Chapter 1. Red Hat OpenShift GitOps release notes
For additional information about the OpenShift GitOps life cycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.
Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift GitOps releases on OpenShift Container Platform.
Red Hat OpenShift GitOps is a declarative way to implement continuous deployment for cloud native applications. Red Hat OpenShift GitOps ensures consistency in applications when you deploy them to different clusters in different environments, such as: development, staging, and production. Red Hat OpenShift GitOps helps you automate the following tasks:
- Ensure that the clusters have similar states for configuration, monitoring, and storage
- Recover or recreate clusters from a known state
- Apply or revert configuration changes to multiple OpenShift Container Platform clusters
- Associate templated configuration with different environments
- Promote applications across clusters, from staging to production
For an overview of Red Hat OpenShift GitOps, see About Red Hat OpenShift GitOps.
1.1. Compatibility and support matrix
Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.
In the table, features are marked with the following statuses:
- TP: Technology Preview
- GA: General Availability
- NA: Not Applicable
-
In OpenShift Container Platform 4.13, the
stablechannel has been removed. Before upgrading to OpenShift Container Platform 4.13, if you are already on thestablechannel, choose the appropriate channel and switch to it. - The maintenance support for OpenShift Container Platform 4.12 on {ibmpowerProductName} has ended from 17 July 2024. If you are using Red Hat OpenShift GitOps on OpenShift Container Platform 4.12, upgrade to OpenShift Container Platform 4.13 or later.
| OpenShift GitOps | Component Versions | OpenShift Versions | ||||||
|---|---|---|---|---|---|---|---|---|
| Version |
| Helm | Kustomize | Argo CD | Argo Rollouts | Dex | RH SSO | |
| 1.11.0 | 0.0.51 TP | 3.13.2 GA | 5.2.1 GA | 2.9.2 GA | 1.6.0 TP | 2.36.0 GA | 7.6.0 GA | 4.12-4.14 |
| 1.10.0 | 0.0.50 TP | 3.12.1 GA | 5.1.0 GA | 2.8.3 GA | 1.5.0 TP | 2.35.1 GA | 7.5.1 GA | 4.12-4.14 |
| 1.9.0 | 0.0.49 TP | 3.11.2 GA | 5.0.1 GA | 2.7.2 GA | 1.5.0 TP | 2.35.1 GA | 7.5.1 GA | 4.12-4.14 |
-
kamis the Red Hat OpenShift GitOps Application Manager command-line interface (CLI). - RH SSO is an abbreviation for Red Hat SSO.
1.1.1. Technology Preview features
The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use.
| Feature | TP in Red Hat OpenShift GitOps versions | GA in Red Hat OpenShift GitOps versions |
|---|---|---|
|
The | 1.10.0 | NA |
| Dynamic scaling of shards | 1.10.0 | NA |
| Argo Rollouts | 1.9.0 | NA |
| ApplicationSet Progressive Rollout Strategy | 1.8.0 | NA |
| Multiple sources for an application | 1.8.0 | NA |
| Argo CD applications in non-control plane namespaces | 1.7.0 | NA |
| Argo CD Notifications controller | 1.6.0 | NA |
| The Red Hat OpenShift GitOps Environments page in the Developer perspective of the OpenShift Container Platform web console | 1.1.0 | NA |
1.2. Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
1.3. Release Notes for Red Hat OpenShift GitOps 1.11.7
Red Hat OpenShift GitOps 1.11.7 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.3.1. Errata updates
1.3.1.1. RHSA-2024:4972 - Red Hat OpenShift GitOps 1.11.7 security update advisory
Issued: 2024-08-01
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.4. Release Notes for Red Hat OpenShift GitOps 1.11.6
Red Hat OpenShift GitOps 1.11.6 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.4.1. Errata updates
1.4.1.1. RHSA-2024:4626 - Red Hat OpenShift GitOps 1.11.6 security update advisory
Issued: 2024-07-18
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.5. Release Notes for Red Hat OpenShift GitOps 1.11.5
Red Hat OpenShift GitOps 1.11.5 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.5.1. Errata updates
1.5.1.1. RHSA-2024:3475 - Red Hat OpenShift GitOps 1.11.5 security update advisory
Issued: 2024-05-29
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.5.2. Fixed issues
-
Before this update, pods in a different namespace could access the Redis server on port
6379to obtain read and write access to the data. This issue has been fixed in this release by enabling secure authentication.
