github.com/argoproj/argo-cd/v3@v3.2.1/docs/operator-manual/upgrading/2.8-2.9.md (about) 1 # v2.8 to 2.9 2 3 ## Upgraded Kustomize Version 4 5 Note that bundled Kustomize version has been upgraded from 5.1.0 to 5.2.1. 6 7 ## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` 8 9 Starting with Argo CD 2.9.16, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made 10 to allow access to the Kubernetes API to create a secret to secure Redis access. 11 12 To retain similar networking restrictions as before 2.9.16, you can add an Egress rule to allow access only to the 13 Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your 14 Kubernetes setup. The access for Redis itself can be allowed by adding the following to the 15 `argocd-redis-network-policy` NetworkPolicy: 16 17 ```diff 18 kind: NetworkPolicy 19 apiVersion: networking.k8s.io/v1 20 metadata: 21 name: argocd-redis-network-policy 22 spec: 23 policyTypes: 24 - Ingress 25 + - Egress 26 + egress: 27 + - ports: 28 + - port: 53 29 + protocol: UDP 30 + - port: 53 31 + protocol: TCP 32 ``` 33 34 ```diff 35 kind: NetworkPolicy 36 apiVersion: networking.k8s.io/v1 37 metadata: 38 name: argocd-redis-ha-haproxy 39 spec: 40 policyTypes: 41 - Ingress 42 + - Egress 43 + egress: 44 + - ports: 45 + - port: 6379 46 + protocol: TCP 47 + - port: 26379 48 + protocol: TCP 49 + to: 50 + - podSelector: 51 + matchLabels: 52 + app.kubernetes.io/name: argocd-redis-ha 53 + - ports: 54 + - port: 53 55 + protocol: UDP 56 + - port: 53 57 + protocol: TCP 58 ```