This is Argo CD's biggest release ever and introduces a completely redesigned controller architecture.

New Features

New application controller architecture

The application controller has a completely redesigned architecture for better scalability, and improve performance during application reconciliation. This was achieved by maintaining an in-memory, live state cache of lightweight Kubernetes object metadata. During reconciliation, the controller no longer performs expensive, in-line queries of app labeled resources in K8s API server, instead relying on the metadata in the local state cache. This dramatically improves performance and responsiveness, and is less burdensome the K8s API server. A second benefit to this, is that the relationship between object when computing the resource tree, can be displayed, even for custom resources.

Multi-namespaced applications

Argo CD will now honor any explicitly set namespace in a mainfest. Resources without a namespace will continue to be deployed to the namespace specified in spec.destination.namespace. This enables support for a class of applications that install to multiple namespaces. For example, Argo CD now supports the istio helm chart, which deploys some resources to an explit istio-system namespace.

Large application support

Full resource objects are no longer stored in the Application CRD object status. Instead, only lightweight metadata is stored in the status, such as a resource's sync and health status. This change enables Argo CD to support applications with a very large number of resources (e.g. istio), and reduces the bandwidth requirements when listing applications in the UI.

Resource lifecycle hook improvements

Resource hooks are now visible from the UI. Additionally, bare Pods with a restart policy of Never can now be used as a resource hook, as an alternative to Jobs, Workflows.

K8s recommended application labels

Resource labeling has been changed to use as recommended in Kubernetes recommended labels, (changed from This will enable applications created by Argo CD to interoperate with other tooling that are also converging on this labeling, such as the Kubernetes dashboard. Additionally, Argo CD will no longer inject any tracking labels at the spec.template.metadata level.

External OIDC provider support

Argo CD now supports auth delegation to an existing, external OIDC providers without the need for Dex (e.g. Okta, OneLogin, Auth0, Microsoft, etc...)

The optional, Dex IDP OIDC provider is still bundled as part of the default installation, in order to provide a seamless out-of-box experience, and enables Argo CD to integrate with non-OIDC providers, or to benefit from Dex's full range of connectors.

OIDC group claims bindings to Project Roles

Group claims from the OIDC provider can now be bound to Argo CD project roles. Previously, group claims were managed at the centralized ConfigMap, argocd-rbac-cm. This enables project admins to self service access to applications within a project.

Declarative Argo CD configuration

Argo CD settings can be now be configured either declaratively, or imperatively. The argocd-cm ConfigMap now has a repositories field, which can reference credentials in a normal Kubernetes secret which you can create declaratively, outside of Argo CD.

Helm repository support

Helm repositories can be configured at the system level, enabling the deployment of helm charts which have a dependency to external helm repositories.

Breaking changes:

  • As a consequence to moving to recommended kubernetes labels, when upgrading from v0.10 to v0.11, all applications will immediately be OutOfSync due to the change in labeling techniques. This will correct itself with another sync of the application. However, since Pods will be recreated, please take this into consideration, especially if your applications is configured with auto-sync.

  • There was significant reworking of the app.status fields to simplify the datastructure and remove fields which were no longer used by the controller. No breaking changes were made in app.spec.

  • An older Argo CD CLI (v0.10 and below) will not be compatible with an Argo CD v0.11. To keep CI pipelines in sync with the API server, it is recommended to have pipelines download the CLI directly from the API server https://${ARGOCD_SERVER}/download/argocd-linux-amd64 during the CI pipeline.

Changes since v0.10:

  • Declarative setup and configuration of ArgoCD (#536)
  • Declaratively add helm repositories (#747)
  • Switch to k8s recommended label (#857)
  • Ability for a single application to deploy into multiple namespaces (#696)
  • Self service group access to project applications (#742)
  • Support for Pods as a sync hook (#801)
  • Support 'crd-install' helm hook (#355)
  • Remove resources state from application CRD (#758)
  • Refactor, consolidate and rename resource type data structures
  • Improve Application state reconciliation performance (#806)
  • API server & UI should serve argocd binaries instead of linking to GitHub (#716)
  • Failed to deploy helm chart with local dependencies and no internet access (#786)
  • Out of sync reported if Secrets with stringData are used (#763)
  • Unable to delete application in K8s v1.12 (#718)

v0.10.6 (2018-11-14)

