v2.7 to 2.8
Support dropped for argocd-cm plugins
Config Management Plugins installed via the argocd-cm ConfigMap will not work starting with v2.8.
See the migration guide to upgrade your plugin.
Tini as entrypoint
With the 2.8 release entrypoint.sh
will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to tini
in the Dockerfile
explicitly, and the Kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on entrypoint.sh
instead of tini
. Please make sure the manifests are updated properly before moving to 2.8.
Filtering applied to cluster List
API endpoint
Prior to v2.8
, the List
endpoint on the ClusterService
did not filter clusters when responding, despite accepting query parameters. This bug has been addressed, and query parameters are now taken into account to filter the resulting list of clusters.
Configure RBAC to account for new actions
2.8 introduces three new actions:
- Create a Job from a CronJob
- Create a Workflow from a CronWorkflow
- Create a Workflow from a WorkflowTemplate
When you upgrade to 2.8, RBAC policies with applications
in the resource field and *
or action/*
in the action field, it will automatically grant the ability to use these new actions.
If you would like to avoid granting these new permissions, you can update your RBAC policies to be more specific.
Example
Old:
p, role:action-runner, applications, actions/, *, allow
New:
p, role:action-runner, applications, action/argoproj.io/Rollout/abort, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/promote-full, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/retry, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/resume, *, allow
p, role:action-runner, applications, action/argoproj.io/Rollout/restart, *, allow
p, role:action-runner, applications, action/argoproj.io/AnalysisRun/terminate, *, allow
p, role:action-runner, applications, action/apps/DaemonSet/restart, *, allow
p, role:action-runner, applications, action/apps/StatefulSet/restart, *, allow
p, role:action-runner, applications, action/apps/Deployment/pause, *, allow
p, role:action-runner, applications, action/apps/Deployment/resume, *, allow
p, role:action-runner, applications, action/apps/Deployment/restart, *, allow
# If you don't want to grant the new permissions, don't include the following lines
p, role:action-runner, applications, action/argoproj.io/WorkflowTemplate/create-workflow, *, allow
p, role:action-runner, applications, action/argoproj.io/CronWorkflow/create-workflow, *, allow
p, role:action-runner, applications, action/batch/CronJob/create-job, *, allow
Change default file open mode
In version 2.7, the CMP plugin was changed to open Git/Helm files with all executable bits set (unless preserveFileMode
was specified).
Version 2.8 removes the executable bits in cases where they are not necessary.