Automatic container image update for Argo CD

Last update: Dec 25, 2022

Overview

Argo CD Image Updater

Introduction

Argo CD Image Updater is a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD. In a nutshell, it will track image versions specified by annotations on the Argo CD Application resources and update them by setting parameter overrides using the Argo CD API.

Currently it will only work with applications that are built using Kustomize or Helm tooling. Applications built from plain YAML or custom tools are not supported yet (and maybe never will).

Documentation

Read the documentation for more information on how to setup and run Argo CD Image Updater and to get known to it's features and limitations.

Above URL points to the documentation for the current release. If you are interested in documentation of upcoming features, check out the the latest documentation which is up-to-date with the master branch.

Current status

Argo CD Image Updater is under active development. We would not recommend it yet for critical production workloads, but feel free to give it a spin.

We're very interested in feedback on usability and the user experience as well as in bug discoveries and enhancement requests.

Important note: Until the first stable version (i.e. v1.0) is released, breaking changes between the releases must be expected. We will do our best to indicate all breaking changes (and how to un-break them) in the Changelog

Contributing

You are welcome to contribute to this project by means of raising issues for bugs, sending & discussing enhancement ideas or by contributing code via pull requests.

In any case, please be sure that you have read & understood the currently known design limitations before raising issues.

Also, if you want to contribute code, please make sure that your code

has its functionality covered by unit tests (coverage goal is 80%),
is correctly linted,
is well commented,
and last but not least is compatible with our license and CLA

Please note that in the current early phase of development, the code base is a fast moving target and lots of refactoring will happen constantly.

License

argocd-image-updater is open source software, released under the Apache 2.0 license

Things that are planned (roadmap)

The following things are on the roadmap until the v1.0 release

Extend Argo CD functionality to be able to update images for other types of applications.
Extend Argo CD functionality to write back to Git
Provide web hook support to trigger update check for a given image
Use concurrency for updating multiple applications at once
Improve error handling
Support for image tags with i.e. Git commit SHAs

For more details, check out the v1.0.0 milestone

Frequently asked questions

Does it write back the changes to Git?

We're happy to announce that as of v0.9.0 and Argo CD v1.9.0, Argo CD Image Updater is able to commit changes to Git. It will not modify your application's manifests, but instead writes Parameter Overrides to the repository.

We think that this is a good compromise between functionality (have everything in Git) and ease-of-use (minimize conflicts).

Are there plans to extend functionality beyond Kustomize or Helm?

Not yet, since we are dependent upon what functionality Argo CD provides for these types of applications.

Will it ever be fully integrated with Argo CD?

In the current form, probably not. If there is community demand for it, let's see how we can make this happen.

Comments

Support ECR authentication

Is your feature request related to a problem? Please describe. It looks like there is a lack of support for getting the API token required to authenticate against the ECR API. It would be great to be able to make use of the IAM Instance Profile assigned to a node which has GetAuthorizationToken permissions. It might look similar to this: https://github.com/awslabs/amazon-ecr-credential-helper/blob/master/ecr-login/api/client.go.

Describe the solution you'd like The image updater supports ECR authentication

Describe alternatives you've considered There do not seem to be any alternatives without code changes.
enhancement

opened by hobbsh 40

Update does not seem to happen

I have a project with a newly published image. I can see the argo-image-updater registering the new arrival, and triggering an update. The update does not however go through. Manually changing the app manifest in Argo does translate through to k8s though. So the connections

Argo-image-updater -> Repository and Argo -> k8s

do work, it seems to be a problem with the connection

Argo-image-updater -> Argo.

Debug steps I tried updating manually (editing the live manifest in the Argo UI), that went swimmingly (all pods deployed correctly). I tried assigning full admin privileges to the argo-image-updater user in Argo, that did not change anything. I restarted all pods in various configurations.

Logs

oc logs argocd-image-updater-<HASH>

time="2020-09-03T11:32:00Z" level=info msg="Processing results: applications=1 images_considered=1 images_updated=1 errors=0"
time="2020-09-03T11:34:00Z" level=debug msg="Starting image update process"
time="2020-09-03T11:34:00Z" level=debug msg="Considering 1 applications with annotations for update"
time="2020-09-03T11:34:00Z" level=debug msg="Processing application $APPLICATION"
time="2020-09-03T11:34:00Z" level=debug msg="Considering this image for update" application=$IMAGE image_name=$REPOSITORY/$IMAGE image_tag=2.1.0-dev.6 registry=$REGISTRY
time="2020-09-03T11:34:00Z" level=debug msg="Using version constraint '>=2.1.0-0' when looking for a new tag" application=$APPLICATION image_name=$REPOSITORY/$IMAGE image_tag=2.1.0-dev.6 registry=$REGISTRY
time="2020-09-03T11:34:00Z" level=debug msg="found 9 from 9 tags eligible for consideration" image="$REGISTRY/$REPOSITORY/$IMAGE:2.1.0-dev.6"
time="2020-09-03T11:34:00Z" level=info msg="Upgrading image to $REGISTRY/$REPOSITORY/$IMAGE:2.1.0-dev.102" application=$APPLICATION image_name=$REPOSITORY/$IMAGE image_tag=2.1.0-dev.6 registry=$REGISTRY
time="2020-09-03T11:34:00Z" level=debug msg="target parameters: image-spec= image-name=, image-tag=" application=$APPLICATION image=$REGISTRY/$REPOSITORY/$IMAGE
time="2020-09-03T11:34:02Z" level=info msg="Successfully updated image '$REGISTRY/$REPOSITORY/$IMAGE:2.1.0-dev.6' to '$REGISTRY/$REPOSITORY/$IMAGE:2.1.0-dev.102'" application=$APPLICATION image_name=$REPOSITORY/$IMAGE image_tag=2.1.0-dev.6 registry=$REGISTRY
time="2020-09-03T11:34:02Z" level=info msg="Processing results: applications=1 images_considered=1 images_updated=1 errors=0"

I believe the following of those lines hints at a problem: time="2020-09-03T11:34:00Z" level=debug msg="target parameters: image-spec= image-name=, image-tag=" application=$APPLICATION image=$REGISTRY/$REPOSITORY/$IMAGE

oc logs argocd-server-<HASH>

time="2020-09-03T11:48:14Z" level=info msg="received unary call /application.ApplicationService/UpdateSpec" grpc.method=UpdateSpec grpc.request.claims="{\"iat\":1597138354,\"iss\":\"argocd\",\"jti\":\"image-updater\",\"nbf\":1597138354,\"sub\":\"image-updater\"}" grpc.request.content="name:\"$APPLICATIONt\" spec:<source:<repoURL:\"$HELM_SOURCE_ENDS_IN_.git\" path:\"$HELM_CHART\" targetRevision:\"HEAD\" helm:<releaseName:\"\" values:\"\" > chart:\"\" > destination:<server:\"https://kubernetes.default.svc\" namespace:\"$APPLICATION\" > project:\"$ARGO_PROJECT\" syncPolicy:<automated:<prune:false selfHeal:false > > > " grpc.service=application.ApplicationService grpc.start_time="2020-09-03T11:48:14Z" span.kind=server system=grpc
time="2020-09-03T11:48:15Z" level=info msg="image-updater updated application spec" application= $APPLICATIONdest-namespace=$APPLICATION dest-server="https://kubernetes.default.svc" reason=ResourceUpdated type=Normal
time="2020-09-03T11:48:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=UpdateSpec grpc.service=application.ApplicationService grpc.start_time="2020-09-03T11:48:14Z" grpc.time_ms=1171.407 span.kind=server system=grpc

Any ideas?

bug

opened by Zefool 17

Kustomize aliases without newTag defined result in a nil pointer dereference and application crash

Describe the bug We wish to have a generic kustomization.yaml without an image tag. We wish to use the argocd image updater to set the image tags. We use a generic image name called image. We first tried without the image alias in kustomization.yaml. In that case the image updater fails to update or find the image alias. Apparently Kustomize needs to do a first pass to change the image alias to the final image. So then we add the image newName. But without a newTag the application crashes.

