Skip to content

smcavallo/argocd-ecr-updater

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ArgoCD-ECR-Updater

ECR currently requires token authentication.

ArgoCD supports username and password authentication for helm repos but does not have native functionality to refresh tokens

This image regenerates ECR tokens and updates an ArgoCD manifest with the updated token

See the following for more info

Configuration

Create and apply a repository configuration

apiVersion: v1
kind: Secret
metadata:
  name: YOUR_REPO_SECRET_NAME
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  url: YOUR_AWS_ACCOUNT_ID.dkr.ecr.YOUR_AWS_REGION.amazonaws.com
  name: ecr
  type: helm
  enableOCI: "true"
  username: AWS
  password: TO_BE_AUTOGENERATED_AND_AUTOREFRESHED

General parameters

ENV VAR DEFAULT Description
ARGOCD_REPO_SECRET_NAME "" The name of the argocd repository secret to refresh. Required.
ARGOCD_ECR_UPDATER_SYNC_CRON 0 */12 * * * cron for how often credentials should be refreshed. defaults to every 12 hours to match the default token expiry.
ARGOCD_ECR_REGISTRY None Optionally specify a registry ID (ACCOUNT_ID) to use, if not the default registry for the account. Useful for cross account login.

Monitoring

/metrics endpoint is exposed on port 8080 for external monitoring

AWS Authentication

Pod-iam is the preferred method, which can be set via the serviceAccount annotations.

Otherwise (not recommended) aws access keys can be set via volume mounts, environment variables, or external secret refs

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published