Argo CD - v2.4.0

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.0/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.4.0/manifests/ha/install.yaml

Web Terminal In Argo CD UI

Feature enables engineers to start a shell in the running application container without leaving the web interface. Just find the required Kubernetes
Pod using the Application Details page, click on it and select the Terminal tab. The shell starts automatically and enables you to execute the required
commands, and helps to troubleshoot the application state.

Access Control For Pod Logs & Web Terminal

Argo CD is used to manage the critical infrastructure of multiple organizations, which makes security the top priority of the project. We've listened to
your feedback and introduced additional access control settings that control access to Kubernetes Pod logs and the new Web Terminal feature.

OpenTelemetry Tracing Integration

The new feature allows emitting richer telemetry data that might make identifying performance bottlenecks easier. The new feature is available for argocd-server
and argocd-repo-server components and can be enabled using the --otlp-address flag.

Power PC and IBM Z Support

The list of supported architectures has been expanded, and now includes IBM Z (s390x) and PowerPC (ppc64le). Starting with the v2.4 release the official quay.io
repository is going to have images for amd64, arm64, ppc64le, and s390x architectures.

Other Notable Changes

Overall v2.4 release includes more than 300 hundred commits from nearly 90 contributors. Here is a short sample of the contributions:

• Enforce the deployment to remote clusters only
• Native support of GCP authentication for GKE
• Secured Redis connection
• ApplicationSet Gitea support

Security fixes

• CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (GHSA-r642-gv9p-2wjj)
• LOW: Login screen allows message spoofing if SSO is enabled (GHSA-xmg8-99r8-jc2j)
• MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (GHSA-6gcg-hp2x-q54h)

Features

• feat: add --app-hard-resync flag to controller (#8928)
• feat: add caching to application js bundle since it has a unique name (#9008)
• feat: Add filter pathdoesntexist in scm generator (#9150)
• feat: add gke auth command to argocd-k8s-auth (#9190)
• feat: add printout of what has been deleted (#8894)
• feat: add support for Bitbucket Server (SCM + PR); add filters for PR (#9049)
• feat: Added option for cascading deletion while creation of app (#8645)
• feat: allow cli to remove cluster by name (#8823)
• feat: close sliding panel on escape key (#8465)
• feat: dex subcommand logformat/loglevel flags (#8542)
• feat: Exposing Default Metric Port for ApplicationSet Controller in Manifest Files. #8999 (#9000)
• feat: Introduce RBAC based approach to pod logs #7211 (#8353)
• feat: New SCM and pull request ApplicationSet generators for Gitea (#8989)
• feat: populate Server field with destination name when destination server is empty (#8609)
• feat: remove rbac when using argocd cluster rm (#8969)
• feat: remove shared repo volume between repo-server and cmp-server (#8600)
• feat: support opentelemetry for grpc tracing (#7539)
• feat: support pod exec terminal via websockets (#8905)
• feat: support swapping direction of truncation on resource names (#8671)
• feature: adding kube-context flag (#8849)
• feat(manifests): Add service account for repo server (#9301) (#9355)
• feat: support pod exec terminal logging (#9385)
• feat: Add plugin call variables to sidecar plugin discovery (#9273) (#9319)

