image-automation-controller
image-automation-controller copied to clipboard
fluxcd
Add support to limit applied policies in automation by specifying a selector
Hello! I want to automate external image updates to my repository, each image to its separate branch — something like Dependabot does. But since the ImageUpdateAutomation resource doesn't have a direct relation to ImagePolicy resources except for being in the same namespace, I would have to create a separate namespace for each pair of ImagePolicy and ImageUpdateAutomation otherwise updates would be merged in 1 branch.
The problem was previously discussed in #499 and fluxcd/flux2#107
The solution to the problem would be to have some kind of relation between ImageUpdateAutomation and ImagePolicy. I see 2 ways how ImageUpdateAutomation resource can be improved to support such a use case:
- Have a list of policies and reference them explicitly
apiVersion: image.fluxcd.io/v1alpha1
kind: ImageUpdateAutomation
metadata:
name: update-teleport
spec:
policies:
- name: teleport
- name: teleport-helper
...
- Have a policy selector and filter policies by it
apiVersion: image.fluxcd.io/v1alpha1
kind: ImageUpdateAutomation
metadata:
name: update-teleport
spec:
policySelector:
matchLabels:
app.kubernetes.io/component: teleport
app.kubernetes.io/instance: teleport
...
In this PR I implemented the second option because it's more flexible, covers more use cases (you can batch updates however you like), and you can also imitate the first option with kubernetes.io/metadata.name label
