diff --git a/Makefile b/Makefile index c69be271..cef63e1d 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) rbac:roleName=argocd-image-updater-manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -160,7 +160,7 @@ docker-buildx: ## Build and push docker image for the manager for cross-platform .PHONY: build-installer build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. mkdir -p dist - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/manager && $(KUSTOMIZE) edit set image argocd-image-updater-controller=${IMG} $(KUSTOMIZE) build config/default > dist/install.yaml .PHONY: release-binaries @@ -196,7 +196,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified .PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/manager && $(KUSTOMIZE) edit set image argocd-image-updater-controller=${IMG} $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - .PHONY: undeploy diff --git a/api/v1alpha1/imageupdater_types.go b/api/v1alpha1/imageupdater_types.go index da5cfe29..f6c0005b 100644 --- a/api/v1alpha1/imageupdater_types.go +++ b/api/v1alpha1/imageupdater_types.go @@ -274,6 +274,7 @@ type ImageApplicationLastUpdated struct { // +kubebuilder:object:root=true // +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster // ImageUpdater is the Schema for the imageupdaters API type ImageUpdater struct { diff --git a/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml b/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml index 19e22001..291c2ff0 100644 --- a/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml +++ b/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml @@ -12,7 +12,7 @@ spec: listKind: ImageUpdaterList plural: imageupdaters singular: imageupdater - scope: Namespaced + scope: Cluster versions: - name: v1alpha1 schema: diff --git a/config/default/argocd-image-updater-cm.yaml b/config/default/argocd-image-updater-cm.yaml new file mode 100644 index 00000000..80ec1a09 --- /dev/null +++ b/config/default/argocd-image-updater-cm.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-image-updater-config + labels: + app.kubernetes.io/name: argocd-image-updater-config + app.kubernetes.io/part-of: argocd-image-updater-controller diff --git a/config/default/argocd-image-updater-secret.yaml b/config/default/argocd-image-updater-secret.yaml new file mode 100644 index 00000000..33df8a83 --- /dev/null +++ b/config/default/argocd-image-updater-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: argocd-image-updater-secret + labels: + app.kubernetes.io/name: argocd-image-updater-secret + app.kubernetes.io/part-of: argocd-image-updater-controller diff --git a/config/default/argocd-image-updater-ssh-config.yaml b/config/default/argocd-image-updater-ssh-config.yaml new file mode 100644 index 00000000..e6d07ace --- /dev/null +++ b/config/default/argocd-image-updater-ssh-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-image-updater-ssh-config + labels: + app.kubernetes.io/name: argocd-image-updater-ssh-config + app.kubernetes.io/part-of: argocd-image-updater-controller diff --git a/config/default/image-updater-cm.yaml b/config/default/image-updater-cm.yaml deleted file mode 100644 index eda6ec25..00000000 --- a/config/default/image-updater-cm.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config - labels: - app.kubernetes.io/name: image-updater-config - app.kubernetes.io/part-of: image-updater-controller-manager diff --git a/config/default/image-updater-secret.yaml b/config/default/image-updater-secret.yaml deleted file mode 100644 index d7f32f86..00000000 --- a/config/default/image-updater-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: secret - labels: - app.kubernetes.io/name: image-updater-secret - app.kubernetes.io/part-of: image-updater-controller-manager diff --git a/config/default/image-updater-ssh-config.yaml b/config/default/image-updater-ssh-config.yaml deleted file mode 100644 index 901223d1..00000000 --- a/config/default/image-updater-ssh-config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: ssh-config - labels: - app.kubernetes.io/name: image-updater-ssh-config - app.kubernetes.io/part-of: image-updater-controller-manager diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 8b7c18bf..d8852a41 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,12 +1,5 @@ # Adds namespace to all resources. -namespace: image-updater-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: image-updater- +namespace: argocd-image-updater-system # Labels to add to all resources and selectors. #labels: @@ -15,9 +8,9 @@ namePrefix: image-updater- # someName: someValue resources: -- image-updater-cm.yaml -- image-updater-secret.yaml -- image-updater-ssh-config.yaml +- argocd-image-updater-cm.yaml +- argocd-image-updater-secret.yaml +- argocd-image-updater-ssh-config.yaml - ../crd - ../rbac - ../manager @@ -29,7 +22,7 @@ resources: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus # [METRICS] Expose the controller manager metrics service. -- metrics_service.yaml +#- metrics_service.yaml # [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. # Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. # Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml index 28ca3cc4..80f715d4 100644 --- a/config/default/metrics_service.yaml +++ b/config/default/metrics_service.