1.6. Release Notes for Red Hat OpenShift GitOps 1.11.4
Red Hat OpenShift GitOps 1.11.4 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.6.1. Errata updates
1.6.1.1. RHSA-2024:2815 - Red Hat OpenShift GitOps 1.11.4 security update advisory
Issued: 2024-05-10
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.6.2. Fixed issues
-
Before this update, users could not use the
argocd-k8s-authbinary to add Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) clusters because this binary was not available in the GitOps container. This update fixes the issue by adding theargocd-k8s-authbinary in the GitOps container. GITOPS-4226 -
Before this update, attempts to connect to Azure DevOps with Argo CD would result in an error due to the deprecation of the
rsa-sshhost key algorithm by the Azure DevOps Repository service. This update fixes the issue by providing support for thersa-sshhost key algorithms during the communication process between Argo CD and Azure DevOps Repository service. GITOPS-4543 -
Before this update, the
ignoreDifferencessync option in Argo CD did not work for array fields. This update fixes the issue by modifying the merge strategy of theignoreDifferencessync option used in the upstream project to handle array fields. As a result, the sync option now functions correctly by allowing users to ignore specific elements in the array during sync. GITOPS-2962 - Before this update, users accessing a Red Hat OpenShift on AWS (ROSA) cluster after hibernation were unable to log in to the Argo CD web console due to an error indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors when the ROSA cluster is operational post-hibernation. GITOPS-4358
-
Before this update, users were unable to log in to the Argo CD web console if the availability of the
openshift-gitopsroute was delayed while the Red Hat OpenShift GitOps Operator processed an Argo CD custom resource instance. An error message was displayed indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors. GITOPS-3736 -
Before this update, users could not create custom resources for Argo CD from the Add page on the Developer perspective of the Red Hat OpenShift GitOps web console. This issue has been observed from Red Hat OpenShift GitOps 1.10 and later releases. This update fixes the issue because Operator-backed resources with the correct versions are included in the
ClusterServiceVersionmanifest file. GITOPS-4513
1.7. Release Notes for Red Hat OpenShift GitOps 1.11.3
Red Hat OpenShift GitOps 1.11.3 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.7.1. Errata updates
1.7.1.1. RHSA-2024:1697 - Red Hat OpenShift GitOps 1.11.3 security update advisory
Issued: 2024-04-08
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.8. Release notes for Red Hat OpenShift GitOps 1.11.2
Red Hat OpenShift GitOps 1.11.2 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.8.1. Errata updates
1.8.1.1. RHSA-2024:1346 - Red Hat OpenShift GitOps 1.11.2 security update advisory
Issued: 2023-03-15
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.8.2. Fixed issues
Before this update, due to the incorrect filtering of URL protocols in the Argo CD application summary component, an attacker could use cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to 2.9.8, which patches this vulnerability. GITOPS-4210
1.9. Release notes for Red Hat OpenShift GitOps 1.11.1
Red Hat OpenShift GitOps 1.11.1 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.9.1. Errata updates
1.9.1.1. RHSA-2024-0689 - Red Hat OpenShift GitOps 1.11.1 security update advisory
Issued: 2024-02-05
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, view the container images in this release by running the following command:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.10. Release notes for Red Hat OpenShift GitOps 1.11.0
Red Hat OpenShift GitOps 1.11.0 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.10.1. New features
The current release adds the following improvement:
With this update, you can selectively disable the
redisandapplication-controllercomponents for an Argo CD instance in a specified namespace. These components are enabled by default. To disable a component, set theenabledflag tofalsein the.spec.<component>.enabledfield of the Argo CD Custom Resource (CR). GITOPS-3723For example:
apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata: name: example-argocd spec: controller: enabled: false redis: enabled: falseNoteThis feature is currently limited to the
redisandapplication-controllercomponents. It is expected that support for other components will be included in a future Red Hat OpenShift GitOps release.