To Reproduce A kustomization.yaml with the contents:

images:
- name: image
  newName: some-registry.com/some-image

with Argo Application with annotations:

argocd-image-updater.argoproj.io/image-list: image=some-registry.com/some-image
argocd-image-updater.argoproj.io/image.kustomize.image-name: some-registry.com/some-image
argocd-image-updater.argoproj.io/image.update-strategy: latest

This creates a panic and the application crashes

Expected behavior Image updater should allow newTag to be empty because it is valid according to Kustomize. Kustomize applies latest as the image tag.

Additional context We use a generic image name in our deployment.yaml files and rely on kustomize image aliases to set the correct image. We are also not clear with the argocd-image-updater.argoproj.io/image.kustomize.image-name is supposed to designate.

Version v99.9.9+ccd78aa

Logs

 panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x196e453]
goroutine 22 [running]:
github.com/argoproj-labs/argocd-image-updater/pkg/tag.(*ImageTag).IsDigest(...)
        /src/argocd-image-updater/pkg/tag/tag.go:96
github.com/argoproj-labs/argocd-image-updater/pkg/tag.(*ImageTag).Equals(...)
        /src/argocd-image-updater/pkg/tag/tag.go:102
github.com/argoproj-labs/argocd-image-updater/pkg/argocd.UpdateApplication(0xc000c73b78, 0xc000c45310, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /src/argocd-image-updater/pkg/argocd/update.go:252 +0xc43
main.runImageUpdater.func1(0xc000193e50, 0xc0001a57a0, 0xc000c35ff0, 0xc000c45310, 0xc000050ae0, 0x1, 0xc000c35ff4, 0xc00071fd40, 0x14, 0xc0007253b0, ...)
        /src/argocd-image-updater/cmd/main.go:160 +0x23c
created by main.runImageUpdater
        /src/argocd-image-updater/cmd/main.go:147 +0xa3d

bug

opened by amalagaura 14

does not work as expected

Describe the bug I followed the instructions, but argo image updater does not work.

To Reproduce Steps to reproduce the behavior: I have annotated the application as desired as below: argocd-image-updater.argoproj.io/myimage.helm.image-name: nitinkansal/argo-workflow argocd-image-updater.argoproj.io/myimage.update-strategy: latest

Expected behavior A clear and concise description of what you expected to happen. It should search for the latest and deploy the same.

Additional context Add any other context about the problem here.

Version Please tell us about the version you encountered the issue with

argocd-image-updater: v99.9.9+457b52f

Logs Please paste any relevant logs here time="2021-03-09T15:15:50Z" level=info msg="argocd-image-updater v99.9.9+457b52f starting [loglevel:DEBUG, interval:2m0s, healthport:8080]" time="2021-03-09T15:15:50Z" level=debug msg="rate limit for https://registry-1.docker.io is 2147483647" time="2021-03-09T15:15:50Z" level=info msg="Loaded 1 registry configurations from /app/config/registries.conf" time="2021-03-09T15:15:50Z" level=debug msg="Creating in-cluster Kubernetes client" time="2021-03-09T15:15:50Z" level=debug msg="Using ArgoCD API credentials from environment ARGOCD_TOKEN" time="2021-03-09T15:15:50Z" level=info msg="ArgoCD configuration: [apiKind=kubernetes, server=<LoadBalancer_IP>, auth_token=true, insecure=true, grpc_web=false, plaintext=true]" time="2021-03-09T15:15:50Z" level=info msg="Starting health probe server TCP port=8080" time="2021-03-09T15:15:50Z" level=info msg="Starting metrics server on TCP port=8081" time="2021-03-09T15:15:50Z" level=info msg="Warming up image cache" time="2021-03-09T15:15:50Z" level=info msg="Finished cache warm-up, pre-loaded 0 meta data entries from 5 registries" time="2021-03-09T15:15:50Z" level=info msg="Starting image update cycle, considering 0 annotated application(s) for update" time="2021-03-09T15:15:50Z" level=info msg="Processing results: applications=0 images_considered=0 images_skipped=0 images_updated=0 errors=0" time="2021-03-09T15:17:50Z" level=info msg="Starting image update cycle, considering 0 annotated application(s) for update" time="2021-03-09T15:17:50Z" level=info msg="Processing results: applications=0 images_considered=0 images_skipped=0 images_updated=0 errors=0"
bug

opened by nitinkansal1984 14
Digest is not working (Digest, Tag, Helm)
Describe the bug argocd-image-updater: v0.10.3 argocd: v2.1.2 gitrepo: helm

Strategy

argocd-image-updater.argoproj.io/write-back-method: argocd argocd-image-updater.argoproj.io/image-list: myimagealias=gcr.io/project-name/images-path/my-image-name:my-tag-name argocd-image-updater.argoproj.io/myimagealias.update-strategy: digest

I'm using the digest strategy for image updating and from argocd-image-updater end all seems to work fine, and I'm getting the successfully updated message. Yet ArgoCD doesn't seem to update the image.

time="2021-09-16T19:47:35Z" level=info msg="Successfully updated the live application spec" application=dev-environment

When I check the Argo CD, I can see the following has been added to parameters, but it does't trigger an update.

image.name gcr.io/project-name/images-path/my-image-name image.tag sha256:xxxxxxx

My approach / requirement is to have argocd as the write-back method and only the team members updating the deployment repo with image details and repo tags per each environment.

Can anyone tell me what I might be doing wrong here?

Any help on fixing this issue is appreciated

bug
opened by buddhi-desilva 12

Cannot use Github Container Registry

Describe the bug I want to use the new Github Container Registry ghcr.io but I get a strange error message "Could not get tags from registry: unexpected manifest schema was received from registry"

To Reproduce My config map contains:

  registries.conf: |
    registries:
    - name: Github Container Registry
      api_url: https://ghcr.io
      ping: no
      prefix: ghcr.io
      credentials: pullsecret:argocd-image-updater/regcred

Expected behavior ghcr.io should be supported.

