File tree 10 files changed +161
-77
lines changed
docs/operator-manual/upgrading
10 files changed +161
-77
lines changed Original file line number Diff line number Diff line change 2
2
3
3
## initiatedBy added in Application CRD
4
4
5
- In order to address [ argoproj/argo-cd #16612 ] ( https://github.com/argoproj/argo-cd/issues/16612 ) , initiatedBy has been added in the Application CRD.
5
+ In order to address [ argoproj/argo-cd #16612 ] ( https://github.com/argoproj/argo-cd/issues/16612 ) , initiatedBy has been added in the Application CRD.
6
+
7
+ ## Egress NetworkPolicy for ` argocd-redis ` and ` argocd-redis-ha-haproxy `
8
+
9
+ Starting with Argo CD 2.11.2, the NetworkPolicy for the ` argocd-redis ` and ` argocd-redis-ha-haproxy ` dropped Egress restrictions. This change was made
10
+ to allow access to the Kubernetes API to create a secret to secure Redis access.
11
+
12
+ To retain similar networking restrictions as before 2.11.2, you can add an Egress rule to allow access only to the
13
+ Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your
14
+ Kubernetes setup. The access for Redis itself can be allowed by adding the following to the
15
+ ` argocd-redis-network-policy ` NetworkPolicy:
16
+
17
+ ``` diff
18
+ kind: NetworkPolicy
19
+ apiVersion: networking.k8s.io/v1
20
+ metadata:
21
+ name: argocd-redis-network-policy
22
+ spec:
23
+ policyTypes:
24
+ - Ingress
25
+ + - Egress
26
+ + egress:
27
+ + - ports:
28
+ + - port: 53
29
+ + protocol: UDP
30
+ + - port: 53
31
+ + protocol: TCP
32
+ ```
33
+
34
+ ``` diff
35
+ kind: NetworkPolicy
36
+ apiVersion: networking.k8s.io/v1
37
+ metadata:
38
+ name: argocd-redis-ha-haproxy
39
+ spec:
40
+ policyTypes:
41
+ - Ingress
42
+ + - Egress
43
+ + egress:
44
+ + - ports:
45
+ + - port: 6379
46
+ + protocol: TCP
47
+ + - port: 26379
48
+ + protocol: TCP
49
+ + to:
50
+ + - podSelector:
51
+ + matchLabels:
52
+ + app.kubernetes.io/name: argocd-redis-ha
53
+ + - ports:
54
+ + - port: 53
55
+ + protocol: UDP
56
+ + - port: 53
57
+ + protocol: TCP
58
+ ```
Original file line number Diff line number Diff line change 3
3
## Upgraded Kustomize Version
4
4
5
5
Note that bundled Kustomize version has been upgraded from 5.1.0 to 5.2.1.
6
+
7
+ ## Egress NetworkPolicy for ` argocd-redis ` and ` argocd-redis-ha-haproxy `
8
+
9
+ Starting with Argo CD 2.9.16, the NetworkPolicy for the ` argocd-redis ` and ` argocd-redis-ha-haproxy ` dropped Egress restrictions. This change was made
10
+ to allow access to the Kubernetes API to create a secret to secure Redis access.
11
+
12
+ To retain similar networking restrictions as before 2.9.16, you can add an Egress rule to allow access only to the
13
+ Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your
14
+ Kubernetes setup. The access for Redis itself can be allowed by adding the following to the
15
+ ` argocd-redis-network-policy ` NetworkPolicy:
16
+
17
+ ``` diff
18
+ kind: NetworkPolicy
19
+ apiVersion: networking.k8s.io/v1
20
+ metadata:
21
+ name: argocd-redis-network-policy
22
+ spec:
23
+ policyTypes:
24
+ - Ingress
25
+ + - Egress
26
+ + egress:
27
+ + - ports:
28
+ + - port: 53
29
+ + protocol: UDP
30
+ + - port: 53
31
+ + protocol: TCP
32
+ ```
33
+
34
+ ``` diff
35
+ kind: NetworkPolicy
36
+ apiVersion: networking.k8s.io/v1
37
+ metadata:
38
+ name: argocd-redis-ha-haproxy
39
+ spec:
40
+ policyTypes:
41
+ - Ingress
42
+ + - Egress
43
+ + egress:
44
+ + - ports:
45
+ + - port: 6379
46
+ + protocol: TCP
47
+ + - port: 26379
48
+ + protocol: TCP
49
+ + to:
50
+ + - podSelector:
51
+ + matchLabels:
52
+ + app.kubernetes.io/name: argocd-redis-ha
53
+ + - ports:
54
+ + - port: 53
55
+ + protocol: UDP
56
+ + - port: 53
57
+ + protocol: TCP
58
+ ```
Original file line number Diff line number Diff line change @@ -14,3 +14,56 @@ before enabling `managedNamespaceMetadata` on an existing namespace.
