Automated Container Image Updates with ArgoCD
Automated Image Updates
Section titled “Automated Image Updates”This guide enables ArgoCD Image Updater to track container images and commit updates back to Git.
Step 1: Store registry credentials in Vault
Section titled “Step 1: Store registry credentials in Vault”Create these Vault secrets:
kubectl -n vault exec -it vault-0 -- vault kv put kv/argocd-image-updater/ghcr \ username="REPLACE_ME" token="REPLACE_ME"
kubectl -n vault exec -it vault-0 -- vault kv put kv/argocd-image-updater/dockerhub \ username="REPLACE_ME" token="REPLACE_ME"Step 2: Store Git write-back credentials in Vault
Section titled “Step 2: Store Git write-back credentials in Vault”Create a GitHub token with repo write access and store it:
kubectl -n vault exec -it vault-0 -- vault kv put kv/argocd/repo-creds \ username="REPLACE_ME" token="REPLACE_ME"Step 3: Let ArgoCD sync
Section titled “Step 3: Let ArgoCD sync”ArgoCD will install ArgoCD Image Updater, create the registry secret, and create the repo credentials.
Step 4: Verify image updates
Section titled “Step 4: Verify image updates”Look for .argocd-source-<appName>.yaml files added under apps/ after Image Updater runs.
- Image rules live in
infrastructure/argocd-image-updater/image-updater.yaml. - Registry secrets are created by External Secrets in
infrastructure/external-secrets/. - Updates commit to the tracked branch (
master) so ArgoCD can auto-sync. - Apps should include a
kustomization.yamlso ArgoCD can apply Image Updater overrides.