From 273e814b46157721239c502d4be06693d1a18505 Mon Sep 17 00:00:00 2001 From: dkarpele Date: Tue, 18 Nov 2025 15:20:19 +0100 Subject: [PATCH 1/2] fix(config): install Image Updater into argocd namespace by default Signed-off-by: dkarpele --- Makefile | 5 +- cmd/run.go | 12 ++- cmd/run_test.go | 2 +- cmd/webhook.go | 2 +- cmd/webhook_test.go | 2 +- config/default/kustomization.yaml | 3 - config/default/metrics_service.yaml | 1 - config/install.yaml | 35 +++----- config/manager/manager.yaml | 17 ++-- .../network-policy/allow-metrics-traffic.yaml | 1 - config/prometheus/monitor.yaml | 2 +- config/rbac/leader_election_role_binding.yaml | 1 - config/rbac/metrics_auth_role_binding.yaml | 2 +- config/rbac/metrics_reader_role_binding.yaml | 2 +- config/rbac/role_binding.yaml | 2 +- config/rbac/service_account.yaml | 1 - docs/install/cmd/run.md | 7 +- docs/install/installation.md | 81 +++++++++++++++++-- 18 files changed, 114 insertions(+), 64 deletions(-) diff --git a/Makefile b/Makefile index 6d84c6fd..ecaecf4a 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,4 @@ +IMAGE_UPDATER_CONTROLLER_NAMESPACE?=argocd IMAGE_NAMESPACE?=quay.io/argoprojlabs IMAGE_NAME=argocd-image-updater ifdef IMAGE_NAMESPACE @@ -196,11 +197,11 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified .PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image argocd-image-updater-controller=${IMG} - $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -n ${IMAGE_UPDATER_CONTROLLER_NAMESPACE} -f - .PHONY: undeploy undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + $(KUSTOMIZE) build config/default | $(KUBECTL) delete -n ${IMAGE_UPDATER_CONTROLLER_NAMESPACE} --ignore-not-found=$(ignore-not-found) -f - ##@ Dependencies diff --git a/cmd/run.go b/cmd/run.go index a1a13558..78fd685d 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -99,12 +99,16 @@ This enables a CRD-driven approach to automated image updates with Argo CD. WithValues(logrusFieldsToLogrValues(common.ControllerLogFields)...) setupLogger.Info("Controller runtime logger initialized.", "setAppLogLevel", cfg.LogLevel) - setupLogger.Info("starting", - "app", version.BinaryName()+": "+version.Version(), + logFields := []interface{}{ + "app", version.BinaryName() + ": " + version.Version(), "loglevel", strings.ToUpper(cfg.LogLevel), "interval", argocd.GetPrintableInterval(cfg.CheckInterval), "healthPort", probeAddr, - ) + } + if cfg.ArgocdNamespace != "" { + logFields = append(logFields, "argocdNamespace", cfg.ArgocdNamespace) + } + setupLogger.Info("starting", logFields...) // Create context with signal handling ctx := ctrl.SetupSignalHandler() @@ -285,7 +289,7 @@ This enables a CRD-driven approach to automated image updates with Argo CD. controllerCmd.Flags().StringVar(&cfg.RegistriesConf, "registries-conf-path", common.DefaultRegistriesConfPath, "path to registries configuration file") controllerCmd.Flags().IntVar(&cfg.MaxConcurrentApps, "max-concurrent-apps", env.ParseNumFromEnv("MAX_CONCURRENT_APPS", 10, 1, 100), "maximum number of ArgoCD applications that can be updated concurrently (must be >= 1)") controllerCmd.Flags().IntVar(&MaxConcurrentReconciles, "max-concurrent-reconciles", env.ParseNumFromEnv("MAX_CONCURRENT_RECONCILES", 1, 1, 10), "maximum number of concurrent Reconciles which can be run (must be >= 1)") - controllerCmd.Flags().StringVar(&cfg.ArgocdNamespace, "argocd-namespace", "", "namespace where ArgoCD runs in (current namespace by default)") + controllerCmd.Flags().StringVar(&cfg.ArgocdNamespace, "argocd-namespace", env.GetStringVal("ARGOCD_NAMESPACE", ""), "namespace where ArgoCD runs in (controller namespace by default)") controllerCmd.Flags().BoolVar(&warmUpCache, "warmup-cache", true, "whether to perform a cache warm-up on startup") controllerCmd.Flags().BoolVar(&cfg.DisableKubeEvents, "disable-kube-events", env.GetBoolVal("IMAGE_UPDATER_KUBE_EVENTS", false), "Disable kubernetes events") diff --git a/cmd/run_test.go b/cmd/run_test.go index f358eaa5..fff59ed4 100644 --- a/cmd/run_test.go +++ b/cmd/run_test.go @@ -49,7 +49,7 @@ func TestNewRunCommand(t *testing.T) { asser.Equal(common.DefaultRegistriesConfPath, controllerCommand.Flag("registries-conf-path").Value.String()) asser.Equal(strconv.Itoa(env.ParseNumFromEnv("MAX_CONCURRENT_APPS", 