Additional context

Version v0.6.1

Logs

time="2020-09-24T21:00:36Z" level=info msg="argocd-image-updater v0.6.1 starting [loglevel:INFO, interval:2m0s, healthport:8080]"
time="2020-09-24T21:00:36Z" level=info msg="Loaded 1 registry configurations from /app/config/registries.conf"
time="2020-09-24T21:00:36Z" level=info msg="ArgoCD configuration: [server=argocd-server.argocd, auth_token=true, insecure=false, grpc_web=false, plaintext=true]"
time="2020-09-24T21:00:36Z" level=info msg="Starting health probe server TCP port=8080"
time="2020-09-24T21:00:36Z" level=info msg="Warming up image cache"
time="2020-09-24T21:00:37Z" level=error msg="Could not get tags from registry: unexpected manifest schema was received from registry: application/vnd.docker.distribution.manifest.v2+json (registry may not support the manifest type(s) you want: [application/vnd.docker.distribution.manifest.v1+prettyjws application/vnd.docker.distribution.manifest.v1+json])" alias=techwiki application=techwiki image_name=windsource/techwiki image_tag=latest registry=ghcr.io
time="2020-09-24T21:00:37Z" level=info msg="Finished cache warm-up, pre-loaded 0 meta data entries from 5 registries"
time="2020-09-24T21:00:37Z" level=info msg="Starting image update cycle, considering 1 annotated application(s) for update"
time="2020-09-24T21:00:38Z" level=error msg="Could not get tags from registry: unexpected manifest schema was received from registry: application/vnd.docker.distribution.manifest.v2+json (registry may not support the manifest type(s) you want: [application/vnd.docker.distribution.manifest.v1+prettyjws application/vnd.docker.distribution.manifest.v1+json])" alias=techwiki application=techwiki image_name=windsource/techwiki image_tag=latest registry=ghcr.io
time="2020-09-24T21:00:38Z" level=info msg="Processing results: applications=1 images_considered=1 images_skipped=0 images_updated=0 errors=1"

bug

opened by windsource 12

Not able to use Docker Hub Registry

I have deployed an application in Argocd which uses image present in Docker hub container registry, when we update the image with new version in Docker Container Registry, Argocd Image updater should poll the Docker hub Container registry and update the application with latest verison of the image. This feature is not working.

Connection has been established between Argocd and Argocd Image updater, I can see in pod logs of Argocd Image updater, Starting image update cycle, considering 1 annotated application(s) for update" time="2020-11-17T09:16:05Z" level=info msg="Processing results: applications=1 images_considered=0 images_skipped=1 images_updated=0 errors=0"

I can see in logs its considering the application for update, but image is getting skipped, can't see any error logs and image is not getting updated for the application.

Logs:

time="2020-11-18T08:01:35Z" level=info msg="Starting health probe server TCP port=8080" time="2020-11-18T08:01:35Z" level=info msg="Warming up image cache" time="2020-11-18T08:01:35Z" level=info msg="Finished cache warm-up, pre-loaded 0 meta data entries from 5 registries" time="2020-11-18T08:01:35Z" level=info msg="Starting image update cycle, considering 2 annotated application(s) for update" time="2020-11-18T08:01:35Z" level=info msg="Processing results: applications=2 images_considered=0 images_skipped=2 images_updated=0 errors=0" time="2020-11-18T08:03:35Z" level=info msg="Starting image update cycle, considering 2 annotated application(s) for update" time="2020-11-18T08:03:35Z" level=info msg="Processing results: applications=2 images_considered=0 images_skipped=2 images_updated=0 errors=0" time="2020-11-18T08:05:35Z" level=info msg="Starting image update cycle, considering 2 annotated application(s) for update" time="2020-11-18T08:05:35Z" level=info msg="Processing results: applications=2 images_considered=0 images_skipped=2 images_updated=0 errors=0" time="2020-11-18T08:07:35Z" level=info msg="Starting image update cycle, considering 2 annotated application(s) for update" time="2020-11-18T08:07:35Z" level=info msg="Processing results: applications=2 images_considered=0 images_skipped=2 images_updated=0 errors=0" time="2020-11-18T08:09:35Z" level=info msg="Starting image update cycle, considering 2 annotated application(s) for update" time="2020-11-18T08:09:35Z" level=info msg="Processing results: applications=2 images_considered=0 images_skipped=2 images_updated=0 errors=0"

Registry.config looks like, accounts.image-updater: apiKey argocd.grpc_web: "true" argocd.insecure: "true" argocd.server_addr: 100.100.100.100 registries.conf: | registries: - name: Docker Hub api_url: https://argocdhub.docker.io ping: yes credentials: secret:argocd-image-updater/secrets defaultns: library

Any help/leads would be highly appreciated.

@jannfis , Could you please help with some leads on this.

Many Thanks!
bug

opened by nivedita-atci 10

ARGOCD_SERVER doesn't honor fqdn

Describe the bug

When specifying the env var ARGOCD_SERVER either via configmap or in the deployment directly, it does not actually perform an fqdn lookup for the correct IP address and uses the internal cluster service IP instead.

e.x.:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: argocd-image-updater
    app.kubernetes.io/part-of: argocd-image-updater
  name: argocd-image-updater
spec:
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-image-updater
  template:
    metadata:
      labels:
        app.kubernetes.io/name: argocd-image-updater
    spec:
      containers:
      - command:
        - /usr/local/bin/argocd-image-updater
        - run
        env:
        - name: ARGOCD_GRPC_WEB
          value: "true"
        - name: ARGOCD_SERVER
          value: "https://argo.mydomain.com"

time="2020-10-08T21:41:37Z" level=error msg="error while communicating with ArgoCD" argocd_server="https://argo.mydomain.com" grpc_web=true grpc_webroot= insecure=false plaintext=false
time="2020-10-08T21:41:37Z" level=error msg="Error: rpc error: code = Unknown desc = Post \"https://https//argo.mydomain.com
ineering/application.ApplicationService/List\": dial tcp: lookup https on 100.64.0.10:53: no such host"

To Reproduce Provide an https URL in the ARGOCD_SERVER env var either via configmap or in the deployment directly

Expected behavior

Would expect the fqdn lookup to return the ingress IP and not the cluster local IP. When attempting to use the cluster local service (e.g. leaving ARGOCD_SERVER empty) it then tries to use https to the local pod:

time="2020-10-08T21:47:56Z" level=error msg="error while communicating with ArgoCD" argocd_server=argocd-server.argocd grpc_web=true grp
c_webroot= insecure=true plaintext=false
time="2020-10-08T21:47:56Z" level=error msg="Error: rpc error: code = Unknown desc = Post \"https://argocd-server.argocd:443/application
.ApplicationService/List\": read tcp 192.168.3.70:53584->192.168.0.17:8080: read: connection reset by peer"

This is with argocd-server running with the --insecure flag because if you try and run it without this flag, the error is then that the certificate it's using isn't valid.

Also, specifying INSECURE false vs. true in the argocd image updater seems to have no bearing on it's use of https:

time="2020-10-08T21:50:22Z" level=error msg="error while communicating with ArgoCD" argocd_server=argocd-server.argocd grpc_web=true grp
c_webroot= insecure=false plaintext=false
time="2020-10-08T21:50:22Z" level=error msg="Error: rpc error: code = Unknown desc = Post \"https://argocd-server.argocd:443/application
.ApplicationService/List\": read tcp 192.168.3.154:51664->192.168.1.64:8080: read: connection reset by peer"

Version Argocd v1.7.6 Argocd image updater v.0.7.0

bug

opened by matoszz 10

Add configurable time interval/delay between fetching for updated images

Is your feature request related to a problem? Please describe. I've started using the digest update strategy for a few of my images and found that it quickly runs me into docker hub pull rate limits, I'd like argo image updater to only check for new images every few hours instead of every few minutes to avoid running into this rate limit.

Describe the solution you'd like I'd like to see a setting of some sort to configure the interval at which argocd image updater checks for image updates. Perhaps this setting could also be per-registry since not all registries have the same rate limits.

Describe alternatives you've considered I know that I can set up a "pull-through" registry mirror but if I understand correctly, it would still generate the same amount of api calls when constantly fetching digests for tags right?
enhancement

opened by starcraft66 8
Add update strategy to restart deployment if digest for same tag has changed
Is your feature request related to a problem? Please describe. I would like to use argocd-image-updater to update some container images I have pinned to the latest tag (specifically linuxserver.io container images) because some image have "specific" tags are very long and nonsensical e.g. linuxserver/qbittorrent:version-14.3.4.99202103270406-7346-81a7b0c03ubuntu20.04.1. I realize this locking an image tag to latest isn't usually a good idea but it's necessary in this case. I can't use the "latest" update strategy because the latest images are pre-release builds I don't want to use.

I initially thought I could do something like:

annotations: argocd-image-updater.argoproj.io/image-list: "qbittorrent=linuxserver/qbittorrent" argocd-image-updater.argoproj.io/qbittorrent.update-strategy: name argocd-image-updater.argoproj.io/qbittorrent.allow-tags: "regexp:^latest$"

But then I quickly realized that that will only check that the deployment is locked to linuxserver/qbittorrent:latest but doesn't check the digest to see if that tag has been updated upstream at the registry since they are mutable.

Describe the solution you'd like I'd like to see a new strategy added that just watches a single tag for digest updates and then restarts the relevant deployment (given that it is using ImagePullPolicy: Always) so that it pulls an updated image.
enhancement
opened by starcraft66 8
Create events for changes
Is your feature request related to a problem? Please describe. We need to notify another systems when a version has changed and which is the new tag being used.

Describe the solution you'd like I'd like to be able to monitor a kubernetes event containing at least:

resource type ("deployment")

resource name ("foo")

tag used ("1.2.3")

namespace ("foo")

optionally, previous tag

optionally, image name and/or repository.

This way we could add another piece to the pipeline to notify external services.

Describe alternatives you've considered I've considered:

to use ArgoCD-notifications, but it only monitors Applications, so it won't know the tag being used.

to use kubernetes-event-exporter, configuring a label with the tag, but after running argocd-image-updater the tag disapears, and events might be duplicated due to replication.

Additional context By creating an event, other systems can take it to perform other different actions: notifications (email, slack, pagerduty, ...), maintain a dashboard, monitoring (grafana with tags showing the tag currently used), traceability (logs), ...
enhancement
opened by magmax 8
Support Multiple Sources as per ArgoCD v2.6.0 New Field

Is your feature request related to a problem? Please describe. ArgoCD v2.6.0-rc1 introduced a new field called sources, which overrides the source field of the application resource. When setting image-updater on such application, we get: level=warning msg="skipping app 'myapp-staging' of type '' because it's not of supported source type" application=myapp-staging which indicates that image-updater does not recognize this application as of valid source type. Describe the solution you'd like Seems like a minor update could make image-updater aware of this new sources field and apply some logic accordingly

Describe alternatives you've considered Couldn't find any

Additional context None
enhancement

opened by similark 0

Could not update application spec: stat /tmp: no such file or directory

I'm facing something new and looking for help.

time="2022-12-27T14:59:21Z" level=info msg="Successfully updated image 'ghcr.io/<repo-name>/<image>:1.0.1' to 'ghcr.io/<repo-name>/<image1>:1.0.5', but pending spec update (dry run=false)" alias=image application=example-app image_name=<repo-name>/<image> image_tag=1.0.1 registry=ghcr.io
time="2022-12-27T14:59:21Z" level=info msg="Committing 1 parameter update(s) for application example-app" application=example-app
time="2022-12-27T15:01:22Z" level=error msg="Could not update application spec: stat /tmp: no such file or directory" application=example-app

Originally posted by @emon5122 in https://github.com/argoproj-labs/argocd-image-updater/issues/510#issuecomment-1365966222

opened by emon5122 2

When pull rate limit is reached application should not be processed

Describe the bug

argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:47Z" level=error msg="error fetching metadata for twingate/connector:1.43.0: could not fetch manifest sha256:4fa7723a70c955819f75d398718b6bf84b457638fa8fa3a0be47c44ab275df3c: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=
argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:47Z" level=error msg="error fetching metadata for twingate/connector:1.44.0: could not fetch manifest sha256:0ebc62338d9579f5dd134c2ee46bce77ad43c73766f98cf088de371ec426151f: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=
argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:47Z" level=error msg="error fetching metadata for twingate/connector:1.45.0: could not fetch manifest sha256:6e4a5e0cd444534bd4f808b90a65c0d47d49275fb13785e32d16ea5b8e674521: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=
argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:48Z" level=error msg="error fetching metadata for twingate/connector:1.46.0: could not fetch manifest sha256:6e8480f87c2c1ea48a946427b8da881fac95387a8aed31f7bf00c6e02feb31bb: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=
argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:48Z" level=error msg="error fetching metadata for twingate/connector:1.47.0: could not fetch manifest sha256:77cb2cd45bb9a001ee780f51011054722e4f5d9a1a30b478c95a17d70b8de8af: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=
argocd-image-updater-5b589d4576-8lqvx argocd-image-updater time="2022-12-27T13:31:51Z" level=error msg="Error fetching metadata for twingate/connector:1.47.0 - neither V1 or V2 or OCI manifest returned by registry: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit" alias=twingate application=twingate-k8s-connector image_name=twingate/connector image_tag=1.47.0 registry=

A push to repo with 1.42 tag as the newest available was performed.

Here's app configuration:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd-image-updater.argoproj.io/git-branch: development:image-updater{{range .Images}}-{{.Name}}-{{.NewTag}}{{end}}
    argocd-image-updater.argoproj.io/image-list: twingate=twingate/connector
    argocd-image-updater.argoproj.io/twingate.allow-tags: regexp:^1\.[0-9]+\.[0-9]+$
    argocd-image-updater.argoproj.io/twingate.kustomize.image-name: twingate/connector
    argocd-image-updater.argoproj.io/twingate.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git:secret:argocd/bitbucket-creds
    argocd-image-updater.argoproj.io/write-back-target: kustomization:/bases/twingate-k8s-connector
  name: twingate-k8s-connector
  namespace: argocd

Expected behavior

Application should not be processed when pull rate limit is reached because otherwise it will produce misleading pushes.

Version v0.12.1

bug

opened by michalschott 0

Inconsistent semver return results

Describe the bug

Assuming two tags are being pointed to the same image SHA (see attached screenshot)

Zrzut ekranu 2022-12-23 o 09 50 48

/usr/local/bin $ ./argocd-image-updater test quay.io/fairwinds/polaris --semver-constraint 7.2.x | grep "latest image"
time="2022-12-23T08:48:22Z" level=info msg="latest image according to constraint is quay.io/fairwinds/polaris:7.2" application=test image_alias= image_name=quay.io/fairwinds/polaris registry_url=quay.io
/usr/local/bin $ ./argocd-image-updater test quay.io/fairwinds/polaris --semver-constraint 7.2.x | grep "latest image"
time="2022-12-23T08:48:27Z" level=info msg="latest image according to constraint is quay.io/fairwinds/polaris:7.2.0" application=test image_alias= image_name=quay.io/fairwinds/polaris registry_url=quay.io
/usr/local/bin $

With constraint set to 7.2.x I would expect always having 7.2.0 as a return tag.

