发布日期: 2024-10-07
版本号: v2.13.0-rc3

Argo CD v2.13.0-rc3版本提供了快速安装指南,分为非高可用(Non-HA)和高可用(HA)两种模式:通过创建argocd命名空间并应用对应YAML文件完成部署。所有容器镜像均使用cosign签名,并符合SLSA Level 3安全标准。升级时需注意跨小版本需查阅官方升级文档。本次更新主要修复了正则表达式ReDoS漏洞(CVE-2024-45296)、应用健康检查逻辑优化、插件发现机制改进等9项问题,同时更新Helm至3.15.4版本并完善了文档排序说明。更新日志包含详细的错误修复、依赖项调整及测试优化内容。

更新内容 (中文)

快速入门

非高可用:

kubectl create namespace argocd
kubectl apply -n argocd -f https:\/\/raw.githubusercontent.com\/argoproj\/argo-cd\/v2.13.0-rc3\/manifests\/install.yaml

高可用:

kubectl create namespace argocd
kubectl apply -n argocd -f https:\/\/raw.githubusercontent.com\/argoproj\/argo-cd\/v2.13.0-rc3\/manifests\/ha\/install.yaml

发布签名与来源证明

所有 Argo CD 容器镜像均使用 cosign 签名。符合 SLSA Level 3 规范的容器镜像和 CLI 二进制文件均附有来源证明。验证方法请参阅文档

升级指南

若从其他次要版本升级,请务必阅读升级文档

变更日志

缺陷修复

  • 9fc6ec116db68ad8b5c8acacbb0bb68250d9b03e: 修复(扩展): 添加头部以支持任意命名空间中的应用 (#20123) (#20126) (@gcp-cherry-pick-bot[bot])
  • 3bc2e1ae4c01f0211a9ffa2f0745d58575904f82: 修复(健康检查): 仅处理非空健康检查 (#20232) (#20235) (@gcp-cherry-pick-bot[bot])
  • a9d9d07eddf1ee62bf2c37064f6b59d4d366812b: 修复: 通过升级 path-to-regexp 从 1.8.0 至 1.9.0 解决 CVE-2024-45296 正则回溯导致的 ReDoS 漏洞 (#20087) (#20089) (@gcp-cherry-pick-bot[bot])
  • 99b30a87a66b0ddf5952d20325a1fae080735448: 修复: 修复因缺失集群角色导致的 argocd appset generate 失败 (#20162) (#20164) (@gcp-cherry-pick-bot[bot])
  • 4149f484bfdadb2db3811c343fec99469cd184ec: 修复: 修正插件应用发现的误报问题 (#20196) (#20214) (@gcp-cherry-pick-bot[bot])
  • 7244b8b40f3ef91eb068f301cf69a7119b908b74: 修复: Policy/policy.open-cluster-management.io 健康检查异常 (#20108) (#20109) (#20258) (@gcp-cherry-pick-bot[bot])
  • c6d9d50ee9f58d34f3eb59b157e437ae0d178d02: 修复: 重构 git 标签语义化版本解析 (#20083) (#20096) (#20213) (@gcp-cherry-pick-bot[bot])
  • 5eb1f9bd167a8516f5fa306c174c5b287c53a27b: 修复: 更新健康检查以支持 modelmesh (#20142) (#20218) (@gcp-cherry-pick-bot[bot])

文档更新

  • 0b2895977eed5c4115c9358b51fcd9c33563f220: 文档(UI): 版本排序说明 (#20181) (#20203) (@gcp-cherry-pick-bot[bot])

依赖更新

  • f7f553f6755b03e37403e8e8dbcc491c91823289: 依赖: 升级 Helm 从 3.15.2 至 3.15.4 (#20135) (#20137) (@gcp-cherry-pick-bot[bot])

其他工作

  • 8e81bb6c8074d66fd3bc0d57d50484a72f971e44: 修复将 Bearer Token 误用为 API URL 的小错误 (#20169) (#20170) (@gcp-cherry-pick-bot[bot])
  • 61f63f35aed286f8d23dc4b8f19441381bbf171f: 测试: 新增应用同步解耦功能的单元测试并修复端到端测试 (#19966) (#20219) (@gcp-cherry-pick-bot[bot])

完整变更日志: https://github.com/argoproj/argo-cd/compare/v2.13.0-rc2…v2.13.0-rc3

<a href="https://argoproj.github.io/cd/">img src="https://raw.githubusercontent.com/argoproj/argo-site/master/content/pages/cd/gitops-cd.png" width="25%" ></a>

更新内容 (原始)

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.0-rc3/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.0-rc3/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

  • 9fc6ec116db68ad8b5c8acacbb0bb68250d9b03e: fix(extension): add header to support apps-in-any-namespace (#20123) (#20126) (@gcp-cherry-pick-bot[bot])
  • 3bc2e1ae4c01f0211a9ffa2f0745d58575904f82: fix(health): only consider non-empty health checks (#20232) (#20235) (@gcp-cherry-pick-bot[bot])
  • a9d9d07eddf1ee62bf2c37064f6b59d4d366812b: fix: CVE-2024-45296 Backtracking regular expressions cause ReDoS by upgrading path-to-regexp from 1.8.0 to 1.9.0 (#20087) (#20089) (@gcp-cherry-pick-bot[bot])
  • 99b30a87a66b0ddf5952d20325a1fae080735448: fix: Fix argocd appset generate failure due to missing clusterrole (#20162) (#20164) (@gcp-cherry-pick-bot[bot])
  • 4149f484bfdadb2db3811c343fec99469cd184ec: fix: Fix false positive in plugin application discovery (#20196) (#20214) (@gcp-cherry-pick-bot[bot])
  • 7244b8b40f3ef91eb068f301cf69a7119b908b74: fix: Policy/policy.open-cluster-management.io health check is broken (#20108) (#20109) (#20258) (@gcp-cherry-pick-bot[bot])
  • c6d9d50ee9f58d34f3eb59b157e437ae0d178d02: fix: Rework git tag semver resolution (#20083) (#20096) (#20213) (@gcp-cherry-pick-bot[bot])
  • 5eb1f9bd167a8516f5fa306c174c5b287c53a27b: fix: update health check to support modelmesh (#20142) (#20218) (@gcp-cherry-pick-bot[bot])

Documentation

  • 0b2895977eed5c4115c9358b51fcd9c33563f220: docs(ui): sorting version (#20181) (#20203) (@gcp-cherry-pick-bot[bot])

Dependency updates

  • f7f553f6755b03e37403e8e8dbcc491c91823289: chore(deps): bump Helm from 3.15.2 to 3.15.4 (#20135) (#20137) (@gcp-cherry-pick-bot[bot])

Other work

  • 8e81bb6c8074d66fd3bc0d57d50484a72f971e44: Fixes minor typo which lead to using the bearer token as api URL and was obviously not working. (#20169) (#20170) (@gcp-cherry-pick-bot[bot])
  • 61f63f35aed286f8d23dc4b8f19441381bbf171f: chore: Added unit tests and fix e2e tests for application sync decoupling feature (#19966) (#20219) (@gcp-cherry-pick-bot[bot])

Full Changelog: https://github.com/argoproj/argo-cd/compare/v2.13.0-rc2...v2.13.0-rc3

下载链接