Chapter 1. Red Hat OpenShift GitOps release notes

Note

For additional information about the OpenShift GitOps life cycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.

Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent OpenShift GitOps releases on OpenShift Container Platform.

Red Hat OpenShift GitOps is a declarative way to implement continuous deployment for cloud native applications. Red Hat OpenShift GitOps ensures consistency in applications when you deploy them to different clusters in different environments, such as: development, staging, and production. Red Hat OpenShift GitOps helps you automate the following tasks:

Ensure that the clusters have similar states for configuration, monitoring, and storage
Recover or recreate clusters from a known state
Apply or revert configuration changes to multiple OpenShift Container Platform clusters
Associate templated configuration with different environments
Promote applications across clusters, from staging to production

For an overview of Red Hat OpenShift GitOps, see About Red Hat OpenShift GitOps.

1.1. Compatibility and support matrix

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

TP: Technology Preview
GA: General Availability
NA: Not Applicable

Important

In OpenShift Container Platform 4.13, the stable channel has been removed. Before upgrading to OpenShift Container Platform 4.13, if you are already on the stable channel, choose the appropriate channel and switch to it.
The maintenance support for OpenShift Container Platform 4.12 on IBM Power has ended from 17 July 2024. If you are using Red Hat OpenShift GitOps on OpenShift Container Platform 4.12, upgrade to OpenShift Container Platform 4.13 or later.

OpenShift GitOps	Component Versions								OpenShift Versions
Version	`kam`	Argo CD CLI	Helm	Kustomize	Argo CD	Argo Rollouts	Dex	RH SSO
1.13.0	0.0.51 TP	2.11.3 TP	3.14.4 GA	5.2.1 GA	2.11.3 GA	1.6.6 GA	2.37.0 GA	7.6.0 GA	4.12-4.16
1.12.0	0.0.51 TP	2.10.3 TP	3.14.0 GA	5.2.1 GA	2.10.3 GA	1.6.0 TP	2.36.0 GA	7.6.0 GA	4.12-4.15
1.11.0	0.0.51 TP	NA	3.13.2 GA	5.2.1 GA	2.9.2 GA	1.6.0 TP	2.36.0 GA	7.6.0 GA	4.12-4.14

kam is the Red Hat OpenShift GitOps Application Manager command-line interface (CLI).
RH SSO is an abbreviation for Red Hat SSO.

1.1.1. Technology Preview features

The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use.

Table 1.1. Technology Preview tracker
Feature	TP in Red Hat OpenShift GitOps versions	GA in Red Hat OpenShift GitOps versions
The GitOps `argocd` CLI tool	1.12.0	NA
Argo CD application sets in non-control plane namespaces	1.12.0	NA
The `round-robin` cluster sharding algorithm	1.10.0	NA
Dynamic scaling of shards	1.10.0	NA
Argo Rollouts	1.9.0	1.13.0
ApplicationSet Progressive Rollout Strategy	1.8.0	NA
Multiple sources for an application	1.8.0	NA
Argo CD applications in non-control plane namespaces	1.7.0	1.13.0
The Red Hat OpenShift GitOps Environments page in the Developer perspective of the OpenShift Container Platform web console	1.1.0	NA

1.2. Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

1.3. Release notes for Red Hat OpenShift GitOps 1.13.3

Red Hat OpenShift GitOps 1.13.3 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, 4.15, and 4.16.

1.3.1. Errata updates

1.3.1.1. RHBA-2024:10127 - Red Hat OpenShift GitOps 1.13.3 security update advisory

Issued: 2024-11-20

The list of security fixes that are included in this release is documented in the following advisory:

RHBA-2024:10127

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.3.2. Fixed issues

Before this update, when using the dynamic scaling feature, application controller pods consumed high memory and clusters were not distributed properly across shards. This update ensures that clusters are distributed across shards. GITOPS-5811
For more information, see Enabling dynamic scaling of shards in the web console section

1.4. Release notes for Red Hat OpenShift GitOps 1.13.2

Red Hat OpenShift GitOps 1.13.2 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, 4.15, and 4.16.

