DEV Community

leroykayanda
leroykayanda

Posted on • Edited on

Using ArgoCD Image Updater with ECR

We may want the updater to trigger a deployment when an image is pushed to ECR.

We install the updater in our cluster using terraform.

resource "helm_release" "image_updater" {
  name       = "argocd-image-updater"
  repository = "https://argoproj.github.io/argo-helm"
  chart      = "argocd-image-updater"
  namespace  = "argocd"

  values = [
    <<EOF
config:
  registries:
    - name: ECR
      api_url: https://XXX.dkr.ecr.eu-west-1.amazonaws.com
      prefix: XXX.dkr.ecr.eu-west-1.amazonaws.com
      ping: yes
      insecure: no
      credentials: ext:/scripts/ecr-login.sh
      credsexpire: 9h
authScripts:
  enabled: true
  scripts:
    ecr-login.sh: |
      #!/bin/sh
      aws ecr --region eu-west-1 get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
EOF
  ]
}
Enter fullscreen mode Exit fullscreen mode

We authenticate to ECR using ecr-login.sh. The EKS nodes need to have ECR permissions.

We add these annotations to our ArgoCD application.

  annotations:
    argocd-image-updater.argoproj.io/image-list: repo=XXX.dkr.ecr.eu-west-1.amazonaws.com/prod-references
    argocd-image-updater.argoproj.io/repo.update-strategy: latest
Enter fullscreen mode Exit fullscreen mode

To troubleshooot, we can log in to the argocd container.

kubectl exec -n argocd -it argocd-image-updater-7fc87697d5-qtnhn -- ash

Test the connection to ECR.

argocd-image-updater test XXX.dkr.ecr.eu-west-1.amazonaws.com/prod-references --credentials ext:/scripts/ecr-login.sh --update-strategy latest

Trigger a deploymemnt.

argocd-image-updater run --once --loglevel trace --argocd-namespace argocd --metrics-port 0

Top comments (0)