Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-5623

Cluster secret scoping changes breaking backwards compatiblity

XMLWordPrintable

    • False
    • None
    • False
    • Hide
      Cluster secrets with empty project values, no longer scoped for all applications
      When you upgrade to Red Hat OpenShift GitOps v1.14, cluster secrets having an empty project value would no longer be treated as global secrets, scoped for all Applications and ApplicationSets. Previously, an Application or ApplicationSet would use any cluster secret matching the URL of the repoUrl field. From 1.14, we now check to see whether the project field of an application also matches the project field of the cluster secret. What this means is that if you have a cluster secret scoped to project-a, an application scoped to project-b can no longer make use of the secret. If you have a cluster secret that's intended to be used by applications in multiple projects, you need to unset the project field.
      Show
      Cluster secrets with empty project values, no longer scoped for all applications When you upgrade to Red Hat OpenShift GitOps v1.14, cluster secrets having an empty project value would no longer be treated as global secrets, scoped for all Applications and ApplicationSets. Previously, an Application or ApplicationSet would use any cluster secret matching the URL of the repoUrl field. From 1.14, we now check to see whether the project field of an application also matches the project field of the cluster secret. What this means is that if you have a cluster secret scoped to project-a, an application scoped to project-b can no longer make use of the secret. If you have a cluster secret that's intended to be used by applications in multiple projects, you need to unset the project field.
    • Unspecified Release Note Type - Unknown
    • Proposed

      OpenShift GitOps 1.14.0, includes ArgoCD v2.12.3 which has breaking change related to cluster secrets.
      This affects the backwards compatiblity post an upgrade to v1.14.0

      The upstream documentation has captured this breaking change in the following section.
      https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.11-2.12/#cluster-secret-scoping-changes

      Customers have faced this issue and discussion available in the below slack threads.

      https://redhat-internal.slack.com/archives/C07D8P80F9D/p1726743024364419

              rh-ee-anjoseph Anand Francis Joseph
              rh-ee-anjoseph Anand Francis Joseph
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: