argo-cd v2.12.9 版本更新介绍
发布日期: 2025-01-03
版本号: v2.12.9
Argo CD提供非高可用性(非HA)和高可用性(HA)两种安装方式。非HA模式下,需先创建命名空间argocd,然后通过指定YAML文件部署;HA模式则使用对应的HA配置文件。所有容器镜像均通过cosign签名,并符合SLSA Level 3规范,支持验证完整性。升级时需注意跨小版本需参考官方升级文档。最新版本v2.12.9修复了API通道关闭异常及CVE-2024-21538漏洞(通过升级cross-spawn依赖至7.0.5),详细更新日志可查看GitHub版本对比。
更新内容 (中文)
快速入门
非高可用:
kubectl create namespace argocd
kubectl apply -n argocd -f https:\/\/raw.githubusercontent.com\/argoproj\/argo-cd\/v2.12.9\/manifests\/install.yaml
高可用:
kubectl create namespace argocd
kubectl apply -n argocd -f https:\/\/raw.githubusercontent.com\/argoproj\/argo-cd\/v2.12.9\/manifests\/ha\/install.yaml
发布签名与来源验证
所有 Argo CD 容器镜像均通过 cosign 签名。符合 SLSA Level 3 规范的容器镜像和 CLI 二进制文件均附有来源证明文件。查看文档了解验证方法。
升级指南
若从不同次要版本升级,请务必阅读升级文档。
变更日志
缺陷修复
- 041133a272e6c23534ff3a17a769f87e32babec7: 修复(api): mergeLogStreams 中向已关闭通道发送数据的问题 (#7006) (#21178) (#21188) (@gcp-cherry-pick-bot[bot])
- 6934ace32947dbd1ded6677d266f1065db9fb32d: 修复: 通过升级间接依赖 cross-spawn 至 7.0.5 解决 CVE-2024-21538 漏洞 (#21156) (@nmirasch)
完整变更日志: https://github.com/argoproj/argo-cd/compare/v2.12.8…v2.12.9
<a href="https://argoproj.github.io/cd/">img src="https://raw.githubusercontent.com/argoproj/argo-site/master/content/pages/cd/gitops-cd.png" width="25%" ></a>
更新内容 (原始)
Quick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.9/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.9/manifests/ha/install.yaml
Release Signatures and Provenance
All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.
Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changelog
Bug fixes
- 041133a272e6c23534ff3a17a769f87e32babec7: fix(api): send to closed channel in mergeLogStreams (#7006) (#21178) (#21188) (@gcp-cherry-pick-bot[bot])
- 6934ace32947dbd1ded6677d266f1065db9fb32d: fix: CVE-2024-21538 upgrading the indirect dependency cross-spawn to 7.0.5 (#21156) (@nmirasch)
Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.12.8...v2.12.9