14
14
## Upgraded Helm Version
15
15
16
16
Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3.
17
+
18
+ ## Egress NetworkPolicy for ` argocd-redis ` and ` argocd-redis-ha-haproxy `
19
+
20
+ Starting with Argo CD 2.10.11, the NetworkPolicy for the ` argocd-redis ` and ` argocd-redis-ha-haproxy ` dropped Egress restrictions. This change was made
21
+ to allow access to the Kubernetes API to create a secret to secure Redis access.
22
+
23
+ To retain similar networking restrictions as before 2.10.11, you can add an Egress rule to allow access only to the
24
+ Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your
25
+ Kubernetes setup. The access for Redis itself can be allowed by adding the following to the
26
+ ` argocd-redis-network-policy ` NetworkPolicy:
27
+
28
+ ``` diff
29
+ kind: NetworkPolicy
30
+ apiVersion: networking.k8s.io/v1
31
+ metadata:
32
+ name: argocd-redis-network-policy
33
+ spec:
34
+ policyTypes:
35
+ - Ingress
36
+ + - Egress
37
+ + egress:
38
+ + - ports:
39
+ + - port: 53
40
+ + protocol: UDP
41
+ + - port: 53
42
+ + protocol: TCP
43
+ ```
44
+
45
+ ``` diff
46
+ kind: NetworkPolicy
47
+ apiVersion: networking.k8s.io/v1
48
+ metadata:
49
+ name: argocd-redis-ha-haproxy
50
+ spec:
51
+ policyTypes:
52
+ - Ingress
53
+ + - Egress
54
+ + egress:
55
+ + - ports:
56
+ + - port: 6379
57
+ + protocol: TCP
58
+ + - port: 26379
59
+ + protocol: TCP
60
+ + to:
61
+ + - podSelector:
62
+ + matchLabels:
63
+ + app.kubernetes.io/name: argocd-redis-ha
64
+ + - ports:
65
+ + - port: 53
66
+ + protocol: UDP
67
+ + - port: 53
68
+ + protocol: TCP
69
+ ```
Original file line number Diff line number Diff line change 8
8
app.kubernetes.io/name : argocd-redis
9
9
policyTypes :
10
10
- Ingress
11
- - Egress
12
11
ingress :
13
12
- from :
14
13
- podSelector :
23
22
ports :
24
23
- protocol : TCP
25
24
port : 6379
26
- egress :
27
- - ports :
28
- - port : 53
29
- protocol : UDP
30
- - port : 53
31
- protocol : TCP
Original file line number Diff line number Diff line change @@ -21989,12 +21989,6 @@ kind: NetworkPolicy
21989
21989
metadata:
21990
21990
name: argocd-redis-network-policy
21991
21991
spec:
21992
- egress:
21993
- - ports:
21994
- - port: 53
21995
- protocol: UDP
21996
- - port: 53
21997
- protocol: TCP
21998
21992
ingress:
21999
21993
- from:
22000
21994
- podSelector:
@@ -22014,7 +22008,6 @@ spec:
22014
22008
app.kubernetes.io/name: argocd-redis
22015
22009
policyTypes:
22016
22010
- Ingress
22017
- - Egress
22018
22011
---
22019
22012
apiVersion: networking.k8s.io/v1
22020
22013
kind: NetworkPolicy
Original file line number Diff line number Diff line change 8
8
app.kubernetes.io/name : argocd-redis-ha-haproxy
9
9
policyTypes :
10
10
- Ingress
11
- - Egress
12
11
ingress :
13
12
- from :
14
13
- podSelector :
25
24
protocol : TCP
26
25
- port : 26379
27
26
protocol : TCP
28
- egress :
29
- - to :
30
- - podSelector :
31
- matchLabels :
32
- app.kubernetes.io/name : argocd-redis-ha
33
- ports :
34
- - port : 6379
35
- protocol : TCP
36
- - port : 26379