  • Fix issue preventing in-cluster app sync due to go-client changes (issue #774)

v0.10.5 (2018-11-13)

  • Increase concurrency of application controller
  • Update dependencies to k8s v1.12 and client-go v9.0 (#729)
  • add argo cluster permission to view logs (#766) (@conorfennell)
  • Fix issue where applications could not be deleted on k8s v1.12
  • Allow 'syncApplication' action to reference target revision rather then hard-coding to 'HEAD' (#69) (@chrisgarland)
  • Issue #768 - Fix application wizard crash

v0.10.4 (2018-11-07)

  • Upgrade to Helm v0.11.0 (@amarrella)
  • Health check is not discerning apiVersion when assessing CRDs (issue #753)
  • Fix nil pointer dereference in util/health (@mduarte)

v0.10.3 (2018-10-28)

  • Fix applying TLS version settings
  • Update to kustomize 1.0.10 (@twz123)

v0.10.2 (2018-10-25)

  • Update to kustomize 1.0.9 (@twz123)
  • Fix app refresh err when k8s patch is too slow

v0.10.1 (2018-10-24)

  • Handle case where OIDC settings become invalid after dex server restart (issue #710)
  • git clean also needs to clean files under gitignore (issue #711)

v0.10.0 (2018-10-19)

Changes since v0.9:

  • Allow more fine-grained sync (issue #508)
  • Display init container logs (issue #681)
  • Redirect to /auth/login instead of /login when SSO token is used for authenticaion (issue #348)
  • Support ability to use a helm values files from a URL (issue #624)
  • Support public not-connected repo in app creation UI (issue #426)
  • Use ksonnet CLI instead of ksonnet libs (issue #626)
  • We should be able to select the order of the yaml files while creating a Helm App (#664)
  • Remove default params from app history (issue #556)
  • Update to ksonnet v0.13.0
  • Update to kustomize 1.0.8
  • API Server fails to return apps due to grpc max message size limit (issue #690)
  • App Creation UI for Helm Apps shows only files prefixed with values- (issue #663)
  • App creation UI should allow specifying values files outside of helm app directory bug (issue #658)
  • argocd-server logs credentials in plain text when adding git repositories (issue #653)
  • Azure Repos do not work as a repository (issue #643)
  • Better update conflict error handing during app editing (issue #685)
  • Cluster watch needs to be restarted when CRDs get created (issue #627)
  • Credentials not being accepted for Google Source Repositories (issue #651)
  • Default project is created without permission to deploy cluster level resources (issue #679)
  • Generate role token click resets policy changes (issue #655)
  • Input type text instead of password on Connect repo panel (issue #693)
  • Metrics endpoint not reachable through the metrics kubernetes service (issue #672)
  • Operation stuck in 'in progress' state if application has no resources (issue #682)
  • Project should influence options for cluster and namespace during app creation (issue #592)
  • Repo server unable to execute ls-remote for private repos (issue #639)
  • Resource is always out of sync if it has only '' label (issue #686)
  • Resource nodes are 'jumping' on app details page (issue #683)
  • Sync always suggest using latest revision instead of target UI bug (issue #669)
  • Temporary ignore service catalog resources (issue #650)

v0.9.2 (2018-09-28)

  • Update to kustomize 1.0.8
  • Fix issue where argocd-server logged credentials in plain text during repo add (issue #653)
  • Credentials not being accepted for Google Source Repositories (issue #651)
  • Azure Repos do not work as a repository (issue #643)
  • Temporary ignore service catalog resources (issue #650)
  • Normalize policies by always adding space after comma

v0.9.1 (2018-09-24)

  • Repo server unable to execute ls-remote for private repos (issue #639)

v0.9.0 (2018-09-24)

Notes about upgrading from v0.8

  • Cluster wide resources should be allowed in default project (due to issue #330):
argocd project allow-cluster-resource default '*' '*'
  • Projects now provide the ability to allow or deny deployments of cluster-scoped resources (e.g. Namespaces, ClusterRoles, CustomResourceDefinitions). When upgrading from v0.8 to v0.9, to match the behavior of v0.8 (which did not have restrictions on deploying resources) and continue to allow deployment of cluster-scoped resources, an additional command should be run:
argocd proj allow-cluster-resource default '*' '*'

The above command allows the default project to deploy any cluster-scoped resources which matches the behavior of v0.8.