Bug Fixes

• fix: Add Content-Security-Policy configuration option (#8943)
• fix: add sh256 hashes for arm on osx for m1 cpus (#9186)
• fix: add writable /tmp mount for the applicationset controller (#9183)
• fix: Added github and gitlab token into env (#8933)
• fix: allow cli/ui to follow logs (#8987)
• fix: allow URLs with encoded path (#8809)
• fix: cleanup argocd unknown flag errors (#8723)
• fix: consistent forms for UI (#8922)
• fix: Correctly calculate diffs for CRDs with ignore overrides (#9092)
• fix: detect applicationset webhook events for Matrix and Merge generators (#8998)
• fix: do not unset passCredentials when it's not specified (#9102) (#9104)
• fix: don't include exec as part of the default read-only role (#9249)
• fix: ensure appset git generator works with private repo (#9179)
• fix: env var values with equal sign ignored (#8793)
• fix: fall back to only branch if default branch is missing in gitea (#9228)
• fix: fix broken monaco editor collapse icons (#8709)
• fix: Gitlab Generator PathExists for files (#8997)
• fix: Helm OCI repositories with custom CAs (#8508)
• fix: hide managed fields by default in UI (#8932)
• fix: Horizontal Scrolling doesn't appear until page end (#8298) (#8462)
• fix: improve timeout.reconciliation error handling (#8964)
• fix: Make zoom level a user preference (#7183) (#8460)
• fix: Minor cleanup for app errors #5273 (#8623)
• fix: Move pod logs containers to dropdown in pod logs toolbar (#8607)
• fix: Prevent cluster privilege warning for cluster add cmd (#8972)
• fix: Prevent crash on server reload if opentelemetry is not enabled (#9270)
• fix: remove cookie module from ui (#9088)
• fix: Remove orphan static-files volume from ArgoCD server deployment manifest - Fixes #8714 (#9013)
• fix: Retry checkbox unchecked unexpectedly; Sync up with YAML (#8682) (#8720)
• fix: return revision from getGitGeneratorInfo (#8979)
• fix: Set QPS and burst rate for resource ops client (#8915)
• fix: throw better error if default branch is missing in gitea (#9228)
• fix: typo in namespace param (#8770)
• fix: Update account.proto annotaion for gen grpc gateway (#6684)
• fix: upgrade react-svg-piechart from 2.4.0 to 2.4.2 (#9188)
• fix: use deepMerge to populate partial user settings with default values
• fix: use new applicationset controller command (#8940)
• fix!: added security contexts in manifests to secure argocd component configurations (#9087)
• fix(ui): Applications page incorrectly resets to tiles view. Fixes #8702 (#8718)
• fix(ui): Unscrollable error message when saving YAML (#4152) (#4195)
• refactor: replace aws CLI with argocd-k8s-auth (#8032)
• ui: Fix delete radio labels/ids (#9218)
• fix: grouped node titles no longer wrap (#9340)
• fix: ListResourceActions() returns duplicate actions (#9360)
• fix: favorite icon and overlapping app title (#9130)
• fix: favorite icon and overlapping app title (#9130)
• fix: Ignore diff with schema (#9170)
• fix: avoid k8s call before authorization for terminal endpoint (#9434)
• fix: receiveFile memory optimization: do not use bytes.buffer but write directly to file (#9415)
• fix: Projects filter is broken #9364 (#9367)
• fix: test race (#9469)
• fix: lint (#9444)
• fix: api server should dynamically enabled terminal handler (#9497)
• fix: Undefined cluster in UI when app is referencing cluster by name (#9493)
• fix: make more proto fields optional (#9490)
• fix: web terminal due to query parameters name mismatch (#9560)
• fix: missing Helm params (#9565) (#9566)

Other

• chore: add permission check to argocd-cli (#9057)
• chore: bump helm version to 3.8.1 (#8804)
• chore: disable webpack dev-server compression (#9285)
• chore: Support build on s390x and ppc64le (follow #6441) (#8890)
• chore: Update dockerized toolchain to use Redis v7.0.0 (#9269)
• chore: Upgrade to Golang 1.18 (#9066)
• chore!: Helm2 removal (#8313)
• docs: clarify Role/ClusterRole uses for exec feature (#9354)
• docs: logs RBAC upgrate notes (#9345) (#9356)
• chore: Improve otel grpc traces adding span correlation (#9371)
• refactor: Update notification engine (#9386)
• docs: security warning for plugins (#9547)
• docs: document new repo-server ServiceAccount (#9484)
• docs: add applicationset and notifications controllers to running locally instructions (#9517)
• docs: Update 2.3 notes - mention helm chart (#9512)
• docs: logs RBAC known UI issue section (#9479)
• docs: more appset security docs (#9466)
• docs: plugins need their own writeable tmp volume (#9389)
• docs: fix PR generators list (#9387)
• chore: Improve application logs adding message context (#9435)
• chore: upgrade base image to ubuntu:22.04 (#9551)
• chore: upgrade base image for test containers Ubuntu:22.04 (#9563)
• chore: update Kex-Algorithms (#9561)
• docs: fix cm typo (#9577)
• chore: remove obsolete repo-server unit test (#9559)
• docs: document action RBAC action and application resource path (#8413)
• docs: document plugin prefixed env vars (#9548)