ArgoCD — alert when an application drifts from git state
Someone ran `kubectl edit` directly on the cluster — the manifest diverges from git. ArgoCD shows OutOfSync, but auto-sync is off. The manifest drifts further, divergence accumulates.
Recipe
#!/usr/bin/env bash
# /etc/cron.d/argocd-drift
# */10 * * * * root /opt/argocd-drift.sh
ARGO=${ARGOCD_URL:-https://argocd.internal}
TOKEN=${ARGOCD_TOKEN}
OOS=$(curl -fsS -H "Authorization: Bearer $TOKEN" "$ARGO/api/v1/applications" \
| jq -r '[.items[] | select(.status.sync.status != "Synced") | .metadata.name]')
COUNT=$(echo "$OOS" | jq 'length')
if [ "${COUNT:-0}" -gt 0 ]; then
NAMES=$(echo "$OOS" | jq -r '.[]' | head -10 | tr '\n' ',')
curl -fsS "$HEARTBEAT_URL" --data-urlencode "out_of_sync=$COUNT,apps=$NAMES"
exit 2
fi
echo "OK (all apps Synced)"Same thing in Enterno.io
Wrap in an Enterno heartbeat — a daily "what drifted yesterday" report helps the team quickly restore the GitOps invariant.
Related recipes
Readiness probes pass inside the pod, but no one sees that the LB refused to route traffic to the new deploy.
A CrashLoopBackOff in one namespace — kubectl shows a restart count of 47, but nobody sees it. Want an endpoint that returns high when the counter jumps.
Inside a K8s cluster etcd re-elects the leader every 30 s — kube-apiserver lags, controller-manager can't keep reconciling. Only visible in etcd metrics.