From 5909c42de4a65beb812c082deab5dd9d91f23d3c Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Tue, 9 Jun 2026 16:15:22 +0530
Subject: [PATCH 1/6] disable default instance on xKS clusters

Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 cmd/main.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/main.go b/cmd/main.go
index acbe0809fad..f1242a427bf 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -223,8 +223,13 @@ func main() {
 	registerComponentOrExit(mgr, argov1beta1api.AddToScheme)
 
 	// Setup Scheme for OpenShift Config if available
+	var disableDefault bool
+	disableDefault = strings.ToLower(os.Getenv(common.DisableDefaultInstallEnvVar)) == "true"
 	if util.IsConfigAPIFound() {
 		registerComponentOrExit(mgr, configv1.AddToScheme)
+	} else {
+		setupLog.Info("Non-OpenShift cluster detected, disabling default Argo CD instance")
+		disableDefault = true
 	}
 
 	registerComponentOrExit(mgr, rolloutManagerApi.AddToScheme)
@@ -257,7 +262,7 @@ func main() {
 	if err = (&controllers.ReconcileGitopsService{
 		Client:                client,
 		Scheme:                mgr.GetScheme(),
-		DisableDefaultInstall: strings.ToLower(os.Getenv(common.DisableDefaultInstallEnvVar)) == "true",
+		DisableDefaultInstall: disableDefault,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "GitopsService")
 		os.Exit(1)

From e34b19b2db0b01ec1117e626d5b97b384ae12271 Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Wed, 10 Jun 2026 14:40:30 +0530
Subject: [PATCH 2/6] Dex with OpenShiftOAuth: true fails on vanilla K8s
 because oauth.openshift.io API doesn't exist. Gate on config.openshift.io
 presence before configuring SSO.

assisted-by: claude-code
Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 controllers/argocd/argocd.go      | 11 ++++++++++-
 controllers/argocd/argocd_test.go | 23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/controllers/argocd/argocd.go b/controllers/argocd/argocd.go
index ba7b1b41e54..084c889f667 100644
--- a/controllers/argocd/argocd.go
+++ b/controllers/argocd/argocd.go
@@ -21,13 +21,17 @@ import (
 
 	argoapp "github.com/argoproj-labs/argocd-operator/api/v1beta1"
 	argoappController "github.com/argoproj-labs/argocd-operator/controllers/argocd"
+	"github.com/redhat-developer/gitops-operator/controllers/util"
 	v1 "k8s.io/api/core/v1"
 	resourcev1 "k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/yaml"
 )
 
+var log = logf.Log.WithName("controller_argocd")
+
 var (
 	defaultAdminPolicy = "g, system:cluster-admins, role:admin\ng, cluster-admins, role:admin\n"
 	defaultScope       = "[groups]"
@@ -90,7 +94,12 @@ func getArgoDexSpec() *argoapp.ArgoCDDexSpec {
 }
 
 func getArgoSSOSpec(client client.Client) *argoapp.ArgoCDSSOSpec {
-	if argoappController.IsOpenShiftCluster() && argoappController.IsExternalAuthenticationEnabledOnCluster(context.TODO(), client) {
+	if !util.IsConfigAPIFound() {
+		log.Info("non-OpenShift cluster detected, skipping SSO/Dex configuration")
+		return nil
+	}
+	if argoappController.IsExternalAuthenticationEnabledOnCluster(context.TODO(), client) {
+		log.Info("external authentication enabled on cluster, skipping SSO/Dex configuration")
 		return nil
 	}
 	return &argoapp.ArgoCDSSOSpec{
diff --git a/controllers/argocd/argocd_test.go b/controllers/argocd/argocd_test.go
index 0132c53f647..8b22ad83785 100644
--- a/controllers/argocd/argocd_test.go
+++ b/controllers/argocd/argocd_test.go
@@ -22,6 +22,7 @@ import (
 
 	argoapp "github.com/argoproj-labs/argocd-operator/api/v1beta1"
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/redhat-developer/gitops-operator/controllers/util"
 	"gotest.tools/assert"
 	v1 "k8s.io/api/core/v1"
 	resourcev1 "k8s.io/apimachinery/pkg/api/resource"
@@ -30,6 +31,9 @@ import (
 )
 
