Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow use of in-cluster kube-client for test-command #293

Merged
merged 1 commit into from
Nov 6, 2021
Merged

Allow use of in-cluster kube-client for test-command #293

merged 1 commit into from
Nov 6, 2021

Conversation

janpieper-gcx
Copy link
Contributor

This PR fixes the issue described in #288.

With Kubernetes

For the following cases, I used the following registries.conf:

registries:
  - name: myfancyregistry
    api_url: https://myfancyregistry.azurecr.io
    prefix: myfancyregistry.azurecr.io
    ping: yes
    credentials: secret:argocd/registry#auth

In-cluster kube client **NEW**

Success

$ argocd-image-updater --registries-conf registries.conf test myfancyregistry.azurecr.io/example
DEBU[0000] Creating in-cluster Kubernetes client        
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
INFO[0000] Fetching available tags and metadata from registry  image_name=example
INFO[0001] Found 2 tags in registry                      image_name=example
DEBU[0001] found 2 from 2 tags eligible for consideration  image=myfancyregistry.azurecr.io/example
INFO[0001] latest image according to constraint is myfancyregistry.azurecr.io/example:v0.0.1

Failure

$ argocd-image-updater --registries-conf registries.conf test myfancyregistry.azurecr.io/example
DEBU[0000] Creating in-cluster Kubernetes client        
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
FATA[0000] could not set registry credentials: could not fetch secret 'registry' from namespace 'argocd' (field: 'auth'): secrets "registry" not found

Local kubeconfig

Success

$ argocd-image-updater --registries-conf registries.conf test --kubeconfig ~/.kube/config myfancyregistry.azurecr.io/example
DEBU[0000] Creating Kubernetes client from /home/jan/.kube/config 
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
INFO[0000] Fetching available tags and metadata from registry  image_name=example
INFO[0001] Found 2 tags in registry                      image_name=example
DEBU[0001] found 2 from 2 tags eligible for consideration  image=myfancyregistry.azurecr.io/example
INFO[0001] latest image according to constraint is myfancyregistry.azurecr.io/example:v0.0.1

Failure

$ argocd-image-updater --registries-conf registries.conf test --kubeconfig ~/.kube/config myfancyregistry.azurecr.io/example
DEBU[0000] Creating Kubernetes client from /home/jan/.kube/config 
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
FATA[0000] could not set registry credentials: could not fetch secret 'registry' from namespace 'argocd' (field: 'auth'): secrets "registry" not found

Without Kubernetes

As we're now using --disable-kubernetes, we cannot use a kubernetes secrets for the credentials-option anymore. In this case, I am using an ENV-variable:

registries:
  - name: myfancyregistry
    api_url: https://myfancyregistry.azurecr.io
    prefix: myfancyregistry.azurecr.io
    ping: yes
    credentials: env:REGISTRY_SECRET

Success

$ REGISTRY_SECRET=user:password argocd-image-updater --registries-conf registries.conf test --disable-kubernetes 
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
INFO[0000] Fetching available tags and metadata from registry  image_name=example
INFO[0000] Found 2 tags in registry                      image_name=example
DEBU[0000] found 2 from 2 tags eligible for consideration  image=myfancyregistry.azurecr.io/example
INFO[0000] latest image according to constraint is myfancyregistry.azurecr.io/example:v0.0.1

Failure

$ REGISTRY_SECRET=user:password argocd-image-updater --registries-conf registries.conf test --disable-kubernetes ~/.kube/config myfancyregistry.azurecr.io/example
INFO[0000] getting image                                 image_name=example registry=myfancyregistry.azurecr.io
DEBU[0000] rate limit for https://myfancyregistry.azurecr.io is 2147483647 
INFO[0000] Loaded 1 registry configurations from registries.yaml 
WARN[0000] cannot use K8s credentials without Kubernetes client  registry="https://myfancyregistry.azurecr.io"
FATA[0000] could not set registry credentials: could not fetch image tags

@janpieper
fix: Allow use of in-cluster kube-client for test-command (argoproj-l…
981c58c 
…abs#288)

* Use in-cluster kube client unless k8s is disabled

* Assign `ctx` only if needed

Signed-off-by: Jan Pieper <kontakt@jan-pieper.info>
jannfis
jannfis approved these changes Nov 6, 2021
View reviewed changes
Copy link
Contributor

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @janpieper-gcx

@jannfis
Copy link
Contributor

jannfis commented Nov 6, 2021

Closes #288

@jannfis jannfis merged commit 226e731 into argoproj-labs:master Nov 6, 2021
@jannfis jannfis mentioned this pull request Nov 6, 2021
Closed
@janpieper janpieper deleted the use-in-cluster-kube-client-for-test branch November 7, 2021 17:29
tuananh pushed a commit to tuananh/argocd-image-updater that referenced this pull request Nov 11, 2021
@janpieper-gcx @janpieper @tuananh
fix: Allow use of in-cluster kube-client for test-command (argoproj-l…
2480ed8 
…abs#288) (argoproj-labs#293)

* Use in-cluster kube client unless k8s is disabled

* Assign `ctx` only if needed

Signed-off-by: Jan Pieper <kontakt@jan-pieper.info>

Co-authored-by: Jan Pieper <kontakt@jan-pieper.info>
@janpieper janpieper mentioned this pull request Jan 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jannfis jannfis jannfis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@janpieper-gcx @jannfis @janpieper