Cluster Bootstrapping

This guide is for operators who have already installed Argo CD, and have a new cluster and are looking to install many apps in that cluster.

There’s no one particular pattern to solve this problem, e.g. you could write a script to create your apps, or you could even manually create them. However, users of Argo CD tend to use the app of apps pattern.

App of Apps is an admin-only tool

The ability to create Applications in arbitrary Projects is an admin-level capability. Only admins should have push access to the parent Application’s source repository. Admins should review pull requests to that repository, paying particular attention to the project field in each Application. Projects with access to the namespace in which Argo CD is installed effectively have admin-level privileges.

App Of Apps Pattern

Declaratively specify one Argo CD app that consists only of other apps.

Application of Applications

Helm Example

This example shows how to use Helm to achieve this. You can, of course, use another tool if you like.

A typical layout of your Git repository for this might be:

  1. ├── Chart.yaml
  2. ├── templates
  3. ├── guestbook.yaml
  4. ├── helm-dependency.yaml
  5. ├── helm-guestbook.yaml
  6. └── kustomize-guestbook.yaml
  7. └── values.yaml

Chart.yaml is boiler-plate.

templates contains one file for each child app, roughly:

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. metadata:
  4. name: guestbook
  5. namespace: argocd
  6. finalizers:
  7. - resources-finalizer.argocd.argoproj.io
  8. spec:
  9. destination:
  10. namespace: argocd
  11. server: {{ .Values.spec.destination.server }}
  12. project: default
  13. source:
  14. path: guestbook
  15. repoURL: https://github.com/argoproj/argocd-example-apps
  16. targetRevision: HEAD

The sync policy to automated + prune, so that child apps are automatically created, synced, and deleted when the manifest is changed, but you may wish to disable this. I’ve also added the finalizer, which will ensure that your apps are deleted correctly.

Fix the revision to a specific Git commit SHA to make sure that, even if the child apps repo changes, the app will only change when the parent app change that revision. Alternatively, you can set it to HEAD or a branch name.

As you probably want to override the cluster server, this is a templated values.

values.yaml contains the default values:

  1. spec:
  2. destination:
  3. server: https://kubernetes.default.svc

Next, you need to create and sync your parent app, e.g. via the CLI:

  1. argocd app create apps \
  2. --dest-namespace argocd \
  3. --dest-server https://kubernetes.default.svc \
  4. --repo https://github.com/argoproj/argocd-example-apps.git \
  5. --path apps
  6. argocd app sync apps

The parent app will appear as in-sync but the child apps will be out of sync:

New App Of Apps

NOTE: You may want to modify this behavior to bootstrap your cluster in waves; see v1.8 upgrade notes for information on changing this.

You can either sync via the UI, firstly filter by the correct label:

Filter Apps

Then select the “out of sync” apps and sync:

Sync Apps

Or, via the CLI:

  1. argocd app sync -l app.kubernetes.io/instance=apps

View the example on GitHub.

Cascading deletion

If you want to ensure that child-apps and all of their resources are deleted when the parent-app is deleted make sure to add the appropriate finalizer to your Application definition

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: Application
  3. metadata:
  4. name: guestbook
  5. namespace: argocd
  6. finalizers:
  7. - resources-finalizer.argocd.argoproj.io
  8. spec:
  9. ...