// the find
keel-hq/keel
Kubernetes Operator to automate Helm, DaemonSet, StatefulSet & Deployment updates
Keel watches your Kubernetes cluster and automatically updates Deployments, StatefulSets, DaemonSets, and Helm releases when new container image versions are pushed. Configuration lives entirely in annotations and labels on your workloads — no separate config files, no CLI to babysit. It's aimed at teams who want image-tag-driven CD without wiring up a full GitOps pipeline.
Annotation-driven configuration is genuinely low-friction: you add two lines to an existing Deployment manifest and it works, no Keel-specific CRDs or separate config maps required. Semver policy support (major/minor/patch) per workload is well-thought-out — you can pin prod to patch-only while letting staging track minor. The approval flow via Slack bot is a practical middle ground between fully automatic and fully manual deploys. Multi-registry support (DockerHub, GCR, ECR, ACR, Quay, Harbor, JFrog) with both webhook and polling fallback covers most real-world setups.
The project is effectively in maintenance mode — last meaningful activity is sparse and the Helm chart still references v2 as default with v3 as an opt-in, which tells you how long it's been sitting. The embedded SQLite store for approval state is a single point of failure; if the pod restarts mid-approval-flow, state can be lost. There's no built-in audit trail you can actually query — the audit endpoint exists but it's backed by the same local SQLite, not something you'd trust in production. The UI (under `ui/`) is a Vue 2 app with a 2019-era Ant Design Pro scaffold and `package-lock.json` that almost certainly has unpatched CVEs; it's cosmetic enough that most users will ignore it, but it's dead weight in the image.