gitops_bootstrap: Add opt-in ignoreDifferences for child Application CRD tracking drift#125
Merged
Merged
Conversation
ArgoCD adds argocd.argoproj.io/tracking-id to every resource it manages, including child Application CRDs created by the bootstrap. It also adds a transient .operation field while a sync is in progress. Without this ignoreDifferences entry, the bootstrap Application reports OutOfSync any time a child Application is actively syncing or has been annotated — even though the actual application workloads are healthy. This causes provisioning wait tasks to time out when child applications take longer to reach steady state (e.g. when deploying an ArgoCD instance or other operator-backed workloads). The existing RespectIgnoreDifferences=true syncOption means this entry is already respected during syncs — this change only adds the rule. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
…CRD tracking Add ocp4_workload_gitops_bootstrap_application_ignore_tracking (default: false) that, when enabled, adds ignoreDifferences rules for /metadata/annotations and /operation on child Application CRDs managed by the bootstrap. Default is false — all existing labs are unaffected. Labs that deploy complex, long-running child workloads (e.g. an operator-backed ArgoCD instance) can opt in to prevent transient OutOfSync status from blocking provisioning wait tasks. See defaults/main.yml comment for full explanation. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
stencell
requested review from
agonzalezrh,
fridim,
rut31337 and
wkulhanek
as code owners
wkulhanek
approved these changes
Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an opt-in variable (
ocp4_workload_gitops_bootstrap_application_ignore_tracking, defaultfalse) that prevents the bootstrap Application from reporting transient OutOfSync status when child Applications deploy slow-starting, operator-backed workloads.Problem
When the bootstrap manages a child Application that deploys a complex workload such as an ArgoCD instance (via the OpenShift GitOps operator), the provisioning task "Wait until bootstrap ArgoCD application is healthy and synced" consistently times out — even though all child Applications are
Synced + Healthy.Root causes identified (two, both real):
ArgoCD tracking annotation drift — ArgoCD adds a
argocd.argoproj.io/tracking-idannotation to every resource it manages, including child Application CRDs the bootstrap creates. This field is not in the Helm template, so the bootstrap reports OutOfSync during active sync windows.syncPolicy.automatednormalization (separate fix in the consuming repo) — ArgoCD normalizesselfHeal: falseandprune: falseout of Application CRD specs (they are the defaults). Templates that render these explicitly will always differ from what ArgoCD stores, causing persistent OutOfSync regardless of the annotation fix. The consuming repo must useautomated: {}instead of explicit false defaults.This PR addresses cause #1 via the
ignoreDifferencesopt-in. Cause #2 must be fixed in the chart templates of the consuming repo.Changes
defaults/main.ymlAdds
ocp4_workload_gitops_bootstrap_application_ignore_tracking: falsewith a full explanatory comment. Default isfalse— all existing labs are unaffected unless they explicitly opt in.templates/application.yaml.j2Wraps a new
ignoreDifferencesblock in a Jinja conditional. When the variable istrue, adds two entries forargoproj.io/Applicationresources:/metadata/annotations— the tracking-id annotation ArgoCD injects after creation/operation— the transient sync operation field written during active syncsThis does not ignore differences in the Application
specorstatus— real configuration drift in child Applications remains visible.Usage