1.4.1. Errata updates

1.4.1.1. RHSA-2024:8581 - Red Hat OpenShift GitOps 1.13.2 security update advisory

Issued: 2024-10-29

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:8581

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.4.2. Fixed issues

Before this update, Argo CD could not obtain the appropriate transport layer security (TLS) certificate for Helm Open Container Initiative (OCI) registries when the URL included a path or port number. With this update, a fix is introduced in upstream Argo CD to correctly parse the URL and return a valid certificate. GITOPS-5081
Before this update, you could not log in to the Argo CD web console UI after a Red Hat OpenShift Service on an Amazon Web Services (AWS) cluster, that includes a GitOps Operator and an Argo CD instance configured with Dex-based SSO, resumed from hibernation. The login screen would display an error indicating an invalid redirect Uniform Resource Identifier (URI) in the Dex configuration. This update fixes the issue by ensuring that the correct Dex redirect URL is updated in the Argo CD configuration whenever a Argo CD server route is modified. GITOPS-4358

1.4.3. Breaking change

1.4.3.1. Additional configurations for cluster-scoped rollouts instance installation

When you upgrade to Red Hat OpenShift GitOps v1.13, if you want to create the cluster-scoped rollouts installation outside the default installation namespace, openshift-gitops, you must host it in the CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES environment variable of the Subscription resource. The Red Hat OpenShift GitOps Operator does not support cluster-scoped rollouts installation if the namespace is not defined in the CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES environment variable.
In previous versions of Red Hat OpenShift GitOps, Argo Rollouts used the NAMESPACE_SCOPED_ARGO_ROLLOUTS_NAMESPACES environment variable of the Subscription resource to check if the cluster-scoped rollouts instance can host a cluster-scoped rollouts installation in the user-defined namespace. GITOPS-5640
Note
The cluster-scoped rollouts installation functionality change does not impact the installation behavior of the namespace-scoped rollouts installation.
Example: Configuring the CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES environment variable
```
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: argo-operator
spec:
  config:
   env:
    - name: NAMESPACE_SCOPED_ARGO_ROLLOUTS
      value: 'false' 1
    - name: CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES
      value: <list_of_namespaces_in_the_cluster-scoped_Argo_CD_instances> 2
 ...
```
1
Specify this value to enable or disable the cluster-scoped installation. If the value is set to 'false', it means that the you have enabled cluster-scoped installation. If it is set to 'true', it means that you have enabled namespace-scoped installation. If the value is empty, it is set to false.
2
Specifies a comma-separated list of namespaces that can host a cluster-scoped Argo CD instance, for example test-123-cluster-scoped,test-456-cluster-scoped.

1.5. Release notes for Red Hat OpenShift GitOps 1.13.1

Red Hat OpenShift GitOps 1.13.1 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, 4.15, and 4.16.

1.5.1. Errata updates

1.5.1.1. RHSA-2024:4891 - Red Hat OpenShift GitOps 1.13.1 security update advisory

Issued: 2024-07-25

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:4891

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.5.2. Fixed issues

Before this update, the sync trigger for a webhook enabled on Bitbucket was not working, resulting in an application failing to refresh after a change. This update fixes the issue by modifying the functionality of the Red Hat OpenShift GitOps Operator to ensure that the sync trigger on webhooks automatically refreshes an application after a change. GITOPS-5045

1.6. Release notes for Red Hat OpenShift GitOps 1.13.0

Red Hat OpenShift GitOps 1.13.0 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, 4.15, and 4.16.