Version

/usr/local/bin $ ./argocd-image-updater version
argocd-image-updater: v0.12.1+16cff2e
  BuildDate: 2022-12-06T23:42:50Z
  GitCommit: 16cff2e66bcce86ba3ba034788ab5cbf18d8ed88
  GoVersion: go1.17.8
  GoCompiler: gc
  Platform: linux/amd64

bug duplicate

opened by michalschott 1

Testing regexp for latest updates strategy

Describe the bug

Invoking argocd-image-updater test prints out:

...
# Check for the latest built image for a tag that matches a pattern
argocd-image-updater test nginx --allow-tags '^1.19.\d+(\-.*)*$' --update-strategy latest
...

So lets test it:

/usr/local/bin $ argocd-image-updater test nginx --allow-tags '^1.19.\d+(\-.*)*$' --update-strategy latest
DEBU[0000] Creating in-cluster Kubernetes client
WARN[0000] Invalid match option syntax '^1.19.\d+(\-.*)*$', ignoring  image_alias= image_name=nginx registry_url=
INFO[0000] retrieving information about image            image_alias= image_name=nginx registry_url=
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_name=nginx registry_url=
DEBU[0000] Using canonical image name 'library/nginx' for image 'nginx'  application=test image_alias= image_name=nginx registry_url=
INFO[0000] Found 0 tags in registry                      application=test image_alias= image_name=nginx registry_url=
INFO[0000] no newer version of image found               application=test image_alias= image_name=nginx registry_url=

Reason theres no images found is most likely other warning about invalid match option syntax, altho regex compiles correctly.

Am I missing anything there?

Version

/usr/local/bin $ argocd-image-updater version
argocd-image-updater: v0.12.1+16cff2e
  BuildDate: 2022-12-06T23:42:50Z
  GitCommit: 16cff2e66bcce86ba3ba034788ab5cbf18d8ed88
  GoVersion: go1.17.8
  GoCompiler: gc
  Platform: linux/amd64

bug

opened by michalschott 1

Releases(v0.12.1)

v0.12.1(Dec 6, 2022)
Release description

Minor bug fix release for the 0.12 release branch, which missing ca-certs in docker image

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

add ca-certificates to the docker image (#497)

New features

N/A

Other changes

chore: update golangci-lint version in CI (#457)

fix: update application config sample & replace the deprecated ioutil pkg (#492)

Source code(tar.gz)
Source code(zip)
argocd-image-updater-darwin_amd64(68.69 MB)
argocd-image-updater-darwin_arm64(67.89 MB)
argocd-image-updater-linux_amd64(69.22 MB)
argocd-image-updater-linux_arm64(67.22 MB)
argocd-image-updater-win64.exe(69.52 MB)
release-v0.12.1.sha256(495 bytes)
release-v0.12.1.sha256.asc(833 bytes)
v0.12.0(Mar 14, 2022)
Release description

The version v0.12.0 is a feature release, bringing some new features as well as bug fixes to Argo CD Image Updater. This release also has potentially breaking changes, please read the upgrade notes below.

We are very sorry for the delay with this release! Behind the scenes. we also worked on improving the documentation and gave it some refactoring. We hope you like it!

Major new features

Multi-arch deliverables are finally here! We now provide container images for linux/amd64 and linux/arm64, as well as release binaries for linux/amd64, linux/arm64, linux/ppc64le, darwin/amd64, darwin/arm64 as well as windows/amd64!

Multi-arch support for container images: Argo CD Image Updater now also considers the architecture of container images and provides full support for multi-arch images by being able to inspect manifest lists. By default, when using an update strategy that supports meta data inspection (latest and digest), Argo CD Image Updater will now only consider manifests for the same architecture it is running on. This can be fine tuned on a per image basis, so if you have clusters with nodes spanning multiple architectures (e.g. mix of amd64 and arm64 nodes), and you know that certain workloads are bound to run on a given architecture, you can use the new <alias>.platforms annotation to allow only updates to images that match a certain architecture.

Less configuration need for registries: Argo CD Image Updater now requires even less configuration, even if used with custom registries, and supports more registries out of the box. Argo CD Image Updater will infer the registry API to use from an image's registry prefix. Now custom registries need only be configured in special cases, e.g. when the registry uses a self-signed certificate or when you want to configure global credentials, or fine tune other access parameters such as rate limiting.

Other notable enhancements and fixes

Improved support for the digest update strategy: For multi-arch images, the digest update strategy will set the image SHA to the SHA of the manifest list, so the node can pick the right architecture to deploy. Also, Argo CD Image Updater will now perform less requests to the registry when using the digest update strategy, resulting in happier rate limiters.

Improved documentation: We heard the community that our docs are complicated and hard to understand or follow. There has been a major refactoring of the docs to provide a better user experience, and we'll continuously work to improve them going forward.

Support for HTTP proxies: When accessing container registries, Argo CD Image Updater now honors the HTTP proxy configuration from the environment (i.e. http_proxy, https_proxy and no_proxy variables) and performs any HTTP requests through the configured proxies.

Application selection using labels: Now you can restrict Argo CD Image Updater to not only match on the names of applications, but also using a label matcher.

Thank you

The Argo Project would like to thank the following people for their awesome contributions that made this release possible:

@agorgl @atarax @derdanne @iamnoah @jaideepr97 @jannfis @janpieper @janpieper-gcx @joebowbeer @joyrex2001 @katainaka0503 @manivannan-g @martin-marko @nick-homex @NickLarsenNZ @pacoguzman @patrykwozinski @zimbres @zoonoo

And also thanks to everyone who took the time to open and discuss issues.

Upgrade notes (no really, you MUST read this)

This release has a few potentially breaking changes. Please review the below descriptions

Configuration details for the default registry have changed:

If you had previously configured a custom default registry (e.g. by setting prefix to the empty string in the registries configuration), it will not be assumed the default registry automatically anymore. You need to explicitly set the configuration property default to true in order for Argo CD Image Updater to pick this registry as the default one. Also, you should set the prefix property from the empty string to the true prefix of the registry.

Registry configuration property tagsortmode has been deprecated:

The tagsortmode configuration has been more confusing than helpful in the past, and is a relict from old times when Argo CD Image Updater wasn't able to inspect an image's meta data properly. This setting has now been deprecated and should not be used anymore. A warning will be printed when this is set for a registry, and the setting will be removed completely in a future version of Argo CD Image Updater.

Tagging of images using the digest update strategy has changed slightly: Argo CD Image Updater now uses a tag in the format <tagname>@sha256:<sha_of_digest> when setting image tag parameters. Previously, it had a slightly different format that often required workarounds when being used with Helm. If you are using such a workaround when rendering image specification in Helm, you should revisit your template and adapt it to the new format.

test command uses host platform by default: If you are running the argocd-image-updater test command from a system which is based on a different platform than your cluster, you will have to specify the cluster's platform using the --platforms option, otherwise results may not be the same as on the cluster.

