×

Red Hat OpenShift GitOps is a declarative way to implement continuous deployment for cloud native applications. Red Hat OpenShift GitOps ensures consistency in applications when you deploy them to different clusters in different environments, such as: development, staging, and production. Red Hat OpenShift GitOps helps you automate the following tasks:

  • Ensure that the clusters have similar states for configuration, monitoring, and storage

  • Recover or recreate clusters from a known state

  • Apply or revert configuration changes to multiple OpenShift Container Platform clusters

  • Associate templated configuration with different environments

  • Promote applications across clusters, from staging to production

For an overview of Red Hat OpenShift GitOps, see Understanding OpenShift GitOps.

Compatibility and support matrix

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

  • TP: Technology Preview

  • GA: General Availability

OpenShift GitOps Component Versions OpenShift Versions

Version

kam

Helm

Kustomize

Argo CD

ApplicationSet

Dex

RH SSO

Notifications Controller

1.6.0

0.0.46 TP

3.8.1 GA

4.4.1 GA

2.4.5 GA

2.4.5 GA

2.30.3 GA

7.5.1 GA

2.4.5 TP

4.8-4.10

1.5.0

0.0.42 TP

3.8.0 GA

4.4.1 GA

2.3.3 GA

0.4.1 TP

2.30.3 GA

7.5.1 GA

4.8-4.10

1.4.0

0.0.41 TP

3.7.1 GA

4.2.0 GA

2.2.2 GA

0.2.0 TP

2.30.0 GA

7.4.0 GA

4.7-4.9

1.3.0

0.0.40 TP

3.6.0 GA

4.2.0 GA

2.1.2 GA

0.2.0 TP

2.28.0 GA

7.4.0 GA

4.7-4.9

  • "kam" is an abbreviation for Red Hat OpenShift GitOps Application Manager (kam).

  • "RH SSO" is an abbreviation for Red Hat SSO.

  • The Environments page in the Developer perspective of the OpenShift Container Platform web console is also in Technology Preview.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Release notes for Red Hat OpenShift GitOps 1.6.1

Red Hat OpenShift GitOps 1.6.1 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, in a large set of applications the application controllers were restarted multiple times due to the unresponsiveness of liveness probes. This update fixes the issue by removing the liveness probe in the application controller StatefulSet object. GITOPS-2153

  • Before this update, the RHSSO certificate cannot be validated when it is set up with a certificate which is not signed by certificate authorities. This update fixes the issue and now you can provide a custom certificate which will be used in verifying the Keycloak’s TLS certificate when communicating with it. You can add the rootCA to the Argo CD custom resource .spec.keycloak.rootCA field. The Operator reconciles this change and updates the oidc.config field in the argocd-cm ConfigMap with the PEM-encoded root certificate. GITOPS-2214

    Restart the Argo CD server pod after updating the .spec.keycloak.rootCA field.

    For example:

    apiVersion: argoproj.io/v1alpha1
    kind: ArgoCD
    metadata:
      name: example-argocd
      labels:
        example: basic
    spec:
      sso:
        provider: keycloak
        keycloak:
         rootCA: |
           ---- BEGIN CERTIFICATE ----
           This is a dummy certificate
           Please place this section with appropriate rootCA
           ---- END CERTIFICATE ----
      server:
        route:
          enabled: true
  • Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. GITOPS-2277

  • Before this update, the Dex pods failed to start with CreateContainerConfigError when an SCC of anyuid was assigned to the Dex ServiceAccount resource. This update fixes this issue by assigning a default user id to the Dex container. GITOPS-2235

Release notes for Red Hat OpenShift GitOps 1.6.0

Red Hat OpenShift GitOps 1.6.0 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

New features

The current release adds the following improvements:

  • Previously, the Argo CD ApplicationSet controller was a technology preview (TP) feature. With this update, it is a general availability (GA) feature. GITOPS-1958

  • With this update, the latest releases of the Red Hat OpenShift GitOps are available in latest and version-based channels. To get these upgrades, update the channel parameter in the Subscription object YAML file: change its value from stable to latest or a version-based channel such as gitops-1.6. GITOPS-1791

  • With this update, the parameters of the spec.sso field that controlled the keycloak configurations are moved to .spec.sso.keycloak. The parameters of the .spec.dex field have been added to .spec.sso.dex. Start using .spec.sso.provider to enable or disable Dex. The .spec.dex parameters are deprecated and planned to be removed in version 1.9, along with the DISABLE_DEX and .spec.sso fields for keycloak configuration. GITOPS-1983

  • With this update, the Argo CD Notifications controller is available as an optional workload that can be enabled or disabled by using the .spec.notifications.enabled parameter in the Argo CD custom resource. The Argo CD Notifications controller is available as a Technical Preview feature. GITOPS-1917

Argo CD Notifications controller is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.

