Identify which fields cause spurious OutOfSync by running argocd app diff <app-name> and noting fields injected by controllers (e.g., kube-controller-manager injecting default tolerations)
Add an ignoreDifferences entry in the Application spec: spec.ignoreDifferences[].group: apps, kind: Deployment, managedFieldsManagers: ["kube-controller-manager"]
Alternatively use jqPathExpressions for fine-grained field suppression: spec.ignoreDifferences[].jqPathExpressions: [".spec.template.spec.tolerations"]
Set spec.syncPolicy.syncOptions: [RespectIgnoreDifferences=true] so that the ignored fields are also excluded from sync comparison and ArgoCD does not patch them away on next sync
Refresh the app with argocd app get <app-name> --refresh and verify the Sync Status shows Synced without the previously drifting fields triggering OutOfSync
For cluster-scoped resources, confirm the ignoreDifferences entry includes the correct group and kind (empty group for core resources)
Known gotchas
Without RespectIgnoreDifferences=true in syncOptions, ArgoCD will still attempt to remove the ignored fields during a sync even though they do not trigger OutOfSync; this can cause reconciliation loops with controllers that re-add those fields
managedFieldsManagers matching is case-sensitive and must match the exact field manager name as shown in kubectl get <resource> -o yaml under metadata.managedFields[].manager
jqPathExpressions and jsonPointers apply to the live manifest diff, not the desired manifest; incorrect path expressions silently fail to suppress drift rather than producing an error
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp