Skip to content

ArgoCD does not detect key removal or container reduction in ConfigMap / Secret / Deployment #24882

New issue
New issue
Open
Open
ArgoCD does not detect key removal or container reduction in ConfigMap / Secret / Deployment#24882
Labels
bugSomething isn't workingtriage/pendingThis issue needs further triage to be correctly classified
@yilas

Description

@yilas
yilas
opened on Oct 7, 2025

Checklist:

  • I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • I've included steps to reproduce the bug.
  • I've pasted the output of argocd version.

Describe the bug

When reducing a manifest (e.g., removing a key in a ConfigMap or Secret, or removing a container from a Deployment), ArgoCD does not detect any difference between Git and the cluster.
The application stays Synced, no diff is shown, and no update is applied to Kubernetes.
Even worse, the removed part remains in the live object.

To Reproduce

  1. Create a ConfigMap and sync it with ArgoCD:

    apiVersion: v1
kind: ConfigMap
metadata:
  name: test-configmap-001
data:
  test-1.json: |-
    { "description": "Test ConfigMap to diagnose Argo sync issues" }
  test-2.json: |-
    { "description": "Test ConfigMap to diagnose Argo sync issues" }

  2. Commit and push → ArgoCD creates the ConfigMap correctly

  3. Modify the manifest by removing one key

    apiVersion: v1
kind: ConfigMap
metadata:
  name: test-configmap-001
data:
  test-1.json: |-
    { "description": "Test ConfigMap to diagnose Argo sync issues" }

  4. Commit and push again

  5. Observe in ArgoCD

    1. The application remains Synced
    2. No diff is shown in the UI
    3. The cluster-side ConfigMap still contains the deleted key (test-2.json)

  6. Similar behavior occurs with:

    1. Secrets (removing data keys)
    2. Deployments (removing containers from spec.template.spec.containers)

Expected behavior

  • ArgoCD should detect that the manifest in Git is smaller (a key or container was removed) or is changed.
  • The application should become OutOfSync.
  • A sync or auto-prune should delete the missing fields or containers in the live object.

Screenshots

  • LIVE MANIFEST
LIVE MANIFEST
  • DIFF
DIFF
  • DESIRED
DESIRED

Version

❯ argocd version
argocd: v3.1.8+becb020
  BuildDate: 2025-09-30T16:04:21Z
  GitCommit: becb020064fe9be5381bf6e5818ff8587ca8f377
  GitTreeState: clean
  GoVersion: go1.24.6
  Compiler: gc
  Platform: linux/amd64
argocd-server: v3.1.8+becb020
  BuildDate: 2025-09-30T16:04:21Z
  GitCommit: becb020064fe9be5381bf6e5818ff8587ca8f377
  GitTreeState: clean
  GoVersion: go1.24.6
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: could not get kustomize version: exec: "kustomize": executable file not found in $PATH
  Helm Version: v3.17.3+ge4da497
  Kubectl Version: v0.33.1
  Jsonnet Version: v0.21.0

Version of ArgoCD server : v3.1.0 (but we have the same behavior with version 2.14.9)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriage/pendingThis issue needs further triage to be correctly classified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions