Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Red Hat OpenShift GitOps release notes

Release notes contain information about new and deprecated features, breaking changes, fixed issues, and known issues. The following release notes apply to the most recent OpenShift GitOps releases on OpenShift Container Platform.

Red Hat OpenShift GitOps is a declarative way to implement continuous deployment for cloud native applications. Red Hat OpenShift GitOps ensures consistency in applications when you deploy them to different clusters in different environments, such as development, staging, and production. Red Hat OpenShift GitOps helps you automate the following tasks:

  • Ensure that the clusters have similar states for configuration, monitoring, and storage.
  • Recover or recreate clusters from a known state.
  • Apply or revert configuration changes to multiple OpenShift Container Platform clusters.
  • Associate templated configuration with different environments.
  • Promote applications across clusters, from staging to production.

For an overview of Red Hat OpenShift GitOps, see About Red Hat OpenShift GitOps.

Note

For additional information about the OpenShift GitOps lifecycle and supported platforms, refer to the OpenShift Operator Life Cycles and Red Hat OpenShift Container Platform Life Cycle Policy.

1.1. Compatibility and support matrix
Copy link

Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.

In the table, features are marked with the following statuses:

  • TP: Technology Preview
  • GA: General Availability
  • NA: Not Applicable
Important
  • In OpenShift Container Platform 4.13, the 
    stable
    channel has been removed. Before upgrading to OpenShift Container Platform 4.13, if you are already on the 
    stable
    channel, choose the appropriate channel and switch to it.
  • The maintenance support for OpenShift Container Platform 4.12 on IBM Power has ended from 17 July 2024. If you are using Red Hat OpenShift GitOps on OpenShift Container Platform 4.12, upgrade to OpenShift Container Platform 4.13 or later.
Expand
Table 1.1. GitOps and component versions
GitOpsArgo CD CLIHelmKustomizeArgo CDArgo RolloutsDexArgo CD AgentOpenShift Container Platform

1.20.0

3.3.2 TP

3.19.4 GA

5.8.1 GA

3.3.2 GA

1.8.4 GA

2.43.1 GA

0.7.0 GA

4.14, 4.16-4.21

1.19.0

3.1.9 TP

3.18.4 GA

5.7.0 GA

3.1.9 GA

1.8.3 GA

2.43.0 GA

0.5.3 GA

4.14, 4.16-4.21

1.18.0

3.1.5 TP

3.18.4 GA

5.7.0 GA

3.1.6 GA

1.8.3 GA

2.43.0 GA

0.4.1 TP

4.14, 4.16-4.20

Important
  • Starting from Red Hat OpenShift GitOps 1.18, support is no longer provided for Keycloak-based authentication. As an alternative, you can migrate to Dex or configure a self-managed Red Hat Build of Keycloak (RHBK) instance.

1.1.1. Technology Preview features
Copy link

The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use.

Expand
Table 1.2. Technology Preview tracker
FeatureTP in Red Hat OpenShift GitOps versionsGA in Red Hat OpenShift GitOps versions

Argo CD Agent

1.17.0

1.19.0

The GitOps 

argocd
CLI tool

1.12.0

NA

Argo CD application sets in non-control plane namespaces

1.12.0

NA

The 

round-robin
cluster sharding algorithm

1.10.0

NA

Dynamic scaling of shards

1.10.0

NA

Argo Rollouts

1.9.0

1.13.0

ApplicationSet Progressive Sync Strategy

1.8.0

NA

Multiple sources for an application

1.8.0

1.15.0

Argo CD applications in non-control plane namespaces

1.7.0

1.13.0

The Red Hat OpenShift GitOps Environments page in the Developer perspective of the OpenShift Container Platform web console

1.1.0

NA

Note

The 

ApplicationSet Progressive Sync Strategy
feature name aligns with the upstream naming convention and replaces the earlier name, 
ApplicationSet Progressive Rollout Strategy
, used in previous Red Hat OpenShift GitOps versions. The functionality remains unchanged.

Red Hat OpenShift GitOps 1.20.0 is available on OpenShift Container Platform 4.14, 4.16, 4.17, 4.18, 4.19, 4.20, and 4.21.

