argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Argocd-Image-updater registry custom TLS certificate add/skip issue

Open Muhammad-Irfan324 opened this issue 1 year ago • 2 comments

Describe the bug https://github.com/argoproj/argo-helm/blob/ebb2d15f1e370e6023770713596aa480c71b8914/charts/argocd-image-updater/values.yaml#L149 registries: - name: name of the registry prefix: name of the registry api_url: https://registryURL:443 credentials: pullsecret:namespace/secret insecure: true

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Muhammad-Irfan324 avatar Sep 29 '24 15:09 Muhammad-Irfan324

In the meantime, look at my workaround https://github.com/argoproj-labs/argocd-image-updater/issues/1023

Amphaal avatar Jan 28 '25 12:01 Amphaal

are there any improvements about this issue?

selcuksan avatar Mar 12 '25 14:03 selcuksan

same issue here

kingindanord avatar Sep 07 '25 20:09 kingindanord