We may want the updater to trigger a deployment when an image is pushed to ECR.
We install the updater in our cluster using terraform.
resource "helm_release" "image_updater" {
name = "argocd-image-updater"
repository = "https://argoproj.github.io/argo-helm"
chart = "argocd-image-updater"
namespace = "argocd"
values = [
<<EOF
config:
registries:
- name: ECR
api_url: https://XXX.dkr.ecr.eu-west-1.amazonaws.com
prefix: XXX.dkr.ecr.eu-west-1.amazonaws.com
ping: yes
insecure: no
credentials: ext:/scripts/ecr-login.sh
credsexpire: 9h
authScripts:
enabled: true
scripts:
ecr-login.sh: |
#!/bin/sh
aws ecr --region eu-west-1 get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
EOF
]
}
We authenticate to ECR using ecr-login.sh. The EKS nodes need to have ECR permissions.
We add these annotations to our ArgoCD application.
annotations:
argocd-image-updater.argoproj.io/image-list: repo=XXX.dkr.ecr.eu-west-1.amazonaws.com/prod-references
argocd-image-updater.argoproj.io/repo.update-strategy: latest
To troubleshooot, we can log in to the argocd container.
kubectl exec -n argocd -it argocd-image-updater-7fc87697d5-qtnhn -- ash
Test the connection to ECR.
argocd-image-updater test XXX.dkr.ecr.eu-west-1.amazonaws.com/prod-references --credentials ext:/scripts/ecr-login.sh --update-strategy latest
Trigger a deploymemnt.
argocd-image-updater run --once --loglevel trace --argocd-namespace argocd --metrics-port 0
Top comments (0)