v1.4.0-rc1
Pre-releaseQuick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.4.0-rc1/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v1.4.0-rc1/manifests/ha/install.yaml
The v1.4.0 is a stability release that brings multiple bug fixes, security, performance enhancements, and multiple usability improvements.
New Features
Security
A number of security enhancements and features have been implemented (thanks to @jannfis for driving it! ):
- Repository Credential Templates Management UI/CLI. Now you can use Argo CD CLI or UI to configure
credentials template for multiple repositories! - X-Frame-Options header on serving static assets. The X-Frame-Options prevents third party sites to trick users into interacting with the application.
- Tighten AppProject RBAC enforcement. We've improved the enforcement of access rules specified in the
application project configuration.
Namespace Isolation
With the namespace isolation feature, you are no longer have to give full read-only cluster access to the Argo CD. Instead, you can give access only to selected namespaces with-in
the cluster:
argocd cluster add <mycluster> --namespace <mynamespace1> --namespace <mynamespace2>
This feature is useful if you don't have full cluster access but still want to use Argo CD to manage some cluster namespaces. The feature also improves performance if Argo CD is
used to manage a few namespaces of a large cluster.
Reconciliation Performance
The Argo CD no longer fork/exec kubectl
to apply resource changes in the target cluster or convert resource manifest to the required manifest version. This reduces
CPU and Memory usage of large Argo CD instances.
Resources Health based Hook Status
The existing Argo CD resource hooks feature allows running custom logic during the syncing process. You can mark
any Kubernetes resource as a hook and Argo CD assess hook status if resource is a Pod
, Job
or Argo Workflow
. In the v1.4.0 release Argo CD is going to leverage resource
health assessment to get sync hook status. This allows using any custom CRD as a sync hook and leverage custom health
check logic.
Manifest Generation
- Track Helm Charts By Semantic Version. You've been able to track charts hosted in Git repositories using branches to tags. This is now possible for Helm charts. You no longer
need to choose the exact version, such as v1.4.0 ,instead you can use a semantic version constraint such as v1.4.* and the latest version that matches will be installed. - Build Environment Variables. Feature allows config management tool to get access to app details during manifest generation via
environment variables. - Git submodules. Argo CD is going to automatically fetch sub-modules if your repository has
.gitmodules
directory.
UI and CLI
- Improved Resource Tree View. The Application details page got even prettier. The resource view was tuned to fit more resources into the screen, include more information about
each resource and don't lose usability at the same time. - New Account Management CLI Command. The CLI allows to check which actions are allowed for your account:
argocd account can-i sync applications '*'
Maintenance Tools
The team put more effort into building tools that help to maintain Argo CD itself:
- Bulk Project Editing. The
argocd-util
allows to add and remove permissions defined in multiple project roles using one command. - More Prometheus Metrics. A set of additional metrics that contains useful information managed clusters is exposed by application controller.
More documentation and tools are coming in patch releases.
Breaking Changes
The Argo CD deletes all in-flight hooks if you terminate running sync operation. The hook state assessment change implemented in this release the Argo CD enables detection of
an in-flight state for all Kubernetes resources including Deployment
, PVC
, StatefulSet
, ReplicaSet
etc. So if you terminate the sync operation that has, for example,
StatefulSet
hook that is Progressing
it will be deleted. The long-running jobs are not supposed to be used as a sync hook and you should consider using
Sync Waves instead.