 func TestArgoCD(t *testing.T) {
+	util.SetConfigAPIFound(true)
+	defer util.SetConfigAPIFound(false)
+
 	scheme := runtime.NewScheme()
 	_ = argoapp.AddToScheme(scheme)
 	_ = configv1.AddToScheme(scheme)
@@ -199,6 +203,9 @@ func TestArgoCD(t *testing.T) {
 }
 
 func TestDexConfiguration(t *testing.T) {
+	util.SetConfigAPIFound(true)
+	defer util.SetConfigAPIFound(false)
+
 	scheme := runtime.NewScheme()
 	_ = argoapp.AddToScheme(scheme)
 	_ = configv1.AddToScheme(scheme)
@@ -223,3 +230,19 @@ func TestDexConfiguration(t *testing.T) {
 	}
 	assert.DeepEqual(t, testArgoCD.Spec.RBAC, testRBAC)
 }
+
+func TestSSOSkippedOnNonOpenShift(t *testing.T) {
+	util.SetConfigAPIFound(false)
+
+	scheme := runtime.NewScheme()
+	_ = argoapp.AddToScheme(scheme)
+	_ = configv1.AddToScheme(scheme)
+
+	fakeClient := fake.NewClientBuilder().
+		WithScheme(scheme).
+		Build()
+
+	testArgoCD, _ := NewCR("openshift-gitops", "openshift-gitops", fakeClient)
+
+	assert.Assert(t, testArgoCD.Spec.SSO == nil, "SSO should be nil on non-OpenShift clusters")
+}

From 0a023316e96979209ba04a0374a87442dea51a76 Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Fri, 12 Jun 2026 15:48:50 +0530
Subject: [PATCH 3/6] use IsOpenshitCluster to gate openshift specific
 capabilities

Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 cmd/main.go                  | 19 ++++++++++++-------
 controllers/argocd/argocd.go |  2 +-
 controllers/util/util.go     |  5 +++++
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index f1242a427bf..21c310053e9 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -223,6 +223,7 @@ func main() {
 	registerComponentOrExit(mgr, argov1beta1api.AddToScheme)
 
 	// Setup Scheme for OpenShift Config if available
+	// Disables default Argo CD instance if the cluster doesn't contain OpenShift config API
 	var disableDefault bool
 	disableDefault = strings.ToLower(os.Getenv(common.DisableDefaultInstallEnvVar)) == "true"
 	if util.IsConfigAPIFound() {
@@ -259,13 +260,17 @@ func main() {
 		}
 	}
 
-	if err = (&controllers.ReconcileGitopsService{
-		Client:                client,
-		Scheme:                mgr.GetScheme(),
-		DisableDefaultInstall: disableDefault,
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "GitopsService")
-		os.Exit(1)
+	if util.IsOpenShiftCluster() {
+		if err = (&controllers.ReconcileGitopsService{
+			Client:                client,
+			Scheme:                mgr.GetScheme(),
+			DisableDefaultInstall: disableDefault,
+		}).SetupWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create controller", "controller", "GitopsService")
+			os.Exit(1)
+		}
+	} else {
+		setupLog.Info("Non-OpenShift cluster detected, skipping GitopsService controller setup")
 	}
 
 	if util.IsRouteAPIFound() {
diff --git a/controllers/argocd/argocd.go b/controllers/argocd/argocd.go
index 084c889f667..467c38afaa2 100644
--- a/controllers/argocd/argocd.go
+++ b/controllers/argocd/argocd.go
@@ -94,7 +94,7 @@ func getArgoDexSpec() *argoapp.ArgoCDDexSpec {
 }
 
 func getArgoSSOSpec(client client.Client) *argoapp.ArgoCDSSOSpec {
-	if !util.IsConfigAPIFound() {
+	if !util.IsOpenShiftCluster() {
 		log.Info("non-OpenShift cluster detected, skipping SSO/Dex configuration")
 		return nil
 	}
diff --git a/controllers/util/util.go b/controllers/util/util.go
index 282ad211baf..1f275911e84 100644
--- a/controllers/util/util.go
+++ b/controllers/util/util.go
@@ -121,6 +121,11 @@ func IsConfigAPIFound() bool {
 	return configAPIFound
 }
 
