Add ignoreDifferences for MachineSet boot images to appset-cluster-hosted-mgmt

[redhat-chai-bot]

Summary

The hosted-mgmt cluster is experiencing a boot image hot loop because ArgoCD reverts the AMI changes made by the Machine Config Operator (MCO). All 11 MAPI MachineSets are affected, causing the machine-config clusteroperator to be Degraded.

This is the same issue that was fixed for build clusters in PR #79716 — the ignoreDifferences rules for MachineSet boot images were added to appset-cluster-build but not to appset-cluster-hosted-mgmt.

Changes

Add an ignoreDifferences entry for machine.openshift.io/MachineSet resources to exclude .spec.template.spec.providerSpec.value.ami from ArgoCD reconciliation. This matches the pattern already used in appset-cluster-build.

The RespectIgnoreDifferences=true sync option is already present in the hosted-mgmt ApplicationSet.

Additional Context

• Related: PR DPTP-4410: restore MachineSet ignoreDifferences lost in ApplicationSet migration #79716 (same fix for appset-cluster-build)
• Related: DPTP-4410
• Slack thread: https://redhat-internal.enterprise.slack.com/archives/GB7NB0CUC/p1780391861734319

Summary by CodeRabbit

This PR resolves a boot image hot loop affecting the hosted-mgmt cluster by adding an ignoreDifferences rule to the appset-cluster-hosted-mgmt ApplicationSet.

The problem: ArgoCD's automated reconciliation was reverting AMI (Amazon Machine Image) changes that the Machine Config Operator (MCO) applies to MachineSet resources across all 11 MAPI MachineSets in hosted-mgmt, causing the machine-config clusteroperator to enter a Degraded state.

The solution: A new ignoreDifferences entry for machine.openshift.io/MachineSet resources has been added (lines 39-42) with a jqPathExpression that excludes .spec.template.spec.providerSpec.value.ami from ArgoCD's drift detection. This prevents ArgoCD from reverting legitimate AMI updates made by the MCO, while allowing other MachineSet changes to be reconciled normally. The RespectIgnoreDifferences=true sync option is already enabled in the ApplicationSet, so this configuration takes immediate effect.

This change mirrors the fix previously applied to the appset-cluster-build ApplicationSet (PR #79716).

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@redhat-chai-bot: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

[openshift-ci]

Hi @redhat-chai-bot. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 09fda1e6-dad5-480b-8dc9-7c35550edee6

📥 Commits

Reviewing files that changed from the base of the PR and between 684ae01 and 6fbdbbd.

📒 Files selected for processing (1)

• clusters/gitops/apps/appset-cluster-hosted-mgmt.yaml

---

Walkthrough

Adds an ignoreDifferences rule to the hosted management cluster ApplicationSet that instructs Argo CD to disregard AMI value changes in MachineSet .spec.template.spec.providerSpec.value.ami to prevent drift-detected sync issues.

Changes

ApplicationSet AMI Drift Configuration

Layer / File(s)	Summary
MachineSet AMI ignoreDifferences rule clusters/gitops/apps/appset-cluster-hosted-mgmt.yaml	Adds an ignoreDifferences entry for machine.openshift.io MachineSet resources configured to ignore .spec.template.spec.providerSpec.value.ami via jqPathExpressions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• openshift/release#79813: Removes the same AMI ignoreDifferences rule from appset-cluster-core-ci.yaml in an inverse configuration change.

Suggested labels

lgtm, approved

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding an ignoreDifferences rule for MachineSet boot images (AMI) to a specific ApplicationSet configuration file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR modifies only appset-cluster-hosted-mgmt.yaml, a Kubernetes ApplicationSet manifest file, not a Ginkgo test file. This check does not apply to the PR.
Test Structure And Quality	✅ Passed	This PR modifies only a YAML configuration file (appset-cluster-hosted-mgmt.yaml) and contains no Ginkgo test code. The custom check for Ginkgo test quality is not applicable.
Microshift Test Compatibility	✅ Passed	PR does not add any Ginkgo e2e tests; it only modifies an ArgoCD ApplicationSet YAML configuration file. Custom check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR modifies only YAML configuration files and does not add Ginkgo e2e tests. The SNO compatibility check applies only to test code, not configuration changes.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only an ArgoCD ApplicationSet ignoreDifferences rule for MachineSet AMI, with no scheduling constraints that are topology-sensitive.
Ote Binary Stdout Contract	✅ Passed	PR only modifies YAML configuration file (appset-cluster-hosted-mgmt.yaml), not test/binary code. OTE stdout contract check does not apply to GitOps YAML configuration changes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests added. Only an ArgoCD ApplicationSet YAML file was modified, not test code.
No-Weak-Crypto	✅ Passed	PR only modifies YAML configuration files with no cryptographic code; comprehensive searches for weak crypto patterns (MD5, SHA1, DES, RC4, etc.) found no matches.
Container-Privileges	✅ Passed	PR modifies ArgoCD ApplicationSet configuration only. No container manifests, privileged configs, or security issues detected.
No-Sensitive-Data-In-Logs	✅ Passed	No logging statements or sensitive data found in the file. The PR only modifies an ArgoCD ApplicationSet YAML configuration with standard Kubernetes resource definitions and public repository URLs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsm007]

/ok-to-test
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepsm007, redhat-chai-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• clusters/OWNERS [deepsm007]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@redhat-chai-bot: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.