Bug fixes

fix: hardcode buildDate so it can be updated by ld at build time (#366) (#367)

fix: Use existing registry requests failed metric (#362)

fix: Use endpoint's transport also for token handler (#349)

fix: Fetch metadata for multi-arch images with latest strategy (#342)

fix: Fix docker environment variable (#340)

fix: Do not retrieve metadata for all tags with digest strategy (#337)

fix: Request correct mediatype for v1 manifests (#333)

fix: Fix registry authentication when URL has slash suffix (#331)

fix: assume kustomize application type if write back target is configured (#309)

fix: Invalid image reference format when using digest strategy with helm charts (#317)

fix: Rename flag to specify registries config path (#290) (#295)

fix: Allow use of in-cluster kube-client for test-command (#288) (#293)

fix: typo in warning message (#291)

fix: Use correct registry URL for parsing pull secrets (#285)

New features

feat: Support multiple platforms for test command (#396)

feat: Add configMap to allow define parameters for SSH client (#373)

feat: Support app-wide update-strategy annotations (#338)

feat: Automatic inferring of registry from image prefix (#369)

feat: support filtering apps by label in CLI (#368)

feat: Improve visibility for skipped apps (#344)

feat: Support manifestlist and multi-arch images (#341)

feat: use HTTP_PROXY in transport object for registry endpoint if defined in environment (#300)

feat: add ability to specify a different write and base branch (#304)

feat: Enable auth plugins for Kubernetes client (#307)

Other changes

chore: Log warning in test command on unsupported container platform #397

chore: Bump docker distribution v2 (#395)

chore: Bump Kubernetes dependencies to version 1.22.4 (#394)

chore: Bump docker distribution (#393)

docs: Add digest update strategy (#389)

docs: Expect some more things in spelling (#385)

chore(deps): bump github.com/argoproj/argo-cd/v2 from 2.2.2 to 2.2.4 (#379)

refactor(WBC): Target field in the WriteBackConfig (#380)

test: Add e2e test for multiple images (#383)

Checkout after creating a new branch (#384)

fix(manifests): set deployment strategy to recreate to prevent concurrent replicas (#364)

chore: Log out warning about tagsortmode (#363)

chore: Add initial e2e test infrastructure (#358)

refactor: Refactor logging to provide more context information (#357)

docs: Fix inconsistency in the documentation on git write-back credentials (#356)

chore(deps): Update Argo CD dependencies to 2.2.2 (#351)

chore: Upgrade golang to 1.16.13 (#350)

chore(deps): bump mkdocs from 1.1.2 to 1.2.3 in /docs (#347)

chore: Create codeql-analysis.yml (#348)

refactor: rename VersionSortMode to UpdateStrategy (#343)

chore: Multi-arch distribution (#339)

chore: Move container images to quay.io (#336)

chore: Small fix to the release script (#334)

docs: The docs for update-strategies were missing one word (#332)

docs: Fixed ConfigMap name (#325)

docs: Fixed typo (#324)

docs: Update quoted true, false in configmap (#298)

Source code(tar.gz)
Source code(zip)
argocd-image-updater-darwin_amd64(69.56 MB)
argocd-image-updater-darwin_arm64(71.56 MB)
argocd-image-updater-linux_amd64(70.08 MB)
argocd-image-updater-linux_arm64(68.80 MB)
argocd-image-updater-win64.exe(71.00 MB)
release-v0.12.0.sha256(495 bytes)
release-v0.12.0.sha256.asc(833 bytes)
v0.11.3(Jan 14, 2022)
Release description

Minor bug fix release for the 0.11 release branch, which fixes a small bug with TLS when fetching registry auth tokens.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Use endpoint's transport also for token handler (#349)

New features

N/A

Other changes

chore: Upgrade golang to 1.16.13 (#350)

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.11.3_linux-amd64(72.19 MB)
v0.11.2(Jan 10, 2022)
Release description

Minor bug fix release for the 0.11 release branch, which fixes an annoyance with the digest update strategy and updates the base images used in the distribution container image.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Do not retrieve metadata for all tags with digest strategy (#337)

New features

N/A

Other changes

chore: Always pull base images when building release image

chore: Small fix to the release script (#334)

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.11.2_linux-amd64(72.17 MB)
v0.11.1(Jan 7, 2022)
Release description

Bug fix release for the 0.11 release branch, which fixes an authentication bug and issues with JFrog Artifactory registries.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Fix registry authentication when URL has slash suffix (#331)

fix: Request correct mediatype for v1 manifests (#333)

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.11.1_linux-amd64(72.16 MB)
v0.11.0(Oct 27, 2021)
Release description

The version v0.11.0 is a minor feature release, bringing some new features as well as bug fixes to Argo CD Image Updater.

Major new features

Support for OCI images and registries! We have replaced the pretty old docker-registry-client by Docker's more modern distribution/v3 API.

Update to latest Argo CD v2.1.5 dependencies. This allows Image Updater to leverage new Argo CD Git credentials using Secrets. Also, support for GitHub application authentication to authenticate Git repositories should be supported now.

Improved Kustomize compatibility Argo CD Image Updater won't mutate other parts of Kustomization files besides the image specification anymore

Thank you

The Argo Project would like to thank the following people for their awesome contributions that made this release possible:

@hown3d

@iamnoah

@ludovicMercier

@mubarak-j

@olemathias

@robertoriv

@zmx

And also thanks to everyone who took the time to open and discuss issues.

Upgrade notes (no really, you MUST read this)

No special instructions this time.

Bug fixes

fix: add basic authentication handler (#281)

fix: use kyaml to preserve kustomization (#274)

fix: use distribution to parse references (#275)

fix: Correct client ping endpoint (#278)

fix: Allow insecure registry access (#272)

fix: multiple image with alias (#266)

fix: Get tags from correct registry/image with a different kustomize image (#253)

fix: modify SetKustomizeImage logic when use alias-image (#251)

New features

feat: Support OCI repositories by using distribution/v3 (#249)

feat: allow overriding registry rate limit in test command (#256)

Other changes

docs: kustomize.image_name -> kustomize.image-name (#241)

chore: bump argocd version to 2.1.2 (#255)

docs: Correct metrics port in docs (#262)

chore: Test successful update two images (#264)

chore: Fix unit test (#269)

chore: Update and refactor Git client (#283)

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.11.0_linux-amd64(72.17 MB)
v0.10.3(Sep 12, 2021)
Release description

Bug fix release for the 0.10 release branch, which fixes some annoying issues with Kustomize applications.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Get tags from correct registry/image with a different kustomize image (#253)

fix: modify SetKustomizeImage logic when use alias-image (#251)

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.10.3_linux-amd64(64.23 MB)
v0.10.2(Aug 16, 2021)
Release description

The version v0.10.2 is a patch release, and brings the aws CLI into the container image due to popular demand.

Upgrade notes (no really, you MUST read this)

No special instructions this time.

Bug fixes

None

New features

feat: Provide aws-cli in container image (#238)

Other changes

None
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.10.2_linux-amd64(64.24 MB)
v0.10.1(Aug 8, 2021)
Release description

The version v0.10.1 is a maintenance release updating the used base image only to address some vulnerabilities in Alpine.

Upgrade notes (no really, you MUST read this)

No special instructions this time.

Bug fixes

None

New features

None

Other changes

Update alpine base image to v3.14.1

Source code(tar.gz)
Source code(zip)
v0.10.0(Aug 2, 2021)
Release description

The version v0.10.0 brings a couple of new and exciting features as well as bug fixes to Argo CD Image Updater.

