ArgoCD Image updater -
[Manage your deployments on your own.]
A tool to automatically update the new container images of Kubernetes workloads that are managed by Argo CD and also have the ability to write back to the git, so no manual intervention is required.
Why you need it:
In some situations, you need a quick turnaround time, so each time you create a new image, it must be pushed to the cluster as soon as it is built, along with a Git update (considering a git repository as a single source of truth).
Features:-
- Update app images according to different update strategies
semver: update to highest allowed version according to given image constraint
latest: update to the most recently created image tag
name: update to the last tag in an alphabetically sorted list
digest: update to the most recent pushed version of a mutable tagSupported registries:-
1- Docker Hub (docker.io)
2- Docker Registry v2 reference implementation (on-premise)
3- Red Hat Quay (quay.io and on-premise)
4- JFrog Artifactory (jfrog.io and on-premise)
5- GitHub Container Registry (ghcr.io)
6- GitHub Packages Registry (docker.pkg.github.com)
7- GitLab Container Registry (registry.gitlab.com)
8- Google Container Registry (gcr.io)In my scenario, digest is used as an update strategy, and GCR is used as a private registry.
Please add the below annotations to your ArgoCD Application or ApplicationSet file to use ArgoCD Image Updater.
annotations:
argocd-image-updater.argoproj.io/image-list: <alias>=<registry-url>
argocd-image-updater.argoproj.io/{{values.alias}}.update-strategy: digestIsn’t it necessary to update the git with the newly deployed image tag once you’ve deployed the latest image using the above annotations?
I think the Answer is YES
As a result, using ArgoCD Image updater’s git write-back method will enable you to continuously update your git and allow you to view it as a single source of truth without any manual intervention, as I said earlier.
To use the git write-back method, add two more annotations, as shown below.
annotations:
argocd-image-updater.argoproj.io/write-back-method: git
argocd-image-updater.argoproj.io/git-branch: mainNote: The git write-back method is required Argo CD v2.0 and above.
How I configured my ArgoCD Image Updater Step by Step-
1:- Installation manifests-
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml2:- Create Creds for Git -
First create a public/private keys- (Note:- you can use private tokens as well)
ssh-keygen -t rsa -b 4096 -C "example@gmail.com" # use your emailid hereThis command generates two keys for you, as shown below. -
id_rsa id_rsa.pubAdd the id_rsa.pub key to your git repository and grant write access.
And Now add your Private keys (id_rsa) to your ArgoCD Dashboard like below by following assigned numbers-
3:- Create Secret for GCR —
First, Create Service Account
Add the Role -
Create Key-
Note- Keep rotating your Secret key or Use Workload Identity for better security
Download the JSON secret key file and its name is project01–9979673.json
Now run the below command to create a GCR secret in your argocd namespace.
kubectl create secret docker-registry argocd-gcr-secret --docker-server=https://gcr.io --docker-username=_json_key --docker-password="$(cat project01-9979673.json)" -n argocdOnce the Secret is Created under argocd namespace-
4- Edit argocd-image-updater-config -
Edit the ConfigMap argocd-image-updater-config (its a part of your argocd image updater installation manifest files).
You need to add the registry configuration. Here is what it could look like for a GCP registry:
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-image-updater-config
labels:
app.kubernetes.io/name: argocd-image-updater-config
app.kubernetes.io/part-of: argocd-image-updater
data:
log.level: debug
registries.conf: |
registries:
- name: Google Container Registry
api_url: https://gcr.io
prefix: gcr.io
ping: no
credentials: pullsecret:argocd/argocd-gcr-secret
5- Now, Deploy your application.
To deploy your application using argocd , you need basically two things
1:- Application CRD file ( This CRD will inform Argocd about your application, such as its source and destination.)
2:- The actual application deployment code, which includes a kubernetes deployment file, service files, and so on.
Assume you want to use kubernetes to deploy the microservice “ms-echoserver”.
First Create application.yaml for ms-echoserver like below.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ms-echoserver-application
namespace: argocd
annotations:
argocd-image-updater.argoproj.io/image-list: myalias=gcr.io/project01/ms-echoserver:dev #Write repository name
argocd-image-updater.argoproj.io/myalias.pull-secret: pullsecret:argocd/argocd-gcr-secret # You can remove this annotation if you have already configured the gcr secret and are using the same secret to retrieve all GCR images in your deployments.
argocd-image-updater.argoproj.io/myalias.update-strategy: digest #There are several ways to update the image, but I'm using digest.
argocd-image-updater.argoproj.io/write-back-method: git # We don't need the secret as mentioned in argocd doc because we already set it up via argocd console if you're using the same git repo.
argocd-image-updater.argoproj.io/git-branch: main
argocd-image-updater.argoproj.io/myalias.force-update: "true"
finalizers:
- resources-finalizer.argocd.argoproj.io
labels:
name: ms-echoserver-application
spec:
project: default
source:
repoURL: git@github.com:example/argocd.git
targetRevision: HEAD
path: ms-echoserver/overlays/dev # path of the kubernetes application code means where you stored deployment.yaml, service.yaml etc
destination:
server: https://kubernetes.default.svc # if you want to deploy application in the same cluster where argocd server is running if thats diffrent then use cluster IP address.
namespace: test
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
prune: trueNow deploy the ms-echoserver microservice via ArgoCD Application.
kubectl apply -f application.yamlNow wait for 3min(default) to deploy your application via ArgoCD. you Can change polling frequency as per your requirement.
Once the application has been deployed, navigate to the same repository where your Kubernetes files are stored and search for file beginning with .argocd-source-......
The git write-back method uses Git to permanently store its parameter overrides along with the Application's resource manifests.
By default, Argo CD Image Updater will store the parameter in a file named .argocd-source-<appName>.yaml in the path used by the Application to source its manifests from.
you Can also check the ArgoCD Image updater logs using below command.
kubectl --namespace argocd logs --selector app.kubernetes.io/name=argocd-image-updater --followTake away — So Now ArgoCD Image updater will fetch the latest tag and deploy it as soon as you build and push the new image to your GCR without any manual intervention.
A review with an opinion —
PROS -
It allows to create a more dev-friendly architecture. (Do not use this in production until the versions are stable.)
Its multiple update strategies enable you to adapt to almost any tagging system you may already have.
CONS:
The use of the digest strategy makes the ArgoCD UI less developer friendly because it displays the sha sum of your image instead of the tag.
The digest strategy must make three lookup calls to your container registry API. So You may end up exceeding your rate limit quota
Click Me-
ArgoCD All-in-One Setup Guide.
ArgoCD High Availability (HA) [Production Ready].
I hope this post is informative for you and showed how simple it is to set up ArgoCD Image Updater for your infrastructure.
Crafting these articles demands countless hours of ideation, research, and writing. This year has seen me invest over 500 hours into this craft alone. If my work has brought you joy, would you kindly consider supporting me with a coffee? Your gesture would mean the world to me. If not, thank you dearly for your readership. ❤️