1.2.1. Errata updates
Copy link

RHEA-2026:5819 - Red Hat OpenShift GitOps 1.20.0 enhancement update advisory

Issued: 2026-03-25

The list of enhancements that are included in this release are documented in the following advisory:

If you have installed the Red Hat OpenShift GitOps Operator in the default namespace, run the following command to view the container images in this release: 

$ oc describe deployment gitops-operator-controller-manager -n openshift-gitops-operator

1.2.2. New features
Copy link

Changes to Argo CD authentication with external authentication enabled

With this update, when external authentication is enabled at the cluster level in OpenShift Container Platform 4.20 and later, the Red Hat OpenShift GitOps Operator no longer configures OpenShift OAuth for Argo CD login. To enable login in such environments, configure an external identity provider by specifying the 

.spec.oidc
field in the ArgoCD custom resource, for example using Red Hat Build of Keycloak (RHBK). If external authentication is not enabled, GitOps continues to use Dex with OpenShift OAuth.

GITOPS-8017

Enhanced wildcard support for ApplicationSet source namespaces

With this update, Red Hat OpenShift GitOps supports wildcard characters (

*
) in the 
.spec.applicationSet.sourceNamespaces
field of the Argo CD custom resource (CR). Use this feature to enable the 
ApplicationSets
in any namespace feature for a dynamic group of namespaces by using a single pattern instead of maintaining a static list.

GITOPS-8217

Managed and autonomous agent installation through the Argo CD agent

With this update, Red Hat OpenShift GitOps supports managed and autonomous Argo CD agent installation directly through the Argo CD custom resource (CR). Administrators can configure and deploy Argo CD agents by using the Operator, simplifying agent-based deployments.

GITOPS-8164

Mapping Applications to managed agents by using the destination field

With this update, the Argo CD agent supports destination-based mapping. This mode routes applications to managed agents by using the 

.spec.destination.name
field instead of the application namespace. It supports multitenant use cases where teams organize applications in separate namespaces while targeting the same agent. Applications keep their original namespace on the spoke cluster.

To enable destination-based mapping, configure the 

destinationBasedMapping
field in the Argo CD CR for the principal and agent components. On the agent, you can optionally set the 
createNamespace
field to allow automatic namespace creation if the application namespace does not exist on the spoke cluster.

For more information, see the Additional Resources section, which includes information about Argo CD Agent Mapping Modes in the Argo CD Agent upstream documentation.

GITOPS-8531

Image Updater custom resource with legacy annotation reading (Technology Preview)

With this update, the Argo CD Image Updater supports a custom resource (CR) that targets multiple applications generated by 

ApplicationSets
. This custom resource reads Image Updater settings from existing annotations (
argocd-image-updater.argoproj.io/*
). This enables adoption of the CR-based workflow without migrating existing configurations. A single 
ImageUpdater
CR can manage image updates across multiple applications.

For more information, see the Additional Resources section, which includes an upstream documentation link for the Argo CD Image Updater.

Important

The Argo CD Image Updater feature is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

GITOPS-8544

CloudEvents webhook support for AWS ECR in Image Updater (Technology Preview)

With this update, the Argo CD Image Updater supports a CloudEvents v1.0 webhook handler for AWS Elastic Container Registry (ECR) push events through AWS EventBridge. This approach uses a standard format instead of registry-specific handlers. AWS EventBridge can convert native ECR events to CloudEvents, enabling automated image updates when new images are pushed to ECR registries.

For more information, see the Additional Resources section, which includes an upstream documentation link for the Argo CD Image Updater.

Important

The Argo CD Image Updater feature is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

GITOPS-8283

Pod log streaming in agent architecture

With this update, users can view pod logs from workload clusters in the control plane when using the Argo CD agent architecture. You can use this feature to enable centralized troubleshooting and remove the need for direct access to workload clusters.

GITOPS-7264

OpenTelemetry integration for Argo CD agent

With this update, the Argo CD agent and principal components integrate with OpenTelemetry for distributed tracing. This integration enables deeper visibility into system behavior and performance.

GITOPS-8119

Network policies for core Argo CD components

With this update, Red Hat OpenShift GitOps implements Kubernetes Network Policy resources for all Argo CD workload pods to prevent unnecessary ingress and egress traffic. These network policies directly mitigate risks identified in the OpenShift Container Platform threat model and ensure a least-privilege network security posture for all Argo CD components. You can disable this feature by setting the 

spec.networkPolicy.enabled
field to 
false
.

GITOPS-7787

Kubernetes trust anchors in the GitOps operator

With this update, the Red Hat OpenShift GitOps Operator supports configuring system CA trust for the Argo CD repo-server through the Argo CD custom resource. The repo-server uses trust anchors from Kubernetes resources. This allows plugin sidecars to trust TLS hosts when running commands such as kustomize or fetching files over TLS. Previously, administrators configured trust anchors manually in the 

argocd-tls-certs-cm
config map. This change simplifies certificate management.

