v2.7 to 2.8¶
Support dropped for argocd-cm plugins¶
Config Management Plugins installed via the argocd-cm ConfigMap will not work starting with v2.8.
See the migration guide to upgrade your plugin.
Tini as entrypoint¶
With the 2.8 release entrypoint.sh
will be removed from the containers,
because starting with 2.7, the implicit entrypoint is set to tini
in the
Dockerfile
explicitly, and the Kubernetes manifests has been updated to use
it. Simply updating the containers without updating the deployment manifests
will result in pod startup failures, as the old manifests are relying on
entrypoint.sh
instead of tini
. Please make sure the manifests are updated
properly before moving to 2.8.
Filtering applied to cluster List
API endpoint¶
Prior to v2.8
, the List
endpoint on the ClusterService
did not filter
clusters when responding, despite accepting query parameters. This bug has
been addressed, and query parameters are now taken into account to filter the
resulting list of clusters.
Configure RBAC to account for new actions¶
2.8 introduces three new actions:
- Create a Job from a CronJob
- Create a Workflow from a CronWorkflow
- Create a Workflow from a WorkflowTemplate
When you upgrade to 2.8, RBAC policies with applications
in the resource
field and *
or action/*
in the action field, it will automatically grant the
ability to use these new actions.
If you would like to avoid granting these new permissions, you can update your RBAC policies to be more specific.
Example¶
Old:
p, role:action-runner, applications, actions/, *, allow
New:
p, role:action-runner, applications, action/argoproj.io/Rollout/abort, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/promote-full, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/retry, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/resume, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/restart, *, allow
p, role:action-runner, applications, action/argoproj.io/AnalysisRun/terminate, *, allow
p, role:action-runner, applications, action/apps/DaemonSet/restart, *, allow
p, role:action-runner, applications, action/apps/StatefulSet/restart, *, allow
p, role:action-runner, applications, action/apps/Deployment/pause, *, allow
p, role:action-runner, applications, action/apps/Deployment/resume, *, allow
p, role:action-runner, applications, action/apps/Deployment/restart, *, allow
# If you don't want to grant the new permissions, don't include the following lines
p, role:action-runner, applications, action/argoproj.io/WorkflowTemplate/create-workflow, *, allow
p, role:action-runner, applications, action/argoproj.io/CronWorkflow/create-workflow, *, allow
p, role:action-runner, applications, action/batch/CronJob/create-job, *, allow
Change default file open mode¶
In version 2.7, the CMP plugin was changed to open Git/Helm files with all executable bits set (unless preserveFileMode
was specified).
Version 2.8 removes the executable bits in cases where they are not necessary.