search

argoproj-labs / argocd-image-updater

Automatic container image update for Argo CD
https://argocd-image-updater.readthedocs.io/en/stable/
Apache License 2.0
1.28k stars 263 forks source link

Issue with Authentication in ArgoCD Image Updater for Docker Hub #705

Open aswin-vijayan opened 6 months ago

aswin-vijayan commented 6 months ago

Describe the bug

I'm encountering an authentication issue while using ArgoCD's image updater to automatically update images for deployments when a new image is pushed to Docker Hub. Here's the error message I'm encountering in the image updater log: level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

To Reproduce

  1. Created a secret with Docker Hub's username and secret using the following command:

    kubectl create secret docker-registry regcred -n argocd \
--docker-server=https://index.docker.io/v1/ \
--docker-username=xxxxxx \
--docker-password=xxxxxx

  2. Configured the image updater configmap to use the secret by adding the following line to the argocd-image-updater-config configmap:

    data:
registries.conf: |
registries:
- name: Docker Hub
  prefix: docker.io
  api_url: https://index.docker.io/v1/
  credentials: pullsecret:argocd/regcred
  defaultns: library
  default: true

  3. Restarted ArgoCD image updater.

  4. Deployed an application using the following YAML file:

    apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx
namespace: argocd
annotations:
argocd-image-updater.argoproj.io/image-list: argocd/test:~1.0
argocd-image-updater.argoproj.io/pullsecret: argocd/regcred
argocd-image-updater.argoproj.io/write-back-method: git
argocd-image-updater.argoproj.io/git-branch: main
argocd-image-updater.argoproj.io/update-strategy: latest
spec:
project: default
source:
repoURL: https://github.com/xxxxxxxxxxx/helm-chart.git
targetRevision: main
path: nginx
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
  prune: true
  selfHeal: true

    Expected behavior

The image updater should authenticate successfully with Docker Hub using the provided credentials and update the images automatically whenever a new image is pushed to the registry.

Actual Behavior

Encountering authentication errors as mentioned above.

Additional context

I've verified that the provided Docker Hub credentials are correct and have the necessary permissions. The same issue when using AWS ECR.

Logs

Logs of Image Updater

level=error msg="Could not get tags from registry: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n" alias= application=nginx image_name=argocd/test image_tag=1.0.1 registry=

Logs got on Argo CD UI

Failed to pull image "aswinvj/test:1.0.1": failed to pull and unpack image "docker.io/aswinvj/test:1.0.1": failed to resolve reference "docker.io/aswinvj/test:1.0.1": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

Tried Methods

With the above method also I have tried another methods given in the below blogs:

  1. https://medium.com/@tomas94depi/argo-image-updater-with-aws-ecr-ddb661abb332
  2. https://www.crunchydata.com/blog/use-ci-cd-to-automatically-update-postgres-images-with-argo-cd
  3. https://medium.com/@megaurav25/argocd-image-updater-fbc93dc15e34
chengfang commented 2 weeks ago

docs on configuring registries: https://argocd-image-updater.readthedocs.io/en/latest/configuration/registries/