  • The secret keys in the argocd-secret containing the TLS certificate and key, has been renamed from server.crt and server.key to the standard tls.crt and tls.key keys. This enables Argo CD to integrate better with Ingress and cert-manager. When upgrading to v0.9, the server.crt and server.key keys in argocd-secret should be renamed to the new keys.

Changes since v0.8:

  • Auto-sync option in application CRD instance (issue #79)
  • Support raw jsonnet as an application source (issue #540)
  • Reorder K8s resources to correct creation order (issue #102)
  • Redact K8s secrets from API server payloads (issue #470)
  • Support --in-cluster authentication without providing a kubeconfig (issue #527)
  • Special handling of CustomResourceDefinitions (issue #613)
  • Argo CD should download helm chart dependencies (issue #582)
  • Export Argo CD stats as prometheus style metrics (issue #513)
  • Support restricting TLS version (issue #609)
  • Use 'kubectl auth reconcile' before 'kubectl apply' (issue #523)
  • Projects need controls on cluster-scoped resources (issue #330)
  • Support IAM Authentication for managing external K8s clusters (issue #482)
  • Compatibility with cert manager (issue #617)
  • Enable TLS for repo server (issue #553)
  • Split out dex into it's own deployment (instead of sidecar) (issue #555)
  • [UI] Support selection of helm values files in App creation wizard (issue #499)
  • [UI] Support specifying source revision in App creation wizard allow (issue #503)
  • [UI] Improve resource diff rendering (issue #457)
  • [UI] Indicate number of ready containers in pod (issue #539)
  • [UI] Indicate when app is overriding parameters (issue #503)
  • [UI] Provide a YAML view of resources (issue #396)
  • [UI] Project Role/Token management from UI (issue #548)
  • [UI] App creation wizard should allow specifying source revision (issue #562)
  • [UI] Ability to modify application from UI (issue #615)
  • [UI] indicate when operation is in progress or has failed (issue #566)
  • Fix issue where changes were not pulled when tracking a branch (issue #567)
  • Lazy enforcement of unknown cluster/namespace restricted resources (issue #599)
  • Fix controller hot loop when app source contains bad manifests (issue #568)
  • Fix issue where Argo CD fails to deploy when resources are in a K8s list format (issue #584)
  • Fix comparison failure when app contains unregistered custom resource (issue #583)
  • Fix issue where helm hooks were being deployed as part of sync (issue #605)
  • Fix race conditions in kube.GetResourcesWithLabel and DeleteResourceWithLabel (issue #587)
  • [UI] Fix issue where projects filter does not work when application got changed
  • [UI] Creating apps from directories is not obvious (issue #565)
  • Helm hooks are being deployed as resources (issue #605)
  • Disagreement in three way diff calculation (issue #597)
  • SIGSEGV in kube.GetResourcesWithLabel (issue #587)
  • Argo CD fails to deploy resources list (issue #584)
  • Branch tracking not working properly (issue #567)
  • Controller hot loop when application source has bad manifests (issue #568)

v0.8.2 (2018-09-12)

  • Downgrade ksonnet from v0.12.0 to v0.11.0 due to quote unescape regression
  • Fix CLI panic when performing an initial argocd sync/wait

v0.8.1 (2018-09-10)

  • [UI] Support selection of helm values files in App creation wizard (issue #499)
  • [UI] Support specifying source revision in App creation wizard allow (issue #503)
  • [UI] Improve resource diff rendering (issue #457)
  • [UI] Indicate number of ready containers in pod (issue #539)
  • [UI] Indicate when app is overriding parameters (issue #503)
  • [UI] Provide a YAML view of resources (issue #396)
  • Fix issue where changes were not pulled when tracking a branch (issue #567)
  • Fix controller hot loop when app source contains bad manifests (issue #568)
  • [UI] Fix issue where projects filter does not work when application got changed

v0.8.0 (2018-09-04)

