diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index a78122882a..c04a92546b 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -9,7 +9,7 @@ dependencies: version: 9.3.7 repository: https://argoproj.github.io/argo-helm - name: argocd-image-updater - version: 1.0.1 + version: 1.1.1 repository: oci://ghcr.io/argoproj/argo-helm/argocd-image-updater - name: cert-manager version: v1.19.3 diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 31caf96459..dd0bb3f23e 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -1,12 +1,12 @@ annotations: artifacthub.io/changes: | - - kind: changed - description: Bump argocd-image-updater to v1.0.1 + - kind: fixed + description: Fix shebang line in azure-workload-identity example artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v1.0.1 +appVersion: v1.1.0 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD home: https://github.com/argoproj-labs/argocd-image-updater @@ -20,4 +20,4 @@ maintainers: url: https://argoproj.github.io/ name: argocd-image-updater type: application -version: 1.0.1 +version: 1.1.1 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5aae146b2b..dfc288242e 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -10,18 +10,34 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late ## Installation ```console -helm install oci://ghcr.io/argoproj/argo-helm/argocd-image-updater --namespace argocd-image-updater-system +helm install oci://ghcr.io/argoproj/argo-helm/argocd-image-updater --namespace ``` If you still use the classic approach of installing Helm charts (non-OCI), you can do so by adding the Argo Helm repository and installing the chart with the following commands: ```console helm repo add argo https://argoproj.github.io/argo-helm -helm install argocd-image-updater argo/argocd-image-updater --namespace argocd-image-updater-system +helm install argocd-image-updater argo/argocd-image-updater --namespace ``` The Argo CD Image Updater controller **must** be run in the same Kubernetes cluster where your Argo CD `Application` resources are managed. The current controller architecture (v1.0+) does not support connecting to a remote Kubernetes cluster to manage applications. +### Choosing the installation namespace + +> You have two options for where to install the Argo CD Image Updater: +> +> #### Option 1: Install into the Argo CD namespace (Recommended) +> +> The simplest approach is to install the image updater into the same namespace as your Argo CD installation. This +> requires minimal configuration. (..) +> +> #### Option 2: Install into a separate namespace +> +> For better workload isolation, you can install the image updater into its own namespace. This use case requires +> several manual configuration steps. (..) + +For the full details, please read [Installation methods] in the upstream docs. + ## Prerequisites * Helm v3.0.0+ @@ -32,6 +48,13 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 1.0.3 (app version 1.0.2) + +The upstream project changed the recommended installation namespace from `argocd-image-updater-system` to the same +namespace as Argo CD is installed in. + +Please read [Installation methods] and/or [PR #1356] for more information. + ### 1.0.0 This chart release includes the upstream breaking changes introduced in Argo CD Image Updater 1.0.0. @@ -150,3 +173,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ [Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 +[Installation methods]: https://github.com/argoproj-labs/argocd-image-updater/blob/v1.0.2/docs/install/installation.md#installation-methods +[PR #1356]: https://github.com/argoproj-labs/argocd-image-updater/pull/1356 diff --git a/charts/argocd-image-updater/crds/crd-imageupdaters.yaml b/charts/argocd-image-updater/crds/crd-imageupdaters.yaml index bd611c0c9e..141fc9bed6 100644 --- a/charts/argocd-image-updater/crds/crd-imageupdaters.yaml +++ b/charts/argocd-image-updater/crds/crd-imageupdaters.yaml @@ -57,6 +57,7 @@ spec: description: |- CommonUpdateSettings overrides the global CommonUpdateSettings for applications matched by this selector. + This field is ignored when UseAnnotations is true. properties: allowTags: description: |- @@ -103,6 +104,7 @@ spec: Images contains a list of configurations that how images should be updated. These rules apply to applications selected by namePattern in ApplicationRefs, and each image can override global/ApplicationRef settings. + This field is ignored when UseAnnotations is true. items: description: |- ImageConfig defines how a specific container image should be discovered, updated, @@ -182,25 +184,23 @@ spec: description: |- Name is the dot-separated path to the Helm key for the image repository/name part. Example: "image.repository", "frontend.deployment.image.name". - This field is required if the Helm target is