feat(argocd-image-updater): Add ability to mount authentication scripts (#987)

2021-11-15 23:19:03 +00:00 · 2021-11-15 23:19:03 +00:00 · 3e8463d1c5
parent 12e25a37f9
commit 3e8463d1c5
5 changed files with 46 additions and 3 deletions
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.3.0
+version: 0.4.0
 appVersion: v0.10.1
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -15,4 +15,4 @@ maintainers:
    url: https://argoproj.github.io/
 annotations:
  artifacthub.io/changes: |
-    - "[Added]: Ability to expose metrics and deploy a Prometheus ServiceMonitor"
+    - "[Added]: Ability to mount authentication scripts"
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -51,7 +51,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
 - GitHub Container Registry
 - GitHub Docker Packages

-If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration.
+If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.

 The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.

@ -60,6 +60,8 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Kubernetes affinity settings for the deployment |
+| authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` |
+| authScripts.scripts | object |  `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents |
 | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API |
 | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
 | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
--- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml
+++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml
@ -0,0 +1,10 @@
+{{- if .Values.authScripts.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "argocd-image-updater.labels" . | nindent 4 }}
+  name: argocd-image-updater-authscripts
+data:
+  {{- toYaml .Values.authScripts.scripts | nindent 2}}
+{{- end }}
--- a/charts/argocd-image-updater/templates/deployment.yaml
+++ b/charts/argocd-image-updater/templates/deployment.yaml
@ -84,6 +84,10 @@ spec:
            name: registries-conf
          - mountPath: /tmp
            name: tmp-dir
+          {{- if .Values.authScripts.enabled }}
+          - mountPath: /scripts
+            name: authscripts
+          {{- end }}
      volumes:
      - configMap:
          items:
@ -91,6 +95,12 @@ spec:
            path: registries.conf
          name: argocd-image-updater-config
        name: registries-conf
+      {{- if .Values.authScripts.enabled }}
+      - configMap:
+          defaultMode: 0777
+          name: argocd-image-updater-authscripts
+        name: authscripts
+      {{- end }}
      - emptyDir: {}
        name: tmp-dir
      {{- with .Values.nodeSelector }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -71,6 +71,27 @@ config:
    #   ping: no
    #   prefix: quay.io
    #   credentials: env:REGISTRY_SECRET
+    # - name: ECR
+    #   api_url: https://123456789.dkr.ecr.eu-west-1.amazonaws.com
+    #   prefix: 123456789.dkr.ecr.eu-west-1.amazonaws.com
+    #   ping: yes
+    #   insecure: no
+    #   credentials: ext:/scripts/auth1.sh
+    #   credsexpire: 10h
+
+# whether to mount authentication scripts, if enabled, the authentication scripts will be mounted on /scripts that can be used to authenticate with registries (ECR)
+# refer to https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#specifying-credentials-for-accessing-container-registries for more info
+authScripts:
+  # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts`
+  enabled: false
+  # -- Map of key-value pairs where the key consists of the name of the script and the value the contents
+  scripts: {}
+    # auth1.sh: |
+    #   #!/bin/sh
+    #   echo "auth script 1 here"
+    # auth2.sh: |
+    #   #!/bin/sh
+    #   echo "auth script 2 here"

 serviceAccount:
  # -- Specifies whether a service account should be created