GITOPS-7391

Argo CD progressive sync with ordered deletion

With this update, Argo CD progressive sync supports removing applications in a specific order during deletion operations. Previously, Argo CD removed all applications in parallel. This update allows administrators to configure the deletion order to avoid dependency issues or service disruptions.

GITOPS-6250

Automatic cleanup of orphaned roles and role bindings

With this update, the Red Hat OpenShift GitOps Operator implements a safety mechanism that identifies namespaces containing orphaned Operator roles and automatically reapplies the tracking label. When a namespace is removed from 

.spec.sourceNamespaces
or 
.spec.applicationSet.sourceNamespaces
, the Red Hat OpenShift GitOps Operator cleans up related resources to ensure consistent resource management.

GITOPS-8537

Argo Rollouts kubectl plugin binaries

With this update, the Argo Rollouts kubectl plugin (CLI) binaries are built and released through Konflux for multiple platforms. The binaries are provided as standalone executables and are not packaged as RPMs. Use the binaries for direct access to the Argo Rollouts CLI to enable progressive delivery workflows.

GITOPS-5038

Operator base image migration to UBI 9 Minimal

With this update, the Red Hat OpenShift GitOps Operator and operand images use the UBI 9 Minimal base image to reduce CVE exposure and improve security posture. The image suffix changes from 

rhel8
to 
rhel9
. No action is required during upgrades. However, if you use external automation or scripts that reference these images, update them to match the new suffix.

GITOPS-8107

Reduced image size through package cleanup

With this update, Red Hat OpenShift GitOps component images have been optimized by removing unused packages and dependencies. This enhancement reduces image size, improves security, and speeds up image pulls.

GITOPS-8929

1.2.3. Fixed issues
Copy link

Fixed console plugin Applications page rendering error

Before this update, the Applications page of the GitOps console plugin did not render due to an unhandled JavaScript error, 

Cannot read properties of undefined (reading '0')
, particularly for invalid or ill-formed Applications. With this update, the plugin gracefully handles such cases, and the Applications page renders correctly.

GITOPS-8773

Fixed incorrect ownerReferences apiVersion in config maps

Before this update, 

ownerReferences
in config maps within the Argo CD namespace used an incorrect 
apiVersion
of 
v1alpha1
for the Argo CD instance, even after the Argo CD CR was converted to 
v1beta1
. This caused discrepancies in the UI when viewing the Argo CD CR. With this update, 
ownerReferences
are properly updated during upgrades to use the correct 
apiVersion
, ensuring consistency between the CR and its owned resources.

GITOPS-8001

Fixed Progressive Sync status display in UI

Before this update, applications generated by 

ApplicationSets
incorrectly displayed Progressive Sync as "Unknown" in the UI status panel. With this update, the Progressive Sync state is surfaced correctly, and when the feature is disabled, the UI hides the field entirely.

GITOPS-7797

Fixed incorrect application links across Argo CD instances

Before this update, when using a cluster-scoped Argo CD instance to deploy a namespaced Argo CD instance and applications managed by the namespaced instance, the cluster-scoped UI displayed incorrect links to the namespaced applications. With this update, the UI generates correct links for applications managed by different Argo CD instances.

GITOPS-1505

Enhanced security for Image Updater application references (Technology Preview)

Before this update, users could reference applications across namespaces in multitenant setups, bypassing 

AppProject
restrictions. With this update, the Image Updater enforces namespace boundaries and respects 
AppProject
configurations, ensuring proper tenant isolation.

For more information, see the Additional Resources section, which includes an upstream documentation link for the Argo CD Image Updater.

Important

The Argo CD Image Updater feature is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

GITOPS-8876

Fixed Image Updater Git process exhaustion (Technology Preview)

Before this update, the Argo CD Image Updater experienced Git process exhaustion when retrieving Git access tokens, leading to errors such as 

cannot fork() for remote-https: Resource temporarily unavailable
and 
RPC failed; HTTP 500
. The container accumulated thousands of Git processes, preventing further Git operations. With this update, the Image Updater properly manages Git processes and releases resources after retrieving access tokens, preventing process exhaustion.

For more information, see the Additional Resources section, which includes an upstream documentation link for the Argo CD Image Updater.

Important

The Argo CD Image Updater feature is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

GITOPS-8875

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top