Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argocd: doesnt pull image metadata from dockerhub private registries #662

Open
pratapaprasanna opened this issue Jan 1, 2024 · 2 comments
Open

argocd: doesnt pull image metadata from dockerhub private registries #662

pratapaprasanna opened this issue Jan 1, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@pratapaprasanna
Copy link

Describe the bug

/ $ argocd-image-updater test gouthamappsmith/tests-argocd:release --update-strategy latest
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name=gouthamappsmith/tests-argocd image_tag=release registry_url=
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name=gouthamappsmith/tests-argocd image_tag=release registry_url=
FATA[0001] could not get tags: errors:
denied: requested access to the resource is denied
unauthorized: authentication required  application=test image_alias= image_digest= image_name=gouthamappsmith/tests-argocd image_tag=release registry_url=

My registries configmap look as follows

apiVersion: v1
data:
  registries.conf: |
    registries:
    - name: Docker Hub
      api_url: none
      credentials: pullsecret:argocd/appsmith
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-image-updater-config","app.kubernetes.io/part-of":"argocd-image-updater"},"name":"argocd-image-updater-config","namespace":"argocd"}}
  creationTimestamp: "2024-01-01T07:26:36Z"
  labels:
    app.kubernetes.io/name: argocd-image-updater-config
    app.kubernetes.io/part-of: argocd-image-updater
  name: argocd-image-updater-config
  namespace: argocd
  resourceVersion: "225812617"
  uid: a27b5695-06eb-424e-bbe7-60db4b32d2f6

Same creds work when i do a docker login

(base) ➜  Pictures docker login --username xxxxx --password xxxxxxx
WARNING! Using --password via the CLI is insecure. Use --password-stdin.

Login Succeeded
(base) ➜  Pictures docker pull index.docker.io/gouthamappsmith/test-argocd:release
release: Pulling from gouthamappsmith/test-argocd
c926b61bad3b: Downloading [=========================>                         ]   1.71MB/3.402MB
e5820a814e8c: Downloading [=====>                                             ]  1.453MB/13.14MB
7b4bda58fd3f: Downloading [=>                                                 ]  947.1kB/46.85MB

I created the secret as follows

kubectl create -n argocd secret docker-registry appsmith --docker-username=xxxx --docker-password=xxx

and it is working in the same cluster as imagePullSecrets. Also, occasionally i see Too many pull Requests despite providing my credentials and authenticating myself

Am i missing anything? anyhelp would be off great use Thankyou

Version

/ $ argocd-image-updater version
argocd-image-updater: v0.12.0+aee153d
  BuildDate: 2022-03-14T12:45:27Z
  GitCommit: aee153dabeb8b592e4d091c933ae4f77181db653
  GoVersion: go1.17.8
  GoCompiler: gc
  Platform: linux/amd64
@pratapaprasanna pratapaprasanna added the bug Something isn't working label Jan 1, 2024
@pratapaprasanna
Copy link
Author

I tried the following and it worked.

Create a secret using dockerhub PAT using the following link

cat docker-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: dockerhub
  namespace: argocd
type: Opaque
stringData:
  token: gouthamappsmith:xxxxxxxxxx

argocd-image-updater.yaml as the following

---
image:
  tag: "latest"

metrics:
  enabled: true

config:
  registries:
    - name: Docker Hub
      credentials: secret:argocd/dockerhub#token
      api_url: https://registry-1.docker.io
      ping: yes
      default: true

Installed argcd-image-updater using the following

helm upgrade -i updater -n argocd argo/argocd-image-updater -f argocd-image-updater.yaml

However, upon deploying i see these logs

time="2024-01-02T08:54:12Z" level=info msg="Successfully updated the live application spec" application=appsmith
time="2024-01-02T08:54:12Z" level=info msg="Processing results: applications=1 images_considered=2 images_skipped=0 images_updated=2 errors=0"

But, I don't see the image not getting updated. Anything i am missing ? I deliberately , didn't go with git commits ?

@stefan-oconnell
Copy link

Just wanted to add some traffic to this, we have a similar situation.

We use Azure Container Registry, and when I tried to configure a registry-wide pull secret, it wouldn't auth (but I could curl the same /tag/list endpoint with the same creds).

When I set each image in the image list to use the same pull secret individually, it works.

So I think there's a disconnect somewhere between the registry-wide config (which uses https://????.azurecr.io for it's api url), and the image list which omits the https when defining images.

I'm guessing when it goes to compare to decide if it needs to use that specific registry, it doesn't consider it a match? Just a stab in the dark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pratapaprasanna @stefan-oconnell