  • With this update, resource exclusions for Tekton pipeline runs and tasks runs are added by default. Argo CD, prunes these resources by default. These resource exclusions are added to the new Argo CD instances that are created from the OpenShift Container Platform. If the instances are created from the CLI, the resources are not added. GITOPS-1876

  • With this update, you can select the tracking method that by Argo CD uses by setting the resourceTrackingMethod parameter in the Operand’s specification. GITOPS-1862

  • With this update, you can add entries to the argocd-cm configMap using the extraConfig field of Red Hat OpenShift GitOps Argo CD custom resource. The entries specified are reconciled to the live config-cm configMap without validations. GITOPS-1964

  • With this update, on OpenShift Container Platform 4.11, the Red Hat OpenShift GitOps Environments Details page in the Red Hat OpenShift GitOps developer perspective shows history of the successful deployments of the application environments, along with links to the revision for each deployment. GITOPS-1269

  • With this update, you can manage resources with Argo CD that are also being used as template resources or "source" by an Operator. GITOPS-982

  • With this update, the Operator will now configure the Argo CD workloads with the correct permissions to satisfy the Pod Security Admission that has been enabled for Kubernetes 1.24. GITOPS-2026

  • With this update, Config Management Plugins 2.0 is supported. You can use the Argo CD custom resource to specify sidebar containers for the repo server. GITOPS-776

  • With this update, all communication between the Argo CD components and the Redis cache are properly secured using modern TLS encryption. GITOPS-720

  • This release of Red Hat OpenShift GitOps adds support for IBM Z and IBM Power on OpenShift Container Platform 4.10. Currently, installations in restricted environments are not supported on IBM Z and IBM Power.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, the system:serviceaccount:argocd:gitops-argocd-application-controller cannot create resource "prometheusrules" in API group monitoring.coreos.com in the namespace webapps-dev. This update fixes this issue and Red Hat OpenShift GitOps is now able to manage all resources from the monitoring.coreos.com API group. GITOPS-1638

  • Before this update, while reconciling cluster permissions, if a secret belonged to a cluster config instance it was deleted. This update fixes this issue. Now, the namespaces field from the secret is deleted instead of the secret. GITOPS-1777

  • Before this update, if you installed the HA variant of Argo CD through the Operator, the Operator created the Redis StatefulSet object with podAffinity rules instead of podAntiAffinity rules. This update fixes this issue and now the Operator creates the Redis StatefulSet with podAntiAffinity rules. GITOPS-1645

  • Before this update, Argo CD ApplicationSet had too many ssh Zombie processes. This update fixes this issue: it adds tini, a simple init daemon that spawns processes and reaps zombies, to the ApplicationSet controller. This ensures that a SIGTERM signal is properly passed to the running process, preventing it from being a zombie process. GITOPS-2108

Known issues

  • Red Hat OpenShift GitOps Operator can make use of RHSSO (KeyCloak) through OIDC in addition to Dex. However, with a recent security fix applied, the certificate of RHSSO cannot be validated in some scenarios. GITOPS-2214

    As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.

spec:
  extraConfig:
    oidc.tls.insecure.skip.verify: "true"
...

Release notes for Red Hat OpenShift GitOps 1.5.6

Red Hat OpenShift GitOps 1.5.6 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, in a large set of applications the application controllers were restarted multiple times due to the unresponsiveness of liveness probes. This update fixes the issue by removing the liveness probe in the application controller StatefulSet object. GITOPS-2153

  • Before this update, the RHSSO certificate cannot be validated when it is set up with a certificate which is not signed by certificate authorities. This update fixes the issue and now you can provide a custom certificate which will be used in verifying the Keycloak’s TLS certificate when communicating with it. You can add the rootCA to the Argo CD custom resource .spec.keycloak.rootCA field. The Operator reconciles this change and updates the oidc.config field in the argocd-cm ConfigMap with the PEM-encoded root certificate. GITOPS-2214

    Restart the Argo CD server pod after updating the .spec.keycloak.rootCA field.