1.6.1. New features

With this update, you can configure Argo CD to disable the automatic scraping of metrics for your instance. Before this update, there was no option to disable this feature, resulting in excessive storage usage when multiple Argo CD instances were available on the cluster. GITOPS-4519
Note
In GitOps, the scraping of metrics is enabled by default for all Argo CD instances.
To disable metrics for your Argo CD instance, edit the spec.monitoring.disableMetrics field in the Argo CD CR to true.
Example
```
apiVersion: argoproj.io/v1beta1
kind: ArgoCD
metadata:
 name: argocd-sample
 namespace: default
spec:
 monitoring:
   disableMetrics: true
```
Use the following command to scrape metrics in the Argo CD CLI:
```
$ oc patch argocd argocd-sample -n default --type='json' -p='[{"op": "replace", "path": "/spec/monitoring/disableMetrics", "value": true}]'
```
With this update, the Argo Rollouts functionality in Red Hat OpenShift GitOps is promoted from Technology Preview (TP) to General Availability (GA). GITOPS-3848
Use this feature to perform the following actions:
- Run cluster-scoped Argo Rollouts instead of namespace-scoped Argo Rollouts
- Route traffic by using OpenShift Routes for canary application deployment
- Configure the Argo Rollouts CLI
With this update, you can perform canary-based Argo Rollouts deployments by using OpenShift Routes-based traffic management. Argo Rollouts supports traffic splitting by modifying the percentage of traffic that reaches the canary or stable application version during a deployment. GITOPS-2400
With this update, the Argo CD applications in non-control plane namespaces feature is promoted from Technology Preview (TP) to General Availability (GA). GITOPS-3796
With this update, the following new commands are introduced for the Argo CD applications in non-control plane namespaces feature:
- argocd proj add-source-namespace: Use this command to add source namespaces to the .spec.sourceNamespaces field of the AppProject CR to allow specific namespaces for application creation.
- argocd proj delete-source-namespace: Use this command to remove source namespaces from the .spec.sourceNamespaces field of the AppProject CR to exclude specific namespaces. GITOPS-4045
With this update, you can customize permissions for a cluster-scoped Argo CD instance by creating user-defined ClusterRoles and ClusterRoleBindings for the Argo CD Application Controller and server components. GITOPS-2614
With this update, you can customize the Keycloak route name in the Red Hat OpenShift GitOps Operator. This update also enables support for complex routing scenarios, such as dividing routes among various ingress controller shards. GITOPS-4451
With this update, the route TLS termination is set as default to the reencrypt mode for both the default and user-defined Argo CD instances. TLS connections to the Argo CD instances now receive the default ingress certificate that is set in OpenShift Container Platform, instead of the self-signed Argo CD certificate generated by the Red Hat OpenShift GitOps Operator. You can modify the route TLS termination policy by configuring the .spec.server.route.tls field of the Argo CD CR. GITOPS-3918
With this update, Argo CD upstream is enhanced to ensure that resource deletion is managed properly when using sync-waves. Now, Argo CD waits for resources to be entirely deleted before advancing to the next sync-wave in the deletion process. This approach ensures a controlled and predictable workflow, enhancing the user experience and preventing potential issues that might arise from not waiting for resources to be fully recycled before proceeding to the next sync-wave. GITOPS-2642
With this update, Argo CD CLI has been enhanced by enabling the --app-namespace flag for various application-related commands. GITOPS-3834
This flag allows users to specify the namespace for operations such as waiting, rolling back, patching, editing, diffing, viewing history, syncing, and deleting applications. As a result, the following commands are updated in Red Hat OpenShift GitOps:
- argocd app wait
- argocd app rollback
- argocd app patch
- argocd app edit
- argocd app diff
- argocd app history
- argocd app sync
- argocd app delete
- argocd app get

1.6.2. Fixed issues

Before this update, if the DeploymentConfig [apps.openshift.io/v1] API was disabled in the OpenShift Container Platform cluster, the GitOps Operator would enter the CrashLoopBackoff error state and would not function properly. This update fixes the issue by modifying the functionality of the GitOps Operator to ensure that it does not enter the CrashLoopBackoff error state when the API is unavailable in the cluster. GITOPS-4489
Before this update, users were unable to connect to remote Git repositories through a SOCKS5 proxy server because it was only compatible with HTTPS URLs. With this update, users can access remote Git repositories by using a SOCKS5 proxy server that supports the SSH protocol. GITOPS-3710
Before this update, the forceHttpBasicAuth repository configuration was not initialized properly during repository updates from Argo CD UI. As a result, the value was reset to default, leading to connection errors, particularly for Azure DevOps repositories. This update fixes the issue by adding a change in the upstream to ensure that the forceHttpBasicAuth configuration is correctly initialized during repository update operations. GITOPS-3706
Before this update, the Argo CD CLI would designate the initial source as the main source for multi-source applications. With this update, the Argo CD CLI supports multi-source applications by considering all sources during processing. GITOPS-2623
Before this update, the Argo Rollouts controller CR did not create ServiceMonitor. With this update, the Argo Rollouts controller CR is improved to include support for ServiceMonitor creation. As a result, you can gather metrics from Rollouts using the enhanced Argo Rollouts controller CR, and these metrics are visible in monitoring. GITOPS-3271

