argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Issue with Authentication in ArgoCD Image Updater for Docker Hub

Open aswin-vijayan opened this issue 1 year ago • 3 comments

Describe the bug

I'm encountering an authentication issue while using ArgoCD's image updater to automatically update images for deployments when a new image is pushed to Docker Hub. Here's the error message I'm encountering in the image updater log: level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

To Reproduce

  1. Created a secret with Docker Hub's username and secret using the following command:
kubectl create secret docker-registry regcred -n argocd \
  --docker-server=https://index.docker.io/v1/ \
  --docker-username=xxxxxx \
  --docker-password=xxxxxx
  1. Configured the image updater configmap to use the secret by adding the following line to the argocd-image-updater-config configmap:
data:
  registries.conf: |
    registries:
    - name: Docker Hub
      prefix: docker.io
      api_url: https://index.docker.io/v1/
      credentials: pullsecret:argocd/regcred
      defaultns: library
      default: true

  1. Restarted ArgoCD image updater.

  2. Deployed an application using the following YAML file:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nginx
  namespace: argocd
  annotations:
    argocd-image-updater.argoproj.io/image-list: argocd/test:~1.0
    argocd-image-updater.argoproj.io/pullsecret: argocd/regcred
    argocd-image-updater.argoproj.io/write-back-method: git
    argocd-image-updater.argoproj.io/git-branch: main
    argocd-image-updater.argoproj.io/update-strategy: latest
spec:
  project: default
  source:
    repoURL: https://github.com/xxxxxxxxxxx/helm-chart.git
    targetRevision: main
    path: nginx
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Expected behavior

The image updater should authenticate successfully with Docker Hub using the provided credentials and update the images automatically whenever a new image is pushed to the registry.

Actual Behavior

Encountering authentication errors as mentioned above.

Additional context

I've verified that the provided Docker Hub credentials are correct and have the necessary permissions. The same issue when using AWS ECR.

Logs

Logs of Image Updater

level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

Logs got on Argo CD UI

Failed to pull image "aswinvj/test:1.0.1": failed to pull and unpack image "docker.io/aswinvj/test:1.0.1": failed to resolve reference "docker.io/aswinvj/test:1.0.1": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

Tried Methods

With the above method also I have tried another methods given in the below blogs:

  1. https://medium.com/@tomas94depi/argo-image-updater-with-aws-ecr-ddb661abb332
  2. https://www.crunchydata.com/blog/use-ci-cd-to-automatically-update-postgres-images-with-argo-cd
  3. https://medium.com/@megaurav25/argocd-image-updater-fbc93dc15e34

aswin-vijayan avatar May 03 '24 11:05 aswin-vijayan