argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Different registry and credentials - same prefix

Open lukpep opened this issue 3 years ago • 3 comments

I use GCP artefacts registry configured as follows:

config:
  registries:
    - name: GCP AR DEV
      api_url: https://europe-west1-docker.pkg.dev
      prefix: europe-west1-docker.pkg.dev
      credentials: pullsecret:argocd/gcp-ar-dev
      ping: no

and it works like a charm for images under europe-west1-docker.pkg.dev/GCP_PROJECT/repo-name/image

Problem is that I would like to pull images also from europe-west1-docker.pkg.dev/ANOTHER_GCP_PROJECT/repo-name/image which requires a different set of credentials and I don't know how to configure it since the prefix europe-west1-docker.pkg.dev is the same :( I've tried changing the configuration to: prefix: europe-west1-docker.pkg.dev/GCP_PROJECT_NAME/ and prefix: europe-west1-docker.pkg.dev/GCP_PROJECT_NAME - sadly with no success - error logs are: Could not get registry endpoint from configuration: no registry with prefix 'europe-west1-docker.pkg.dev' configured" alias= application=...

any ideas? Besides specifying registry creds via alias and annotation?

lukpep avatar Dec 02 '21 21:12 lukpep

Hm. That's an interesting use-case. Indeed, currently it's only possible to create one set of credentials per each registry.

Maybe, we can come up with a credentials per path matching, i.e.

credentials:
- path: /
  source: pullsecret:argocd/global-creds
- path: /foo
  source: pullsecret:argocd/foo-creds
- path: /bar
  source: pullsecret:argocd/bar-creds

And the best match will win. I'd be open to this at least :)

PS: Moving this issue from type bug to type enhancement. Because that's what it is.

jannfis avatar Dec 16 '21 22:12 jannfis

@jannfis Same use case here, too.

I was able to achieve this by doing the following with v0.9.2:

  registries:
    - name: private harbor yyy
      api_url: https://harbor.xxx.com
      ping: no
      prefix: harbor.xxx.com/yyy
      credentials: secret:argocd/harbor-secret#harbor.yyy.secret
    - name: private harbor zzz
      api_url: https://harbor.linecorp.com
      ping: no
      prefix: harbor.xxx.com/zzz
      credentials: secret:argocd/harbor-secret#lharbor.zzz.secret

But it stopped working after I upgraded argocd-image-updater to v0.11.0. I think there has been a regression somewhere.

ks-yim avatar Jan 10 '22 06:01 ks-yim

I think #275 was the change that introduced the regression. I agree that this should be fixed.

jannfis avatar Jan 10 '22 10:01 jannfis