Issue with Authentication in ArgoCD Image Updater for Docker Hub

[aswin-vijayan]

Describe the bug

I'm encountering an authentication issue while using ArgoCD's image updater to automatically update images for deployments when a new image is pushed to Docker Hub. Here's the error message I'm encountering in the image updater log:
level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

To Reproduce

1. Created a secret with Docker Hub's username and secret using the following command:
   kubectl create secret docker-registry regcred -n argocd \ --docker-server=https://index.docker.io/v1/ \ --docker-username=xxxxxx \ --docker-password=xxxxxx

2. Configured the image updater configmap to use the secret by adding the following line to the argocd-image-updater-config configmap:
   `data:
   registries.conf: |
   registries:

   • name: Docker Hub
     prefix: docker.io
     api_url: https://index.docker.io/v1/
     credentials: pullsecret:argocd/regcred
     defaultns: library
     default: true
     `

3. Restarted ArgoCD image updater.

4. Deployed an application using the following YAML file:
   apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: nginx namespace: argocd annotations: argocd-image-updater.argoproj.io/image-list: argocd/test:~1.0 argocd-image-updater.argoproj.io/pullsecret: argocd/regcred argocd-image-updater.argoproj.io/write-back-method: git argocd-image-updater.argoproj.io/git-branch: main argocd-image-updater.argoproj.io/update-strategy: latest spec: project: default source: repoURL: https://github.com/xxxxxxxxxxx/helm-chart.git targetRevision: main path: nginx destination: server: https://kubernetes.default.svc namespace: argocd syncPolicy: automated: prune: true selfHeal: true
   Expected behavior

The image updater should authenticate successfully with Docker Hub using the provided credentials and update the images automatically whenever a new image is pushed to the registry.

Actual Behavior

Encountering authentication errors as mentioned above.

Additional context

I've verified that the provided Docker Hub credentials are correct and have the necessary permissions. The same issue when using AWS ECR.

Logs

Logs of Image Updater

level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

Logs got on Argo CD UI

Failed to pull image "aswinvj/test:1.0.1": failed to pull and unpack image "docker.io/aswinvj/test:1.0.1": failed to resolve reference "docker.io/aswinvj/test:1.0.1": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

Tried Methods

With the above method also I have tried another methods given in the below blogs:

1. https://medium.com/@tomas94depi/argo-image-updater-with-aws-ecr-ddb661abb332
2. https://www.crunchydata.com/blog/use-ci-cd-to-automatically-update-postgres-images-with-argo-cd
3. https://medium.com/@megaurav25/argocd-image-updater-fbc93dc15e34