Notes about upgrading from v0.7

  • The RBAC model has been improved to support explicit denies. What this means is that any previous RBAC policy rules, need to be rewritten to include one extra column with the effect: allow or deny. For example, if a rule was written like this:

    p, my-org:my-team, applications, get, */*

    It should be rewritten to look like this:

    p, my-org:my-team, applications, get, */*, allow

Changes since v0.7:

  • Support kustomize as an application source (issue #510)
  • Introduce project tokens for automation access (issue #498)
  • Add ability to delete a single application resource to support immutable updates (issue #262)
  • Update RBAC model to support explicit denies (issue #497)
  • Ability to view Kubernetes events related to application projects for auditing
  • Add PVC healthcheck to controller (issue #501)
  • Run all containers as an unprivileged user (issue #528)
  • Upgrade ksonnet to v0.12.0
  • Add readiness probes to API server (issue #522)
  • Use gRPC error codes instead of fmt.Errorf (#532)
  • API discovery becomes best effort when partial resource list is returned (issue #524)
  • Fix argocd app wait printing incorrect Sync output (issue #542)
  • Fix issue where argocd could not sync to a tag (#541)
  • Fix issue where static assets were browser cached between upgrades (issue #489)

v0.7.2 (2018-08-21)

  • API discovery becomes best effort when partial resource list is returned (issue #524)

v0.7.1 (2018-08-03)

  • Surface helm parameters to the application level (#485)
  • [UI] Improve application creation wizard (#459)
  • [UI] Show indicator when refresh is still in progress (#493)
  • [UI] Improve data loading error notification (#446)
  • Infer username from claims during an argocd relogin (#475)
  • Expand RBAC role to be able to create application events. Fix username claims extraction
  • Fix scalability issues with the ListApps API (#494)
  • Fix issue where application server was retrieving events from incorrect cluster (#478)
  • Fix failure in identifying app source type when path was '.'
  • AppProjectSpec SourceRepos mislabeled (#490)
  • Failed e2e test was not failing CI workflow
  • Fix linux download link in (#487) (@chocopowwwa)

v0.7.0 (2018-07-27)

  • Support helm charts and yaml directories as an application source
  • Audit trails in the form of API call logs
  • Generate kubernetes events for application state changes
  • Add ksonnet version to version endpoint (#433)
  • Show CLI progress for sync and rollback
  • Make use of dex refresh tokens and store them into local config
  • Expire local superuser tokens when their password changes
  • Add argocd relogin command as a convenience around login to current context
  • Fix saving default connection status for repos and clusters
  • Fix undesired fail-fast behavior of health check
  • Fix memory leak in the cluster resource watch
  • Health check for StatefulSets, DaemonSet, and ReplicaSets were failing due to use of wrong converters

v0.6.2 (2018-07-23)

  • Health check for StatefulSets, DaemonSet, and ReplicaSets were failing due to use of wrong converters

v0.6.1 (2018-07-18)

  • Fix regression where deployment health check incorrectly reported Healthy
  • Intercept dex SSO errors and present them in Argo login page

v0.6.0 (2018-07-16)

  • Support PreSync, Sync, PostSync resource hooks
  • Introduce Application Projects for finer grain RBAC controls
  • Swagger Docs & UI
  • Support in-cluster deployments internal kubernetes service name
  • Refactoring & Improvements
  • Improved error handling, status and condition reporting
  • Remove installer in favor of kubectl apply instructions
  • Add validation when setting application parameters
  • Cascade deletion is decided during app deletion, instead of app creation
  • Fix git authentication implementation when using using SSH key
  • app-name label was inadvertently injected into spec.selector if selector was omitted from v1beta1 specs

v0.5.4 (2018-06-27)

  • Refresh flag to sync should be optional, not required

v0.5.3 (2018-06-20)

