Chapter 1. Red Hat OpenShift GitOps release notes

Issued: 2025-12-17

The list of enhancements that are included in this release are documented in the following advisory:

With this update, the Argo CD Agent functionality in the Red Hat OpenShift GitOps Operator is promoted from Technology Preview (TP) to General Availability (GA). This feature enables Argo CD to use an agent-based, pull-based approach to Argo CD application deployment, which leads to improved scalability, security, reliability, and more. For more information, see the Additional Resources section, which includes the downstream documentation for the Argo CD Agent architecture and installation.

GITOPS-7740

The Red Hat OpenShift GitOps Operator now provides administrators with flexible, multi-level control over the imagePullPolicy for container images used by the Argo CD, GitOpsService, and RolloutsManager components. This enhancement enables organizations to define a consistent image pulling strategy across all managed instances. The Red Hat OpenShift GitOps Operator evaluates image pull policy settings in the following order:

With this update, cluster administrators can delegate the management of Argo CD notification settings to specific namespaces, enabling users to manage their configurations. Teams can now configure their own triggers, templates, and subscriptions for their Applications without requiring access to the control plane namespace configurations. Administrators can enable this capability by adding the target namespace to the .spec.sourceNamespaces and .spec.notifications.sourceNamespaces fields in the Argo CD CR. For more information, see the Additional Resources section, which includes information about Configuring Notifications in any Namespace.

GITOPS-7704

With this update, Argo CD Image Updater is now available as a Technology Preview feature in Red Hat OpenShift GitOps. Argo CD Image Updater automatically updates container images for Kubernetes workloads managed by Argo CD. It tracks image versions in applications as defined by ImageUpdater CRs and updates it by applying parameter overrides through the Argo CD API or by using the Git write-back method. The image updater supports applications built with Kustomize or Helm. In this release, the Red Hat OpenShift GitOps Operator provides a productized container image of the Argo CD Image Updater and introduces a new property in the Argo CD CR to enable or disable the feature.

The following example shows how to configure the Argo CD Image Updater feature in the Argo CD CR:

spec:
  imageUpdater:
    enabled: true
    env:
      - name: IMAGE_UPDATER_LOGLEVEL
        value: trace
    resources:
      limits:
        cpu: 500m
        memory: 1024Mi
      requests:
        cpu: 250m
        memory: 512Mi

spec:
  imageUpdater:
    enabled: true
    env:
      - name: IMAGE_UPDATER_LOGLEVEL
        value: trace
    resources:
      limits:
        cpu: 500m
        memory: 1024Mi
      requests:
        cpu: 250m
        memory: 512Mi

For more information, see the Additional Resources section, which includes an upstream documentation link for the Argo CD Image Updater.

GITOPS-7491

With this update, you can configure resource requests and limits for the cluster and GitOps plugin components through the GitOpsService CR. Administrators can define these values by using the following fields:

With this update, the Argo CD Agent component is built and verified with FIPS-validated cryptographic modules, ensuring that all cryptographic operations conform to Federal Information Processing Standards (FIPS). This enhancement enables the Argo CD Agent to operate in FIPS-enabled Red Hat Enterprise Linux and OpenShift environments and aligns the component with Red Hat’s FIPS certification standards.

GITOPS-6366

With this update, the Red Hat OpenShift GitOps Operator introduces memory usage optimizations in the Red Hat OpenShift GitOps Operator manager. The enhancement uses controller-runtime Transform functions to remove unnecessary fields from cached secrets and config maps that the Red Hat OpenShift GitOps Operator does not require. This approach helps reduce memory consumption, especially in clusters with a large number of secrets and config maps. These improvements can lower the memory footprint of the openshift-gitops-operator-controller-manager deployment. The optimization is enabled by default. If you encounter unexpected behavior, you can disable the feature by adding the following environment variable to the Red Hat OpenShift GitOps Operator Subscription CR:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-gitops-operator
spec:
  config:
    env:
      - name: MEMORY_OPTIMIZATION_ENABLED
        value: "false"

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-gitops-operator
spec:
  config:
    env:
      - name: MEMORY_OPTIMIZATION_ENABLED
        value: "false"

GITOPS-6281

When upgrading the Red Hat OpenShift GitOps Operator from a version earlier than 1.17.x, the redis-ha-haproxy deployment might not automatically scale to 3 replicas, even if high availability (HA) mode was enabled before the upgrade. This issue occurs only when HA mode was configured before upgrading to version 1.17.x.

Workaround: Manually scale the redis-ha-haproxy deployment to the expected replica count by running the following command:

oc scale deployment <argocd instance>-redis-ha-haproxy \
  -n <argocd namespace> --replicas=3

$ oc scale deployment <argocd instance>-redis-ha-haproxy \
  -n <argocd namespace> --replicas=3

GITOPS-8225

With this update, the Red Hat OpenShift GitOps Operator changes the default resource tracking behavior from label-based tracking to annotation-based tracking. Annotation-based tracking provides improved reliability and reduces the risk of errors caused by external tools or automation that might unintentionally copy tracking labels between resources. This change aligns the Red Hat OpenShift GitOps Operator with the upstream Argo CD defaults. After upgrading, you should complete remediation steps to ensure a smooth transition to annotation-based tracking. For guidance, see the upstream documentation. If you want to continue using label-based tracking, you can configure it by setting the .spec.resourceTrackingMethod field to label in the Argo CD CR. For more details, see the Additional Resources section, which includes the upstream link for the Argo CD Annotation-based resource tracking.

GITOPS-7385

With this update, the argocd-cmp-server binary is not statically linked. To meet FIPS compliance requirements, the binary is now dynamically linked and uses the OpenSSL implementation for cryptographic operations. As a result, the binary has a hard dependency on glibc and can run only on container images that include glibc support. Minimal images such as BusyBox or Alpine (without glibc) do not meet this requirement, and running the binary on those images causes it to crash. Before upgrading, ensure that your CMP sidecar container image includes glibc. If it does not, use one of the following options:

In Red Hat OpenShift GitOps 1.19, the openshift-gitops-argocd-cli RPM package for RHEL 8 and RHEL 9 is deprecated. These RPMs are still supported in the current release, Red Hat OpenShift GitOps 1.19, to provide a transition period. To avoid disruption, update your deployment pipelines to download the openshift-gitops-argocd-cli binaries directly from the Red Hat Content Gateway. For more information, see the Additional resources section, which includes a link to the Content Gateway hosting the Red Hat OpenShift GitOps client binaries.

GITOPS-8497