AWS eks documentation change
Summary
Updated CLI usage instructions, clarified sync wave behavior, enhanced project security guidance, removed repository organization examples, and added a sync option (SkipDryRunOnMissingResource).
Security assessment
Added security documentation by emphasizing project restrictions for production environments ('edit the default project to restrict access'). This promotes security best practices but doesn't address a specific vulnerability. No evidence of a security incident exists in the changes.
Diff
diff --git a/eks/latest/userguide/argocd-concepts.md b/eks/latest/userguide/argocd-concepts.md index ead7041fe..d3439c6a6 100644 --- a//eks/latest/userguide/argocd-concepts.md +++ b//eks/latest/userguide/argocd-concepts.md @@ -88 +88,5 @@ View the application status: -You can also view the application using the Argo CD CLI (`argocd app get guestbook`) or the Argo CD UI (accessible from the EKS console under your cluster’s Capabilities tab). +You can also view the application using the Argo CD CLI or the Argo CD UI (accessible from the EKS console under your cluster’s Capabilities tab). + +###### Note + +When using the Argo CD CLI with the managed capability, specify applications with the namespace prefix: `argocd app get argocd/guestbook`. @@ -150 +154 @@ Argo CD continuously monitors your sources and clusters to detect and correct di -Resources are applied in wave order (lower numbers first, including negative numbers like `-1`). This allows you to create dependencies like namespaces (wave `-1`) before deployments (wave `0`). +Resources are applied in wave order (lower numbers first, including negative numbers like `-1`). Wave `0` is the default if not specified. This allows you to create dependencies like namespaces (wave `-1`) before deployments (wave `0`) before services (wave `1`). @@ -205 +209 @@ Projects provide logical grouping and access control for Applications: -All Applications belong to a project. If not specified, they use the `default` project (which has no restrictions). For production, create projects with appropriate restrictions. +Applications belong to a single project. If not specified, they use the `default` project, which has no restrictions by default. For production use, edit the `default` project to restrict access and create new projects with appropriate restrictions. @@ -209,21 +212,0 @@ For project configuration and RBAC patterns, see [Configure Argo CD permissions] -### Repository organization - -Most teams use directory-based organization with Kustomize overlays or Helm values files for different environments: - - - my-app/ - ├── base/ - │ ├── deployment.yaml - │ └── service.yaml - └── overlays/ - ├── dev/ - │ └── kustomization.yaml - ├── staging/ - │ └── kustomization.yaml - └── prod/ - └── kustomization.yaml - -This approach provides flexibility and clarity while keeping all environment configurations in a single repository. - -For detailed repository structure patterns and best practices, see the [Argo CD best practices documentation](https://argo-cd.readthedocs.io/en/stable/user-guide/best_practices/). - @@ -248,0 +232 @@ Fine-tune sync behavior with common options: + - SkipDryRunOnMissingResource=true