Major new features:

New digest update strategy: This update strategy lets you track the most recent pushed version a single tag, e.g. latest. Image Updater will compare the SHA256 sum of the currently running image to the SHA256 sum of the image in the registry, and update if appropriate.

Modify kustomization.yaml directly: In addition to persisting the changes in the parameter overrides, Argo CD Image Updater can now modify a kustomization.yaml directly in order to update the image.

Custom Git commit messages: Users can now specify a custom Git commit message using Go string templates.

Start with empty image: Argo CD Image Updater is now able to update applications that have no initial image tag specified.

The Argo Project would like to thank the following people for their awesome contributions that made this release possible:

@eplightning

@huhudev-git

@iamnoah

@magmax

@ShotaKitazawa

@spoukke

@vsychov

Upgrade notes (no really, you MUST read this)

No special instructions this time.

Bug fixes

fix: Prevent update loop with git write-back (#171)

fix: Multiple tags on the same image return same order (#173)

fix: Prevent concurrent updates to git repositories (#177)

fix: Prevent nil pointer deref on emtpy tag with running image (#182)

fix: Correctly consider image with force-update set and semver strategy (#192)

fix: Images not updated if registry or repository is different with same version (#194)

fix: Correctly marshal non-updated images (#203)

fix: git client branch function (#213)

fix: Fix a possible race condition in metadata retrieval (#215)

fix: Don't return original tag if no tag was considered (#219)

New features

feat: #164 Send events on image change (#167)

feat: Introduce update strategy 'digest' (#176)

feat: allow image updates to be forced if container not present #181 (#189)

feat: Allow setting custom Git commit messages (#193)

feat: allow write-back to actual kustomization files (#200)

feat(manifests): add ssh volume mounts and volume (#212)

Other changes

chore: Add openssh-client to container image (#165)

docs: fix document (#201)

docs: Update strategy docs (#178)

docs: Update documentation regarding Git write-back (#166)

docs: Grammatical fix in start.md (#225)

chore: Upgrade Go to v1.16.5 (#229)

chore: Upgrade Argo CD dependencies to v2.0.5 (#230)

chore: Fix readthedocs builds (#231)

docs: Mention support channels and some fixes (#232)

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.10.0_linux-amd64(64.24 MB)
v0.9.5(Jun 15, 2021)
Release description

Bug fix release for the 0.9 release branch, which fixes a race condition bug.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Fix a possible race condition in metadata retrieval #215

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.5_linux-amd64(62.65 MB)
v0.9.4(May 11, 2021)
Release description

Bug fix release for the 0.9 release branch, which fixes a bug in the manifests of v0.9.3

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Manifest 0.9.3 will install 0.9.2 #206

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.4_linux-amd64(62.65 MB)
v0.9.3(May 4, 2021)
Release description

Bug fix release for the 0.9 release branch, which fixes a bug related to Git write-back and Helm parameters.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: fix: Correctly marshal non-updated images #203 (fixed #202)

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.3_linux-amd64(62.65 MB)
v0.9.2(Mar 29, 2021)
Release description

Bug fix release for the 0.9 release branch, which fixes a few bugs related to Git write-back and the latest update strategy.

Thanks to @magmax and @eplightning for reporting these issues and also for providing the related fixes.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Prevent concurrent updates to git repositories (#177)

fix: Multiple tags on the same image return same order (#173)

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.2_linux-amd64(62.65 MB)
v0.9.1(Mar 25, 2021)
Release description

Bug fix release for the 0.9 release branch, which fixes a serious problem with Git write-back.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Prevent update loop with git write-back [#170]

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.1_linux-amd64.1-linux_amd64(62.65 MB)
v0.9.0(Mar 19, 2021)
Release description

We're happy to announce that starting with release v0.9.0, support for persisting changes to Git was added. Please be aware that using the Git write back feature will require Argo CD v2.0 and upwards.

Also, we are working towards a more "zero-conf" approach. For this, we have introduced a new way for interacting with Argo CD using the Kubernetes API. This removes the previous requirement of having to change your Argo CD configuration (e.g. creating a user, RBAC rules, etc) and we hope will make integration much easier for our users. This also has become the default. In order to use the Argo CD API, the --applications-api parameter must be explicitly set to argocd.

Upgrade from v0.8.0 is attached with a couple of required actions, please see below.

Upgrade notes (no really, you MUST read this)

Attention: By default, argocd-image-updater now uses the K8s API to retrieve applications, instead of the Argo CD API. Also, it is now recommended to install in the same namespace as Argo CD is running in (argocd by default). For existing installations, which are running in a dedicated namespace.

To retain previous behaviour, set applications_api: argocd in argocd-image-updater-config ConfigMap before updating. However, it is recommended to move your installation into the argocd namespace (or wherever your Argo CD is installed to)

The permissions for the argocd-image-updater-sa ServiceAccount have been adapted to allow read access to resources of type Secret and argoproj.io/Application

Bug fixes

fix: install missing git binary (#148)

fix: run 'git add' for create files before pushing back (#143)

New features

feat: support managing Application CRD using K8S client (#144)

feat: Allow reuse of Argo CD repo credentials

feat: Git write-back of parameters (#133)

Other changes

refactor: make argocd-image-updater-config volume mapping optional (#145)

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.9.0_linux-amd64(62.66 MB)
v0.8.0(Dec 6, 2020)
Release description

This release mainly improves compatibility with different registries and introduces support for rate limiting requests to the registry APIs. Also, Argo CD Image Updater will now fetch metadata for tags in parallel, instead of doing it sequentially, which greatly improves performance.

A new method for fetching credentials has been added, ext, which allows to execute a script that generates the credentials. Also, credentials configured at the registry level can be set to expire now, to support generated tokens with a limited lifetime.

A new command has been added to argocd-image-updater CLI, namely the test command. This new command allows you to check how Argo CD Image Updater would behave with a certain set of configuration, without having to annotate any live resources in your clusters. For more information on how to use it, see the documentation. It's not feature complete yet, and more features will be added in the future.

Upgrade notes (no really, you MUST read this)

Attention: For the latest update-strategy, argocd-image-updater now fetches v2 manifests by default, instead of the v1 manifests in previous versions. This is to improve compatibility with registry APIs, but may result in a significant higher number of manifest pulls. Due to the recent pull limits imposed by Docker Hub, it is not recommended to use latest updated strategy with Docker Hub registry anymore if those pull limits are enforced on your account and/or images, especially if you have more than a couple of tags in your image's repository. Fetching meta data for any given tag counts as two pulls from the view point of Docker Hub.

The default rate limit for API requests is 20 requests per second per registry. If this is too much for your registry, please lower this value in the registries.conf by setting ratelimit to a lower value.

Bug fixes

fix: Correctly apply ignore list when matchfunc is not set (#116)

fix: Prevent nil pointer dereference in image creds (#126)

New features

feat: Get tag creation date also from v2 manifest schemas (#115)

feat: add argocd-image-updater test command (#117)

feat: Implement rate limiter and metadata parallelism (#118)

feat: Support for getting pull creds from external scripts (#121)

feat: Export Prometheus compatible metrics (#123)

feat: Support for expiring credentials (#124)

Other changes

chore: Update to Golang v1.14.13

Source code(tar.gz)
Source code(zip)
argocd-image-updater_v0.8.0_linux-amd64(60.94 MB)
v0.7.0(Sep 27, 2020)
Release description

This release adds out-of-the-box support for the new GitHub Container Registry ghcr.io and lets users ignore certain tags from a repository.