1.10.2. Fixed issues
The following issues have been resolved in the current release:
-
Before this update, the Argo CD Notifications Controller did not support custom certificates added to the
argocd-tls-certs-cmconfig map. As a result, notification services with custom certificates did not receive notifications due to thex509: certificate signed by unknown authorityerror message. This update fixes the issue by correctly initializing the cert resolver function in the Argo CD Notifications Controller to load all certificates stored in theargocd-tls-certs-cmconfig map. Now, notification services with custom certificates can successfully receive notifications. GITOPS-2809 -
Before this update, users would face
PrometheusOperatorRejectedResourcesalerts when the Red Hat OpenShift GitOps Operator was not installed in theopenshift-gitops-operatornamespace. The problem affected users who upgraded from earlier versions of the Red Hat OpenShift GitOps Operator to v1.10. This update fixes the issue by updating the Operator’sserverNamemetrics service to reflect the correct installation namespace. Now, users who upgrade or install the Red Hat OpenShift GitOps Operator in namespaces other thanopenshift-gitops-operatorshould not see these alerts. GITOPS-3424
1.11. Release Notes for Red Hat OpenShift GitOps 1.10.6
Red Hat OpenShift GitOps 1.10.6 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.11.1. Errata updates
1.11.1.1. RHSA-2024:3369 - Red Hat OpenShift GitOps 1.10.6 security update advisory
Issued: 2024-05-28
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.11.2. Fixed issues
-
Before this update, pods in a different namespace could access the Redis server on port
6379to obtain read and write access to the data. This update fixes the issue by enabling secure authentication.
1.12. Release Notes for Red Hat OpenShift GitOps 1.10.5
Red Hat OpenShift GitOps 1.10.5 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.12.1. Errata updates
1.12.1.1. RHSA-2024:2817 - Red Hat OpenShift GitOps 1.10.5 security update advisory
Issued: 2024-05-10
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.12.2. Fixed issues
-
Before this update, users could not use the
argocd-k8s-authbinary to add Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) clusters because this binary was not available in the GitOps container. This update fixes the issue by adding theargocd-k8s-authbinary in the GitOps container. GITOPS-4226 -
Before this update, attempts to connect to Azure DevOps with Argo CD would result in an error due to the deprecation of the
rsa-sshhost key algorithm by the Azure DevOps Repository service. This update fixes the issue by providing support for thersa-sshhost key algorithms during the communication process between Argo CD and Azure DevOps Repository service. GITOPS-4543 -
Before this update, the
ignoreDifferencessync option in Argo CD did not work for array fields. This update fixes the issue by modifying the merge strategy of theignoreDifferencessync option used in the upstream project to handle array fields. As a result, the sync option now functions correctly by allowing users to ignore specific elements in the array during sync. GITOPS-2962 -
Before this update, users could not create custom resources for Argo CD from the Add page on the Developer perspective of the Red Hat OpenShift GitOps web console. This issue has been observed from Red Hat OpenShift GitOps 1.10 and later releases. This update fixes the issue because Operator-backed resources with the correct versions are included in the
ClusterServiceVersionmanifest file. GITOPS-4513
1.13. Release Notes for Red Hat OpenShift GitOps 1.10.4
Red Hat OpenShift GitOps 1.10.4 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.13.1. Errata updates
1.13.1.1. RHSA-2024:1700 - Red Hat OpenShift GitOps 1.10.4 security update advisory
Issued: 2024-04-08
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.14. Release notes for Red Hat OpenShift GitOps 1.10.3
Red Hat OpenShift GitOps 1.10.3 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.14.1. Errata updates
1.14.1.1. RHSA-2024:1345 - Red Hat OpenShift GitOps 1.10.3 security update advisory
Issued: 2024-03-15
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.14.2. Fixed issues
Before this update, due to the incorrect filtering of URL protocols in the Argo CD application summary component, an attacker could use cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to 2.8.12, which patches this vulnerability. GITOPS-4209
1.15. Release notes for Red Hat OpenShift GitOps 1.10.2
Red Hat OpenShift GitOps 1.10.2 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.15.1. Errata updates