1.6.3. Known Issues

There is currently a known issue that prevents the Red Hat OpenShift GitOps Operator from updating the default TLS termination policy of the Argo CD server route from Passthrough to Reencrypt. This is a race condition that occurs when upgrading from an older version. GITOPS-4947
Workaround: Delete the Argo CD server route and the Argo CD server pod. The recreated route and pod now uses the Reencrypt policy.

1.6.4. Deprecated and removed features

In Red Hat OpenShift GitOps 1.13, the Red Hat OpenShift GitOps Application Manager CLI, kam, is deprecated and is planned to be removed in the future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to the Red Hat OpenShift GitOps Application Manager CLI, kam, you can use the Argo CD CLI that is available from Red Hat OpenShift GitOps Operator v1.12. GITOPS-4466

1.6.5. Breaking change

1.6.5.1. Argo Rollouts instances are installed as namespace-scoped

When you upgrade to Red Hat OpenShift GitOps v1.13, Argo Rollouts instances in Red Hat OpenShift GitOps are installed as namespace-scoped. Previously, when you created a RolloutManager CR within a namespace, that Argo Rollouts instance would only have permissions to deploy within that specific namespace. Now, because Argo Rollouts instances in Red Hat OpenShift GitOps are installed as cluster-scoped, a RolloutManager CR created within a namespace can be deployed across the entire cluster. GITOPS-3847

Additional resources

Argo Rollouts

1.7. Release Notes for Red Hat OpenShift GitOps 1.12.6

Red Hat OpenShift GitOps 1.12.6 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.7.1. Errata updates

1.7.1.1. RHSA-2024:8677 - Red Hat OpenShift GitOps 1.12.6 security update advisory

Issued: 2024-10-29

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:8677

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.8. Release Notes for Red Hat OpenShift GitOps 1.12.5

Red Hat OpenShift GitOps 1.12.5 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.8.1. Errata updates

1.8.1.1. RHSA-2024:4973 - Red Hat OpenShift GitOps 1.12.5 security update advisory

Issued: 2024-08-01

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:4973

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.9. Release notes for Red Hat OpenShift GitOps 1.12.4

Red Hat OpenShift GitOps 1.12.4 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.9.1. Errata updates

1.9.1.1. RHSA-2024:4163 - Red Hat OpenShift GitOps 1.12.4 security update advisory

Issued: 2024-06-27

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:4163

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.9.2. Fixed issues

Before this update, the default TLS termination policy of the Argo CD server route changed from passthrough to reencrypt, leading to issues for users who previously configured the passthrough route with a custom TLS certificate. This update fixes the issue by reverting the default termination policy to passthrough. With this update, the Argo CD UI is accessible without any issues, even if the server route with a passthrough policy is configured with a custom TLS certificate. GITOPS-4758

1.10. Release notes for Red Hat OpenShift GitOps 1.12.3

Red Hat OpenShift GitOps 1.12.3 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.10.1. Errata updates

1.10.1.1. RHSA-2024:3368 - Red Hat OpenShift GitOps 1.12.3 security update advisory

Issued: 2024-05-28

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:3368

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.10.2. Fixed issues

Before this update, pods in a different namespace could access the Redis server on port 6379 to obtain read and write access to the data. This update fixes the issue by enabling secure authentication.

