argoproj
/
argo-helm
mirror of https://github.com/argoproj/argo-helm.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

feat(argocd-image-updater): Add ability to mount authentication scripts (#987)

pull/1018/head argocd-image-updater-0.4.0
Niels ten Boom 2021-11-15 23:19:03 +00:00 committed by GitHub
parent 12e25a37f9
commit 3e8463d1c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/argocd-image-updater/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: argocd-image-updater name: argocd-image-updater
description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
type: application type: application
version: 0.3.0 version: 0.4.0
appVersion: v0.10.1 appVersion: v0.10.1
home: https://github.com/argoproj-labs/argocd-image-updater home: https://github.com/argoproj-labs/argocd-image-updater
icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -15,4 +15,4 @@ maintainers:
url: https://argoproj.github.io/ url: https://argoproj.github.io/
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Added]: Ability to expose metrics and deploy a Prometheus ServiceMonitor" - "[Added]: Ability to mount authentication scripts"

4
charts/argocd-image-updater/README.md
View File

@ -51,7 +51,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in
- GitHub Container Registry - GitHub Container Registry
- GitHub Docker Packages - GitHub Docker Packages
If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR.
The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart.
@ -60,6 +60,8 @@ The `config.registries` value can be used exactly as it looks in the documentati
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| affinity | object | `{}` | Kubernetes affinity settings for the deployment | | affinity | object | `{}` | Kubernetes affinity settings for the deployment |
| authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` |
| authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents |
| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API |
| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |

10
charts/argocd-image-updater/templates/configmap-authscripts.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- if .Values.authScripts.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "argocd-image-updater.labels" . | nindent 4 }}
name: argocd-image-updater-authscripts
data:
{{- toYaml .Values.authScripts.scripts | nindent 2}}
{{- end }}

10
charts/argocd-image-updater/templates/deployment.yaml
View File

@ -84,6 +84,10 @@ spec:
name: registries-conf name: registries-conf
- mountPath: /tmp - mountPath: /tmp
name: tmp-dir name: tmp-dir
{{- if .Values.authScripts.enabled }}
- mountPath: /scripts
name: authscripts
{{- end }}
volumes: volumes:
- configMap: - configMap:
items: items:
@ -91,6 +95,12 @@ spec:
path: registries.conf path: registries.conf
name: argocd-image-updater-config name: argocd-image-updater-config
name: registries-conf name: registries-conf
{{- if .Values.authScripts.enabled }}
- configMap:
defaultMode: 0777
name: argocd-image-updater-authscripts
name: authscripts
{{- end }}
- emptyDir: {} - emptyDir: {}
name: tmp-dir name: tmp-dir
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}

21
charts/argocd-image-updater/values.yaml
View File

@ -71,6 +71,27 @@ config:
# ping: no # ping: no
# prefix: quay.io # prefix: quay.io
# credentials: env:REGISTRY_SECRET # credentials: env:REGISTRY_SECRET
# - name: ECR
# api_url: https://123456789.dkr.ecr.eu-west-1.amazonaws.com
# prefix: 123456789.dkr.ecr.eu-west-1.amazonaws.com
# ping: yes
# insecure: no
# credentials: ext:/scripts/auth1.sh
# credsexpire: 10h
# whether to mount authentication scripts, if enabled, the authentication scripts will be mounted on /scripts that can be used to authenticate with registries (ECR)
# refer to https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#specifying-credentials-for-accessing-container-registries for more info
authScripts:
# -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts`
enabled: false
# -- Map of key-value pairs where the key consists of the name of the script and the value the contents
scripts: {}
# auth1.sh: |
# #!/bin/sh
# echo "auth script 1 here"
# auth2.sh: |
# #!/bin/sh
# echo "auth script 2 here"
serviceAccount: serviceAccount:
# -- Specifies whether a service account should be created # -- Specifies whether a service account should be created