1.15.1.1. RHSA-2024-0692 - Red Hat OpenShift GitOps 1.10.2 security update advisory
Issued: 2024-02-05
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, view the container images in this release by running the following command:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.16. Release notes for Red Hat OpenShift GitOps 1.10.1
Red Hat OpenShift GitOps 1.10.1 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.16.1. Errata updates
1.16.1.1. RHSA-2023:6220 - Red Hat OpenShift GitOps 1.10.1 security update advisory
Issued: 2023-10-31
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator
1.17. Release notes for Red Hat OpenShift GitOps 1.10.0
Red Hat OpenShift GitOps 1.10.0 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.17.1. Errata updates
1.17.1.1. RHSA-2023:5407 and RHEA-2023:5408 - Red Hat OpenShift GitOps 1.10.0 security update advisory
Issued: 2023-09-29
The list of security fixes and enhancements that are included in this release is documented in the following advisories:
If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator
1.17.2. New features
The current release adds the following improvements:
With this update, the Argo CD CRD API version is upgraded from
v1alpha1tov1beta1to accomodate the breaking changes resulting from the deprecation of.spec.dexand certain.spec.ssofields. To streamline the automatic migration of existingv1alpha1Argo CD CRs tov1beta1, conversion webhook support is implemented. GITOPS-3040NoteBy default, the conversion webhook is enabled only for OLM-installed Operators. For non-OLM installations of the Operator, enabling the webhook is optional. However, without conversion webhook support, you have to manually migrate any existing Argo CD
v1alpha1CRs tov1beta1.With this update, the Red Hat OpenShift GitOps Operator deploys three monitoring dashboards in the Administrator perspective of the web console. The three dashboards are GitOps Overview, GitOps Components, and GitOps gRPC. To access these dashboards, go to Observe
Monitoring. GITOPS-1767 NoteDisabling or changing the content of the dashboards is not supported.
- Previously, timestamps were presented in a Unix epoch format. With this update, the timestamps are changed to RFC3339 format, for example: 2023-06-27T07:12:48-04:00, to improve overall readability. GITOPS-2898
-
With this update, the default Argo CD instance in the
openshift-gitopsnamespace has restricted permissions for non-admin users by default. This improves security because non-admin users no longer have access to sensitive information. However, as an administrator, you can set permissions and grant non-admin users access to the resources managed by the defaultopenshift-gitopsArgo CD instance by configuring your Argo CD RBAC. This change only applies to the defaultopenshift-gitopsArgo CD instance. GITOPS-3032 With this update, the default installation namespace for Red Hat OpenShift GitOps Operator is changed to its own namespace called
openshift-gitops-operator. You can still choose the old default installation namespace,openshift-operators, through a drop-down menu available in the OperatorHub UI at installation time. You can also enable cluster monitoring on the new namespace by selecting the check box, which makes the Operator’s performance metrics accessible within the OpenShift Container Platform web console. GITOPS-3073NoteThe Red Hat OpenShift GitOps Operator’s metrics are only available when the Operator is installed in the default namespace,
openshift-gitops-operator.With this update, the Red Hat OpenShift GitOps Operator exports custom metrics that allow you to track the performance of the Operator. The following are the exported metrics:
-
active_argocd_instances_total: This shows the number of Argo CD instances currently managed across the cluster. -
active_argocd_instances_by_phase{phase="<_PHASE>"}: This shows the number of Argo CD instances in a given phase, such as pending, available, among others. -
active_argocd_instance_reconciliation_count{namespace="<_YOUR-DEFINED-NAMESPACE>"}: This shows the number of times the instance in a given namespace is reconciled. controller_runtime_reconcile_time_seconds_per_instance{namespace="<_YOUR-DEFINED-NAMESPACE>"}: This metric displays the distribution of reconciliation cycles by their duration for the instance in a given namespace.To access these metrics, go to the Observe tab on the web console, and run queries against the monitoring stack. GITOPS-2645
NoteYou need to install the Red Hat OpenShift GitOps Operator in the default
openshift-gitops-operatornamespace with monitoring enabled to have these metrics automatically available.
