Skip to content

Commit

Permalink
docs: document argocd cluster add behavior for 1.24 clusters (#9611)
Browse files Browse the repository at this point in the history 
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
  • Loading branch information
@crenshaw-dev
crenshaw-dev committed Jun 8, 2022
1 parent 67bc5ee commit 42bf090
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions docs/operator-manual/security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,13 @@ kubectl delete secret argocd-manager-token-XXXXXX -n kube-system
argocd cluster add CONTEXTNAME
```

!!! note
Kubernetes 1.24 [stopped automatically creating tokens for Service Accounts](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#no-really-you-must-read-this-before-you-upgrade).
[Starting in Argo CD 2.4](https://github.com/argoproj/argo-cd/pull/9546), `argocd cluster add` creates a
ServiceAccount _and_ a non-expiring Service Account token Secret when adding 1.24 clusters. In the future, Argo CD
will [add support for the Kubernetes TokenRequest API](https://github.com/argoproj/argo-cd/issues/9610) to avoid
using long-lived tokens.

To revoke Argo CD's access to a managed cluster, delete the RBAC artifacts against the *_managed_*
cluster, and remove the cluster entry from Argo CD:

Expand Down

0 comments on commit 42bf090

Please sign in to comment.