1.11. Release notes for Red Hat OpenShift GitOps 1.12.2

Red Hat OpenShift GitOps 1.12.2 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.11.1. Errata updates

1.11.1.1. RHSA-2024:2816 - Red Hat OpenShift GitOps 1.12.2 security update advisory

Issued: 2024-05-10

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:2816

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.11.2. New features

With this update, support has been provided for the must-gather tool in the Argo Rollouts controller. This update provides support for the following enhancements:
- Logs for pods within the Red Hat OpenShift GitOps Operator including the Argo Rollouts controller pods.
- Contents of Argo Rollouts Manager and Argo Rollouts custom resources (CRs).
- Contents of Deployment, Statefulset, and ConfigMaps CRs created by the must-gather tool in the Argo Rollouts controller. GITOPS-3947

1.11.3. Fixed issues

Before this update, users could not use the argocd-k8s-auth binary to add Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) clusters because this binary was not available in the GitOps container. This update fixes the issue by adding the argocd-k8s-auth binary in the GitOps container. GITOPS-4226
Before this update, attempts to connect to Azure DevOps with Argo CD would result in an error due to the deprecation of the rsa-ssh host key algorithm by the Azure DevOps Repository service. This update fixes the issue by providing support for the rsa-ssh host key algorithms during the communication process between Argo CD and Azure DevOps Repository service. GITOPS-4543
Before this update, GitOps console plugin workloads did not schedule on infrastructure nodes when the runOnInfra field was enabled in the GitOpsService custom resource (CR). This update fixes the issue by adding the infrastructure node-selector on the GitOps console plugin workloads. This enables users to configure custom node-selectors and tolerations on the gitops-console pod. As a result, when the runOnInfra field is enabled, the GitOps console plugin pod is placed on the infrastructure nodes like the other default workloads. GITOPS-4496
Before this update, the ignoreDifferences sync option in Argo CD did not work for array fields. This update fixes the issue by modifying the merge strategy of the ignoreDifferences sync option used in the upstream project to handle array fields. As a result, the sync option now functions correctly by allowing users to ignore specific elements in the array during sync. GITOPS-2962
Before this update, users were unable to include context for notifications in the NotificationsConfiguration custom resource (CR). With this update, users can now add context for notifications by using the context field in the NotificationsConfiguration CR. This field can also be used to establish shared context across all templates defined in the NotificationsConfiguration CR. GITOPS-4303
Example of the context field in the NotificationsConfiguration CR
```
spec:
  context:
    region: east 1
```
1
Context among all notification templates is in key-value pairs
Before this update, users accessing a Red Hat OpenShift on AWS (ROSA) cluster after hibernation were unable to log in to the Argo CD web console due to an error indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors when the ROSA cluster is operational post-hibernation. GITOPS-4358
Before this update, users were unable to log in to the Argo CD web console if the availability of the openshift-gitops route was delayed while the Red Hat OpenShift GitOps Operator processed an Argo CD custom resource instance. An error message was displayed indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors. GITOPS-3736
Before this update, users could not create custom resources for Argo CD from the Add page on the Developer perspective of the Red Hat OpenShift GitOps web console. This issue has been observed from Red Hat OpenShift GitOps 1.10 and later releases. This update fixes the issue because Operator-backed resources with the correct versions are included in the ClusterServiceVersion manifest file. GITOPS-4513

1.12. Release Notes for Red Hat OpenShift GitOps 1.12.1

Red Hat OpenShift GitOps 1.12.1 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.12.1. Errata updates

1.12.1.1. RHSA-2024:1753 - Red Hat OpenShift GitOps 1.12.1 security update advisory

Issued: 2024-04-10

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:1753

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.13. Release notes for Red Hat OpenShift GitOps 1.12.0

Red Hat OpenShift GitOps 1.12.0 is now available on OpenShift Container Platform 4.12, 4.13, 4.14, and 4.15.

