RHEA-2025:13453 - Product Enhancement Advisory

Topic

Red Hat OpenShift GitOps v1.17.0 release

Description

An update is now available for Red Hat OpenShift GitOps.

This release includes several enhancements and bug fixes to improve the stability and security of the GitOps Operator.

Notable changes in this release include:

• Major version upgrade of Argo CD from v2.14 to v3.0
• Minor version upgrade of Argo CD Rollouts from v1.7 to v1.8
• Tech Preview release of Argo CD Agent
• Support for OpenShift 4.19
• Updated documentation on using HashiCorp Vault with OpenShift GitOps
• Deprecation of the Keycloak SSO provider in OpenShift GitOps
• Removal of support for `.spec.initialRepositories` and `.spec.repositoryCredentials` fields in the Argo CD CRD

Please note that this release includes a major version upgrade of Argo CD, which may introduce breaking changes. It is strongly recommended to review the release notes to assess any potential impact on your existing configurations.
Refer to the release notes in the references section for more details.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

Fixes

• GITOPS-7374 - 1.17.0 RC2 - Unable to create ApplicationSet webhook route
• GITOPS-5961 - Drop support for .spec.initialRepositories & spec.repositoryCredentials in ArgoCD CRD
• GITOPS-6630 - SAST Scan result: PATH_MANIPULATION (CWE-22)
• GITOPS-6858 - HashiCorp Vault Support for OpenShift GitOps
• GITOPS-5016 - Argo Agent: Integration into Red Hat productization
• GITOPS-6248 - Stuck Applicationset progressive sync
• GITOPS-6675 - Gitops operator is not accepting regular expression in sourceNamespaces - Application in non-controlplane namespaces
• GITOPS-6703 - After Upgrade to v.1.16 not able to add --metrics-application-labels in spec.controller.extraCommandArgs with multiple values
• GITOPS-6881 - Upgrade Argo CD to major version v3 in OpenShift GitOps (v1.17)
• GITOPS-6889 - Fine-Grained RBAC for application update and delete sub-resources
• GITOPS-7009 - Health status in the Application CR
• GITOPS-5969 - Unable to edit http repo credentials from argocd UI - openshift-gitops
• GITOPS-6326 - ArgoCDExport image doesn't work with Argo CD v2.13.x artifacts
• GITOPS-6662 - Extensions that use 'extensions` volumes cannot be reconciled
• GITOPS-6777 - gitops-plugin Pods should comply with the Pod Security restricted policy
• GITOPS-6806 - Only one replica is created for redis-ha-haproxy
• GITOPS-7018 - SourceNamespaces with long project name causing Reconciler error: must be no more than 63 characters
• GITOPS-5870 - Progressive Delivery in OpenShift Console's Topology View
• GITOPS-6668 - Enable JSON logging option for all GitOps components
• GITOPS-6775 - Argo CD Agent: Proxy redis traffic from principal to agent
• GITOPS-6886 - Logs RBAC enforcement as a first-class RBAC citizen
• GITOPS-6887 - Changes to RBAC with Dex SSO Authentication
• GITOPS-7010 - Argo Agent : Provide option in Argo CD CR to enable/disable Principal Component
• GITOPS-7070 - Deprecate Keycloak in OpenShift GitOps
• GITOPS-7112 - Argo Agent : Installation of Argo CD components on spoke OCP clusters using OLM
• GITOPS-7124 - Document Keycloak deprecation; recommend Dex or Red Hat Build of Keycloak in OpenShift GitOps docs

CVEs

(none)

References

• https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.17/