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: - control-plane: controller-manager - app.kubernetes.io/name: image-updater + control-plane: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service + name: argocd-image-updater-controller-metrics-service namespace: system spec: ports: @@ -14,4 +14,4 @@ spec: protocol: TCP targetPort: 8443 selector: - control-plane: controller-manager + control-plane: argocd-image-updater-controller diff --git a/config/install.yaml b/config/install.yaml new file mode 100644 index 00000000..63176312 --- /dev/null +++ b/config/install.yaml @@ -0,0 +1,946 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater-system + control-plane: argocd-image-updater-controller + name: argocd-image-updater-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: imageupdaters.argocd-image-updater.argoproj.io +spec: + group: argocd-image-updater.argoproj.io + names: + kind: ImageUpdater + listKind: ImageUpdaterList + plural: imageupdaters + singular: imageupdater + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageUpdater is the Schema for the imageupdaters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ImageUpdaterSpec defines the desired state of ImageUpdater + It specifies which applications to target, default update strategies, + and a list of images to manage. + properties: + applicationRefs: + description: |- + ApplicationRefs indicates the set of applications to be managed. + ApplicationRefs is a list of rules to select Argo CD Applications within the `spec.namespace`. + Each reference can also provide specific overrides for the global settings defined above. + items: + description: ApplicationRef contains various criteria by which to + include applications for managing by image updater + properties: + commonUpdateSettings: + description: |- + CommonUpdateSettings overrides the global CommonUpdateSettings for applications + matched by this selector. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + images: + description: |- + Images contains a list of configurations that how images should be updated. + These rules apply to applications selected by namePattern in ApplicationRefs, and each + image can override global/ApplicationRef settings. + items: + description: |- + ImageConfig defines how a specific container image should be discovered, updated, + and how those updates should be reflected in application manifests. + properties: + alias: + description: |- + Alias is a short, user-defined name for this image configuration. + It MUST be unique within a single ApplicationRef's list of images. + This field is mandatory. + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-._]*$ + type: string + commonUpdateSettings: + description: CommonUpdateSettings overrides the effective + default CommonUpdateSettings for this specific image. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + imageName: + description: |- + ImageName is the full identifier of the image to be tracked, + including the registry (if not Docker Hub), the image name, and an initial/current tag or version. + This is the string used to query the container registry and also as a base for finding updates. + Example: "docker.io/library/nginx:1.17.10", "quay.io/prometheus/node-exporter:v1.5.0". + This field is mandatory. + type: string + manifestTargets: + description: |- + ManifestTarget defines how and where to update this image in Kubernetes manifests. + Only one of Helm or Kustomize should be specified within this block. + This whole block is optional if the image update isn't written to a manifest in a structured way. + properties: + helm: + description: |- + Helm specifies update parameters if the target manifest is managed by Helm + and updates are to be made to Helm values files. + properties: + name: + description: |- + Name is the dot-separated path to the Helm key for the image repository/name part. + Example: "image.repository", "frontend.deployment.image.name". + This field is required if the Helm target is used. + type: string + spec: + description: |- + Spec is an optional dot-separated path to a Helm key where the full image string + (e.g., "image/name:1.0") should be written. + Use this if your Helm chart expects the entire image reference in a single field, + rather than separate name/tag fields. If this is set, other Helm parameter-related + options will be ignored. + type: string + tag: + description: |- + Tag is the dot-separated path to the Helm key for the image tag part. + Example: "image.tag", "frontend.deployment.image.version". + This field is required if the Helm target is used. + type: string + required: + - name + - tag + type: object + kustomize: + description: |- + Kustomize specifies update parameters if the target manifest is managed by Kustomize + and updates involve changing image tags in Kustomize configurations. + properties: + name: + description: |- + Name is the image name (which can include the registry and an initial tag) + as it appears in the `images` list of a kustomization.yaml file that needs to be updated. + The updater will typically change the tag or add a digest to this entry. + Example: "docker.io/library/nginx". + This field is required if the Kustomize target is used. