linode · svcAPLBot · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026 · Feb 17, 2026
@@ -9,7 +9,7 @@ dependencies:
     version: 9.3.7
     repository: https://argoproj.github.io/argo-helm
   - name: argocd-image-updater
-    version: 1.0.1
+    version: 1.1.1
     repository: oci://ghcr.io/argoproj/argo-helm/argocd-image-updater
   - name: cert-manager
     version: v1.19.3

@@ -1,12 +1,12 @@
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bump argocd-image-updater to v1.0.1
+    - kind: fixed
+      description: Fix shebang line in azure-workload-identity example
   artifacthub.io/signKey: |
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
 apiVersion: v2
-appVersion: v1.0.1
+appVersion: v1.1.0
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update
   the container images of Kubernetes workloads which are managed by Argo CD
 home: https://github.com/argoproj-labs/argocd-image-updater
@@ -20,4 +20,4 @@ maintainers:
   url: https://argoproj.github.io/
 name: argocd-image-updater
 type: application
-version: 1.0.1
+version: 1.1.1
@@ -10,18 +10,34 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late
 ## Installation
 
 ```console
-helm install oci://ghcr.io/argoproj/argo-helm/argocd-image-updater --namespace argocd-image-updater-system
+helm install oci://ghcr.io/argoproj/argo-helm/argocd-image-updater --namespace <desired installation namespace>
 ```
 
 If you still use the classic approach of installing Helm charts (non-OCI), you can do so by adding the Argo Helm repository and installing the chart with the following commands:
 
 ```console
 helm repo add argo https://argoproj.github.io/argo-helm
-helm install argocd-image-updater argo/argocd-image-updater --namespace argocd-image-updater-system
+helm install argocd-image-updater argo/argocd-image-updater --namespace <desired installation namespace>
 ```
 
 The Argo CD Image Updater controller **must** be run in the same Kubernetes cluster where your Argo CD `Application` resources are managed. The current controller architecture (v1.0+) does not support connecting to a remote Kubernetes cluster to manage applications.
 
+### Choosing the installation namespace
+
+> You have two options for where to install the Argo CD Image Updater:
+>
+> #### Option 1: Install into the Argo CD namespace (Recommended)
+>
+> The simplest approach is to install the image updater into the same namespace as your Argo CD installation. This
+> requires minimal configuration. (..)
+>
+> #### Option 2: Install into a separate namespace
+>
+> For better workload isolation, you can install the image updater into its own namespace. This use case requires
+> several manual configuration steps. (..)
+
+For the full details, please read [Installation methods] in the upstream docs.
+
 ## Prerequisites
 
 * Helm v3.0.0+
@@ -32,6 +48,13 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 1.0.3 (app version 1.0.2)
+
+The upstream project changed the recommended installation namespace from `argocd-image-updater-system` to the same
+namespace as Argo CD is installed in.
+
+Please read [Installation methods] and/or [PR #1356] for more information.
+
 ### 1.0.0
 
 This chart release includes the upstream breaking changes introduced in Argo CD Image Updater 1.0.0.
@@ -150,3 +173,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 
 [Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/
 [Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112
+[Installation methods]: https://github.com/argoproj-labs/argocd-image-updater/blob/v1.0.2/docs/install/installation.md#installation-methods
+[PR #1356]: https://github.com/argoproj-labs/argocd-image-updater/pull/1356
@@ -57,6 +57,7 @@ spec:
                       description: |-
                         CommonUpdateSettings overrides the global CommonUpdateSettings for applications
                         matched by this selector.
+                        This field is ignored when UseAnnotations is true.
                       properties:
                         allowTags:
                           description: |-
@@ -103,6 +104,7 @@ spec:
                         Images contains a list of configurations that how images should be updated.
                         These rules apply to applications selected by namePattern in ApplicationRefs, and each
                         image can override global/ApplicationRef settings.
+                        This field is ignored when UseAnnotations is true.
                       items:
                         description: |-
                           ImageConfig defines how a specific container image should be discovered, updated,
@@ -182,25 +184,23 @@ spec:
                                     description: |-
                                       Name is the dot-separated path to the Helm key for the image repository/name part.
                                       Example: "image.repository", "frontend.deployment.image.name".
-                                      This field is required if the Helm target is used.
+                                      If neither spec nor name/tag are set, defaults to "image.name".
+                                      If spec is set, this field is ignored.
                                     type: string
                                   spec:
                                     description: |-
-                                      Spec is an optional dot-separated path to a Helm key where the full image string
+                                      Spec is the dot-separated path to a Helm key where the full image string
                                       (e.g., "image/name:1.0") should be written.
                                       Use this if your Helm chart expects the entire image reference in a single field,
-                                      rather than separate name/tag fields. If this is set, other Helm parameter-related
-                                      options will be ignored.
+                                      rather than separate name/tag fields. If this is set, name and tag will be ignored.
                                     type: string
                                   tag:
                                     description: |-
                                       Tag is the dot-separated path to the Helm key for the image tag part.
                                       Example: "image.tag", "frontend.deployment.image.version".
-                                      This field is required if the Helm target is used.
+                                      If neither spec nor name/tag are set, defaults to "image.tag".
+                                      If spec is set, this field is ignored.
                                     type: string
-                                required:
-                                - name
-                                - tag
                                 type: object
                               kustomize:
                                 description: |-
@@ -227,7 +227,6 @@ spec:
                         - alias
                         - imageName
                         type: object
-                      minItems: 1
                       type: array
                       x-kubernetes-list-map-keys:
                       - alias
@@ -283,10 +282,21 @@ spec:
                       description: NamePattern indicates the glob pattern for application
                         name
                       type: string
+                    useAnnotations:
+                      default: false
+                      description: |-
+                        UseAnnotations When true, read image configuration from Application's
+                        argocd-image-updater.argoproj.io/* annotations instead of
+                        requiring explicit Images[] configuration in this CR.
+                        When this field is set to true, only namePattern and labelSelectors are used for
+                        application selection. All other fields (CommonUpdateSettings, WriteBackConfig, Images)
+                        are ignored.
+                      type: boolean
                     writeBackConfig:
                       description: |-
                         WriteBackConfig overrides the global WriteBackConfig settings for applications
                         matched by this selector.
+                        This field is ignored when UseAnnotations is true.
                       properties:
                         gitConfig:
                           description: |-
@@ -324,9 +334,13 @@ spec:
                       - method
                       type: object
                   required:
-                  - images
                   - namePattern
                   type: object
+                  x-kubernetes-validations:
+                  - message: Either useAnnotations must be true, or images must be
+                      provided with at least one item
+                    rule: '!(has(self.useAnnotations) && self.useAnnotations == true)
+                      ? (has(self.images) && size(self.images) > 0) : true'
                 minItems: 1
                 type: array
                 x-kubernetes-list-map-keys:

