Skip to content

Argo CD Image Updater

Command "run"

Argo CD Image Updater

Overview
Getting started
Getting started
- Installation
- Testing
- Command Line and Configuration Reference
  Command Line and Configuration Reference
  - Introduction
  - Command "completion"
  - Command "help"
  - Command "run" Command "run"
    Table of contents
    
    Command "run"
    
    Synopsis
    
    Description
    
    Flags
  - Command "template"
  - Command "test"
  - Command "version"
  - Command "webhook"
Basics
Basics
Configuration
Configuration
Contributing
Contributing
Examples
Releases ⧉
Roadmap ⧉

Command "run"

Command "run"¶

Synopsis¶

argocd-image-updater run [flags]

Description¶

Runs the Argo CD Image Updater, possibly in an endless loop with a set of options.

Flags¶

--application-namespace namespace

Specifies the Kubernetes namespace in which Argo CD Image Updater will manage Argo CD Applications when using the Kubernetes-based Application API. By default, applications in all namespaces are considered. This flag can be used to limit scope to a single namespace for performance, security, or organizational reasons.

--applications-api api kind

API kind that is used to manage Argo CD applications ('kubernetes' or 'argocd') (default "kubernetes")

Can also be set using the APPLICATIONS_API environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-auth-token token

Use token for authenticating to the Argo CD API. This token must be a base64 encoded JWT, as generated by Argo CD.

The token can also be set using the ARGOCD_TOKEN environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-grpc-web

If this flag is given, use the gRPC-web protocol to connect to the Argo CD API. This can be useful if your Argo CD API is behind a proxy that does not support HTTP/2, or only accept HTTP/2 on the front end.

Can also be set using the ARGOCD_GRPC_WEB environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-insecure

If specified, the certificate of the Argo CD API server is not verified. Useful if you are using a self-signed TLS certificate for the Argo CD API server. As the name implies, this is an insecure setting and should not be used for production systems.

Can also be set using the ARGOCD_INSECURE environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

-argocd-namespace namespace

namespace where ArgoCD runs in (current namespace by default)

--argocd-plaintext

If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.

Can also be set using the ARGOCD_PLAINTEXT environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-server-addr server address

Connect to the Argo CD API server at server address. server address must be a valid IP address or DNS host name, optionally with a port specification delimited using a colon, i.e. 10.23.42.5 or argocd-server.argocd:8080. If no port given, the protocol default will be used: Port 80 for plaintext connections, and port 443 for TLS connections.

Can also be set using the ARGOCD_SERVER environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--disable-kube-events

Disable kubernetes events

Can also be set with the IMAGE_UPDATER_KUBE_EVENTS environment variable.

--disable-kubernetes

If running locally, and you do not have a working connection to any Kubernetes cluster, this flag will prevent Argo CD Image Updater from creating a client to interact with Kubernetes. When Kubernetes access is disabled, pull secrets for images can only be specified from an environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--dry-run

If this flag is set, Argo CD Image Updater won't actually perform any changes to workloads it found in need for upgrade.

--docker-webhook-secret secret

Secret for validating Docker Hub webhooks.

Can also be set with the DOCKER_WEBHOOK_SECRET environment variable.

--enable-webhook enabled

Enable webhook server for receiving registry events.

Can also be set with the ENABLE_WEBHOOK environment variable.

--ghcr-webhook-secret secret

Secret for validating GitHub container registry webhooks.

Can also be set with the GHCR_WEBHOOK_SECRET environment variable.

--git-commit-email email

E-Mail address to use for Git commits (default "noreply@argoproj.io")

Can also be set using the GIT_COMMIT_EMAIL environment variable.

--git-commit-message-path path

Path to a template to use for Git commit messages (default "/app/config/commit.template")

--git-commit-sign-off

Whether to sign-off git commits

--git-commit-signing-key key

GnuPG key ID or path to Private SSH Key used to sign the commits

Can also be set using the GIT_COMMIT_SIGNING_KEY environment variable.

