search

argoproj / argo-helm

ArgoProj Helm Charts
https://argoproj.github.io/argo-helm/
Apache License 2.0
1.71k stars 1.86k forks source link

Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2959

Open Muhammad-Irfan324 opened 1 week ago

Muhammad-Irfan324 commented 1 week ago

Describe the bug

Describe the bug https://github.com/argoproj/argo-helm/blob/ebb2d15f1e370e6023770713596aa480c71b8914/charts/argocd-image-updater/values.yaml#L149 registries:

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Related helm chart

argocd-image-updater

Helm chart version

0.11.0

To Reproduce

Describe the bug https://github.com/argoproj/argo-helm/blob/ebb2d15f1e370e6023770713596aa480c71b8914/charts/argocd-image-updater/values.yaml#L149 registries:

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

Selection_421

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Selection_422

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Expected behavior

It Should By pass the TLS and gowith insecure

Screenshots

No response

Additional context

No response

yu-croco commented 1 week ago

Hi @Muhammad-Irfan324 .

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

since argo-helm provides Helm Chart to deploy Argoproj but we don't handle specific feature of them, you can get more help in upstream.