    For example:

    apiVersion: argoproj.io/v1alpha1
    kind: ArgoCD
    metadata:
      name: example-argocd
      labels:
        example: basic
    spec:
      sso:
        provider: keycloak
        keycloak:
         rootCA: |
           ---- BEGIN CERTIFICATE ----
           This is a dummy certificate
           Please place this section with appropriate rootCA
           ---- END CERTIFICATE ----
      server:
        route:
          enabled: true
  • Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. GITOPS-2277

  • Before this update, the Dex pods failed to start with CreateContainerConfigError when an SCC of anyuid was assigned to the Dex ServiceAccount resource. This update fixes this issue by assigning a default user id to the Dex container. GITOPS-2235

Release notes for Red Hat OpenShift GitOps 1.5.5

Red Hat OpenShift GitOps 1.5.5 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

New features

The current release adds the following improvements:

  • With this update, the bundled Argo CD has been updated to version 2.3.7.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, the redis-ha-haproxy pods of an ArgoCD instance failed when more restrictive SCCs were present in the cluster. This update fixes the issue by updating the security context in workloads. GITOPS-2034

Known issues

  • Red Hat OpenShift GitOps Operator can use RHSSO (KeyCloak) with OIDC and Dex. However, with a recent security fix applied, the Operator cannot validate the RHSSO certificate in some scenarios. GITOPS-2214

    As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.

    apiVersion: argoproj.io/v1alpha1
    kind: ArgoCD
    metadata:
      name: example-argocd
    spec:
      extraConfig:
        "admin.enabled": "true"
    ...

Release notes for Red Hat OpenShift GitOps 1.5.4

Red Hat OpenShift GitOps 1.5.4 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, the Red Hat OpenShift GitOps was using an older version of the REDIS 5 image tag. This update fixes the issue and upgrades the rhel8/redis-5 image tag. GITOPS-2037

Release notes for Red Hat OpenShift GitOps 1.5.3

Red Hat OpenShift GitOps 1.5.3 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, all unpatched versions of Argo CD v1.0.0 and later were vulnerable to a cross-site scripting bug. As a result, an unauthorized user would be able to inject a javascript link in the UI. This issue is now fixed. CVE-2022-31035

  • Before this update, all versions of Argo CD v0.11.0 and later were vulnerable to multiple attacks when SSO login was initiated from the Argo CD CLI or the UI. This issue is now fixed. CVE-2022-31034

  • Before this update, all unpatched versions of Argo CD v0.7 and later were vulnerable to a memory consumption bug. As a result, an unauthorized user would be able to crash the Argo CD’s repo-server. This issue is now fixed. CVE-2022-31016

  • Before this update, all unpatched versions of Argo CD v1.3.0 and later were vulnerable to a symlink-following bug. As a result, an unauthorized user with repository write access would be able to leak sensitive YAML files from Argo CD’s repo-server. This issue is now fixed. CVE-2022-31036

Release notes for Red Hat OpenShift GitOps 1.5.2

Red Hat OpenShift GitOps 1.5.2 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, images referenced by the redhat-operator-index were missing. This issue is now fixed. GITOPS-2036

Release notes for Red Hat OpenShift GitOps 1.5.1

Red Hat OpenShift GitOps 1.5.1 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, if Argo CD’s anonymous access was enabled, an unauthenticated user was able to craft a JWT token and get full access to the Argo CD instance. This issue is fixed now. CVE-2022-29165

  • Before this update, an unauthenticated user was able to display error messages on the login screen while SSO was enabled. This issue is now fixed. CVE-2022-24905

  • Before this update, all unpatched versions of Argo CD v0.7.0 and later were vulnerable to a symlink-following bug. As a result, an unauthorized user with repository write access would be able to leak sensitive files from Argo CD’s repo-server. This issue is now fixed. CVE-2022-24904

Release notes for Red Hat OpenShift GitOps 1.5.0

Red Hat OpenShift GitOps 1.5.0 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

New features

The current release adds the following improvements:

  • This enhancement upgrades Argo CD to version 2.3.3. GITOPS-1708

  • This enhancement upgrades Dex to version 2.30.3. GITOPS-1850

  • This enhancement upgrades Helm to version 3.8.0. GITOPS-1709

  • This enhancement upgrades Kustomize to version 4.4.1. GITOPS-1710

  • This enhancement upgrades Application Set to version 0.4.1.