10, 1, 100)), controllerCommand.Flag("max-concurrent-apps").Value.String()) asser.Equal(strconv.Itoa(env.ParseNumFromEnv("MAX_CONCURRENT_RECONCILES", 1, 1, 10)), controllerCommand.Flag("max-concurrent-reconciles").Value.String()) - asser.Equal("", controllerCommand.Flag("argocd-namespace").Value.String()) + asser.Equal(env.GetStringVal("ARGOCD_NAMESPACE", ""), controllerCommand.Flag("argocd-namespace").Value.String()) asser.Equal("true", controllerCommand.Flag("warmup-cache").Value.String()) asser.Equal(env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), controllerCommand.Flag("git-commit-user").Value.String()) asser.Equal(env.GetStringVal("GIT_COMMIT_EMAIL", "noreply@argoproj.io"), controllerCommand.Flag("git-commit-email").Value.String()) diff --git a/cmd/webhook.go b/cmd/webhook.go index 9fceb206..02b04d69 100644 --- a/cmd/webhook.go +++ b/cmd/webhook.go @@ -74,7 +74,7 @@ Supported registries: webhookCmd.Flags().StringVar(&cfg.RegistriesConf, "registries-conf-path", common.DefaultRegistriesConfPath, "path to registries configuration file") webhookCmd.Flags().IntVar(&cfg.MaxConcurrentApps, "max-concurrent-apps", env.ParseNumFromEnv("MAX_CONCURRENT_APPS", 10, 1, 100), "maximum number of ArgoCD applications that can be updated concurrently (must be >= 1)") webhookCmd.Flags().IntVar(&MaxConcurrentUpdaters, "max-concurrent-updaters", env.ParseNumFromEnv("MAX_CONCURRENT_UPDATERS", 1, 1, 10), "maximum number of concurrent ImageUpdater CRs that can be processed (must be >= 1)") - webhookCmd.Flags().StringVar(&cfg.ArgocdNamespace, "argocd-namespace", "", "namespace where ArgoCD runs in (current namespace by default)") + webhookCmd.Flags().StringVar(&cfg.ArgocdNamespace, "argocd-namespace", env.GetStringVal("ARGOCD_NAMESPACE", ""), "namespace where ArgoCD runs in (controller namespace by default)") webhookCmd.Flags().StringVar(&cfg.GitCommitUser, "git-commit-user", env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), "Username to use for Git commits") webhookCmd.Flags().StringVar(&cfg.GitCommitMail, "git-commit-email", env.GetStringVal("GIT_COMMIT_EMAIL", "noreply@argoproj.io"), "E-Mail address to use for Git commits") diff --git a/cmd/webhook_test.go b/cmd/webhook_test.go index 548a3fc2..a8935552 100644 --- a/cmd/webhook_test.go +++ b/cmd/webhook_test.go @@ -29,7 +29,7 @@ func TestNewWebhookCommand(t *testing.T) { asser.Equal(common.DefaultRegistriesConfPath, controllerCommand.Flag("registries-conf-path").Value.String()) asser.Equal(strconv.Itoa(env.ParseNumFromEnv("MAX_CONCURRENT_APPS", 10, 1, 100)), controllerCommand.Flag("max-concurrent-apps").Value.String()) asser.Equal(strconv.Itoa(env.ParseNumFromEnv("MAX_CONCURRENT_UPDATERS", 1, 1, 10)), controllerCommand.Flag("max-concurrent-updaters").Value.String()) - asser.Equal("", controllerCommand.Flag("argocd-namespace").Value.String()) + asser.Equal(env.GetStringVal("ARGOCD_NAMESPACE", ""), controllerCommand.Flag("argocd-namespace").Value.String()) asser.Equal(env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), controllerCommand.Flag("git-commit-user").Value.String()) asser.Equal(env.GetStringVal("GIT_COMMIT_EMAIL", "noreply@argoproj.io"), controllerCommand.Flag("git-commit-email").Value.String()) asser.Equal(env.GetStringVal("GIT_COMMIT_SIGNING_KEY", ""), controllerCommand.Flag("git-commit-signing-key").Value.String()) diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e30c7865..189158ab 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,6 +1,3 @@ -# Adds namespace to all resources. -namespace: argocd-image-updater-system - # Labels to add to all resources and selectors. #labels: #- includeSelectors: true diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml index 40abf4ca..182addc4 100644 --- a/config/default/metrics_service.yaml +++ b/config/default/metrics_service.yaml @@ -6,7 +6,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize name: argocd-image-updater-controller-metrics-service - namespace: argocd-image-updater-system spec: ports: - name: https diff --git a/config/install.yaml b/config/install.yaml index 596c653e..d68d0933 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -1,13 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: argocd-image-updater-system - control-plane: argocd-image-updater-controller - metrics: enabled - name: argocd-image-updater-system ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -550,7 +540,6 @@ metadata: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: argocd-image-updater name: argocd-image-updater-controller - namespace: argocd-image-updater-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -560,7 +549,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/part-of: argocd-image-updater name: argocd-image-updater - namespace: argocd-image-updater-system rules: - apiGroups: - "" @@ -579,7 +567,6 @@ metadata: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: argocd-image-updater name: argocd-image-updater-leader-election-role - namespace: argocd-image-updater-system rules: - apiGroups: - "" @@ -697,7 +684,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/part-of: argocd-image-updater name: argocd-image-updater - namespace: argocd-image-updater-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -705,7 +691,6 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -714,7 +699,6 @@ metadata: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: argocd-image-updater name: argocd-image-updater-leader-election-rolebinding - namespace: argocd-image-updater-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -722,7 +706,6 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -738,7 +721,7 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -751,7 +734,7 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -764,7 +747,7 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd --- apiVersion: v1 kind: ConfigMap @@ -773,7 +756,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-config app.kubernetes.io/part-of: argocd-image-updater-controller name: argocd-image-updater-config - namespace: argocd-image-updater-system --- apiVersion: v1 kind: ConfigMap @@ -782,7 +764,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-ssh-config app.kubernetes.io/part-of: argocd-image-updater-controller name: argocd-image-updater-ssh-config - namespace: argocd-image-updater-system --- apiVersion: v1 kind: Secret @@ -791,7 +772,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-secret app.kubernetes.io/part-of: argocd-image-updater-controller name: argocd-image-updater-secret - namespace: argocd-image-updater-system --- apiVersion: v1 kind: Service @@ -801,7 +781,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater control-plane: argocd-image-updater-controller name: argocd-image-updater-controller-metrics-service - namespace: argocd-image-updater-system spec: ports: - name: https @@ -819,7 +798,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-controller control-plane: argocd-image-updater-controller name: argocd-image-updater-controller - namespace: argocd-image-updater-system spec: replicas: 1 selector: @@ -840,6 +818,12 @@ spec: command: - /manager env: + - name: ARGOCD_NAMESPACE + valueFrom: + configMapKeyRef: + key: argocd.namespace + name: argocd-image-updater-config + optional: true - name: IMAGE_UPDATER_INTERVAL valueFrom: configMapKeyRef: @@ -1028,7 +1012,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-controller control-plane: argocd-image-updater-controller name: allow-metrics-traffic - namespace: argocd-image-updater-system spec: ingress: - from: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index a9f152b0..2370966e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,18 +1,7 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: argocd-image-updater-controller - app.kubernetes.io/name: argocd-image-updater-system - app.kubernetes.io/managed-by: kustomize - metrics: enabled - name: argocd-image-updater-system ---- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-image-updater-controller - namespace: argocd-image-updater-system labels: control-plane: argocd-image-updater-controller app.kubernetes.io/name: argocd-image-updater-controller @@ -67,6 +56,12 @@ spec: image: argocd-image-updater-controller:latest name: argocd-image-updater-controller env: + - name: ARGOCD_NAMESPACE + valueFrom: + configMapKeyRef: + name: argocd-image-updater-config + key: argocd.namespace + optional: true - name: IMAGE_UPDATER_INTERVAL valueFrom: configMapKeyRef: diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml index de874b85..dd0b964e 100644 --- a/config/network-policy/allow-metrics-traffic.yaml +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -9,7 +9,6 @@ metadata: app.kubernetes.io/name: argocd-image-updater-controller app.kubernetes.io/managed-by: kustomize name: allow-metrics-traffic - namespace: argocd-image-updater-system spec: podSelector: matchLabels: diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 449f8345..007a1eb8 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize name: argocd-image-updater-controller-metrics-monitor - namespace: system + namespace: argocd spec: endpoints: - path: /metrics diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 9a623720..4cb230a7 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -12,4 +12,3 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml index 587cd855..8901e38f 100644 --- a/config/rbac/metrics_auth_role_binding.yaml +++ b/config/rbac/metrics_auth_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd diff --git a/config/rbac/metrics_reader_role_binding.yaml b/config/rbac/metrics_reader_role_binding.yaml index ad1b6e4c..ee51e1cf 100644 --- a/config/rbac/metrics_reader_role_binding.yaml +++ b/config/rbac/metrics_reader_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index dfe90eb5..8ea2e54c 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-image-updater-controller - namespace: argocd-image-updater-system + namespace: argocd diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 34e9350d..5a62e760 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -5,4 +5,3 @@ metadata: app.kubernetes.io/name: argocd-image-updater app.kubernetes.io/managed-by: kustomize name: argocd-image-updater-controller - namespace: argocd-image-updater-system diff --git a/docs/install/cmd/run.md b/docs/install/cmd/run.md index e30bfbd7..51842ae0 100644 --- a/docs/install/cmd/run.md +++ b/docs/install/cmd/run.md @@ -10,9 +10,12 @@ Runs the Argo CD Image Updater in a reconciliation loop with a set of options. ### Flags -**-argocd-namespace *namespace*** +**--argocd-namespace *namespace*** -namespace where ArgoCD runs in (current namespace by default) +The namespace where Argo CD is running. Required only if the Image Updater runs in a different namespace than Argo CD. +Defaults to the namespace the controller is running in. + +Can also be set with the `ARGOCD_NAMESPACE` environment variable. **--disable-kube-events** diff --git a/docs/install/installation.md b/docs/install/installation.md index ccfe1887..f4bf44c9 100644 --- a/docs/install/installation.md +++ b/docs/install/installation.md @@ -6,17 +6,88 @@ The Argo CD Image Updater controller **must** be run in the same Kubernetes clus While the `argocd-image-updater` binary can be run locally from your workstation for one-time updates (see `Running locally` section), the standard and supported installation for continuous, automated updates is as a controller inside your cluster. -## Installing as Kubernetes workload +### Choosing an installation namespace -The most straightforward way to run the image updater is to install it as a Kubernetes workload using the provided installation manifests. These manifests will set up the controller in its own dedicated namespace (`argocd-image-updater-system` by default). -Don't worry, without creating any ImageUpdater custom resources, it will not start modifying your workloads yet. +You have two options for where to install the Argo CD Image Updater: -### Apply the installation manifests +#### Option 1: Install into the Argo CD namespace (Recommended) + +The simplest approach is to install the image updater into the same namespace as your Argo CD installation. This requires minimal configuration. + +If Argo CD is running in the `argocd` namespace, use the following command: ```shell -kubectl apply -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/config/install.yaml +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/config/install.yaml ``` +!!! warning + The default installation manifests assume Argo CD is in the `argocd` namespace. If your Argo CD runs in a different namespace (e.g., `my-argocd`), you must download the `install.yaml` manifest and manually update the `namespace` field in the `subjects` section of all `ClusterRoleBinding` resources from `argocd` to your target namespace. + +#### Option 2: Install into a separate namespace + +For better workload isolation, you can install the image updater into its own namespace. This use case requires several manual configuration steps. + +Let's assume Argo CD runs in `` and you are installing the image updater in ``. + +1. **Install the Controller** + + First, create the target namespace and apply the installation manifest. + ```shell + kubectl create namespace + kubectl apply -n -f https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/config/install.yaml + ``` + +2. **Configure the Argo CD Namespace** + + The controller needs to know where to find Argo CD resources. Edit the `argocd-image-updater-controller` deployment manifest and add the `ARGOCD_NAMESPACE` environment variable to the `argocd-image-updater` container, pointing to the namespace where Argo CD is installed. + + ```yaml + ... + env: + - name: ARGOCD_NAMESPACE + value: + ... + ``` + + Alternatively, you can add the `--argocd-namespace=` flag to the container's `command` arguments in the deployment manifest. + +3. **Adjust ClusterRoleBinding** + + The installation manifest contains `ClusterRoleBinding` resources that grant the controller's `ServiceAccount` cluster-wide permissions. You must update these bindings to reference the namespace where the image updater is installed (``). + + To do this, download `install.yaml` and manually change the `namespace` in the `subjects` section of all `ClusterRoleBinding` resources from `argocd` to `` before applying the manifest. + +4. **Grant Permissions in the Argo CD Namespace** + + The image updater needs to read resources from the Argo CD namespace, such as `Secrets` containing repository credentials. The default installation does not grant these cross-namespace permissions. You must create a `Role` and `RoleBinding` in the Argo CD namespace to allow the image updater's ServiceAccount (from ``) to access these resources. + + Create and apply the following manifest in the ``: + ```yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: argocd-image-updater-cross-namespace-reader + namespace: + rules: + - apiGroups: [""] + resources: ["secrets", "configmaps"] + verbs: ["get", "list", "watch"] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: argocd-image-updater-cross-namespace-reader + namespace: + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-image-updater-cross-namespace-reader + subjects: + - kind: ServiceAccount + name: argocd-image-updater-controller + namespace: + ``` + ### Configure the desired log level While this step is optional, we recommend to set the log level explicitly. From 483236eff4a5a97e5434835e04a2b94d88848e36 Mon Sep 17 00:00:00 2001 From: dkarpele Date: Wed, 19 Nov 2025 11:16:40 +0100 Subject: [PATCH 2/2] fix(doc): add info about argocd ns config map Signed-off-by: dkarpele --- docs/install/installation.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/install/installation.md b/docs/install/installation.md index f4bf44c9..1453e494 100644 --- a/docs/install/installation.md +++ b/docs/install/installation.md @@ -39,7 +39,7 @@ Let's assume Argo CD runs in `` and you are installing the ima 2. **Configure the Argo CD Namespace** - The controller needs to know where to find Argo CD resources. Edit the `argocd-image-updater-controller` deployment manifest and add the `ARGOCD_NAMESPACE` environment variable to the `argocd-image-updater` container, pointing to the namespace where Argo CD is installed. + The controller needs to know where to find Argo CD resources. Edit the `argocd-image-updater-controller` deployment manifest and add the `ARGOCD_NAMESPACE` environment variable to the `argocd-image-updater-controller` container or add `argocd.namespace` key to the ConfigMap `argocd-image-updater-config`, pointing to the namespace where Argo CD is installed. ```yaml ... @@ -49,6 +49,15 @@ Let's assume Argo CD runs in `` and you are installing the ima ... ``` + or + + ```yaml + ... + data: + argocd.namespace: + ... + ``` + Alternatively, you can add the `--argocd-namespace=` flag to the container's `command` arguments in the deployment manifest. 3. **Adjust ClusterRoleBinding**