Enhancements
- feat: Add custom healthchecks for cert-manager v0.11.0 (#2689)
- feat: add git submodule support (#2495)
- feat: Add repository credential management API and CLI (addresses #2136) (#2207)
- feat: add support for --additional-headers cli flag (#2467)
- feat: Add support for ssh-with-port repo url (#2866) (#2948)
- feat: Add Time to ApplicationCondition. (#2417)
- feat: Adds
argocd auth can-i
command. Close #2255 - feat: Adds revision history limit. Closes #2790 (#2818)
- feat: Adds support for ARGO_CD_[TARGET_REVISION|REVISION] and pass to Custom Tool/Helm/Jsonnet
- feat: Adds support for Helm charts to be a semver range. Closes #2552 (#2606)
- feat: Adds tracing to key external invocations. (#2811)
- feat: argocd-util should allow editing project policies in bulk (#2615)
- feat: Displays controllerrevsion's revision in the UI. Closes #2306 (#2702)
- feat: Issue #2559 - Add gauge Prometheus metric which represents the number of pending manifest requests. (#2658)
- feat: Make ConvertToVersion maybe 1090% faster on average (#2820)
- feat: namespace isolation (#2839)
- feat: removes redundant mutex usage in controller cache and adds cluster cache metrics (#2898)
- feat: Set X-Frame-Options on serving static assets (#2706) (#2711)
- feat: Simplify using Argo CD without users/SSO/UI (#2688)
- feat: Template Out Data Source in Grafana Dashboard (#2859)
- feat: Updates UI icons. Closes #2625 and #2757 (#2653)
- feat: use editor arguments in InteractiveEditor (#2833)
- feat: Use kubectl apply library instead of forking binary (#2861)
- feat: use resource health for hook status evaluation (#2938)
Bug Fixes
- fix: Adds support for /api/v1/account* via HTTP. Fixes #2664 (#2701)
- fix: Allow '@'-character in SSH usernames when connecting a repository (#2612)
- fix: Allow dot in project policy. Closes #2724 (#2755)
- fix: Allow you to sync local Helm apps. Fixes #2741 (#2747)
- fix: Allows Helm parameters that contains arrays or maps. (#2525)
- fix: application-controller doesn't deal with rm/add same cluster gracefully (x509 unknown) (#2389)
- fix: diff local ignore kustomize build options (#2942)
- fix: Ensures that Helm charts are correctly resolved before sync. Fixes #2758 (#2760)
- fix: Fix 'Open application' link when using basehref (#2729)
- fix: fix a bug with cluster add when token secret is not first in list. (#2744)
- fix: fix bug where manifests are not cached. Fixes #2770 (#2771)
- fix: Fixes bug whereby retry does not work for CLI. Fixes #2767 (#2768)
- fix: git contention leads applications into Unknown state (#2877)
- fix: Issue #1944 - Gracefully handle missing cached app state (#2464)
- fix: Issue #2668 - Delete a specified context (#2669)
- fix: Issue #2683 - Make sure app update don't fail due to concurrent modification (#2852)
- fix: Issue #2721 Optimize helm repo querying (#2816)
- fix: Issue #2853 - Improve application env variables/labels editing (#2856)
- fix: Issue 2848 - Application Deployment history panel shows incorrect info for recent releases (#2849)
- fix: Make BeforeHookCreation the default. Fixes #2754 (#2759)
- fix: No error on
argocd app create
in CLI if--revision
is omitted #2665 - fix: Only delete resources during app delete cascade if permitted to (fixes #2693) (#2695)
- fix: prevent user from seeing/deleting resources not permitted in project (#2908) (#2910)
- fix: self-heal should retry syncing an application after specified delay
- fix: stop logging dex config secrets #(2904) (#2937)
- fix: stop using jsondiffpatch on clientside to render resource difference (#2869)
- fix: Target Revision truncated #2736
- fix: UI should re-trigger SSO login if SSO JWT token expires (#2891)
- fix: update argocd-util import was not working properly (#2939)
Contributors
- Aalok Ahluwalia
- Aananth K
- Abhishek Jaisingh
- Adam Johnson
- Alan Tang
- Alex Collins
- Alexander Matyushentsev
- Andrew Waters
- Byungjin Park
- Christine Banek
- Daniel Helfand
- David Hong
- David J. M. Karlsen
- David Maciel
- Devan Goodwin
- Devin Stein
- dthomson25
- Gene Liverman
- Gregor Krmelj
- Guido Maria Serra
- Ilir Bekteshi
- Imran Ismail
- INOUE BANJI
- Isaac Gaskin
- jannfis
- Jeff Hastings
- Jesse Suen
- John Girvan
- Konstantin
- Lev Aminov
- Manatsawin Hanmongkolchai
- Marco Schmid
- Masayuki Ishii
- Michael Bridgen
- Naoki Oketani
- niqdev
- nitinpatil1992
- Olivier Boukili
- Olivier Lemasle
- Omer Kahani
- Paul Brit
- Qingbo Zhou
- Saradhi Sreegiriraju
- Scott Cabrinha
- shlo
- Simon Behar
- stgarf
- Yujun Zhang
- Zoltán Reegn