github.com/argoproj/argo-cd/v3@v3.2.1/docs/operator-manual/upgrading/2.9-2.10.md

github.com/argoproj/argo-cd/v3@v3.2.1/docs/operator-manual/upgrading/2.9-2.10.md (about)

     1  # v2.9 to 2.10
     2  
     3  ## `managedNamespaceMetadata` no longer preserves client-side-applied labels or annotations
     4  
     5  Argo CD 2.10 upgraded kubectl from 1.24 to 1.26. This upgrade introduced a change where client-side-applied labels and
     6  annotations are no longer preserved when using a server-side kubectl apply. This change affects the
     7  `managedNamespaceMetadata` field of the `Application` CRD. Previously, labels and annotations applied via a client-side
     8  apply would be preserved when `managedNamespaceMetadata` was enabled. Now, those existing labels and annotation will be
     9  removed.
    10  
    11  To avoid unexpected behavior, follow the [client-side to server-side resource upgrade guide](https://kubernetes.io/docs/reference/using-api/server-side-apply/#upgrading-from-client-side-apply-to-server-side-apply)
    12  before enabling `managedNamespaceMetadata` on an existing namespace.
    13  
    14  ## Upgraded Helm Version
    15  
    16  Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3.
    17  
    18  ## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy`
    19  
    20  Starting with Argo CD 2.10.11, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made
    21  to allow access to the Kubernetes API to create a secret to secure Redis access.
    22  
    23  To retain similar networking restrictions as before 2.10.11, you can add an Egress rule to allow access only to the
    24  Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your
    25  Kubernetes setup. The access for Redis itself can be allowed by adding the following to the
    26  `argocd-redis-network-policy` NetworkPolicy:
    27  
    28  ```diff
    29  kind: NetworkPolicy
    30  apiVersion: networking.k8s.io/v1
    31  metadata:
    32    name: argocd-redis-network-policy
    33  spec:
    34    policyTypes:
    35    - Ingress
    36  +  - Egress
    37  +  egress:
    38  +  - ports:
    39  +    - port: 53
    40  +      protocol: UDP
    41  +    - port: 53
    42  +      protocol: TCP
    43  ```
    44  
    45  ```diff
    46  kind: NetworkPolicy
    47  apiVersion: networking.k8s.io/v1
    48  metadata:
    49    name: argocd-redis-ha-haproxy
    50  spec:
    51    policyTypes:
    52    - Ingress
    53  +  - Egress
    54  +  egress:
    55  +  - ports:
    56  +    - port: 6379
    57  +      protocol: TCP
    58  +    - port: 26379
    59  +      protocol: TCP
    60  +    to:
    61  +    - podSelector:
    62  +        matchLabels:
    63  +          app.kubernetes.io/name: argocd-redis-ha
    64  +  - ports:
    65  +    - port: 53
    66  +      protocol: UDP
    67  +    - port: 53
    68  +      protocol: TCP
    69  ```