argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Add OAuth support. It is need for access to Azure CR

Open vikborisov opened this issue 4 years ago • 9 comments

We also forked the nokia repo and fixed the OAuth contract.

Image Updater gets support for Azure CR

vikborisov avatar Jun 30 '21 12:06 vikborisov

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jun 30 '21 12:06 CLAassistant

Hey @vikborisov, thanks for this PR.

However, I feel that we should not move to yet another fork of docker-registry-client. Due to the staleness of both, the original repository and all of its forks, I was thinking whether to just vendor in the code or make a clone of this repository available under argoproj-labs repository.

Once this is done, please feel free to submit any changes required to make oAuth work.

jannfis avatar Jul 06 '21 18:07 jannfis

@jannfis Can you make a fork and i create a PR with my changes?

vikborisov avatar Jul 14 '21 11:07 vikborisov

Me moved away from docker-registry-client to use Docker's distribution/v3 API (see #249). Chances are, that this will enable oAuth support by default.

jannfis avatar Sep 18 '21 13:09 jannfis

Any updates on this?

andloh avatar Oct 29 '21 10:10 andloh

@andloh We're using version 0.10.1 with Azure Container Registry and it works fine so far.

registries:
  - name: youracrname
    ping: yes
    api_url: https://youracrname.azurecr.io
    prefix: youracrname.azurecr.io
    credentials: [...]

$ argocd-image-updater test --registries-conf registries.conf youracrname.azurecr.io/your-image

If this does not help you: Either we discuss your problem here or maybe create an issue :wink:

janpieper avatar Nov 03 '21 20:11 janpieper

Hi, thanks @janpieper.

What du you use for authentication? SP, MSI, Token, Access Keys etc...

Also...is it possible to use the integrated ACR -> AKS authentication? E.g the /etc/kubernetes/azure.conf

andloh avatar Nov 15 '21 12:11 andloh

What du you use for authentication? SP, MSI, Token, Access Keys etc...

Service Principal

janpieper avatar Dec 17 '21 07:12 janpieper

What du you use for authentication? SP, MSI, Token, Access Keys etc...

Service Principal

@janpieper i have been struggling with this for sometime. i'm using service principal but having authentication issues. i'm using the same ACR secret config for image pull in my deployments and it works flawlessly. but same ACR secret config doesn't work for argocd image updater. below are samples of my configs;

--ApplicationSet--

apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: my-backend-app namespace: argocd spec: generators:

  • list: elements:
    • app: auth-service image: myapp-auth-service
    • app: cart-service image: my-cart-service template: metadata: name: '{{app}}' annotations: argocd-image-updater.argoproj.io/image-list: image-url=myrepo.azurecr.io/{{image}}:latest argocd-image-updater.argoproj.io/image-url.update-strategy: digest

---Image Updater Configmap---

apiVersion: v1 data: log.level: debug registries.conf: | registries: - name: ACR prefix: myrepo.azurecr.io api_url: https://myrepo.azurecr.io credentials: pullsecret:default/acr-config kind: ConfigMap

Help will really be appreciated.

anthonyoride avatar Aug 15 '23 16:08 anthonyoride