+// used as a shortcut to check if the cluster is an OpenShift cluster
+func IsOpenShiftCluster() bool {
+	return configAPIFound
+}
+
 // verify if the Config.Openshift.io API is found
 func verifyConfigAPI() error {
 	found, err := argoutil.VerifyAPI(configv1.GroupName, configv1.GroupVersion.Version)

From 403aa4c29ada1d0988388631bd84def064b5546b Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Fri, 12 Jun 2026 17:11:31 +0530
Subject: [PATCH 4/6] add proper logs, remove deadcode, fix test

assisted-by: Cursor for code-review
Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 cmd/main.go                       | 11 ++++-------
 controllers/argocd/argocd_test.go |  1 +
 controllers/util/util.go          |  4 ++--
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index 21c310053e9..2d6ce31d292 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -224,13 +224,9 @@ func main() {
 
 	// Setup Scheme for OpenShift Config if available
 	// Disables default Argo CD instance if the cluster doesn't contain OpenShift config API
-	var disableDefault bool
-	disableDefault = strings.ToLower(os.Getenv(common.DisableDefaultInstallEnvVar)) == "true"
+
 	if util.IsConfigAPIFound() {
 		registerComponentOrExit(mgr, configv1.AddToScheme)
-	} else {
-		setupLog.Info("Non-OpenShift cluster detected, disabling default Argo CD instance")
-		disableDefault = true
 	}
 
 	registerComponentOrExit(mgr, rolloutManagerApi.AddToScheme)
@@ -264,13 +260,14 @@ func main() {
 		if err = (&controllers.ReconcileGitopsService{
 			Client:                client,
 			Scheme:                mgr.GetScheme(),
-			DisableDefaultInstall: disableDefault,
+			DisableDefaultInstall: strings.ToLower(os.Getenv(common.DisableDefaultInstallEnvVar)) == "true",
 		}).SetupWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "GitopsService")
 			os.Exit(1)
 		}
 	} else {
-		setupLog.Info("Non-OpenShift cluster detected, skipping GitopsService controller setup")
+		setupLog.Info("skipping GitopsService controller setup", "reason", "OpenShift Config API not available")
+
 	}
 
 	if util.IsRouteAPIFound() {
diff --git a/controllers/argocd/argocd_test.go b/controllers/argocd/argocd_test.go
index 8b22ad83785..684ebcc5771 100644
--- a/controllers/argocd/argocd_test.go
+++ b/controllers/argocd/argocd_test.go
@@ -233,6 +233,7 @@ func TestDexConfiguration(t *testing.T) {
 
 func TestSSOSkippedOnNonOpenShift(t *testing.T) {
 	util.SetConfigAPIFound(false)
+	defer util.SetConfigAPIFound(true)
 
 	scheme := runtime.NewScheme()
 	_ = argoapp.AddToScheme(scheme)
diff --git a/controllers/util/util.go b/controllers/util/util.go
index 1f275911e84..a8c7c287d20 100644
--- a/controllers/util/util.go
+++ b/controllers/util/util.go
@@ -116,14 +116,14 @@ func InspectCluster() error {
 	return stderrors.Join(errs...)
 }
 
-// used as a shortcut to check if the cluster is an OpenShift cluster
+// used as a shortcut to check if the Config.Openshift.io API is found
 func IsConfigAPIFound() bool {
 	return configAPIFound
 }
 
 // used as a shortcut to check if the cluster is an OpenShift cluster
 func IsOpenShiftCluster() bool {
-	return configAPIFound
+	return IsConfigAPIFound()
 }
 
 // verify if the Config.Openshift.io API is found

From 515ab33df22ee400485bf9005b300849bf63c2c7 Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Mon, 15 Jun 2026 09:23:30 +0530
Subject: [PATCH 5/6] fix unit test

Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 controllers/argocd/argocd_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/argocd/argocd_test.go b/controllers/argocd/argocd_test.go
index 684ebcc5771..4aaf1b63761 100644
--- a/controllers/argocd/argocd_test.go
+++ b/controllers/argocd/argocd_test.go
@@ -231,9 +231,9 @@ func TestDexConfiguration(t *testing.T) {
 	assert.DeepEqual(t, testArgoCD.Spec.RBAC, testRBAC)
 }
 