--git-commit-signing-method method

Method used to sign Git commits ('openpgp' or 'ssh') (default "openpgp")

Can also be set using the GIT_COMMIT_SIGNING_METHOD environment variable.

--git-commit-user user

Username to use for Git commits (default "argocd-image-updater")

Can also be set using the GIT_COMMIT_USER environment variable.

--harbor-webhook-secret secret

Secret for validating Harbor webhooks

Can also be set with the HARBOR_WEBHOOK_SECRET environment variable.

--health-port port

Specifies the local port to bind the health server to. The health server is used to provide health and readiness probes when running as K8s workload. Use value 0 for port to disable launching the health server.

-h, --help

help for run

--interval duration

Sets the interval for checking whether there are new images available to duration. duration must be given as a valid duration identifier with a unit suffix, i.e. 2m for 2 minutes or 30s for 30 seconds. If no unit is given, milliseconds will be assumed. If set to 0, ArgoCD Image Updater will exit after the first run, effectively disabling the interval. Default value is 2m0s.

Can also be set using the IMAGE_UPDATER_INTERVAL environment variable. The --interval flag takes precedence over the IMAGE_UPDATER_INTERVAL environment variable.

The order of precedence for determining the update interval is as follows:

--interval flag: If the --interval command-line flag is provided, its value will be used.
IMAGE_UPDATER_INTERVAL environment variable: If the --interval flag is not set, the value of the IMAGE_UPDATER_INTERVAL environment variable will be used.
Default value: If neither the --interval flag nor the IMAGE_UPDATER_INTERVAL environment variable is set, the default value will be used.

--kubeconfig path

Specify the Kubernetes client config file to use when running outside a Kubernetes cluster, i.e. ~/.kube/config. When specified, Argo CD Image Updater will use the currently active context in the configuration to connect to the Kubernetes cluster.

--loglevel level

Set the log level to level, where level can be one of trace, debug, info, warn or error.

Can also be set using the IMAGE_UPDATER_LOGLEVEL environment variable.

--logformat format

Set the log format to format, where format can be one of text or json

Can also be set using the IMAGE_UPDATER_LOGFORMAT environment variable.

--match-application-label selector

Only process applications that have a valid annotation and match the given label selector. The selector is a string that matches the standard kubernetes label selector syntax. For e.g., custom.label/name=xyz would be a valid label that can be supplied through this parameter. Any applications carrying this exact label will be considered as candidates for image updates. This parameter currently does not support pattern matching on label values (e.g customer.label/name=*-staging). You can specify equality, inequality, or set based requirements or a combination. For e.g., app,app!=foo,custom.label/name=xyz,customer in (a,b,c)

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for these application matching flag.

--match-application-name pattern

Only process applications that have a valid annotation and matches the given pattern. The pattern is a simple glob pattern and supports file system style wildcards, i.e. *-staging would match any application name with a suffix of -staging. Can be specified multiple times to define more than one pattern, from which at least one has to match.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for these application matching flag.

--max-concurrency number

Process a maximum of number applications concurrently. To disable concurrent application processing, specify a number of 1.

--metrics-port port

port to start the metrics server on, 0 to disable (default 8081)

--once

A shortcut for specifying --interval 0 --health-port 0. If given, Argo CD Image Updater will exit after the first update cycle.

--quay-webhook-secret secret

Secret for validating Quay webhooks.

Can also be set with the QUAY_WEBHOOK_SECRET environment variable.

--registries-conf-path path

Load the registry configuration from file at path. Defaults to the path /app/config/registries.conf. If no configuration should be loaded, and the default configuration should be used instead, specify the empty string, i.e. --registries-conf-path="".

--warmup-cache

whether to perform a cache warm-up on startup (default true)

--webhook-port port

Port to listen on for webhook events (default 8082)

Can also be set with the WEBHOOK_PORT environment variable.

--webhook-ratelimit-allowed numRequests

The number of allowed requests in an hour for webhook rate limiting, setting to 0 means that the rate limiting is disabled.

Can also be set with the WEBHOOK_RATELIMIT_ALLOWED environment variable.