OpenShift docs are moving and will soon only be available at docs.redhat.com, the home of all Red Hat product documentation. Explore the new docs experience today.
  1. Documentation
    2. history bug_report picture_as_pdf
×

Red Hat OpenShift GitOps release notes

For additional information about the OpenShift GitOps lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.

Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift GitOps releases on OpenShift Container Platform.

Red Hat OpenShift GitOps is a declarative way to implement continuous deployment for cloud native applications. Red Hat OpenShift GitOps ensures consistency in applications when you deploy them to different clusters in different environments, such as development, staging, and production. Red Hat OpenShift GitOps helps you automate the following tasks:

  • Ensure that the clusters have similar states for configuration, monitoring, and storage

  • Recover or recreate clusters from a known state

  • Apply or revert configuration changes to multiple OpenShift Container Platform clusters

  • Associate templated configuration with different environments

  • Promote applications across clusters, from staging to production

For an overview of Red Hat OpenShift GitOps, see About Red Hat OpenShift GitOps.

Compatibility and support matrix

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

  • TP: Technology Preview

  • GA: General Availability

  • NA: Not Applicable

  • In OpenShift Container Platform 4.13, the stable channel has been removed. Before upgrading to OpenShift Container Platform 4.13, if you are already on the stable channel, choose the appropriate channel and switch to it.

  • The maintenance support for OpenShift Container Platform 4.12 on IBM Power has ended from 17 July 2024. If you are using Red Hat OpenShift GitOps on OpenShift Container Platform 4.12, upgrade to OpenShift Container Platform 4.13 or later.
OpenShift GitOps Component Versions OpenShift Versions

Version

kam

Argo CD CLI

Helm

Kustomize

Argo CD

Argo Rollouts

Dex

RH SSO

1.15.0

NA

2.13.1 TP

3.15.4 GA

5.4.3 GA

2.13.1 GA

1.7.2 TP

2.41.1 GA

7.6.0 GA

4.14-4.17

1.14.0

0.0.51 TP

2.12.3 TP

3.15.2 GA

5.4.2 GA

2.12.3 GA

1.7.1 GA

2.39.1 GA

7.6.0 GA

4.12-4.17

1.13.0

0.0.51 TP

2.11.3 TP

3.14.4 GA

5.2.1 GA

2.11.3 GA

1.6.6 GA

2.37.0 GA

7.6.0 GA

4.12-4.16

  • Starting from Red Hat OpenShift GitOps 1.15, support is no longer provided for the Red Hat OpenShift GitOps Application Manager command-line interface (CLI), kam.

  • RH SSO is an abbreviation for Red Hat SSO.

Technology Preview features

The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use.

Table 1. Technology Preview tracker
Feature TP in Red Hat OpenShift GitOps versions GA in Red Hat OpenShift GitOps versions

The GitOps argocd CLI tool

1.12.0

NA

Argo CD application sets in non-control plane namespaces

1.12.0

NA

The round-robin cluster sharding algorithm

1.10.0

NA

Dynamic scaling of shards

1.10.0

NA

Argo Rollouts

1.9.0

1.13.0

ApplicationSet Progressive Rollout Strategy

1.8.0

NA

Multiple sources for an application

1.8.0

1.15.0

Argo CD applications in non-control plane namespaces

1.7.0

1.13.0

The Red Hat OpenShift GitOps Environments page in the Developer perspective of the OpenShift Container Platform web console 

1.1.0

NA

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Release notes for Red Hat OpenShift GitOps 1.15.0

Red Hat OpenShift GitOps 1.15.0 is now available on OpenShift Container Platform 4.14, 4.15, 4.16, and 4.17.

Errata updates

RHEA-2024:11002 - Red Hat OpenShift GitOps 1.15.0 security update advisory

Issued: 2024-12-12

The list of security fixes that are included in this release are documented in the following advisory:

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

New features

  • With this update, Red Hat OpenShift GitOps supports the addition of extra volumes and volume mounts to the ApplicationSet Controller components. You can configure these additional resources by specifying the .spec.applicationSet.volumes and .spec.applicationSet.volumeMounts fields in the Argo CD Custom Resource (CR). GITOPS-5739

    Example
    apiVersion: argoproj.io/v1beta1
kind: ArgoCD
metadata:
  name: argocd-example
spec:
  applicationSet:
    volumes:
      - name: <volume_name> (1)
        emptyDir: {} (2)
    volumeMounts:
      - name: <volume_name> (3)
        mountPath: <mount_path> (4)
    1 Specifies the name of the volume for the Argo CD ApplicationSet Controller.
    2 Specifies the volume type. It can be any Kubernetes supported volume type, such as emptyDir, hostPath, configMap, and so on.
    3 Specifies the name of the volume to be mounted, which must match the name of the volume defined in volumes.
    4 Specifies the path inside the container where the volume will be mounted.

  • With this update, users can add custom labels and annotations to the server, repo-server, applicationset-controller, and application-controller pods. This enhancement improves observability for external systems that depend on resource labels or annotations for monitoring purposes. The following fields are introduced in the Argo CD CR to support this functionality:

    • .spec.server.labels

    • .spec.server.annotations

    • .spec.repo.labels

    • .spec.repo.annotations

    • .spec.controller.labels

    • .spec.controller.annotations

    • .spec. applicationSet.labels

    • .spec. applicationSet.annotations

    For more information, see Custom Annotations and Labels. GITOPS-5674

  • Before this update, users could not configure some replicas for the Argo Rollouts controller by using the RolloutManager custom resource (CR). With this update, high availability (HA) support is introduced by adding a new .spec.ha field to the RolloutManager CR.