+// kubernetes environment test, no defer required as the Config API is false by default
 func TestSSOSkippedOnNonOpenShift(t *testing.T) {
 	util.SetConfigAPIFound(false)
-	defer util.SetConfigAPIFound(true)
 
 	scheme := runtime.NewScheme()
 	_ = argoapp.AddToScheme(scheme)

From c7499485055eba0194146ccb9737fb2ef7c9f1ba Mon Sep 17 00:00:00 2001
From: Anand Kumar Singh <anandrkskd@gmail.com>
Date: Thu, 18 Jun 2026 14:53:28 +0530
Subject: [PATCH 6/6] fix comments and nit picks

Signed-off-by: Anand Kumar Singh <anandrkskd@gmail.com>
---
 cmd/main.go              |  2 --
 controllers/util/util.go | 11 +++++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index 2d6ce31d292..331dcdb140c 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -224,7 +224,6 @@ func main() {
 
 	// Setup Scheme for OpenShift Config if available
 	// Disables default Argo CD instance if the cluster doesn't contain OpenShift config API
-
 	if util.IsConfigAPIFound() {
 		registerComponentOrExit(mgr, configv1.AddToScheme)
 	}
@@ -267,7 +266,6 @@ func main() {
 		}
 	} else {
 		setupLog.Info("skipping GitopsService controller setup", "reason", "OpenShift Config API not available")
-
 	}
 
 	if util.IsRouteAPIFound() {
diff --git a/controllers/util/util.go b/controllers/util/util.go
index a8c7c287d20..ebde45f5f6c 100644
--- a/controllers/util/util.go
+++ b/controllers/util/util.go
@@ -116,12 +116,12 @@ func InspectCluster() error {
 	return stderrors.Join(errs...)
 }
 
-// used as a shortcut to check if the Config.Openshift.io API is found
+// IsConfigAPIFound return true if the CRD config.openshift.io is available in the cluster and false otherwise.
 func IsConfigAPIFound() bool {
 	return configAPIFound
 }
 
-// used as a shortcut to check if the cluster is an OpenShift cluster
+// IsOpenShiftCluster uses IsConfigAPIFound to check if the cluster is an OpenShift cluster.
 func IsOpenShiftCluster() bool {
 	return IsConfigAPIFound()
 }
@@ -136,6 +136,7 @@ func verifyConfigAPI() error {
 	return nil
 }
 
+// IsConsoleAPIFound return true if the CRD console.openshift.io is available in the cluster.
 func IsConsoleAPIFound() bool {
 	return consoleAPIFound
 }
@@ -149,6 +150,7 @@ func verifyConsoleAPI() error {
 	return nil
 }
 
+// IsRouteAPIFound return true if the CRD route.openshift.io is available in the cluster.
 func IsRouteAPIFound() bool {
 	return routeAPIFound
 }
@@ -174,10 +176,12 @@ func verifyMonitoringAPI() error {
 	return nil
 }
 
+// IsMonitoringAPIFound return true if the CRD monitoring.coreos.com is available in the cluster.
 func IsMonitoringAPIFound() bool {
 	return monitoringAPIFound
 }
 
+// IsTemplateAPIFound return true if the CRD template.openshift.io is available in the cluster.
 func IsTemplateAPIFound() bool {
 	return templateAPIFound
 }
@@ -191,6 +195,7 @@ func verifyTemplateAPI() error {
 	return nil
 }
 
+// IsAppsAPIFound return true if the CRD apps.openshift.io is available in the cluster.
 func IsAppsAPIFound() bool {
 	return appsAPIFound
 }
@@ -204,6 +209,7 @@ func verifyAppsAPI() error {
 	return nil
 }
 
+// IsOAuthAPIFound return true if the CRD oauth.openshift.io is available in the cluster.
 func IsOAuthAPIFound() bool {
 	return oauthAPIFound
 }
@@ -217,6 +223,7 @@ func verifyOAuthAPI() error {
 	return nil
 }
 
+// IsOLMAPIFound return true if the CRD operators.coreos.com is available in the cluster.
 func IsOLMAPIFound() bool {
 	return olmAPIFound
 }