used. + If neither spec nor name/tag are set, defaults to "image.name". + If spec is set, this field is ignored. type: string spec: description: |- - Spec is an optional dot-separated path to a Helm key where the full image string + Spec is the dot-separated path to a Helm key where the full image string (e.g., "image/name:1.0") should be written. Use this if your Helm chart expects the entire image reference in a single field, - rather than separate name/tag fields. If this is set, other Helm parameter-related - options will be ignored. + rather than separate name/tag fields. If this is set, name and tag will be ignored. type: string tag: description: |- Tag is the dot-separated path to the Helm key for the image tag part. Example: "image.tag", "frontend.deployment.image.version". - This field is required if the Helm target is used. + If neither spec nor name/tag are set, defaults to "image.tag". + If spec is set, this field is ignored. type: string - required: - - name - - tag type: object kustomize: description: |- @@ -227,7 +227,6 @@ spec: - alias - imageName type: object - minItems: 1 type: array x-kubernetes-list-map-keys: - alias @@ -283,10 +282,21 @@ spec: description: NamePattern indicates the glob pattern for application name type: string + useAnnotations: + default: false + description: |- + UseAnnotations When true, read image configuration from Application's + argocd-image-updater.argoproj.io/* annotations instead of + requiring explicit Images[] configuration in this CR. + When this field is set to true, only namePattern and labelSelectors are used for + application selection. All other fields (CommonUpdateSettings, WriteBackConfig, Images) + are ignored. + type: boolean writeBackConfig: description: |- WriteBackConfig overrides the global WriteBackConfig settings for applications matched by this selector. + This field is ignored when UseAnnotations is true. properties: gitConfig: description: |- @@ -324,9 +334,13 @@ spec: - method type: object required: - - images - namePattern type: object + x-kubernetes-validations: + - message: Either useAnnotations must be true, or images must be + provided with at least one item + rule: '!(has(self.useAnnotations) && self.useAnnotations == true) + ? (has(self.images) && size(self.images) > 0) : true' minItems: 1 type: array x-kubernetes-list-map-keys: diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 81190a8219..181dca6c22 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -43,11 +43,17 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: + - name: ARGOCD_NAMESPACE + valueFrom: + configMapKeyRef: + key: argocd.namespace + name: {{ .Values.config.name }} + optional: true - name: IMAGE_UPDATER_INTERVAL valueFrom: configMapKeyRef: key: interval - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: @@ -71,7 +77,7 @@ spec: valueFrom: configMapKeyRef: key: max_concurrent_reconciles - name: a{{ .Values.config.name }} + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_USER valueFrom: @@ -112,13 +118,13 @@ spec: - name: ENABLE_WEBHOOK valueFrom: configMapKeyRef: - name: argocd-image-updater-config + name: {{ .Values.config.name }} key: webhook.enable optional: true - name: WEBHOOK_PORT valueFrom: configMapKeyRef: - name: argocd-image-updater-config + name: {{ .Values.config.name }} key: webhook.port optional: true - name: QUAY_WEBHOOK_SECRET @@ -148,7 +154,7 @@ spec: - name: WEBHOOK_RATELIMIT_ALLOWED valueFrom: configMapKeyRef: - name: argocd-image-updater-config + name: {{ .Values.config.name }} key: webhook.ratelimit-allowed optional: true {{- with .Values.extraEnv }} diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 4cc6e08806..a22ac01b28 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -17,7 +17,7 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} spec: ports: - - name: https + - name: metrics protocol: TCP port: {{ .Values.metrics.service.servicePort }} targetPort: metrics @@ -38,6 +38,10 @@ spec: - ports: - port: metrics protocol: TCP + {{- if .Values.ingress.enabled }} + - port: webhook + protocol: TCP + {{- end }} podSelector: matchLabels: {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 8cfb6019b2..ebd11323d9 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -59,7 +59,6 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: - apiGroups: - "" @@ -110,7 +109,6 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 2d23ec396d..3f90e50167 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -216,7 +216,7 @@ authScripts: # #!/bin/sh # echo "auth script 2 here" # azure-workload-identity.sh: | - # #!/bin:sh + # #!/bin/sh # # Example script for Azure Workload Identity. # # This script would typically use environment variables set by the workload identity # # to acquire an Azure AD token and authenticate with Azure Container Registry (ACR).