  • Support cluster management using the internal k8s API address https://kubernetes.default.svc (#307)
  • Support diffing a local ksonnet app to the live application state (resolves #239) (#298)
  • Add ability to show last operation result in app get. Show path in app list -o wide (#297)
  • Update dependencies: ksonnet v0.11, golang v1.10, debian v9.4 (#296)
  • Add ability to force a refresh of an app during get (resolves #269) (#293)
  • Automatically restart API server upon certificate changes (#292)

v0.5.2 (2018-06-14)

  • Resource events tab on application details page (#286)
  • Display pod status on application details page (#231)

v0.5.1 (2018-06-13)

  • API server incorrectly compose application fully qualified name for RBAC check (#283)
  • UI crash while rendering application operation info if operation failed

v0.5.0 (2018-06-12)

  • RBAC access control
  • Repository/Cluster state monitoring
  • Argo CD settings import/export
  • Application creation UI wizard
  • argocd app manifests for printing the application manifests
  • argocd app unset command to unset parameter overrides
  • Fail app sync if prune flag is required (#276)
  • Take into account number of unavailable replicas to decided if deployment is healthy or not #270
  • Add ability to show parameters and overrides in CLI (resolves #240)
  • Repo names containing underscores were not being accepted (#258)
  • Cookie token was not parsed properly when mixed with other site cookies

v0.4.7 (2018-06-07)

  • Fix argocd app wait health checking logic

v0.4.6 (2018-06-06)

  • Retry argocd app wait connection errors from EOF watch. Show detailed state changes

v0.4.5 (2018-05-31)

  • Add argocd app unset command to unset parameter overrides
  • Cookie token was not parsed properly when mixed with other site cookies

v0.4.4 (2018-05-30)

  • Add ability to show parameters and overrides in CLI (resolves #240)
  • Add Events API endpoint
  • Issue #238 - add upsert flag to 'argocd app create' command
  • Add repo browsing endpoint (#229)
  • Support subscribing to settings updates and auto-restart of dex and API server
  • Issue #233 - Controller does not persist rollback operation result
  • App sync frequently fails due to concurrent app modification

v0.4.3 (2018-05-21)

  • Move local branch deletion as part of git Reset() (resolves #185) (#222)
  • Fix exit code for app wait (#219)

v0.4.2 (2018-05-21)

  • Show URL in argocd app get
  • Remove interactive context name prompt during login which broke login automation
  • Rename force flag to cascade in argocd app delete

v0.4.1 (2018-05-18)

  • Implemented argocd app wait command

v0.4.0 (2018-05-17)

  • SSO Integration
  • GitHub Webhook
  • Add application health status
  • Sync/Rollback/Delete is asynchronously handled by controller
  • Refactor CRUD operation on clusters and repos
  • Sync will always perform kubectl apply
  • Synced Status considers last-applied-configuration annotatoin
  • Server & namespace are mandatory fields (still inferred from app.yaml)
  • Manifests are memoized in repo server
  • Fix connection timeouts to SSH repos

v0.3.2 (2018-05-03)

  • Application sync should delete 'unexpected' resources #139
  • Update ksonnet to v0.10.1
  • Detect unexpected resources
  • Fix: App sync frequently fails due to concurrent app modification #147
  • Fix: improve app state comparator: #136, #132

v0.3.1 (2018-04-24)

  • Add new rollback RPC with numeric identifiers
  • New argo app history and argo app rollback command
  • Switch to gogo/protobuf for golang code generation
  • Fix: create .argocd directory during argo login (issue #123)
  • Fix: Allow overriding server or namespace separately (issue #110)

v0.3.0 (2018-04-23)

  • Auth support
  • TLS support
  • DAG-based application view
  • Bulk watch
  • ksonnet v0.10.0-alpha.3
  • kubectl apply deployment strategy
  • CLI improvements for app management

v0.2.0 (2018-04-03)

  • Rollback UI
  • Override parameters

v0.1.0 (2018-03-12)

  • Define app in Github with dev and preprod environment using KSonnet
  • Add cluster Diff App with a cluster Deploy app in a cluster
  • Deploy a new version of the app in the cluster
  • App sync based on Github app config change - polling only
  • Basic UI: App diff between Git and k8s cluster for all environments Basic GUI