argo-helm icon indicating copy to clipboard operation
argo-helm copied to clipboard

Published 20 hours ago verified publisher icon argoproj

Adding an option to support reading global secrets in argo-image-updater

Open LinuxSuRen opened this issue 2 years ago • 0 comments

Is your feature request related to a problem?

Argo CD Image updater cannot read secrets from other namespaces. For example, it cannot work when I configured the following annotation in an Application.

argocd-image-updater.argoproj.io/apiserver.pull-secret: 'pullsecret:others/osf2f-ghcr'

Related helm chart

argocd-image-updater

Describe the solution you'd like

As I mentioned in the title. We could provide an option for creating ClusterRole and ClusterRoleBinding that allow reading the global secrets. Such as:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    {{ include "argocd-image-updater.labels" . | nindent 4 }}
  name: {{ include "argocd-image-updater.fullname" . }} 
rules:
  - apiGroups:
      - ''
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch

Describe alternatives you've considered

None.

Additional context

No response

LinuxSuRen avatar Jul 01 '22 07:07 LinuxSuRen