feat(argocd-image-updater): Add k8s secret generation for ArgoCD API token (#1144)

* [image-updater] appVersion has been changed

* Reword changelog

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Added argocd api key secret generation option

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* changed docs

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* Fix in README

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* fix in values file

Signed-off-by: Mikhail Alekseev <mikhailalekseev1@gmail.com>

* fix README

* Apply suggestions from code review

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Fix changelog annotation

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Also add default labels to the newly created Secret

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>

charts/argocd-image-updater/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.6.3
+version: 0.7.0
 appVersion: v0.11.3
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@@ -15,4 +15,4 @@ maintainers:
     url: https://argoproj.github.io/
 annotations:
   artifacthub.io/changes: |
-    - "[Changed]: Update to app version v0.11.3"
+    - "[Added]: Ability to manage secret containing the ArgoCD API token"

charts/argocd-image-updater/README.md

@@ -16,10 +16,6 @@ helm install argocd-image-updater argo/argocd-image-updater
 
 You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
 
-## TODO
-
-- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
-
 ## Prerequisites
 
 * Helm v3.0.0+
@@ -41,6 +37,19 @@ config:
 
 Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
 
+### ArgoCD API key
+
+If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
+Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
+
+```yaml
+config:
+  argocd:
+    token: <your_secret_here>
+```
+
+If you specify a token value the secret will be created.
+
 ### Registries
 
 ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):
@@ -67,6 +76,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. |
 | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. |
 | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address |
+| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. |
 | config.disableKubeEvents | bool | `false` | Disable kubernetes events |
 | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
 | config.gitCommitTemplate | string | `""` | Changing the Git commit message |

charts/argocd-image-updater/README.md.gotmpl

@@ -16,10 +16,6 @@ helm install argocd-image-updater argo/argocd-image-updater
 
 You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart).
 
-## TODO
-
-- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something.
-
 ## Prerequisites
 
 * Helm v3.0.0+
@@ -41,6 +37,19 @@ config:
 
 Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so.
 
+### ArgoCD API key
+
+If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation.
+Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/).
+
+```yaml
+config:
+  argocd:
+    token: <your_secret_here>
+```
+
+If you specify a token value the secret will be created.
+
 ### Registries
 
 ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)):

charts/argocd-image-updater/templates/secret.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.config.argocd.token }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-image-updater-secret
+  labels:
+    {{- include "argocd-image-updater.labels" . | nindent 4 }}
+type: Opaque
+data: 
+  argocd.token: {{ .Values.config.argocd.token | b64enc }}
+{{- end }}

charts/argocd-image-updater/values.yaml

@@ -53,6 +53,8 @@ config:
     insecure: false
     # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
     plaintext: false
+    # -- If specified, the secret with ArgoCD API key will be created.
+    token: ""
 
   # -- Disable kubernetes events
   disableKubeEvents: false