  • With this update, a new channel by the name latest has been added that provides the latest release of the Red Hat OpenShift GitOps. For GitOps v1.5.0, the Operator is pushed to gitops-1.5, latest channel, and the existing stable channel. From GitOps v1.6 all the latest releases will be pushed only to the latest channel and not the stable channel. GITOPS-1791

  • With this update, the new CSV adds the olm.skipRange: '>=1.0.0 <1.5.0' annotation. As a result, all the previous release versions will be skipped. The Operator upgrades to v1.5.0 directly. GITOPS-1787

  • With this update, the Operator updates the Red Hat Single Sign-On (RH-SSO) to version v7.5.1 including the following enhancements:

    • You can log in to Argo CD using the OpenShift credentials including the kube:admin credential.

    • The RH-SSO supports and configures Argo CD instances for Role-based Access Control (RBAC) using OpenShift groups.

    • The RH-SSO honors the HTTP_Proxy environment variables. You can use the RH-SSO as an SSO for Argo CD running behind a proxy.

  • With this update, a new .host URL field is added to the .status field of the Argo CD operand. When a route or ingress is enabled with the priority given to route, then the new URL field displays the route. If no URL is provided from the route or ingress, the .host field is not displayed.

    When the route or ingress is configured, but the corresponding controller is not set up properly and is not in the Ready state or does not propagate its URL, the value of the .status.host field in the operand indicates as Pending instead of displaying the URL. This affects the overall status of the operand by making it Pending instead of Available. GITOPS-654

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, RBAC rules specific to AppProjects would not allow the use of commas for the subject field of the role, thus preventing bindings to the LDAP account. This update fixes the issue and you can now specify complex role bindings in AppProject specific RBAC rules. GITOPS-1771

  • Before this update, when a DeploymentConfig resource is scaled to 0, Argo CD displayed it in a progressing state with a health status message as "replication controller is waiting for pods to run". This update fixes the edge case and the health check now reports the correct health status of the DeploymentConfig resource. GITOPS-1738

  • Before this update, the TLS certificate in the argocd-tls-certs-cm configuration map was deleted by the Red Hat OpenShift GitOps unless the certificate was configured in the ArgoCD CR specification tls.initialCerts field. This issue is fixed now. GITOPS-1725

  • Before this update, while creating a namespace with the managed-by label it created a lot of RoleBinding resources on the new namespace. This update fixes the issue and now Red Hat OpenShift GitOps removes the irrelevant Role and RoleBinding resources created by the previous versions. GITOPS-1550

  • Before this update, the TLS certificate of the route in pass-through mode did not have a CA name. As a result, Firefox 94 and later failed to connect to Argo CD UI with error code SEC_ERROR_BAD_DER. This update fixes the issue. You must delete the <openshift-gitops-ca> secrets and let it recreate. Then, you must delete the <openshift-gitops-tls> secrets. After the Red Hat OpenShift GitOps recreates it, the Argo CD UI is accessible by Firefox again. GITOPS-1548

Known issues

  • Argo CD .status.host field is not updated when an Ingress resource is in use instead of a Route resource on OpenShift clusters. GITOPS-1920

Release notes for Red Hat OpenShift GitOps 1.4.12

Red Hat OpenShift GitOps 1.4.12 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, in a large set of applications the application controllers were restarted multiple times due to the unresponsiveness of liveness probes. This update fixes the issue by removing the liveness probe in the application controller StatefulSet object. GITOPS-2153

  • Before this update, the RHSSO certificate cannot be validated when it is set up with a certificate which is not signed by certificate authorities. This update fixes the issue and now you can provide a custom certificate which will be used in verifying the Keycloak’s TLS certificate when communicating with it. You can add the rootCA to the Argo CD custom resource .spec.keycloak.rootCA field. The Operator reconciles this change and updates the oidc.config field in the argocd-cm ConfigMap with the PEM-encoded root certificate. GITOPS-2214

    Restart the Argo CD server pod after updating the .spec.keycloak.rootCA field.

    For example:

    apiVersion: argoproj.io/v1alpha1
    kind: ArgoCD
    metadata:
      name: example-argocd
      labels:
        example: basic
    spec:
      sso:
        provider: keycloak
        keycloak:
         rootCA: |
           ---- BEGIN CERTIFICATE ----
           This is a dummy certificate
           Please place this section with appropriate rootCA
           ---- END CERTIFICATE ----
      server:
        route:
          enabled: true
  • Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. GITOPS-2277

  • Before this update, the Dex pods failed to start with CreateContainerConfigError when an SCC of anyuid was assigned to the Dex ServiceAccount resource. This update fixes this issue by assigning a default user id to the Dex container. GITOPS-2235

Release notes for Red Hat OpenShift GitOps 1.4.11

Red Hat OpenShift GitOps 1.4.11 is now available on OpenShift Container Platform 4.8, 4.9, and 4.10.