-
Before this update, there was no option for choosing an algorithm for distributing the destination clusters equally across the different application controller shards. Now, you can set the sharding algorithm to the
round-robinparameter, which distributes clusters equally across the different application controller shards so that the synchronization load is spread equally among the shards. GITOPS-3288ImportantThe
round-robinsharding algorithm is a Technology Preview feature.Before this update, there was no option for scaling the application controller replicas dynamically. Now, you can dynamically scale the number of application controllers based on the number of clusters managed by each application controller. GITOPS-3287
ImportantDynamic scaling of shards is a Technology Preview feature.
1.17.3. Deprecated and removed features
With this release, the following deprecated
ssoanddexfields are removed from Argo CD CR:-
The
.spec.sso.image,.spec.sso.version,.spec.sso.resources, and.spec.sso.verifyTLSfields for keycloak SSO configurations The
.spec.dexfields, along withDISABLE_DEXenvironment variableAdditionally, the
.status.dexand.status.ssoConfigfields are also removed, and a new status field,.status.sso, is introduced. The new field reflects the workload status of the SSO provider (dex or keycloak) configured through the.spec.sso.providerfield. GITOPS-2473ImportantTo configure dex or keycloak SSO, use the equivalent fields under
.spec.sso.
-
The
With this update, the deprecated
.spec.resourceCustomizationsfield is removed from Argo CD CR. Bug fixes and support are only provided through the end of the Red Hat OpenShift GitOps v1.9 lifecycle. As an alternative to.spec.resourceCustomizations, you can use.spec.resourceHealthChecks,.spec.resourceIgnoreDifferences, and.spec.resourceActionsfields instead. GITOPS-3041ImportantTo prevent data loss during upgrade to Red Hat OpenShift GitOps Operator v1.10.0, ensure that you backup
.spec.resourceCustomizationvalue if it is used in your Argo CD CRs.-
With this update, the deprecated legacy Configuration Management Plugins (CMPs) feature, specified in the
argocd-cmconfig map or the Operator through the.spec.configManagementPluginsfield in Argo CD CR, has been removed in Argo CD v2.8. To continue using your legacy plugins, consider migrating them to the new sidecar available in the Operator through the.spec.repo.sidecarContainersfield in Argo CD CR. GITOPS-3462
1.17.4. Fixed issues
The following issues have been resolved in the current release:
-
Before this update, there were vulnerabilities on Redis. This update fixes the issue by upgrading Redis to the latest version of
registry.redhat.io/rhel-8/redis-6. GITOPS-3069 -
Before this update, users were facing an "x509: certificate signed by unknown authority" error when using scmProvider with GitLab. This update fixes the issue by adding support for the
Insecureflag for scmProvider with GitLab, and an option for mounting TLS certificate on the applicationSet controller. This certificate can then be utilized for scmProvider interactions with GitLab. GITOPS-3107
1.18. Release notes for Red Hat OpenShift GitOps 1.9.4
Red Hat OpenShift GitOps 1.9.4 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.18.1. Errata updates
1.18.1.1. RHSA-2024-0691 - Red Hat OpenShift GitOps 1.9.4 security update advisory
Issued: 2024-02-05
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, view the container images in this release by running the following command:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.19. Release notes for Red Hat OpenShift GitOps 1.9.3
Red Hat OpenShift GitOps 1.9.3 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.