@@ -43,11 +43,17 @@ spec:
               {{- toYaml . | nindent 12 }}
             {{- end }}
           env:
+          - name: ARGOCD_NAMESPACE
+            valueFrom:
+              configMapKeyRef:
+                key: argocd.namespace
+                name: {{ .Values.config.name }}
+                optional: true
           - name: IMAGE_UPDATER_INTERVAL
             valueFrom:
               configMapKeyRef:
                 key: interval
-                name: argocd-image-updater-config
+                name: {{ .Values.config.name }}
                 optional: true
           - name: IMAGE_UPDATER_LOGLEVEL
             valueFrom:
@@ -71,7 +77,7 @@ spec:
             valueFrom:
               configMapKeyRef:
                 key: max_concurrent_reconciles
-                name: a{{ .Values.config.name }}
+                name: {{ .Values.config.name }}
                 optional: true
           - name: GIT_COMMIT_USER
             valueFrom:
@@ -112,13 +118,13 @@ spec:
           - name: ENABLE_WEBHOOK
             valueFrom:
               configMapKeyRef:
-                name: argocd-image-updater-config
+                name: {{ .Values.config.name }}
                 key: webhook.enable
                 optional: true
           - name: WEBHOOK_PORT
             valueFrom:
               configMapKeyRef:
-                name: argocd-image-updater-config
+                name: {{ .Values.config.name }}
                 key: webhook.port
                 optional: true
           - name: QUAY_WEBHOOK_SECRET
@@ -148,7 +154,7 @@ spec:
           - name: WEBHOOK_RATELIMIT_ALLOWED
             valueFrom:
               configMapKeyRef:
-                name: argocd-image-updater-config
+                name: {{ .Values.config.name }}
                 key: webhook.ratelimit-allowed
                 optional: true
           {{- with .Values.extraEnv }}

@@ -17,7 +17,7 @@ metadata:
   namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 spec:
   ports:
-    - name: https
+    - name: metrics
       protocol: TCP
       port: {{ .Values.metrics.service.servicePort }}
       targetPort: metrics
@@ -38,6 +38,10 @@ spec:
   - ports:
     - port: metrics
       protocol: TCP
+    {{- if .Values.ingress.enabled }}
+    - port: webhook
+      protocol: TCP
+    {{- end }}
   podSelector:
     matchLabels:
       {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }}

@@ -59,7 +59,6 @@ metadata:
   labels:
     {{- include "argocd-image-updater.labels" . | nindent 4 }}
   name: {{ include "argocd-image-updater.fullname" . }}
-  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 rules:
   - apiGroups:
     - ""
@@ -110,7 +109,6 @@ metadata:
   labels:
     {{- include "argocd-image-updater.labels" . | nindent 4 }}
   name: {{ include "argocd-image-updater.fullname" . }}
-  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

@@ -216,7 +216,7 @@ authScripts:
     #   #!/bin/sh
     #   echo "auth script 2 here"
     # azure-workload-identity.sh: |
-    #   #!/bin:sh
+    #   #!/bin/sh
     #   # Example script for Azure Workload Identity.
     #   # This script would typically use environment variables set by the workload identity
     #   # to acquire an Azure AD token and authenticate with Azure Container Registry (ACR).