37
- protocol : TCP
38
- - ports :
39
- - port : 53
40
- protocol : UDP
41
- - port : 53
42
- protocol : TCP
27
+
Original file line number Diff line number Diff line change @@ -24192,21 +24192,6 @@ kind: NetworkPolicy
24192
24192
metadata:
24193
24193
name: argocd-redis-ha-proxy-network-policy
24194
24194
spec:
24195
- egress:
24196
- - ports:
24197
- - port: 6379
24198
- protocol: TCP
24199
- - port: 26379
24200
- protocol: TCP
24201
- to:
24202
- - podSelector:
24203
- matchLabels:
24204
- app.kubernetes.io/name: argocd-redis-ha
24205
- - ports:
24206
- - port: 53
24207
- protocol: UDP
24208
- - port: 53
24209
- protocol: TCP
24210
24195
ingress:
24211
24196
- from:
24212
24197
- podSelector:
@@ -24228,7 +24213,6 @@ spec:
24228
24213
app.kubernetes.io/name: argocd-redis-ha-haproxy
24229
24214
policyTypes:
24230
24215
- Ingress
24231
- - Egress
24232
24216
---
24233
24217
apiVersion: networking.k8s.io/v1
24234
24218
kind: NetworkPolicy
Original file line number Diff line number Diff line change @@ -3313,21 +3313,6 @@ kind: NetworkPolicy
3313
3313
metadata :
3314
3314
name : argocd-redis-ha-proxy-network-policy
3315
3315
spec :
3316
- egress :
3317
- - ports :
3318
- - port : 6379
3319
- protocol : TCP
3320
- - port : 26379
3321
- protocol : TCP
3322
- to :
3323
- - podSelector :
3324
- matchLabels :
3325
- app.kubernetes.io/name : argocd-redis-ha
3326
- - ports :
3327
- - port : 53
3328
- protocol : UDP
3329
- - port : 53
3330
- protocol : TCP
3331
3316
ingress :
3332
3317
- from :
3333
3318
- podSelector :
@@ -3349,7 +3334,6 @@ spec:
3349
3334
app.kubernetes.io/name : argocd-redis-ha-haproxy
3350
3335
policyTypes :
3351
3336
- Ingress
3352
- - Egress
3353
3337
---
3354
3338
apiVersion : networking.k8s.io/v1
3355
3339
kind : NetworkPolicy
Original file line number Diff line number Diff line change @@ -23030,12 +23030,6 @@ kind: NetworkPolicy
23030
23030
metadata:
23031
23031
name: argocd-redis-network-policy
23032
23032
spec:
23033
- egress:
23034
- - ports:
23035
- - port: 53
23036
- protocol: UDP
23037
- - port: 53
23038
- protocol: TCP
23039
23033
ingress:
23040
23034
- from:
23041
23035
- podSelector:
@@ -23055,7 +23049,6 @@ spec:
23055
23049
app.kubernetes.io/name: argocd-redis
23056
23050
policyTypes:
23057
23051
- Ingress
23058
- - Egress
23059
23052
---
23060
23053
apiVersion: networking.k8s.io/v1
23061
23054
kind: NetworkPolicy
Original file line number Diff line number Diff line change @@ -2151,12 +2151,6 @@ kind: NetworkPolicy
2151
2151
metadata :
2152
2152
name : argocd-redis-network-policy
2153
2153
spec :
2154
- egress :
2155
- - ports :
2156
- - port : 53
2157
- protocol : UDP
2158
- - port : 53
2159
- protocol : TCP
2160
2154
ingress :
2161
2155
- from :
2162
2156
- podSelector :
@@ -2176,7 +2170,6 @@ spec:
2176
2170
app.kubernetes.io/name : argocd-redis
2177
2171
policyTypes :
2178
2172
- Ingress
2179
- - Egress
2180
2173
---
2181
2174
apiVersion : networking.k8s.io/v1
2182
2175
kind : NetworkPolicy
You can’t perform that action at this time.
0 commit comments