Fix ArgoCD Application Out of Sync

What's Actually Happening

ArgoCD applications show OutOfSync status. Git repository changes are not applied to cluster, live state differs from desired state, or automatic sync is not working.

The Error You'll See

Application status:

```bash argocd app list

NAME CLUSTER NAMESPACE STATUS HEALTH SYNCPOLICY my-app https://k8s... default OutOfSync Healthy Auto

argocd app get my-app --refresh

Name: my-app Project: default Server: https://kubernetes.default.svc Namespace: default URL: https://argocd/applications/my-app Repo: https://github.com/org/repo Target: HEAD Sync Status: OutOfSync from HEAD (abc123) Health Status: Healthy ```

Sync window:

bash

Sync Windows:  current:  enabled
               next:    2024-01-01 10:00:00 UTC

Why This Happens

1.Config drift - Manual changes in cluster
2.Git changes - New commits not synced
3.Sync disabled - Automatic sync not enabled
4.Sync window - Sync blocked by sync window
5.Failed sync - Previous sync failed
6.Missing permissions - ArgoCD cannot apply resources
7.Helm/Kustomize issues - Template rendering errors

Step 1: Check Application Sync Status

```bash argocd app list

argocd app get my-app

argocd app get my-app --refresh

argocd app diff my-app

argocd app diff my-app --local ./manifests

argocd app history my-app

argocd app manifests my-app ```

Step 2: Check Sync Policy

```bash argocd app get my-app | grep -A 5 "Sync Policy"

# Enable auto sync: argocd app set my-app --sync-policy automated

# Enable auto prune: argocd app set my-app --auto-prune

# Enable self heal: argocd app set my-app --self-heal

# Disable auto sync: argocd app set my-app --sync-policy none

# Check app YAML: kubectl get application my-app -n argocd -o yaml | grep -A 10 syncPolicy ```

Step 3: Check for Configuration Drift

```bash argocd app diff my-app

# Diff shows differences between Git and live

# Detailed diff: argocd app diff my-app --revision HEAD

# View resources with drift: argocd app resources my-app

# Check specific resource: kubectl get deployment my-deployment -o yaml

# Compare with Git: git show HEAD:k8s/deployment.yaml ```

Step 4: Manual Sync Application

```bash # Sync application: argocd app sync my-app

# Sync specific resources: argocd app sync my-app --resource deployment:my-deployment

# Sync with prune: argocd app sync my-app --prune

# Sync with replace: argocd app sync my-app --replace

# Sync to specific revision: argocd app sync my-app --revision abc123

# Dry run sync: argocd app sync my-app --dry-run

# Force sync: argocd app sync my-app --force ```

Step 5: Check Sync Windows

```bash # Sync windows block syncing during certain times

argocd app get my-app | grep -A 5 "Sync Windows"

# Check project sync windows: argocd proj get default | grep -A 10 "Sync Windows"

# View application sync windows: kubectl get application my-app -n argocd -o jsonpath='{.spec.syncPolicy.syncWindows}'

# View project sync windows: kubectl get appproject default -n argocd -o jsonpath='{.spec.syncWindows}'

# Skip sync window for manual sync: argocd app sync my-app --async ```

Step 6: Check Repository Access

```bash # ArgoCD must access Git repository

argocd repo list

argocd repo get https://github.com/org/repo

# Test repo access: argocd repo get https://github.com/org/repo --type git

# Check repo credentials: kubectl get secret -n argocd | grep repo

# Add repo if missing: argocd repo add https://github.com/org/repo --username user --password token

# Check SSH key: kubectl get secret -n argocd argocd-ssh-key -o jsonpath='{.data.sshPrivateKey}' ```

Step 7: Check Application Controller

```bash # ArgoCD application controller manages sync

kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-application-controller

kubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller

kubectl describe pod -n argocd -l app.kubernetes.io/name=argocd-application-controller

# Check controller status: kubectl get applicationcontroller -n argocd

# Check controller metrics: kubectl port-forward -n argocd svc/argocd-metrics 8082:8082 & curl localhost:8082/metrics | grep argocd ```

Step 8: Check Resource Permissions

```bash # ArgoCD needs permissions to manage resources

# Check ArgoCD RBAC: kubectl get clusterrole argocd-application-controller -o yaml

kubectl get clusterrolebinding argocd-application-controller -o yaml

# Check service account: kubectl get serviceaccount -n argocd argocd-application-controller

# Test permissions: kubectl auth can-i create deployments --as=system:serviceaccount:argocd:argocd-application-controller -n default

# Check for permission errors: kubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller | grep -i "forbidden|unauthorized" ```

Step 9: Check Helm and Kustomize Issues

```bash # For Helm applications:

argocd app get my-app --helm-set image.tag=v2.0.0

argocd app get my-app --helm-values values.yaml

# Check Helm version: argocd version | grep Helm

# Check Helm values: kubectl get application my-app -n argocd -o jsonpath='{.spec.source.helm}'

# For Kustomize:

argocd app get my-app --kustomize-image myimage:v2.0.0

# Check Kustomize version: argocd version | grep Kustomize

# Check Kustomize overlays: kubectl get application my-app -n argocd -o jsonpath='{.spec.source.kustomize}' ```

Step 10: Monitor ArgoCD Applications

```bash # Monitor application status: watch -n 10 argocd app list

# Monitor sync status: watch -n 10 'argocd app list | grep OutOfSync'

# Check application events: kubectl get events -n argocd --field-selector involvedObject.name=my-app

# ArgoCD UI: # https://argocd/applications

# Prometheus metrics: kubectl port-forward -n argocd svc/argocd-metrics 8082:8082 & curl localhost:8082/metrics | grep argocd_application ```

ArgoCD Application OutOfSync Checklist

Check	Command	Expected
App status	argocd app get	Synced
Sync policy	argocd app get	Auto sync enabled
Diff	argocd app diff	No differences
Repo access	argocd repo get	Connected
Permissions	kubectl auth can-i	Allowed
Controller	kubectl get pods	Running

Verify the Fix

```bash # 1. Check application synced argocd app get my-app | grep "Sync Status" // Synced

# 2. Check no diff argocd app diff my-app // No differences

# 3. Check health argocd app get my-app | grep "Health Status" // Healthy

# 4. Check resources match kubectl get all -n default // Resources match Git

# 5. Monitor stability watch -n 30 argocd app get my-app // Stays Synced

# 6. Check logs kubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller --since 5m | grep -i error // No errors ```

[Fix ArgoCD Application Degraded](/articles/fix-argocd-application-degraded)
[Fix ArgoCD Sync Failed](/articles/fix-argocd-sync-failed)
[Fix GitLab CI Pipeline Stuck](/articles/fix-gitlab-ci-pipeline-stuck)

What's Actually Happening

The Error You'll See

Why This Happens

Step 1: Check Application Sync Status

Step 2: Check Sync Policy

Step 3: Check for Configuration Drift

Step 4: Manual Sync Application

Step 5: Check Sync Windows

Step 6: Check Repository Access

Step 7: Check Application Controller

Step 8: Check Resource Permissions

Step 9: Check Helm and Kustomize Issues

Step 10: Monitor ArgoCD Applications

ArgoCD Application OutOfSync Checklist

Verify the Fix

Related Issues

Share this guide

More CI/CD Troubleshooting Guides

Tekton Workspace Not Bound

Tekton TaskRun Timeout

Tekton PipelineRun Failed

Flux Source Not Ready

Flux Helm Release Failed

Flux Kustomization Not Applying