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: Exactly one of helm or kustomize must be specified + within manifestTargets if the block is present. + rule: 'has(self.helm) ? !has(self.kustomize) : has(self.kustomize)' + required: + - alias + - imageName + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - alias + x-kubernetes-list-type: map + labelSelectors: + description: LabelSelectors indicates the label selectors to + apply for application selection + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namePattern: + description: NamePattern indicates the glob pattern for application + name + type: string + writeBackConfig: + description: |- + WriteBackConfig overrides the global WriteBackConfig settings for applications + matched by this selector. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - images + - namePattern + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - namePattern + x-kubernetes-list-type: map + commonUpdateSettings: + description: |- + CommonUpdateSettings provides global default settings for update strategies, + tag filtering, pull secrets, etc., for all applications matched by this CR. + These can be overridden at the ApplicationRef or ImageConfig level. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + namespace: + description: |- + Namespace indicates the target namespace of the applications. + This is the namespace where the controller will look for Argo CD Applications + matching the criteria in ApplicationRefs. + type: string + writeBackConfig: + description: |- + WriteBackConfig provides global default settings for how and where to write back image updates. + This can be overridden at the ApplicationRef level. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - applicationRefs + - namespace + type: object + status: + description: ImageUpdaterStatus defines the observed state of ImageUpdater + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + imageStatus: + description: ImageStatus indicates the detailed status for the list + of managed images + items: + description: ImageStatus contains information for an image:version + and its update status in hosting applications + properties: + applications: + description: Applications contains a list of applications and + when the image was last updated therein + items: + description: ImageApplicationLastUpdated contains information + for an application and when the image was last updated therein + properties: + appName: + description: AppName indicates and namespace and the application + name + type: string + lastUpdatedAt: + description: LastUpdatedAt indicates when the image in + this application was last updated + format: date-time + type: string + required: + - appName + type: object + type: array + name: + description: Name indicates the image name + type: string + version: + description: Version indicates the image version + type: string + required: + - name + - version + type: object + type: array + reconciledAt: + description: LastUpdatedAt indicates when the image updater last ran + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater + name: argocd-image-updater-controller + namespace: argocd-image-updater-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater + app.kubernetes.io/part-of: argocd-image-updater + name: argocd-image-updater + namespace: argocd-image-updater-system +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater + name: argocd-image-updater-leader-election-role + namespace: argocd-image-updater-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argocd-image-updater-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - argocd-image-updater.argoproj.io + resources: + - imageupdaters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argocd-image-updater.argoproj.io + resources: + - imageupdaters/finalizers + verbs: + - update +- apiGroups: + - argocd-image-updater.argoproj.io + resources: + - imageupdaters/status + verbs: + - get + - patch + - update +- apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater + app.kubernetes.io/part-of: argocd-image-updater + name: argocd-image-updater + namespace: argocd-image-updater-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-image-updater +subjects: +- kind: ServiceAccount + name: argocd-image-updater-controller + namespace: argocd-image-updater-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater + name: argocd-image-updater-leader-election-rolebinding + namespace: argocd-image-updater-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-image-updater-leader-election-role +subjects: +- kind: ServiceAccount + name: argocd-image-updater-controller + namespace: argocd-image-updater-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater + name: argocd-image-updater-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-image-updater-manager-role +subjects: +- kind: ServiceAccount + name: argocd-image-updater-controller + namespace: argocd-image-updater-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-image-updater-config + app.kubernetes.io/part-of: argocd-image-updater-controller + name: argocd-image-updater-config + namespace: argocd-image-updater-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-image-updater-ssh-config + app.kubernetes.io/part-of: argocd-image-updater-controller + name: argocd-image-updater-ssh-config + namespace: argocd-image-updater-system +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-image-updater-secret + app.kubernetes.io/part-of: argocd-image-updater-controller + name: argocd-image-updater-secret + namespace: argocd-image-updater-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: argocd-image-updater-controller + control-plane: argocd-image-updater-controller + name: argocd-image-updater-controller + namespace: argocd-image-updater-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: argocd-image-updater-controller + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: argocd-image-updater-controller + spec: + containers: + - args: + - run + command: + - /manager + env: + - name: IMAGE_UPDATER_INTERVAL + valueFrom: + configMapKeyRef: + key: interval + name: argocd-image-updater-config + optional: true + - name: IMAGE_UPDATER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: log.level + name: argocd-image-updater-config + optional: true + - name: IMAGE_UPDATER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: log.format + name: argocd-image-updater-config + optional: true + - name: MAX_CONCURRENT_APPS + valueFrom: + configMapKeyRef: + key: max_concurrent_apps + name: argocd-image-updater-config + optional: true + - name: MAX_CONCURRENT_RECONCILES + valueFrom: + configMapKeyRef: + key: max_concurrent_reconciles + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_USER + valueFrom: + configMapKeyRef: + key: git.user + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_EMAIL + valueFrom: + configMapKeyRef: + key: git.email + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGNING_METHOD + valueFrom: + configMapKeyRef: + key: git.commit-signing-method + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: argocd-image-updater-config + optional: true + - name: IMAGE_UPDATER_KUBE_EVENTS + valueFrom: + configMapKeyRef: + key: kube.events + name: argocd-image-updater-config + optional: true + - name: ENABLE_WEBHOOK + valueFrom: + configMapKeyRef: + key: webhook.enable + name: argocd-image-updater-config + optional: true + - name: WEBHOOK_PORT + valueFrom: + configMapKeyRef: + key: webhook.port + name: argocd-image-updater-config + optional: true + - name: QUAY_WEBHOOK_SECRET + valueFrom: + configMapKeyRef: + key: webhook.quay-secret + name: argocd-image-updater-secret + optional: true + - name: DOCKER_WEBHOOK_SECRET + valueFrom: + secretKeyRef: + key: webhook.docker-secret + name: argocd-image-updater-secret + optional: true + - name: GHCR_WEBHOOK_SECRET + valueFrom: + secretKeyRef: + key: webhook.ghcr-secret + name: argocd-image-updater-secret + optional: true + - name: HARBOR_WEBHOOK_SECRET + valueFrom: + secretKeyRef: + key: webhook.harbor-secret + name: argocd-image-updater-secret + optional: true + - name: WEBHOOK_RATELIMIT_ALLOWED + valueFrom: + configMapKeyRef: + key: webhook.ratelimit-allowed + name: argocd-image-updater-config + optional: true + image: quay.io/argoprojlabs/argocd-image-updater:v99.9.9 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: argocd-image-updater-controller + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config + name: image-updater-conf + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/.ssh + name: ssh-config + - mountPath: /tmp + name: tmp + - mountPath: /app/ssh-keys/id_rsa + name: ssh-signing-key + readOnly: true + subPath: sshPrivateKey + securityContext: + runAsNonRoot: true + serviceAccountName: argocd-image-updater-controller + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + items: + - key: registries.conf + path: registries.conf + - key: git.commit-message-template + path: commit.template + name: argocd-image-updater-config + optional: true + name: image-updater-conf + - configMap: + name: argocd-ssh-known-hosts-cm + optional: true + name: ssh-known-hosts + - configMap: + name: argocd-image-updater-ssh-config + optional: true + name: ssh-config + - name: ssh-signing-key + secret: + optional: true + secretName: ssh-git-creds + - emptyDir: {} + name: tmp diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 