1.19.1. Errata updates
1.19.1.1. RHSA-2023:7345 - Red Hat OpenShift GitOps 1.9.3 security update advisory
Issued: 2023-11-20
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, to view the container images in this release, run the following command:
$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator
1.20. Release notes for Red Hat OpenShift GitOps 1.9.2
Red Hat OpenShift GitOps 1.9.2 is now available on OpenShift Container Platform 4.12 and 4.13.
1.20.1. Errata updates
1.20.1.1. RHSA-2023:5029 - Red Hat OpenShift GitOps 1.9.2 security update advisory
Issued: 2023-09-08
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.20.2. Fixed issues
The following issue has been resolved in the current release:
-
Before this update, an old Redis image version was used when deploying the Red Hat OpenShift GitOps Operator, which resulted in vulnerabilities. This update fixes the vulnerabilities on Redis by upgrading it to the latest version of the
registry.redhat.io/rhel-8/redis-6image. GITOPS-3069
1.21. Release notes for Red Hat OpenShift GitOps 1.9.1
Red Hat OpenShift GitOps 1.9.1 is now available on OpenShift Container Platform 4.12 and 4.13.
1.21.1. Errata updates
1.21.1.1. RHSA-2023:3591 and RHBA-2023:4117 - Red Hat OpenShift GitOps 1.9.1 security update advisory
Issued: 2023-07-17
The list of security fixes that are included in this release is documented in the following advisories:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.21.2. New features
The current release adds the following improvements:
- With this update, the bundled Argo CD has been updated to version 2.7.6.
1.21.3. Fixed issues
The following issues have been resolved in the current release:
- Before this update, Argo CD was becoming unresponsive when there was an increase in namespaces and applications. This update fixes the issue by removing a deadlock. Deadlock occurs when two functions are competing for resources. Now, you should not experience crashes or unresponsiveness when there is an increase in namespaces or applications. GITOPS-2782
- Before this update, the Argo CD application controller resource could suddenly stop working when resynchronizing applications. This update fixes the issue by adding logic to prevent a cluster cache deadlock. Now, you should not experience the deadlock situation, and applications should resynchronize successfully. GITOPS-2880
-
Before this update, there was a mismatch in the RSA key for known hosts in the
argocd-ssh-known-hosts-cmconfig map. This update fixes the issue by matching the RSA key with the upstream project. Now, you can use the default RSA keys on default deployments. GITOPS-3042 -
Before this update, the reconciliation timeout setting in the
argocd-cmconfig map was not being correctly applied to the Argo CD application controller resource. This update fixes the issue by correctly reading and applying the reconciliation timeout setting from theargocd-cmconfig map. Now, you can modify the reconciliation timeout value from theAppSyncsetting without a problem. GITOPS-2810
1.22. Release notes for Red Hat OpenShift GitOps 1.9.0
Red Hat OpenShift GitOps 1.9.0 is now available on OpenShift Container Platform 4.12 and 4.13.
1.22.1. Errata updates
1.22.1.1. RHSA-2023:3557 - Red Hat OpenShift GitOps 1.9.0 security update advisory
Issued: 2023-06-09
The list of security fixes that are included in this release is documented in the following advisory:
If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:
$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
1.22.2. New features
The current release adds the following improvements:
-
With this update, you can use a custom
must-gathertool to collect diagnostic information for project-level resources, cluster-level resources, and Red Hat OpenShift GitOps components. This tool provides the debugging information about the cluster associated with Red Hat OpenShift GitOps, which you can share with the Red Hat Support team for analysis. GITOPS-2797 With this update, you can add support to progressive delivery using Argo Rollouts. Currently, the supported traffic manager is only Red Hat OpenShift Service Mesh. GITOPS-959
ImportantArgo Rollouts is a Technology Preview feature.
