HTTPRoute manifests generated by Gateway API integration cause Argo CD drift detection

[volker-raschek]

Description

When deploying Nextcloud via the Helm chart v9.1 with Gateway API / HTTPRoute support enabled, Argo CD continuously detects a diff between the desired and live manifests.

As a result, Argo CD repeatedly triggers synchronization attempts every few minutes because the generated manifests are not stable and do not match the live state after reconciliation.

Current Behavior

After deployment:

• Argo CD reports the application as OutOfSync
• The diff is related to the generated HTTPRoute
• Argo CD continuously re-syncs the application
• The live manifest differs from the rendered Helm manifest

This creates unnecessary reconciliation loops and operational noise.

Expected Behavior

The generated manifests should be deterministic and compatible with GitOps workflows so that:

• the desired manifest matches the live manifest
• Argo CD does not continuously detect drift
• no additional ignore rules are required

Workaround

Currently, the issue can be mitigated by configuring an ignoreDifferences rule in the Argo CD Application resource.

Example:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nextcloud
spec:
  ignoreDifferences:
    - group: gateway.networking.k8s.io
      kind: HTTPRoute
      jqPathExpressions:
      - .spec.rules[].backendRefs

However, this should not be necessary for a standard deployment scenario.

Suggested Fix

Instead of requiring users to define custom Argo CD ignore patterns, the Helm chart should be adjusted so that the rendered HTTPRoute manifests remain stable and match the reconciled live state.

Potential causes may include:

• ordering inconsistencies
• optional fields rendered differently
• controller-mutated fields unintentionally managed by Helm
• non-deterministic template rendering

A chart-side fix would provide a much better GitOps experience for users deploying via Argo CD.