699dfea0..4d90c7e0 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -3,6 +3,6 @@ resources: apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: -- name: controller +- name: argocd-image-updater-controller newName: quay.io/argoprojlabs/argocd-image-updater newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 47c4e8a6..3b6319b5 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -2,31 +2,31 @@ apiVersion: v1 kind: Namespace metadata: labels: - control-plane: controller-manager - app.kubernetes.io/name: image-updater-system + control-plane: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater-system app.kubernetes.io/managed-by: kustomize name: system --- apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: argocd-image-updater-controller namespace: system labels: - control-plane: controller-manager - app.kubernetes.io/name: image-updater-controller-manager + control-plane: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater-controller app.kubernetes.io/managed-by: kustomize spec: selector: matchLabels: - control-plane: controller-manager + control-plane: argocd-image-updater-controller replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + control-plane: argocd-image-updater-controller spec: # TODO(user): Uncomment the following code to configure the nodeAffinity expression # according to the platforms which are supported by your solution. @@ -62,115 +62,115 @@ spec: - /manager args: - run - image: controller:latest - name: manager + image: argocd-image-updater-controller:latest + name: argocd-image-updater-controller env: - name: IMAGE_UPDATER_INTERVAL valueFrom: configMapKeyRef: key: interval - name: image-updater-config + name: argocd-image-updater-config optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: log.level optional: true - name: IMAGE_UPDATER_LOGFORMAT valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: log.format optional: true - name: MAX_CONCURRENT_APPS valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: max_concurrent_apps optional: true - name: MAX_CONCURRENT_RECONCILES valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: max_concurrent_reconciles optional: true - name: GIT_COMMIT_USER valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: git.user optional: true - name: GIT_COMMIT_EMAIL valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: git.email optional: true - name: GIT_COMMIT_SIGNING_KEY valueFrom: configMapKeyRef: key: git.commit-signing-key - name: image-updater-config + name: argocd-image-updater-config optional: true - name: GIT_COMMIT_SIGNING_METHOD valueFrom: configMapKeyRef: key: git.commit-signing-method - name: image-updater-config + name: argocd-image-updater-config optional: true - name: GIT_COMMIT_SIGN_OFF valueFrom: configMapKeyRef: key: git.commit-sign-off - name: image-updater-config + name: argocd-image-updater-config optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: kube.events optional: true - name: ENABLE_WEBHOOK valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: webhook.enable optional: true - name: WEBHOOK_PORT valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: webhook.port optional: true - name: QUAY_WEBHOOK_SECRET valueFrom: configMapKeyRef: - name: image-updater-secret + name: argocd-image-updater-secret key: webhook.quay-secret optional: true - name: DOCKER_WEBHOOK_SECRET valueFrom: secretKeyRef: - name: image-updater-secret + name: argocd-image-updater-secret key: webhook.docker-secret optional: true - name: GHCR_WEBHOOK_SECRET valueFrom: secretKeyRef: - name: image-updater-secret + name: argocd-image-updater-secret key: webhook.ghcr-secret optional: true - name: HARBOR_WEBHOOK_SECRET valueFrom: secretKeyRef: - name: image-updater-secret + name: argocd-image-updater-secret key: webhook.harbor-secret optional: true - name: WEBHOOK_RATELIMIT_ALLOWED valueFrom: configMapKeyRef: - name: image-updater-config + name: argocd-image-updater-config key: webhook.ratelimit-allowed optional: true securityContext: @@ -216,7 +216,7 @@ spec: mountPath: /app/ssh-keys/id_rsa readOnly: true subPath: sshPrivateKey - serviceAccountName: controller-manager + serviceAccountName: argocd-image-updater-controller terminationGracePeriodSeconds: 10 volumes: - configMap: @@ -225,7 +225,7 @@ spec: path: registries.conf - key: git.commit-message-template path: commit.template - name: image-updater-config + name: argocd-image-updater-config optional: true name: image-updater-conf - configMap: @@ -233,7 +233,7 @@ spec: optional: true name: ssh-known-hosts - configMap: - name: image-updater-ssh-config + name: argocd-image-updater-ssh-config optional: true name: ssh-config - name: ssh-signing-key diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 3c53cb32..35f3c0b2 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,7 +1,6 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/image-updater.clusterserviceversion.yaml - ../default - ../samples - ../scorecard diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml index 136df32d..b7271877 100644 --- a/config/network-policy/allow-metrics-traffic.yaml +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -5,14 +5,14 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize name: allow-metrics-traffic namespace: system spec: podSelector: matchLabels: - control-plane: controller-manager + control-plane: argocd-image-updater-controller policyTypes: - Ingress ingress: diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 87ffa8b8..449f8345 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -3,10 +3,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - control-plane: controller-manager - app.kubernetes.io/name: image-updater + control-plane: argocd-image-updater-controller + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor + name: argocd-image-updater-controller-metrics-monitor namespace: system spec: endpoints: @@ -27,4 +27,4 @@ spec: insecureSkipVerify: true selector: matchLabels: - control-plane: controller-manager + control-plane: argocd-image-updater-controller diff --git a/config/rbac/argocd-image-updater-role.yaml b/config/rbac/argocd-image-updater-role.yaml index c1711f1d..5b8977ef 100644 --- a/config/rbac/argocd-image-updater-role.yaml +++ b/config/rbac/argocd-image-updater-role.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/part-of: argocd-image-updater - app.kubernetes.io/component: controller + app.kubernetes.io/component: argocd-image-updater-controller name: argocd-image-updater rules: - apiGroups: diff --git a/config/rbac/argocd-image-updater-rolebinding.yaml b/config/rbac/argocd-image-updater-rolebinding.yaml index 4c8ea3dd..2500c403 100644 --- a/config/rbac/argocd-image-updater-rolebinding.yaml +++ b/config/rbac/argocd-image-updater-rolebinding.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/part-of: argocd-image-updater - app.kubernetes.io/component: controller + app.kubernetes.io/component: argocd-image-updater-controller name: argocd-image-updater roleRef: apiGroup: rbac.authorization.k8s.io @@ -12,4 +12,4 @@ roleRef: name: argocd-image-updater subjects: - kind: ServiceAccount - name: image-updater-controller-manager + name: argocd-image-updater-controller diff --git a/config/rbac/imageupdater_editor_role.yaml b/config/rbac/imageupdater_editor_role.yaml deleted file mode 100644 index 40ba897b..00000000 --- a/config/rbac/imageupdater_editor_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to edit imageupdaters. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: image-updater - app.kubernetes.io/managed-by: kustomize - name: imageupdater-editor-role -rules: -- apiGroups: - - argocd-image-updater.argoproj.io - resources: - - imageupdaters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - argocd-image-updater.argoproj.io - resources: - - imageupdaters/status - verbs: - - get diff --git a/config/rbac/imageupdater_viewer_role.yaml b/config/rbac/imageupdater_viewer_role.yaml deleted file mode 100644 index dba274fe..00000000 --- a/config/rbac/imageupdater_viewer_role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# permissions for end users to view imageupdaters. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: image-updater - app.kubernetes.io/managed-by: kustomize - name: imageupdater-viewer-role -rules: -- apiGroups: - - argocd-image-updater.argoproj.io - resources: - - imageupdaters - verbs: - - get - - list - - watch -- apiGroups: - - argocd-image-updater.argoproj.io - resources: - - imageupdaters/status - verbs: - - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 7f5ac53f..858f9c7c 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -15,15 +15,15 @@ resources: # can access the metrics endpoint. Comment the following # permissions if you want to disable this protection. # More info: https://book.kubebuilder.io/reference/metrics.html -- metrics_auth_role.yaml -- metrics_auth_role_binding.yaml -- metrics_reader_role.yaml +#- metrics_auth_role.yaml +#- metrics_auth_role_binding.yaml +#- metrics_reader_role.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines # if you do not want those helpers be installed with your Project. -- imageupdater_editor_role.yaml -- imageupdater_viewer_role.yaml +#- imageupdater_editor_role.yaml +#- imageupdater_viewer_role.yaml # argocd-image-updater Role and RoleBinding - argocd-image-updater-role.yaml - argocd-image-updater-rolebinding.