Additional resources
1.22.3. Deprecated and removed features
-
In Red Hat OpenShift GitOps 1.7.0, the
.spec.resourceCustomizationsparameter was deprecated. The deprecated.spec.resourceCustomizationsparameter is planned to be removed in the upcoming Red Hat OpenShift GitOps GA v1.10.0 release. You can use the new formatsspec.ResourceHealthChecks,spec.ResourceIgnoreDifferences, andspec.ResourceActionsinstead. GITOPS-2890 With this update, the support for the following deprecated
ssoanddexfields extends until the upcoming Red Hat OpenShift GitOps GA v1.10.0 release:-
The
.spec.sso.image,.spec.sso.version,.spec.sso.resources, and.spec.sso.verifyTLSfields. The
.spec.dexparameter along withDISABLE_DEX.The deprecated previous
ssoanddexfields were earlier scheduled for removal in the Red Hat OpenShift GitOps v1.9.0 release but are now planned to be removed in the upcoming Red Hat OpenShift GitOps GA v1.10.0 release. GITOPS-2904
-
The
1.22.4. Fixed issues
The following issues have been resolved in the current release:
-
Before this update, when the
argocd-server-tlssecret was updated with a new certificate Argo CD was not always picking up this secret. As a result, the old expired certificate was presented. This update fixes the issue with a newGetCertificatefunction and ensures that the latest version of certificates is in use. When adding new certificates, now Argo CD picks them up automatically without the user having to restart theargocd-serverpod. GITOPS-2375 -
Before this update, when enforcing GPG signature verification against a
targetRevisioninteger pointing to a signed Git tag, users got aTarget revision in Git is not signederror. This update fixes the issue and lets users enforce GPG signature verification against signed Git tags. GITOPS-2418 - Before this update, users could not connect to Microsoft Team Foundation Server (TFS) type Git repositories through Argo CD deployed by the Operator. This update fixes the issue by updating the Git version to 2.39.3 in the Operator. GITOPS-2768
-
Before this update, when the Operator was deployed and running with the High availability (HA) feature enabled, setting resource limits under the
.spec.ha.resourcesfield did not affect Redis HA pods. This update fixes the reconciliation by adding checks in the Redis reconciliation code. These checks ensure whether thespec.ha.resourcesfield in the Argo CD custom resource (CR) is updated. When the Argo CD CR is updated with new CPU and memory requests or limit values for HA, now these changes are applied to the Redis HA pods. GITOPS-2404 -
Before this update, if a namespace-scoped Argo CD instance was managing multiple namespaces by using the
managed-bylabel and one of those managed namespaces was in a Terminating state, the Argo CD instance could not deploy resources to all other managed namespaces. This update fixes the issue by enabling the Operator to remove themanaged-bylabel from any previously managed now terminating namespace. Now, a terminating namespace managed by a namespace-scoped Argo CD instance does not block the deployment of resources to other managed namespaces. GITOPS-2627
1.22.5. Known issues
Currently, the Argo CD does not read the Transport Layer Security (TLS) certificates from the path specified in the
argocd-tls-certs-cmconfig map resulting in thex509: certificate signed by unknown authorityerror.Workaround: Perform the following steps:
Add the
SSL_CERT_DIRenvironment variable:Example Argo CD custom resource
apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata: name: example-argocd labels: example: repo spec: # ... repo: env: - name: SSL_CERT_DIR value: /tmp/sslcertdir volumeMounts: - name: ssl mountPath: /tmp/sslcertdir volumes: - name: ssl configMap: name: user-ca-bundle # ...Create an empty config map in the namespace where the subscription for your Operator exists and include the following label:
Example config map
apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle 1 labels: config.openshift.io/inject-trusted-cabundle: "true" 2
After creating this config map, the
user-ca-bundlecontent from theopenshift-confignamespace automatically gets injected into this config map, even merged with the system ca-bundle. GITOPS-1482
Additional resources
