ArgoCD App Stuck in 'Unknown' Sync Status — Here's the Fix
If your ArgoCD application is stuck showing Unknown sync status and refresh doesn't help, this guide walks you through the exact steps to diagnose and fix it — including RBAC issues, webhook problems, and cluster connectivity errors.
There's something uniquely frustrating about an ArgoCD app stuck in Unknown status. It's not Synced. It's not OutOfSync. It's just... Unknown. And clicking Refresh does absolutely nothing.
I've hit this exact issue more times than I care to admit — usually at the worst possible time, right when someone's asking why their deployment isn't live yet.
Let me walk you through what actually causes this and how to fix it.
What "Unknown" Sync Status Actually Means
In ArgoCD, Unknown doesn't mean ArgoCD can't find your app. It means ArgoCD can't determine the current state of your app in the target cluster.
This usually happens because:
- ArgoCD can't connect to the target Kubernetes cluster
- The ArgoCD application controller is having trouble talking to the API server
- There's a permissions (RBAC) issue preventing ArgoCD from reading resources
- The app's namespace doesn't exist in the cluster
The key distinction: Synced/OutOfSync means ArgoCD knows what's there. Unknown means it couldn't even check.
Step 1: Check ArgoCD Application Controller Logs
This is always my first move. The application controller is what actually talks to your cluster.
kubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller --tail=100Look for errors like:
level=error msg="Failed to get cluster info" error="..."
level=error msg="Unable to list resources" error="forbidden"
level=error msg="connection refused"
These will immediately tell you what's broken.
Step 2: Verify Cluster Connectivity
If you're managing a remote cluster (not in-cluster), ArgoCD needs to be able to reach it. Check if ArgoCD can actually see the cluster:
argocd cluster listYou'll see something like:
SERVER NAME VERSION STATUS MESSAGE
https://your-cluster-api:6443 production 1.29 Unknown dial tcp: connection refused
That Unknown status with a connection error means ArgoCD can't reach the cluster API. Fix the network, firewall rules, or kubeconfig credentials first.
To re-add the cluster after fixing connectivity:
argocd cluster add <context-name> --name productionStep 3: Check RBAC Permissions
This is the most common cause I see in practice. ArgoCD's service account needs permission to list and watch resources in your target namespace.
Check if the ArgoCD service account can list pods:
kubectl auth can-i list pods \
--as=system:serviceaccount:argocd:argocd-application-controller \
-n <your-app-namespace>If it says no, that's your problem. ArgoCD can't read the cluster state without proper RBAC.
Fix it by creating a ClusterRole binding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argocd-application-controller-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: argocd-application-controller
namespace: argocdIn production, scope this down to only the namespaces ArgoCD manages.
cluster-adminis for quick debugging only.
Step 4: Force a Hard Refresh
Sometimes ArgoCD's cache is stale. A normal refresh uses cached data. A hard refresh forces ArgoCD to re-fetch everything directly from Git and the cluster:
argocd app get <app-name> --hard-refreshOr from the UI: Click the dropdown arrow next to "Refresh" → select "Hard Refresh".
Step 5: Check the App's Target Namespace
If the namespace your app is targeting doesn't exist in the cluster, ArgoCD will show Unknown.
kubectl get namespace <target-namespace>If it's missing, either create it manually or enable CreateNamespace=true in your ArgoCD sync options:
spec:
syncPolicy:
syncOptions:
- CreateNamespace=trueStep 6: Restart the Application Controller
If nothing above works, restart the application controller pod. I know it sounds like "turn it off and on again," but it genuinely fixes cases where the controller has gotten into a bad state:
kubectl rollout restart deployment argocd-application-controller -n argocdWait 30-60 seconds, then check your app status again.
Step 7: Check ArgoCD Server and Repo Server
If multiple apps are showing Unknown (not just one), the issue is likely with ArgoCD itself rather than a specific app. Check all components:
kubectl get pods -n argocdAll pods should be Running. If argocd-repo-server or argocd-server is in CrashLoopBackOff or Pending, fix those first.
Quick Reference: What Each Status Means
| Status | Meaning |
|---|---|
| Synced | Cluster matches Git |
| OutOfSync | Cluster differs from Git |
| Unknown | ArgoCD couldn't check cluster state |
| Progressing | Sync is in progress |
| Degraded | Resources are unhealthy |
| Missing | Resource exists in Git but not in cluster |
The Fix That Works 90% of the Time
In my experience, Unknown status is almost always one of these three:
- RBAC issue — ArgoCD service account can't read resources → fix permissions
- Cluster connectivity — Network or credential problem → re-add the cluster
- Stale cache — Hard refresh fixes it
Start with the application controller logs. They'll tell you exactly what's wrong within 30 seconds.
If you're regularly hitting ArgoCD issues, check out our ArgoCD interview questions — knowing the internals makes debugging much faster.
Today I Fixed
Short real fixes from production — posted daily
Stay ahead of the curve
Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.
Related Articles
ArgoCD App of Apps Not Syncing — Every Fix (2026)
Your ArgoCD App of Apps pattern stopped syncing. Child apps aren't created, parent shows OutOfSync, or sync is stuck. Here are every cause and the exact fix.
ArgoCD Resource Hook Failed: How to Debug and Fix It
ArgoCD PreSync or PostSync hooks failing silently? Here's how to find the real error, fix hook job issues, and stop your deployments from getting stuck.
ArgoCD Image Updater Not Syncing — Fix Guide
ArgoCD Image Updater detects a new image tag but doesn't update the Application. Here's how to diagnose and fix annotation errors, registry auth issues, write-back problems, and sync failures.