diff --git a/.github/workflows/updatecli.yml b/.github/workflows/updatecli.yml
new file mode 100644
index 0000000..f034b4e
--- /dev/null
+++ b/.github/workflows/updatecli.yml
@@ -0,0 +1,55 @@
+name: "Updatecli: Dependency Management"
+
+on:
+  schedule:
+    # Runs at 06 PM UTC
+    - cron: '0 18 * * *'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/master'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 'stable'
+
+      - name: Install Updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Delete leftover UpdateCLI branches
+        run: |
+          gh pr list \
+            --search "is:closed is:pr head:updatecli_" \
+            --json headRefName \
+            --jq ".[].headRefName" | sort -u > closed_prs_branches.txt
+          gh pr list \
+            --search "is:open is:pr head:updatecli_" \
+            --json headRefName \
+            --jq ".[].headRefName" | sort -u > open_prs_branches.txt
+          for branch in $(comm -23 closed_prs_branches.txt open_prs_branches.txt); do
+            if (git ls-remote --exit-code --heads origin "$branch"); then
+              echo "Deleting leftover UpdateCLI branch - $branch";
+              git push origin --delete "$branch";
+            fi
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Apply Updatecli
+        # Never use '--debug' option, because it might leak the access tokens.
+        run: "updatecli apply --clean --config ./updatecli/updatecli.d/ --values ./updatecli/values.yaml"
+        env:
+          UPDATECLI_GITHUB_ACTOR: ${{ github.actor }}
+          UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/updatecli/updatecli.d/updatecli.yml b/updatecli/updatecli.d/updatecli.yml
new file mode 100644
index 0000000..fc0080e
--- /dev/null
+++ b/updatecli/updatecli.d/updatecli.yml
@@ -0,0 +1,76 @@
+# This small test makes sure that updatecli is working properly on a repo.
+# In the future, more useful files should be added to this directory.
+---
+name: "Introduce updatecli to repo and validate basic functionality"
+# Make sure we can pull in github repos from multiple orgs
+scms:
+  klipper-lb:
+    kind: "github"
+    spec:
+      user: "{{ .github.user }}"
+      email: "{{ .github.email }}"
+      username: "{{ requiredEnv .github.username }}"
+      token: '{{ requiredEnv .github.token }}'
+      owner: "{{ .klipper-lb.org }}"
+      repository: "{{ .klipper-lb.repo }}"
+      branch: "{{ .klipper-lb.branch }}"
+  go:
+    kind: "github"
+    spec:
+      user: "{{ .github.user }}"
+      email: "{{ .github.email }}"
+      username: "{{ requiredEnv .github.username }}"
+      token: '{{ requiredEnv .github.token }}'
+      owner: "{{ .go.org }}"
+      repository: "{{ .go.repo }}"
+      branch: "{{ .go.branch }}"
+
+sources:
+  # validate gittag parsing external public repos
+  goTag:
+    name: "Get Go 1.20.2 tag"
+    kind: "gittag"
+    scmid: "go"
+    spec:
+      versionfilter:
+        kind: "regex"
+        pattern: '^go1\.20\.2$'
+
+# Validate read access to local repo
+## continue to targets if the go version in the validate file doesn't match the goTag source
+conditions:
+  testVersionShouldMatchGoTag:
+    name: test version should match go tag
+    kind: yaml
+    sourceid: goTag
+    spec:
+      file: "updatecli/validate.yml"
+      key: version
+    failwhen: true #if set to true, continue to targets when condition is true rather than false
+
+# Validate the ability to generate branches, commits, what the commits look like, and what branches look like
+## allow validation of workflow to delete unused branch after merge
+## generate a commit on a branch named updatecli_<256 sha of change>
+## the commit message will be automatically generated by updatecli based on the change
+targets:
+  updateValidateFile:
+    name: "Update the version in the validate file"
+    kind: "yaml"
+    scmid: "klipper-lb"
+    sourceid: goTag
+    spec:
+      file: "updatecli/validate.yml"
+      key: version
+
+# Validate generating a pull request
+actions:
+  # create a pull request which is not allowed to automerge
+  # the title matches the commit message
+  github:
+    kind: "github/pullrequest"
+    scmid: "klipper-lb"
+    spec:
+      automerge: false
+      draft: false
+      mergemethod: squash
+      parent: false # this would allow for making a PR to an upstream fork, if we ran updatecli from a fork
diff --git a/updatecli/validate.yml b/updatecli/validate.yml
new file mode 100644
index 0000000..64944d2
--- /dev/null
+++ b/updatecli/validate.yml
@@ -0,0 +1,3 @@
+---
+version: go1.20.1
+
diff --git a/updatecli/values.yml b/updatecli/values.yml
new file mode 100644
index 0000000..9d71952
--- /dev/null
+++ b/updatecli/values.yml
@@ -0,0 +1,38 @@
+github:
+  user: "github-actions[bot]"
+  email: "41898282+github-actions[bot]@users.noreply.github.com"
+  username: "UPDATECLI_GITHUB_ACTOR"
+  token: "UPDATECLI_GITHUB_TOKEN"
+k3s:
+  org: "k3s-io"
+  repo: "k3s"
+  branch: "master"
+kine:
+  org: "k3s-io"
+  repo: "kine"
+  branch: "master"
+k3s-upgrade:
+  org: "k3s-io"
+  repo: "k3s-upgrade"
+  branch: "master"
+go:
+  org: "golang"
+  repo: "go"
+  branch: "master"
+klipper_helm:
+  org: "k3s-io"
+  repo: "klipper-helm"
+  branch: "master"
+klipper-lb:
+  org: "k3s-io"
+  repo: "klipper-lb"
+  branch: "master"
+local_path_provisioner:
+  org: "rancher"
+  repo: "local-path-provisioner"
+  branch: "master"
+helm_controller:
+  org: "k3s-io"
+  repo: "helm-controller"
+  branch: "master"
+