1.13.1. Errata updates

1.13.1.1. RHSA-2024:1441 - Red Hat OpenShift GitOps 1.12.0 security update advisory

Issued: 2024-03-20

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:1441

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.13.2. New features

With this update, the GitOps argocd CLI is supported and accessible as a productized component of Red Hat OpenShift GitOps. The GitOps argocd CLI tool is available through RPMs in RHEL. You can download it through the OpenShift mirror registry.
Warning
The GitOps argocd CLI tool is a Technology Preview feature.
By using the GitOps argocd CLI tool, you can complete the following tasks:
- Manage Red Hat OpenShift GitOps from a terminal.
- Manage ArgoCD resources, such as Applications, ApplicationSets, AppProjects, User accounts, and GPG keys from a client terminal. GITOPS-3389
  Note
  The argocd executable binary file is included in the archive and RPM formats.
With this update, NotificationsConfiguration custom resource (CR) is now supported. Before this update, you had to update the argocd-notifications-cm ConfigMap to manage templates, triggers, services and subscriptions. With this release, you cannot modify the argocd-notifications-cm ConfigMap. A new Custom Resource definition NotificationsConfiguration is introduced to manage the argocd-notifications-cm ConfigMap. GITOPS-4130
Note
This update removes any configuration added to argocd-notifications-cm ConfigMap. You must take a backup of your configuration and update the configuration/backup in the default-notifications-configuration custom resource of kind:NotificationsConfiguration after upgrading to the new version. Also, with this update, any modifications to argocd-notifications-cm ConfigMap are not allowed.
With this update, two new fields .spec.applicationSet.sourceNamespaces and .spec.applicationSet.scmProviders are introduced in the ArgoCD CRD to support ApplicationSet in any non-control plane namespaces. Administrators can use these fields to define certain namespaces that manage ApplicationSet resources. GITOPS-3754
Warning
Argo CD application sets in non-control plane namespaces is a Technology Preview feature.
With this update, Argo CD server has the required permissions to manage ApplicationSet resources. GITOPS-3762
With this update, you can configure log levels, such as debug, info, warn, error, panic and fatal. The default log level set for the output is info. To change the log level, add the environment variable LOG_LEVEL in the .spec.config.env field of the Subscription CR. GITOPS-4016
Example output
```
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: gitops-operator
  namespace: openshift-gitops-operator
spec:
  ...
  config:
    env:
    - name: LOG_LEVEL
      value: "error"
```
With this update, Argo CD accepts the wildcard values in the sourceNamespaces field so that you can specify multiple namespaces or patterns for namespaces. To use this feature, specify the namespaces where Argo CD can manage applications in the .spec.sourceNamespaces field of the ArgoCD CR. GITOPS-3935
Example
```
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd-wildcard-pattern
spec:
  sourceNamespaces:
    - app-team-*
   - namespace-2
```
In the previous example, permissions are granted to namespaces that match the pattern app-team-*, such as app-team-1, app-team-2, and namespace-2, which does not use wildcard values.
To grant permissions for all the namespaces on the Argo CD cluster using the * wildcard pattern, configure the ArgoCD CR in the following manner:
Example
```
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd-all-namespaces
spec:
  sourceNamespaces:
    - '*'
```

1.13.3. Fixed issues

Before this update, the notifications controller could not use built-in functions in notification templates to obtain information about applications because of an incorrect repository server address. This update fixes the issue by initializing the notification controller to use the correct repository server address. GITOPS-2867
Before this update, when a user created a Job from a CronJob resource, an error is displayed. With this update, users can create Job executions from a CronJob resource defined in a deployed Argo CD application. GITOPS-3617
Before this update, in some instance when applications are deleted, their application environment card would remain in a half-deleted state until the page was refreshed. With this update, the application environment card is removed from the UI automatically after the Argo CD application is deleted. GITOPS-2677
Before this update, when a user deleted apps and namespaces in Argo CD, in some cases, the Red Hat OpenShift GitOps plugin would display an error message. This update fixes the issue by updating some components from the dynamic plugin SDK and provides better error handling. As a result, the error message is not displayed after deleting apps or namespaces. GITOPS-2746
Before this update, the password for the admin role was used to reset to the default password when it was updated by the GitOps argocd CLI or the Argo CD UI. This update fixes the issue and the user can now update the admin password and the password is no longer set to default. GITOPS-3581