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 1b1bfc8d..db6d83b3 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -3,9 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: leader-election-role + name: argocd-image-updater-leader-election-role rules: - apiGroups: - "" diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 0602ca7d..9a623720 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding + name: argocd-image-updater-leader-election-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: argocd-image-updater-leader-election-role subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: argocd-image-updater-controller + namespace: argocd-image-updater-system diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml index 32d2e4ec..15835ad1 100644 --- a/config/rbac/metrics_auth_role.yaml +++ b/config/rbac/metrics_auth_role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: metrics-auth-role + name: argocd-image-updater-metrics-auth-role rules: - apiGroups: - authentication.k8s.io diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml index e775d67f..587cd855 100644 --- a/config/rbac/metrics_auth_role_binding.yaml +++ b/config/rbac/metrics_auth_role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: metrics-auth-rolebinding + name: argocd-image-updater-metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metrics-auth-role + name: argocd-image-updater-metrics-auth-role subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: argocd-image-updater-controller + namespace: argocd-image-updater-system diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml index 51a75db4..4a1d6d11 100644 --- a/config/rbac/metrics_reader_role.yaml +++ b/config/rbac/metrics_reader_role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: metrics-reader + name: argocd-image-updater-metrics-reader rules: - nonResourceURLs: - "/metrics" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index bca8c8c4..41eeefb0 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: manager-role + name: argocd-image-updater-manager-role rules: - apiGroups: - "" @@ -45,3 +45,4 @@ rules: - list - patch - update + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index f4cd7880..dfe90eb5 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding + name: argocd-image-updater-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: manager-role + name: argocd-image-updater-manager-role subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: argocd-image-updater-controller + namespace: argocd-image-updater-system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 718feed6..34e9350d 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system + name: argocd-image-updater-controller + namespace: argocd-image-updater-system diff --git a/config/samples/argocd-image-updater_v1alpha1_imageupdater-short.yaml b/config/samples/argocd-image-updater_v1alpha1_imageupdater-short.yaml index 03f5fb7f..bfea2517 100644 --- a/config/samples/argocd-image-updater_v1alpha1_imageupdater-short.yaml +++ b/config/samples/argocd-image-updater_v1alpha1_imageupdater-short.yaml @@ -2,9 +2,9 @@ apiVersion: argocd-image-updater.argoproj.io/v1alpha1 kind: ImageUpdater metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: imageupdater-sample-short + name: argocd-image-updater-sample-short spec: namespace: argocd applicationRefs: diff --git a/config/samples/argocd-image-updater_v1alpha1_imageupdater.yaml b/config/samples/argocd-image-updater_v1alpha1_imageupdater.yaml index c38b4cc3..a70f2116 100644 --- a/config/samples/argocd-image-updater_v1alpha1_imageupdater.yaml +++ b/config/samples/argocd-image-updater_v1alpha1_imageupdater.yaml @@ -2,9 +2,9 @@ apiVersion: argocd-image-updater.argoproj.io/v1alpha1 kind: ImageUpdater metadata: labels: - app.kubernetes.io/name: image-updater + app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize - name: imageupdater-sample + name: argocd-image-updater-sample spec: namespace: argocd commonUpdateSettings: diff --git a/internal/controller/imageupdater_controller.go b/internal/controller/imageupdater_controller.go index 36403131..8140df26 100644 --- a/internal/controller/imageupdater_controller.go +++ b/internal/controller/imageupdater_controller.go @@ -84,7 +84,7 @@ const ( // +kubebuilder:rbac:groups=argocd-image-updater.argoproj.io,resources=imageupdaters,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=argocd-image-updater.argoproj.io,resources=imageupdaters/status,verbs=get;update;patch // +kubebuilder:rbac:groups=argocd-image-updater.argoproj.io,resources=imageupdaters/finalizers,verbs=update -// +kubebuilder:rbac:groups=argoproj.io,resources=applications,verbs=get;list;update;patch +// +kubebuilder:rbac:groups=argoproj.io,resources=applications,verbs=get;list;update;patch;watch // +kubebuilder:rbac:groups="",resources=events,verbs=create // Reconcile is the core operational loop of the ImageUpdater controller. diff --git a/test/e2e/README.md b/test/e2e/README.md index 1cd5aa84..b4070222 100644 --- a/test/e2e/README.md +++ b/test/e2e/README.md @@ -29,7 +29,7 @@ The end-to-end tests are comprised of the following components: 2. Install CRDs into the K8s cluster specified in ~/.kube/config. - * `make -f controller.Makefile install` + * `make install` 3. Run `./bin/install.sh`. This will @@ -41,7 +41,7 @@ The end-to-end tests are comprised of the following components: 4. Create required namespaces in the cluster: * `kubectl create ns argocd-image-updater-e2e` - * `kubectl create ns image-updater-system` + * `kubectl create ns argocd-image-updater-system` ## Pre-requisites