Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2958

Muhammad-Irfan324 · 2024-10-02T16:40:53Z

Muhammad-Irfan324
Oct 2, 2024

Describe the bug

argo-helm/charts/argocd-image-updater/values.yaml

Line 149 in ebb2d15

registries: []

registries:
- name: name of the registry
prefix: name of the registry
api_url: https://registryURL:443
credentials: pullsecret:namespace/secret
insecure: true

Docker registry is nexus with self signed SSL/TLS

For Docker login to local system

crt needs to be store after that docker login can be done

But argocd-image-updater says it can't find the tls verification even though passed the insecure flag

https://github.com/argoproj/argo-helm/blob/main/charts/argocd-image-updater/values.yaml

Even tried to add TLS certificate with volume and volumemount the secret and with init container or directly as well but pod goes into crashloopback error.

Version
argocd-image-updater = v0.14.0

Please tell us about the version you encountered the issue with

Logs

argocd-image-updater test --registries-conf-path=/app/config/registries.conf registryURL/busybox:tag
DEBU[0000] Creating in-cluster Kubernetes client
INFO[0000] retrieving information about image            image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
DEBU[0000] rate limiting is disabled                     prefix=registryURL registry="[https://registryURL](https://registryURL/)"
INFO[0000] Loaded 1 registry configurations from /app/config/registries.conf
DEBU[0000] setting rate limit to 20 requests per second  prefix="registryURL" registry="[https://registryURL](https://registryURL/)"
DEBU[0000] Inferred registry from prefix registryURL to use API [https://registryURL](https://registryURL/)
INFO[0000] Fetching available tags and metadata from registry  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
FATA[0000] could not get tags: Get "[https://registryURL/v2/](https://registryURL/v2/)": tls: failed to verify certificate: x509: certificate signed by unknown authority  application=test image_alias= image_digest= image_name="registryURL/busybox" image_tag=tag registry_url="registryURL"
/ $ cat /app/config/registries.conf
registries:
  - api_url: [https://registryURL](https://registryURL/)
    credentials: pullsecret:namespace/secret
    insecure: true
    name: registryURL
    prefix: registryURL

No Option for adding CA for registry? niether the flag is working to bypass the TLS

Documentation Link - https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#configuration-format

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2958

{{title}}

Replies: 0 comments

Select a reply

Bypass registry SSL or pass SelfSigned Certificate in argocd-image-updater #2958

Muhammad-Irfan324 Oct 2, 2024

Replies: 0 comments

Muhammad-Irfan324
Oct 2, 2024