Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 1.19.0, 1.17.3, 1.18.2
Affects Version/s: 1.18.1
Component/s: Operator
Labels:
- 1.19.0
- release-note-item

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Release Note Text:

Hide
Previously, the operator would fail reconciliation when spec.applicationSet.webhookServer.route.enabled was set to true in the ArgoCD CR. This was caused by missing ingress permissions for config.openshift.io. With this update, the required permissions have been added, allowing the operator to reconcile successfully.

Show
Previously, the operator would fail reconciliation when spec.applicationSet.webhookServer.route.enabled was set to true in the ArgoCD CR. This was caused by missing ingress permissions for config.openshift.io. With this update, the required permissions have been added, allowing the operator to reconcile successfully.
Intelligence Requested:
Market:
Target Version:

1.19.0, 1.18.3

Sprint:
GitOps Scarlet Sprint 24

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of Problem

ArgoCD CR Reconciliation is failing for instances that define `spec.applicationSet.webhookServer.route.enabled`:

webhookServer:
      host: <>
      route:
        enabled: true
        tls:
          insecureEdgeTerminationPolicy: Redirect
          termination: reencrypt

Below is the error logs observed in `openshift-gitops-operator-controller-manager`:

2025-11-17T16:10:52.574720966Z 2025-11-17T16:10:52Z	ERROR	controller-runtime.cache.UnhandledError	Failed to watch	{"reflector": "pkg/mod/k8s.io/client-go@v0.33.1/tools/cache/reflector.go:285", "type": "*v1.Ingress", "error": "failed to list *v1.Ingress: ingresses.config.openshift.io is forbidden: User \"system:serviceaccount:openshift-gitops-operator:openshift-gitops-operator-controller-manager\" cannot list resource \"ingresses\" in API group \"config.openshift.io\" at the cluster scope"}

Additional Info

<Any additional info such as logs, must-gather outputs, etc.>

Problem Reproduction

<How do we reproduce the problem?>

Reproducibility

<Always/Intermittent/Only Once>

Prerequisites/Environment

<OpenShift, managed service (e.g., ROSA, ARO), operators, layered product, and other software versions, build details>

Steps to Reproduce

Expected Results

Actual Results

Problem Analysis

<Completed by engineering team as part of the triage/refinement process>

Root Cause

<What is the root cause of the problem? Or, why is it not a bug?>

Workaround (If Possible)

<Are there any workarounds we can provide to the customers?>

Fix Approaches

<If we decide to fix this bug, how will we do it?>

Acceptance Criteria

Definition of Done

Code Complete:
- All code has been written, reviewed, and approved.
Tested:
- Unit tests have been written and passed.
- Ensure code coverage is not reduced with the changes.
- Integration tests have been automated.
- System tests have been conducted, and all critical bugs have been fixed.
- Tested and merged on OpenShift either upstream or downstream on a local build.
Documentation:
- User documentation or release notes have been written (if applicable).
Build:
- Code has been successfully built and integrated into the main repository / project.
- Midstream changes (if applicable) are done, reviewed, approved and merged.
Review:
- Code has been peer-reviewed and meets coding standards.
- All acceptance criteria defined in the user story have been met.
- Tested by reviewer on OpenShift.
Deployment:
- The feature has been deployed on OpenShift cluster for testing.

Assignee:: Jonathan West

Reporter:: Jyotsana Arora

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/11/18 9:17 AM

Updated:: 2025/12/10 11:19 AM

Resolved:: 2025/11/20 4:50 AM

Details

Description