English
Deutsch
PCG logo
Search Icon
Search Icon
Article
  1. Home
    2. /
  2. Insights
    3. /
  3. Articles

Automating Kubernetes Deployments with ArgoCD-Image-Updater

29 Apr 2025

At Public Cloud Group (PCG), we continuously enhance cloud-native operations to simplify Kubernetes management for our customers. One powerful tool we have implemented is the ArgoCD-Image-Updater, which automates container image updates in ArgoCD-Managed Kubernetes workloads – removing the need for manual intervention.

Short Overview

ArgoCD-Image-Updater (AIU) is an extension of ArgoCD that automates image updates for Kubernetes workloads.

ArgoCD itself is a GitOps-based continuous delivery tool that synchronizes workload definitions – such as Helm-Charts – stored in a Git repository with a Kubernetes cluster. It uses custom resources called “ArgoCD applications” to render and deploy workloads based on the Helm-Chart definitions.

AIU enhances this process by automatically detecting new container images and instructing ArgoCD to update the corresponding ArgoCD applications. Additionally, AIU supports Git write-back functionalities, which ensures consistency with GitOps best practices. When an image update occurs, AIU can write the new image tag back into a dedicated ArgoCD-specific file at the definition location of the workload itself (e.g. where the Helm-Chart is defined). ArgoCD then uses this file to override parameters when rendering workloads, maintaining version control and synchronization between the repository and the deployed cluster.

How ArgoCD-Image-Updater Works

The AIU continuously monitors container registries for new image versions and dynamically updates ArgoCD applications. Instead of manually modifying Helm-Values or Kustomize-Overlays, it automatically adjusts ArgoCD application parameters for seamless deployments.

By annotating ArgoCD applications for updates and specifying particular update strategies, users can define different update methods for each application.:

  • SemVer – Updates to the highest allowed version within defined constraints.
  • Newest-Build – Updates to the most recently created image. (While the documentation mentions the tag, the actual decision is based on the image’s creation timestamp.)
  • Alphabetical – Updates to the last tag in an alphabetically sorted list.
  • Digest – Updates to the most recently pushed version of a mutable tag.

Additionally, there is an annotation supporting regex-filtering to exclude unwanted image tags. This provides more control over which image tags are considered for updates, helping to prevent unintended deployments.

Depending on ArgoCD’s sync policy, updates can be deployed immediately or flagged as “Out-of-Sync” for manual deployment.

Key Benefits

Implementing the AIU has significantly streamlined our operations:

  • Reduced Manual Effort – Automatic updates eliminate the need for manual changes to deployment manifests, saving time and reducing errors.
  • Faster Security Updates – Critical security patches can be identified using SemVer update strategies, allowing patch version updates to be deployed more quickly, minimizing vulnerabilities.
  • Consistency and Compliance – Integration with Git allows image tag changes to be committed back, maintaining version control and ensuring GitOps compliance.

Lessons Learned

From our experience, the AIU is most effective when:

  • Clear Update Strategies Are Defined – Setting explicit update policies/annotations per application ensures predictable and controlled deployments.
  • Monitoring After the Initial Setup – This helps identify and resolve issues early regarding misconfigurations during the initial setup.
  • Teams Are Properly Trained – A well-informed and trained team can fully leverage the automation capabilities of ArgoCD itself and with that the AIU. This reduces the risk of errors and service downtime, leading to a direct monetary value for any company.

Our Challenges and Solutions

Despite its advantages, we encountered some challenges:

  • Possible Complex Initial Setup
    • Configuring the tool can be challenging, especially when integrating it with ECR, as it requires an authentication script, correct service account permissions and proper annotations in order to work.
    • Also, setting up image update strategies per application with the right annotations requires some testing and proper studying of the documentation.
    • Deploying AIU in the same namespace as ArgoCD is recommended, allowing it to inherit its credentials by default. Make sure these credentials have the necessary read/write permissions for the Git repositories to enable Git write-back.
  • Limited Support for Certain Deployment Methods – The AIU primarily supports Helm and Kustomize-based applications. Applications using other deployment methods are not supported.
  • Misleading Documentation for Newest-Build – While the documentation claims that the most recently created tag is used, in reality, the image’s build timestamp is what determines the update.

Through careful planning and a phased implementation approach, we successfully overcame these challenges and maximized the benefits of automation.

Limitations

While the tool offers significant benefits, there are some limitations to consider:

  • Only workloads managed by ArgoCD can be updated
  • Requires applications to be templated with Helm or Kustomize
  • Image pull secrets must be accessible within the same cluster

Alternatives and Differences

Another tool to consider is:

  • Flux – A GitOps tool that automates the synchronization of Kubernetes manifests. Unlike AIU, Flux integrates image updates as a core feature rather than an add-on.

Choosing the right tool depends on specific needs and existing infrastructure. The ArgoCD-Image-Updater is perfect for organizations already using ArgoCD and looking for seamless image update automation.

Conclusion

The ArgoCD-Image-Updater is a powerful solution for automating container image updates in Kubernetes environments. By reducing manual intervention, accelerating security updates and maintaining compliance, it significantly enhances operational efficiency. While challenges exist, they can be effectively managed with proper planning, researching, testing and training.


Services Used

Kubernetes/DevOps as a Service on AWS
Get Started

Continue Reading

Article
DevOps
How to get started with AWS DevOps tools

A detailed guide to getting started with AWS DevOps tools, comparing out-of-the-box and DIY solutions, and offering insights into optimizing pipelines for efficiency and control.

Learn more
Article
Education
Education
AWS and the Cloud: A Beginner’s Guide for Students

A practical introduction to AWS and cloud computing for students, covering key concepts, service models, core AWS tools, and learning resources to build cloud skills for future careers in tech.

Learn more
Article
Education
How to Supercharge Your Cloud Learning with AWS Credits

A guide for university students on using AWS credits to explore cloud computing, build AI models, host websites, analyse big data, and test cybersecurity—gaining hands-on skills to boost learning and career prospects.

Learn more
Press Release
Strengthening a Proven Relationship: PCG renews its Strategic Collaboration Agreement (SCA) with AWS

The Public Cloud Group (PCG) is continuing its long-standing collaboration with AWS by renewing and expanding the Strategic Collaboration Agreement (SCA) that it signed with AWS two years ago.

Learn more
See all

Let's work together

United Kingdom
Arrow Down