version-checker is a Kubernetes utility for observing the current versions of images in use in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.

This tool is currently experimental.


version-checker currently supports the following registries:

  • docker (docker hub etc.)
  • gcr (inc gcr facades such as
  • quay

These registries support authentication.


version-checker can be installed as either static manifests;

$ cd ./deploy/yaml && kubectl apply -f .

Or through helm;

$ cd ./deploy/charts/version-checker && kubectl create namespace verison-checker
$ helm install version-checker . -n version-checker

The helm chart supports creating a Prometheus/ServiceMonitor to expose the
version-checker metrics.

Grafana Dashboard

A grafana dashboard is also
available to view the image versions as a table.


Grafana Dashboard


By default without the flag -a, --test-all-containers, version-checker will
only test containers where the pod has the annotation*my-container*, where *my-container* is the name
of the container in the pod.

version-checker supports the following annotations present on other pods to
enrich version checking on image tags:

  • 4: will pin the major version to
    check to 4 (v4.0.0).

  • 3: will pin the minor version to
    check to 3 (v0.3.0).

  • 23: will pin the patch version to
    check to 23 (v0.0.23).

  • "true": will allow to search
    for image tags which contain information after the first part of the semver
    string. For example, this can be pre-releases or build metadata
    (v1.2.4-alpha.0, v1.2.3-debian-r3).

  • "true": will check against the latest
    SHA tag available. Essentially, the latest image by date. This is silently
    set to true if no image tag, or "latest" image tag is set. Cannot be used with
    any other options.

  • ^v\d+\.\d+\.\d+-debian-: is
    used for only comparing against image tags which match the regex set. For
    example, the above annotation will only check against image tags which have
    the form of something like v1.3.4-debian-r30. is not required when this is set. All
    other options are ignored when this is set.


By default, version-checker will expose the version information as Prometheus
metrics on

Future Development

  • Support self hosted repositories.
  • Image URL overwrites (to service registries which are mirroring images).
  • Support more registry APIs.