Also, it adds some usability features & fixes.

Upgrade notes (no really, you MUST read this)

Deprecation notice: The annotation argocd-image-updater.argoproj/<image>.tag-match has been deprecated in favour of argocd-image-updater.argoproj/<image>.allow-tags to be consistent with the new argocd-image-updater.argoproj/<image>.ignore-tags annotation. The old annotation will still work, but a warning message will be issued in the log. Users are encouraged to rename their annotations asap, as the tag-match annotation is subject to removal in a future version of the image updater.

Bug fixes

fix: Correctly parse & use pull secret entries without protocol (#99)

New features

feat: Support for GitHub Container Registry (ghcr.io)

feat: Allow setting log level from configmap (and environment)

feat: Allow ignoring set of tags

Other changes

refactor: Introduce allow-tags and deprecate tag-match annotation

chore: Externalize version & build information

Source code(tar.gz)
Source code(zip)
v0.6.2(Sep 25, 2020)
Release description

Bug fix release for the 0.6 release branch, which fixes several problems accessing custom registries

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Tag sort mode for custom registries aren't honored

New features

feat: Allow configuration of default namespace for registries

Other changes

N/A
Source code(tar.gz)
Source code(zip)
v0.6.1(Sep 22, 2020)
Release description

Bug fix release for the 0.6 release branch.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Make insecure TLS connections to registries actually work

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
v0.6.0(Sep 22, 2020)
Release description

This is mainly a bug fix release. It is now possible to skip TLS certificate verification when using self-hosted container registries.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Use default Helm parameter names if none given in annotations

fix: Application spec updates should be atomic

New features

feat: Allow insecure TLS connections to registries

Other changes

chore: Update Argo CD client to 1.7.4

chore: Update K8s client to v1.18.8

Source code(tar.gz)
Source code(zip)
v0.5.1(Sep 10, 2020)
Bug fixes

Correctly parse version constraints containing equal signs

Source code(tar.gz)
Source code(zip)
v0.5.0(Aug 29, 2020)
Release description

This release brings mainly bug fixes and other enhancements. The most obvious changes are:

It's now possible to follow non-semver formatted tags when using update strategy latest

Adds the possibility to track the same image multiple times for different targets in the same application

Upgrade notes (no really, you MUST read this)

argocd-image-updater now comes with default RBAC rules for the service account, to enable reading of secrets from the namespace the pod is running in. It is advised to install the updated manifests.

Bug fixes

fix: Do not constraint tags to semver if update strategy is latest

fix: Multiple same images in the same application not possible

New features

feat: Allow filtering applications by name patterns

Other changes

enhancement: Slightly increase verbosity in default log level

enhancement: Provide default RBAC rules for serviceaccount

enhancement: Warm-up cache before starting image cycle

Source code(tar.gz)
Source code(zip)
v0.4.0(Aug 18, 2020)
Release description

This release brings several new features as well as bug fixes.

The major new features in this release are the ability to specify per-image pull secrets via an annotation, i.e. argocd-image-updater.argoproj.io/myimage.pull-secret: secret:mynamespace/mysecret#somefield and the pre-filtering of tags returned by the registry. The latter feature allows you to exclude specific tags from being considered for update.

Also, GitHub Docker Registry is now supported.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Properly load registry configuration

fix: Use a default path for registries.conf

fix: Make installation base compatible with Kustomize v2

New features

feat: Allow filtering of tags using built-in filter functions

feat: Allow specifying per-image pull secrets

feat: Support GitHub Docker registry

Other changes

refactor: Lots of refactoring "under the hood"

Source code(tar.gz)
Source code(zip)
v0.3.1(Aug 11, 2020)
Release description

This is a bug-fix release for the 0.3 release branch.

Upgrade notes (no really, you MUST read this)

N/A

Bug fixes

fix: Only fetch meta data when required by update strategy

New features

N/A

Other changes

N/A
Source code(tar.gz)
Source code(zip)
v0.3.0(Aug 10, 2020)
Release description

The major new feature for this release is the introduction of update strategies:

The strategy latest will evaluate the creation date and chose the latest created tag matching the version constraint for update

The strategy name will pick the last found tag according to alphabet sorting

The strategy semver (the default) will pick the latest allowed version according to version constraint

Also, this release introduces a simple in-memory cache for tag meta data and the code has seen some refactoring. Please see below for breaking changes and a complete list of things that have been done.

Upgrade notes (no really, you MUST read this)

Syntax change for running: argocd-image-updater run [flags] instead of argocd-image-updater [flags] has now to be used

Attention: Helm annotation names have changed from <image_alias>.image-{name,tag,spec} to <image_alias>.helm.image-{name,tag,spec}

Specifying target image name for Kustomize applications now require their own annotation, the image alias is not re-used for this anymore

Bug fixes

fix: Possible race while waiting for app updating goroutines

New features

feat: Allow setting the upgrade strategy for images via annotation

Other changes

refactor: Change run behaviour by providing run and version commands

enhancement: Provide a version command to print out version information

enhancement: Allow storing metadata for image tags

enhancement: Fetch tag metadata along with tags and store creation timestamp

enhancement: Introduce simple cache for immutable metadata

refactor: Make version constraints parametrizable

enhancement: Allow sorting of tags by semver, date or name

refactor: Give annotation names their own namespace-like living room

enhancement: Kustomize target image name got its own annotation

Source code(tar.gz)
Source code(zip)
v0.2.0(Aug 6, 2020)
Bug fixes

fix: Correctly get Helm target parameter names from annotations

fix: Enforce sane concurrency limit

New features

feat: Introduce dry run mode

feat: Allow for concurrent update of multiple applications

Other changes

refactor: Reduced number of necessary ArgoCD API requests (#4)
Source code(tar.gz)
Source code(zip)
v0.1.1(Aug 6, 2020)
Bugs fixed:

Change the name of the binary from argocd-image-controller (old working name) to argocd-image-updater

Source code(tar.gz)
Source code(zip)
v0.1.0(Aug 5, 2020)

Initial release of ArgoCD Image Updater :tada:
Source code(tar.gz)
Source code(zip)

Automatic container image update for Argo CD

Related tags

Overview

Argo CD Image Updater

Introduction

Documentation

Current status

Contributing

License

Things that are planned (roadmap)

Frequently asked questions

Comments

Releases(v0.12.1)

v0.12.1(Dec 6, 2022)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.12.0(Mar 14, 2022)

Release description

Major new features

Other notable enhancements and fixes

Thank you

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.11.3(Jan 14, 2022)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.11.2(Jan 10, 2022)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.11.1(Jan 7, 2022)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.11.0(Oct 27, 2021)

Release description

Major new features

Thank you

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.10.3(Sep 12, 2021)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.10.2(Aug 16, 2021)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.10.1(Aug 8, 2021)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.10.0(Aug 2, 2021)

Release description

Upgrade notes (no really, you MUST read this)

Bug fixes

New features

Other changes

v0.9.5(Jun 15, 2021)

Release description