argocd-image-updater: Not able to use GIT write back with chart from helm chart repo in repoURL
Describe the bug
Using GIT write back together with Helm Chart from Helm Chart repository in repoURL isn’t supported, because the ArgoCD image-updater tries to resolve the URL under spec.source.repoURL
as the GIT repository to create update-commits, but since its a Helm repository, this fails with:
time="2022-04-22T09:47:06Z" level=error msg="Could not update application spec: could not get creds for repo 'https://nexus.helm.repo.test-app.nwe.org/repository/helm-charts': credentials for 'https://nexus.helm.repo.test-app.nwe.org/repository/helm-charts' are not configured in Argo CD settings" application=test-app
To Reproduce
Create a Application resource like the following one:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: test-app
namespace: argocd-gitops
annotations:
# configure ArgoCD image updater which updates image.name and image.tag according to latest tag in container registry
argocd-image-updater.argoproj.io/image-list: frontend=test-repo/test-app
argocd-image-updater.argoproj.io/frontend.update-strategy: latest
argocd-image-updater.argoproj.io/frontend.helm.image-name: image.name
argocd-image-updater.argoproj.io/frontend.helm.image-tag: image.tag
argocd-image-updater.argoproj.io/frontend.force-update: "true"
# write ArgoCD image updater updates back to a separate GIT branch
argocd-image-updater.argoproj.io/write-back-method: git
argocd-image-updater.argoproj.io/git-branch: :update-next
spec:
destination:
namespace: test-app
server: https://kubernetes.default.svc
project: apps
source:
chart: room-catalogue
repoURL: 'https://nexus.helm.repo.test-app.nwe.org/repository/helm-charts'
targetRevision: 0.1.5
helm:
parameters:
- name: global.hostname
value: test-app.nwe.org
- name: image.name
value: test-repo/test-app
Expected behavior
Having ArgoCD image updates committed to GIT
Additional context
One would expect to have a annotation based configuration alternative to set repoURL to a separate GIT repository url, looking like:
argocd-image-updater.argoproj.io/git-repository: https://github.com/nwe/argocd-gitops-repo.git
Version
quay.io/argoprojlabs/argocd-image-updater:v0.12.0
Logs
time="2022-04-22T09:47:06Z" level=error msg="Could not update application spec: could not get creds for repo 'https://nexus.helm.repo.test-app.nwe.org/repository/helm-charts': credentials for 'https://nexus.helm.repo.test-app.nwe.org/repository/helm-charts' are not configured in Argo CD settings" application=test-app
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 25
- Comments: 16 (1 by maintainers)
+1
hi, my workaround is using app-of-apps pattern (disclamer - the behavior is not ideal as it is randomly removing the tags and adding them again - this is something I want to investigate)
app-of-apps.yaml
application.yaml
kustomconfig.yaml - to tell kustomize to overwrite those values use following configuration
kustomization.yaml
@devopsidiot I have image uptater running in the
argocd
namespace where I also deploy theApplication
resources, but I don’t think it is necessaryHi @devopsidiot , at the moment I use something like this https://github.com/filiprafaj/argocd-image-updater-helm-demo
The new thing there is the Deployment in the app folder - thanks to this I don’t need the
force-update
annotation anymore - it behaves better when there are multiple images to update in a single helmchart.(btw for some large images I use
DaemonSet
instead ofDeployment
together withargocd.argoproj.io/hook: PreSync
, so it also work as a pre-pull)@AnhQKatalon - I worked around this by creating a “local” chart (in the ArgoCD repo) that has the upstream chart as a dependency. I also had to override the image tag and image repository keys to target the dependency.
The override values get created inside the local helm chart directory and Argo applies them.
Looks interesting! @filiprafaj could you please complete your example, its kind of hard to understand: