We may want the updater to trigger a deployment when an image is pushed to Azure Container Registry.
Create a secret used by argocd image updater to authenticate to ACR.
resource "kubernetes_secret" "argocd_image_updater_acr" { metadata { name = "argocd-image-updater-acr-${var.service}" namespace = "argocd" } data = { ".dockerconfigjson" = jsonencode({ auths = { "${azurerm_container_registry.acr.login_server}" = { auth = base64encode("${azurerm_container_registry.acr.admin_username}:${azurerm_container_registry.acr.admin_password}") } } }) } } We install the updater in our cluster using terraform.
resource "helm_release" "image_updater" { name = "argocd-image-updater" repository = "https://argoproj.github.io/argo-helm" chart = "argocd-image-updater" namespace = "argocd" values = [ <<EOF config: registries: - name: ACR demo-app api_url: https://devdemoapp.azurecr.io prefix: devdemoapp.azurecr.io ping: yes credentials: pullsecret:argocd/argocd-image-updater-acr-demo-app EOF ] } These are the annotations for our ArgoCD application.
annotations: argocd-image-updater.argoproj.io/image-list: repo=devdemoapp.azurecr.io/devdemoapp argocd-image-updater.argoproj.io/repo.update-strategy: newest-build To troubleshooot, we can log in to the argocd container.
kubectl exec -n argocd -it argocd-image-updater-7fc87697d5-qtnhn -- ash
Test the connection to ACR.
argocd-image-updater test devdemoapp.azurecr.io/devdemoapp --update-strategy newest-build --credentials pullsecret:argocd/argocd-image-updater-acr-demo-app
Trigger a deploymemnt.
argocd-image-updater run --once --loglevel trace --argocd-namespace argocd --metrics-port 0
Top comments (1)
Or you can use Workload Identity so that you don't need to manage credentials on your own: github.com/argoproj-labs/argocd-im...