argocd-ecr-updater

command module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2022 License: MIT Imports: 1 Imported by: 0

README

ArgoCD ECR updater

If you are using a private AWS ECR repository to store helm charts, the stored password will become expired at latest in 12h.
The argocd-ecr-updater will refresh the token in defined interval.

The updater will only consider secrets with these labels for update.

kind: Secret
metadata:
  labels:
    argocd-ecr-updater: enabled
    argocd.argoproj.io/secret-type: repository

The data field password will be updated with a fresh token from AWS ECR.

To give ArgoCD permission to get the ECR token create IRSA role with following permissions

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:DescribeRepositories"
            ],
            "Resource": "*"
        }
    ]
}

This token is valid to authenticate against any registry id, the user has access. Depending on how you set the trust relationship on ECR repository policy.

Finally annotate the service account with your role arn

serviceAccount:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456:role/argocd-ecr-updater

Usage CLI

Usage:
  argocd-ecr-updater [flags]

Flags:
  -h, --help                help for argocd-ecr-updater
      --interval string     interval to refresh token (default "10s")
      --kubeconfig string   kubernetes config file
      --namespace string    kubernetes namespace
  • --kubeconfig: will use in-cluster config by default, optional you can provide own kubeconfig for testing
  • --interval: defined in which interval the token will refreshed
  • --namespace: if empty, then mutate secrets from all namespaces matching the label

You can also set these values by providing environment variable with prefix ARGOCD_ECR_UPDATER

ARGOCD_ECR_UPDATER_NAMESPACE="argocd"
ARGOCD_ECR_UPDATER_INTERVAL="6h0m0s"
ARGOCD_ECR_UPDATER_KUBECONFIG="/home/user/.kube/config"

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
app
Package app Logic mainly copied from ArgoCD Image Updater https://github.com/argoproj-labs/argocd-image-updater/blob/master/cmd/run.go
 Package app Logic mainly copied from ArgoCD Image Updater https://github.com/argoproj-labs/argocd-image-updater/blob/master/cmd/run.go
aws
kube

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.