1.13.4. Known Issues

There is currently a known issue that changes the functionality of routing in the OpenShift Console Dynamic plugin, dynamic-console-sdk, that is used by the Red Hat OpenShift GitOps Dynamic Plugin. This issue causes the horizontal navigation bar, which is used to switch between the Application Overview page and the Deployment History page for an application, on the Application Overview page to not function correctly. GITOPS-4232
Workaround: To view the Deployment History page of an application, use the Deployment History link on the application instead of the link on the horizontal navigation bar on the Application Overview page. This issue has been observed on all supported cluster versions that use the Red Hat OpenShift GitOps Dynamic Plugin.
There is currently a known issue on the OpenShift Container Platform cluster for the console Red Hat OpenShift GitOps Dynamic Plugin where users can experience some delay when fetching application data. GITOPS-4234
Workaround: No workaround currently exists for this issue, so you must wait for the fetching of the application data to complete.
There is currently a known issue that causes the Red Hat OpenShift GitOps Dynamic Plugin to be disabled on the OpenShift Container Platform 4.15 cluster. GITOPS-4231
Workaround: Perform the following steps:
1. Install the Red Hat OpenShift GitOps Operator in your cluster.
2. In the Administrator perspective of the web console, navigate to Home Overview.
3. On the Overview tab, click the Dynamic plugins link in the Status section.
4. To enable the Red Hat OpenShift GitOps Dynamic Plugin, click gitops-plugin and then click Enabled.
  After some time, a notification with the message “Web console update is available” is displayed.

1.14. Release Notes for Red Hat OpenShift GitOps 1.11.7

Red Hat OpenShift GitOps 1.11.7 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.14.1. Errata updates

1.14.1.1. RHSA-2024:4972 - Red Hat OpenShift GitOps 1.11.7 security update advisory

Issued: 2024-08-01

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:4972

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.15. Release Notes for Red Hat OpenShift GitOps 1.11.6

Red Hat OpenShift GitOps 1.11.6 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.15.1. Errata updates

1.15.1.1. RHSA-2024:4626 - Red Hat OpenShift GitOps 1.11.6 security update advisory

Issued: 2024-07-18

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:4626

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.16. Release Notes for Red Hat OpenShift GitOps 1.11.5

Red Hat OpenShift GitOps 1.11.5 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.16.1. Errata updates

1.16.1.1. RHSA-2024:3475 - Red Hat OpenShift GitOps 1.11.5 security update advisory

Issued: 2024-05-29

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:3475

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.16.2. Fixed issues

Before this update, pods in a different namespace could access the Redis server on port 6379 to obtain read and write access to the data. This issue has been fixed in this release by enabling secure authentication.

1.17. Release Notes for Red Hat OpenShift GitOps 1.11.4

Red Hat OpenShift GitOps 1.11.4 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.17.1. Errata updates

1.17.1.1. RHSA-2024:2815 - Red Hat OpenShift GitOps 1.11.4 security update advisory

Issued: 2024-05-10

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:2815

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.17.2. Fixed issues

Before this update, users could not use the argocd-k8s-auth binary to add Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) clusters because this binary was not available in the GitOps container. This update fixes the issue by adding the argocd-k8s-auth binary in the GitOps container. GITOPS-4226
Before this update, attempts to connect to Azure DevOps with Argo CD would result in an error due to the deprecation of the rsa-ssh host key algorithm by the Azure DevOps Repository service. This update fixes the issue by providing support for the rsa-ssh host key algorithms during the communication process between Argo CD and Azure DevOps Repository service. GITOPS-4543
Before this update, the ignoreDifferences sync option in Argo CD did not work for array fields. This update fixes the issue by modifying the merge strategy of the ignoreDifferences sync option used in the upstream project to handle array fields. As a result, the sync option now functions correctly by allowing users to ignore specific elements in the array during sync. GITOPS-2962
Before this update, users accessing a Red Hat OpenShift on AWS (ROSA) cluster after hibernation were unable to log in to the Argo CD web console due to an error indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors when the ROSA cluster is operational post-hibernation. GITOPS-4358
Before this update, users were unable to log in to the Argo CD web console if the availability of the openshift-gitops route was delayed while the Red Hat OpenShift GitOps Operator processed an Argo CD custom resource instance. An error message was displayed indicating an invalid redirect URI in the Dex configuration. With this update, users can now log in to the Argo CD web console without facing any errors. GITOPS-3736
Before this update, users could not create custom resources for Argo CD from the Add page on the Developer perspective of the Red Hat OpenShift GitOps web console. This issue has been observed from Red Hat OpenShift GitOps 1.10 and later releases. This update fixes the issue because Operator-backed resources with the correct versions are included in the ClusterServiceVersion manifest file. GITOPS-4513