    When you enable high availability, the GitOps Operator automatically sets the number of replicas to 2, the leader election is activated, and default anti-affinity rules are applied to ensure redundancy and reliability. GITOPS-5622

  • With this update, the Argo CD multi-source application functionality in GitOps Operator is promoted from Technology Preview (TP) to General Availability (GA). Use this feature to define and manage applications with multiple source repositories. GITOPS-5511

  • With this update, you can now use Kubernetes TLS-type secrets to configure custom TLS certificates for Routes in the Argo CD CR. Previously, TLS data had to be embedded directly in the Argo CD CR as plain text, which could pose security risks due to the sensitive nature of TLS information.

    To enhance security, you must use Kubernetes secrets to manage TLS data. The following fields are introduced in the Argo CD CR to reference Kubernetes secrets of type kubernetes.io/tls containing TLS data:

    • .spec.server.route.tls.externalCertificate

    • .spec.applicationSet.webhookServer.route.tls.externalCertificate

    • .spec.prometheus.route.tls.externalCertificate

    • .spec.grafana.route.tls.externalCertificate

    For more information about configuring a route for custom TLS certificate, see examples in Custom TLS certificates for Routes. GITOPS-5232

  • With this update, Restricted pod security admission (PSA) labels are applied to the openshift-gitops namespace to ensure compliance with OpenShift Container Platform standards. If you are running additional workloads in the openshift-gitops namespace, ensure they comply with restricted PSA requirements. If compliance with restricted PSA is not feasible, use a user-defined, cluster-scoped Argo CD instance. In such instances, PSA labels are not applied or controlled by the GitOps Operator. GITOPS-5221

  • Before this update, trafficmanagement and metric plugins could not be configured by using the RolloutManager CR in Argo Rollouts. With this update, you can now specify trafficmanagement and metric plugins in the RolloutManager CR. The GitOps Operator automatically updates the config map when these plugin fields are added, modified, or removed. This enhancement allows users to manage trafficmanagement and metric plugins natively through the RolloutManager CR, eliminating the need for manual config map updates. GITOPS-4217

  • With this update, the Sources tab in the Details panel of a multi-source application now includes two new buttons:

    • Add Source: Opens a new form-based panel for adding a new source entry. You can specify the repository URL and other source-specific details in this panel.

    • Delete: Allows you to remove a specific source from the application.

    GITOPS-4175

  • With this update, users can now enable or disable the Argo Rollouts UI in Argo CD instances by setting a new boolean field, enableRolloutsUI, in the server component of the Argo CD CR. GITOPS-3604

    Example
    apiVersion: argoproj.io/v1beta1
kind: ArgoCD
metadata:
  name: argocd
spec:
  server:
    enableRolloutsUI: true (1)
    1 Set this value to true to configure the enableRolloutsUI field.

  • With this update, you can access documentation on configuring the ApplicationSet controller in the Argo CD CR to use different policies. For more information, see ApplicationSet Controller policies. GITOPS-5236

Fixed issues

  • Before this update, when the desired state for an existing Ingress changed the host, the new host information was not applied. This update fixes the issue by adding Ingress checks to ensure the Ingress is updated when the host changes. If there is a change in the Ingress host, it will be correctly updated with the new value, ensuring that the desired state is reflected. GITOPS-5386

  • Before this update, when the desired state for the server service type changes, for example, from ClusterIP to NodePort, the change was not applied automatically to the cluster without first deleting the resource. This update fixes the issue by adding a server service check to apply changes to the server service. If the desired state for the server service type changes, it is applied automatically to the cluster without deleting the resource. GITOPS-5385

  • Before this update, users were unable to set a custom image for the ApplicationSet Controller after specifying it in the Argo CD CR. This update fixes the issue by allowing users to set a custom image for the ApplicationSet Controller. GITOPS-5395

  • Before this update, Argo CD was unable to retrieve the correct TLS certificate for Helm OCI registries if the URL contained a path or port number. This update fixes the issue by using a fix in upstream Argo CD that ensures the URL is correctly parsed, allowing Argo CD to retrieve and return a valid TLS certificate. GITOPS-5081

Deprecated and removed features

Removal of Red Hat OpenShift GitOps Application Manager CLI, kam

  • With this release, support for the Red Hat OpenShift GitOps Application Manager command-line interface (CLI), kam, has been removed. The kam component is no longer included in new installations, and all references have been removed from the Red Hat OpenShift GitOps documentation. GITOPS-4466

    To remove kam resources after an update, run the following command:

    $ oc delete deployment,service,route kam -n openshift-gitops

Breaking change

Updated OpenShift API schemas and insecureEdgeTerminationPolicy field change

  • With this update, the OpenShift API schemas used by the Red Hat OpenShift GitOps Operator have been changed to include the latest fields from the Route API, resulting in a breaking change. If the following fields are configured with the Disable option in the Argo CD CR, they must be changed to None before updating to ensure compatibility with the new schema:

    • .spec.server.route.tls.insecureEdgeTerminationPolicy

    • .spec.applicationSet.webhookServer.route.tls.insecureEdgeTerminationPolicy

    • .spec.prometheus.route.tls.insecureEdgeTerminationPolicy

    • .spec.grafana.route.tls.insecureEdgeTerminationPolicy

    GITOPS-5808