Namespace scoped Argo instance does not create errors if cluster --use-argocd-api=false in my setup

[rklonner]

I upgraded and the weird thing is that it works, no matter if i have --use-argocd-api=true or false

I checked that there are not left overs in the cluster regarding clusterroles that would allow that.
I also did the counter test and reverted back to v1.20 with --create-cluster=false and get

Mon, 26 Jan 2026 07:55:08 UTC ERR ❌ Application failed with error: Failed to load live state: namespace "xxx" for Pod "xxx" is not managed (App: "xxx [applicationset-qss.yaml]")

which is correct.

The only flag I use on top of the defaults is --create-cluster=false.

When I browse through the docs it says I need to explicitly turn --use-argocd-api=true for 'lockdown mode'.

@dag-andersen : Do you have an idea what could be the issue?I quickly browsed through the implementation PR but did not find a hint that --use-argocd-apiis maybe alwaystrue`.

---

@rklonner

argocd-diff-preview:0.1.22 --create-cluster=false --use-argocd-api=false with a cluster with createClusterRoles: false should only fails if the actual rendered applications contains resource outside the argocd/argocd-diff-preview namespace.

Are you sure your test included changes in non-argocd-diff-preview-installed namespace?

---

@dag-andersen : yes it failed for all target namespaces of the applicationset I deployed in this case, and I get the same error message with 1.20 as I described back then for the Openshift setup in the Background information docs so I am sure that I do have a namespace scoped instance.

I do not use createClusterRoles: false as I install the argocd-diff-preview ArgoCD instance with the ArgoCD Operator - I dont know if this makes a difference.

The strange thing is, if I leave my test setup with the PR the same, also the settings --create-cluster=false and --use-argocd-api=false (for 1.22) and just switch between argocd-diff-preview version 1.20 and 1.22, I receive for 1.20 the error

Application failed with error: Failed to load live state: namespace "xxx" for Pod "xxx" is not managed (App: "xxx [applicationset-qss.yaml]")

and for

1.22 it works. I would assume to get the same error for 1.22 as for 1.20.

I am happy with the result but I would just like to know why it works with 1.22 no matter to what value --use-argocd-api=false is set.

I am missing ideas what to try next, not sure if I should start to debug from the NewOperations function here or if I miss something basic...

[dag-andersen]

@rklonner
I saw a similar issue a few days ago, and I made a fix for it. I think the code on main will correctly give you an error :)
you can try it yourself, or i can just ping you when the next release is ready 🚀

[rklonner]

@dag-andersen : Thanks for having a look and already having a fix. Could you refer me to the commit - would be interested :)

I would be happy if you ping for the next release.

[dag-andersen]

@rklonner
86ff573
I think might catch your error and exit the program (as intended) 🚀

[dag-andersen]

@rklonner

https://github.com/dag-andersen/argocd-diff-preview/actions

Can you try v0.1.25? 😄 Docker image should be there (but no binary yet)

[rklonner]

@dag-andersen : Unfortunately I can only test this in my environment with the binary due to DinD restrictions...

[dag-andersen]

@rklonner
Alright! I created a new release: v0.1.25 :)

[rklonner]

@dag-andersen : Thanks for much for providing the binary.

Unfortunately it is still the same and just works.
Also logged in to the argocd-diff-preview instance to create an application in the UI where I get the expected error but no error with the cli

also if I use the admin account of ArgoCD and do argocd app manifests guestbook I get the underlaying manifests without an issue and this should fail, right?