New features

The current release adds the following improvements:

  • With this update, the bundled Argo CD has been updated to version 2.2.12.

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, the redis-ha-haproxy pods of an ArgoCD instance failed when more restrictive SCCs were present in the cluster. This update fixes the issue by updating the security context in workloads. GITOPS-2034

Known issues

  • Red Hat OpenShift GitOps Operator can use RHSSO (KeyCloak) with OIDC and Dex. However, with a recent security fix applied, the Operator cannot validate the RHSSO certificate in some scenarios. GITOPS-2214

    As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.

    apiVersion: argoproj.io/v1alpha1
    kind: ArgoCD
    metadata:
      name: example-argocd
    spec:
      extraConfig:
        "admin.enabled": "true"
    ...

Release notes for Red Hat OpenShift GitOps 1.4.6

Red Hat OpenShift GitOps 1.4.6 is now available on OpenShift Container Platform 4.7, 4.8, 4.9, and 4.10.

Fixed issues

The following issue has been resolved in the current release:

  • The base images are updated to the latest version to avoid OpenSSL flaw link: (CVE-2022-0778).

To install the current release of Red Hat OpenShift GitOps 1.4 and receive further updates during its product life cycle, switch to the GitOps-1.4 channel.

Release notes for Red Hat OpenShift GitOps 1.4.5

Red Hat OpenShift GitOps 1.4.5 is now available on OpenShift Container Platform 4.7, 4.8, 4.9 and 4.10.

Fixed issues

You should directly upgrade to Red Hat OpenShift GitOps v1.4.5 from Red Hat OpenShift GitOps v1.4.3. Do not use Red Hat OpenShift GitOps v1.4.4 in a production environment. Major issues that affected Red Hat OpenShift GitOps v1.4.4 are fixed in Red Hat OpenShift GitOps 1.4.5.

The following issue has been resolved in the current release:

  • Before this update, Argo CD pods were stuck in the ErrImagePullBackOff state. The following error message was shown:

reason: ErrImagePull
          message: >-
            rpc error: code = Unknown desc = reading manifest
            sha256:ff4ad30752cf0d321cd6c2c6fd4490b716607ea2960558347440f2f370a586a8
            in registry.redhat.io/openshift-gitops-1/argocd-rhel8: StatusCode:
            404, <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>

This issue is now fixed. GITOPS-1848

Release notes for Red Hat OpenShift GitOps 1.4.3

Red Hat OpenShift GitOps 1.4.3 is now available on OpenShift Container Platform 4.7, 4.8, and 4.9.

Fixed issues

The following issue has been resolved in the current release:

  • Before this update, the TLS certificate in the argocd-tls-certs-cm configuration map was deleted by the Red Hat OpenShift GitOps unless the certificate was configured in the ArgoCD CR specification tls.initialCerts field. This update fixes this issue. GITOPS-1725

Release notes for Red Hat OpenShift GitOps 1.4.2

Red Hat OpenShift GitOps 1.4.2 is now available on OpenShift Container Platform 4.7, 4.8, and 4.9.

Fixed issues

The following issue has been resolved in the current release:

  • All versions of Argo CD are vulnerable to a path traversal bug that allows to pass arbitrary values to be consumed by Helm charts. This update fixes the CVE-2022-24348 gitops error, path traversal and dereference of symlinks when passing Helm value files. GITOPS-1756

  • Before this update, the Route resources got stuck in Progressing Health status if more than one Ingress were attached to the route. This update fixes the health check and reports the correct health status of the Route resources. GITOPS-1751

Release notes for Red Hat OpenShift GitOps 1.4.1

Red Hat OpenShift GitOps 1.4.1 is now available on OpenShift Container Platform 4.7, 4.8, and 4.9.

Fixed issues

The following issue has been resolved in the current release:

  • Red Hat OpenShift GitOps Operator v1.4.0 introduced a regression which removes the description fields from spec for the following CRDs:

    • argoproj.io_applications.yaml

    • argoproj.io_appprojects.yaml

    • argoproj.io_argocds.yaml

      Before this update, when you created an AppProject resource using the oc create command, the resource failed to synchronize due to the missing description fields. This update restores the missing description fields in the preceding CRDs. GITOPS-1721

Release notes for Red Hat OpenShift GitOps 1.4.0

Red Hat OpenShift GitOps 1.4.0 is now available on OpenShift Container Platform 4.7, 4.8, and 4.9.

New features

The current release adds the following improvements.

  • This enhancement upgrades Red Hat OpenShift GitOps Application Manager (kam) to version 0.0.41. GITOPS-1669

  • This enhancement upgrades Argo CD to version 2.2.2. GITOPS-1532

  • This enhancement upgrades Helm to version 3.7.1. GITOPS-1530

  • This enhancement adds the health status of the DeploymentConfig, Route, and OLM Operator items to the Argo CD Dashboard and OpenShift Container Platform web console. This information helps you monitor the overall health status of your application. GITOPS-655, GITOPS-915, GITOPS-916, GITOPS-1110

  • With this update, you can to specify the number of desired replicas for the argocd-server and argocd-repo-server components by setting the .spec.server.replicas and .spec.repo.replicas attributes in the Argo CD custom resource, respectively. If you configure the horizontal pod autoscaler (HPA) for the argocd-server components, it takes precedence over the Argo CD custom resource attributes. GITOPS-1245

  • As an administrative user, when you give Argo CD access to a namespace by using the argocd.argoproj.io/managed-by label, it assumes namespace-admin privileges. These privileges are an issue for administrators who provide namespaces to non-administrators, such as development teams, because the privileges enable non-administrators to modify objects such as network policies.

    With this update, administrators can configure a common cluster role for all the managed namespaces. In role bindings for the Argo CD application controller, the Operator refers to the CONTROLLER_CLUSTER_ROLE environment variable. In role bindings for the Argo CD server, the Operator refers to the SERVER_CLUSTER_ROLE environment variable. If these environment variables contain custom roles, the Operator doesn’t create the default admin role. Instead, it uses the existing custom role for all managed namespaces. GITOPS-1290

  • With this update, the Environment page in the OpenShift Container Platform Developer Console displays a broken heart icon to indicate degraded resources, excluding ones whose status is Progressing, Missing, and Unknown. The console displays a yellow yield sign icon to indicate out-of-sync resources. GITOPS-1307

Fixed issues

The following issues have been resolved in the current release:

  • Before this update, when the Route to the Red Hat OpenShift GitOps Application Manager (kam) was accessed without specifying a path in the URL, a default page without any helpful information was displayed to the user. This update fixes the issue so that the default page displays download links for kam. GITOPS-923

  • Before this update, setting a resource quota in the namespace of the Argo CD custom resource might cause the setup of the Red Hat SSO (RH SSO) instance to fail. This update fixes this issue by setting a minimum resource request for the RH SSO deployment pods. GITOPS-1297

  • Before this update, if you changed the log level for the argocd-repo-server workload, the Operator didn’t reconcile this setting. The workaround was to delete the deployment resource so that the Operator recreated it with the new log level. With this update, the log level is correctly reconciled for existing argocd-repo-server workloads. GITOPS-1387

  • Before this update, if the Operator managed an Argo CD instance that lacked the .data field in the argocd-secret Secret, the Operator on that instance crashed. This update fixes the issue so that the Operator doesn’t crash when the .data field is missing. Instead, the secret regenerates and the gitops-operator-controller-manager resource is redeployed. GITOPS-1402

  • Before this update, the gitopsservice service was annotated as an internal object. This update removes the annotation so you can update or delete the default Argo CD instance and run GitOps workloads on infrastructure nodes by using the UI. GITOPS-1429

Known issues

These are the known issues in the current release:

  • If you migrate from the Dex authentication provider to the Keycloak provider, you might experience login issues with Keycloak.

    To prevent this issue, when migrating, uninstall Dex by removing the .spec.dex section from the Argo CD custom resource. Allow a few minutes for Dex to uninstall completely. Then, install Keycloak by adding .spec.sso.provider: keycloak to the Argo CD custom resource.

    As a workaround, uninstall Keycloak by removing .spec.sso.provider: keycloak. Then, re-install it. GITOPS-1450, GITOPS-1331

Release notes for Red Hat OpenShift GitOps 1.3.7

Red Hat OpenShift GitOps 1.3.7 is now available on OpenShift Container Platform 4.7, 4.8, 4.9, and 4.10.

Fixed issues

The following issue has been resolved in the current release:

  • Before this update, a flaw was foun