1.18. Release Notes for Red Hat OpenShift GitOps 1.11.3

Red Hat OpenShift GitOps 1.11.3 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.18.1. Errata updates

1.18.1.1. RHSA-2024:1697 - Red Hat OpenShift GitOps 1.11.3 security update advisory

Issued: 2024-04-08

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:1697

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.19. Release notes for Red Hat OpenShift GitOps 1.11.2

Red Hat OpenShift GitOps 1.11.2 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.19.1. Errata updates

1.19.1.1. RHSA-2024:1346 - Red Hat OpenShift GitOps 1.11.2 security update advisory

Issued: 2023-03-15

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024:1346

If you have installed the Red Hat OpenShift GitOps Operator, run the following command to view the container images in this release:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.19.2. Fixed issues

Before this update, due to the incorrect filtering of URL protocols in the Argo CD application summary component, an attacker could use cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to 2.9.8, which patches this vulnerability. GITOPS-4210

1.20. Release notes for Red Hat OpenShift GitOps 1.11.1

Red Hat OpenShift GitOps 1.11.1 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.20.1. Errata updates

1.20.1.1. RHSA-2024-0689 - Red Hat OpenShift GitOps 1.11.1 security update advisory

Issued: 2024-02-05

The list of security fixes that are included in this release is documented in the following advisory:

RHSA-2024-0689

If you have installed the Red Hat OpenShift GitOps Operator, view the container images in this release by running the following command:

$ oc describe deployment gitops-operator-controller-manager -n openshift-operators

1.21. Release notes for Red Hat OpenShift GitOps 1.11.0

Red Hat OpenShift GitOps 1.11.0 is now available on OpenShift Container Platform 4.12, 4.13, and 4.14.

1.21.1. New features

The current release adds the following improvement:

With this update, you can selectively disable the redis and application-controller components for an Argo CD instance in a specified namespace. These components are enabled by default. To disable a component, set the enabled flag to false in the .spec.<component>.enabled field of the Argo CD Custom Resource (CR). GITOPS-3723
For example:
```
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
spec:
  controller:
    enabled: false
  redis:
    enabled: false
```
Note
This feature is currently limited to the redis and application-controller components. It is expected that support for other components will be included in a future Red Hat OpenShift GitOps release.

1.21.2. Fixed issues

The following issues have been resolved in the current release:

Before this update, the Argo CD Notifications Controller did not support custom certificates added to the argocd-tls-certs-cm config map. As a result, notification services with custom certificates did not receive notifications due to the x509: certificate signed by unknown authority error message. This update fixes the issue by correctly initializing the cert resolver function in the Argo CD Notifications Controller to load all certificates stored in the argocd-tls-certs-cm config map. Now, notification services with custom certificates can successfully receive notifications. GITOPS-2809
Before this update, users would face PrometheusOperatorRejectedResources alerts when the Red Hat OpenShift GitOps Operator was not installed in the openshift-gitops-operator namespace. The problem affected users who upgraded from earlier versions of the Red Hat OpenShift GitOps Operator to v1.10. This update fixes the issue by updating the Operator’s serverName metrics service to reflect the correct installation namespace. Now, users who upgrade or install the Red Hat OpenShift GitOps Operator in namespaces other than openshift-gitops-operator should not see these alerts. GITOPS-3424