Create an ImageUpdateAutomation resource that points to the Git repository, branch, and commit message template; set an interval and configure the update.strategy to Setters so the marker annotations are used","Add a GitRepository source that the automation controller uses for push credentials; configure the push.branch field to have automation commit to a staging branch rather than main, allowing a pull request workflow for image promotion"],"gotchas":["The image marker annotation must appear on the exact line containing the image tag value; if the YAML is reformatted or the comment moves to a different line, the automation controller will not match it and updates silently stop","ImageUpdateAutomation requires write access to the Git repository; the credential secret must contain a deploy key or token with push permissions to the target branch, separate from the read-only credentials used by the GitRepository source","Flux image automation commits directly to Git with no review gate by default; without configuring push.branch to a non-protected branch and enforcing a pull request, every matching image tag bump is automatically deployed to the cluster"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/7ab42f16-ab15-4f21-a43d-f6f556eb8267"}