VOOZH about

URL: https://dev.to/pilgrim2go/fluxcd-image-automation-error-troubleshooting-1el2

⇱ FluxCD Image Automation Error Troubleshooting - DEV Community

Problem

Running:

flux reconcile image update flux-system

Result:

failed to update source: failed to push to remote
ERROR: The key you are authenticating with has been marked as read only

And:

flux get image update

shows:

READY: False
MESSAGE: failed to push to remote

Root Cause

FluxCD ImageUpdateAutomation needs to commit and push updates to the Git repository when it updates container image tags.

Pipeline:

Container Registry
 ↓
ImageRepository
 ↓
ImagePolicy
 ↓
ImageUpdateAutomation
 ↓
Git Commit + Push
 ↓
Flux Kustomization deploys update

If the Git credential is read-only, the push fails.

Diagnosis Steps

1. Check Image Automation Status 

flux get image update

Look for:

READY: False
failed to push to remote

2. Inspect the Automation Object 

kubectl get imageupdateautomation -A

Example:

STATUS: failed to update source

3. Check the Git Source 

flux get sources git

This confirms Flux can read the repo.

But pushing still fails if the key is read-only.

4. Confirm Git Authentication

Check the Git secret:

kubectl get secret flux-system -n flux-system

This secret contains the SSH key Flux uses.

Fix Implemented

You recreated the Git authentication secret with a write-enabled SSH key.

1️⃣ Generate SSH Key 

ssh-keygen

2️⃣ Add Public Key to GitHub

Go to repo:

Settings → Deploy Keys

Add:

fluxcd-test.pub

Enable:

Allow write access

3️⃣ Recreate Flux Git Secret 

flux create secret git flux-system \
 --url=ssh://git@github.com/pilgrim2go/flux-minikube-lab \
 --private-key-file=$PWD/fluxcd-test \
 -n flux-system

This updates the Git credential used by Flux.

4️⃣ Trigger Automation 

flux reconcile image update flux-system

Expected Result 

flux get image update

READY: True
MESSAGE: committed and pushed update

You should also see a commit in Git like:

flux: update image tag

Useful Debug Commands

Check full Flux status:

flux get all

Check automation logs:

kubectl logs -n flux-system deploy/image-automation-controller

Test Git sync:

flux reconcile source git flux-system

Best Practice

Use a dedicated Flux deploy key with:

read + write

instead of personal access tokens when using SSH Git repositories.