Argo CD Image Updater
0
Image Updater Install
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml로그 레벨 설정
kubectl edit configmap argocd-image-updater-config -n argocd
---------------------------------------------------------------
apiVersion: v1
kind: ConfigMap
data:
log.level: debug
# 생략로컬 계정 설정
kubectl edit configmap argocd-cm -n argocd
---------------------------------------------------------------
apiVersion: v1
kind: ConfigMap
data:
# api 접근 용도로만 사용할꺼기 때문에 apiKey 만 적어준다
accounts.image-updater: apiKey
#생략
---------------------------------------------------------------
argocd account list계정 권한 설정
kubectl edit configmap argocd-rbac-cm -n argocd
---------------------------------------------------------------
apiVersion: v1
kind: ConfigMap
data:
policy.csv: |
p, role:image-updater, applications, get, */*, allow
p, role:image-updater, applications, update, */*, allow
g, image-updater, role:image-updater
policy.default: role.readonly
# 생략Argo CD Endpoint 설정
kubectl edit configmap argocd-image-updater-config -n argocd
---------------------------------------------------------------
apiVersion: v1
data:
applications_api: argocd
argocd.grpc_web: "true"
argocd.insecure: "false"
argocd.plaintext: "false"
argocd.server_addr: <argocd 접속 주소>
kind: ConfigMap
---------------------------------------------------------------
kubectl create secret docker-registry aws-ecr-creds \
--docker-server=<AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com/<ECR REPO 이름> \
--docker-username=AWS \
--docker-password=$(aws ecr get-login-password) \
-n argocdArgo CD Access Token Secret 생성
argocd account generate-token --account image-updater --id image-updater
# 토큰 복사
kubectl create secret generic argocd-image-updater-secret \
--from-literal argocd.token=$YOUR_TOKEN --dry-run -o yaml |
kubectl -n argocd apply -f -
kubectl get secrets -n argocdAWS ECR 연동 추가
kubectl edit configmap argocd-image-updater-config -n argocd
---------------------------------------------------------------
apiVersion: v1
kind: ConfigMap
data:
applications_api: argocd
argocd.grpc_web: "true"
argocd.insecure: "false"
argocd.plaintext: "false"
argocd.server_addr: <argocd 주소>
registries.conf: | <-- 추가
registries:
- name: AWS ECR HUB
api_url: https://<AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com
prefix: <AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com
ping: yes
credentials: ext:/app/aws/ecr.sh
tagsortmode: latest-lastAWS ECR 인증 파일 ecr.sh 생성 후 적용
kubectl -n argocd exec --stdin --tty pod/<POD NAME> -- /bin/sh
$ cd /app
$ mkdir aws
$ cd aws
$ vi ecr.sh
---------------------------------------------------------------
#!/bin/sh
aws ecr --region ap-northeast-2 get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d컨테이너 내부에 aws configure
$ aws configure
AWS Access Key ID: <AWS_ACCESS_KEY_ID>
AWS Secret Access Key: <AWS_SECRET_KEY_ID>
Default region name: <AWS_REGION>
Default output format:Image Updater Pod 접속
kubectl -n argocd exec --stdin --tty pod/<POD NAME> -- /bin/sh연결확인 (Pod 안에서)
argocd-image-updater test \
<AWS_Account_ID>.dkr.ecr.ap-northeast-2.amazonaws.com/django \
--registries-conf-path /app/config/registries.confImage Updater Pod Logs
kubectl logs pod/<POD NAME> -n argocd