Skip to main content

Declarative management

There are two types of settings that can be managed using the declarative approach:

  • End users/developers specific settings such as Application, ApplicationSet, and AppProject resources.
  • Platform-specific settings such as IP allow lists, system accounts and availability of additional Argo CD components.

Developers-specific settings

Declarative management allows you to use the Argo CD control plane on the Akuity platform to host Application, ApplicationSet, and AppProject resources. This is used for implementing:

  • Argo CD's app of apps pattern to declaratively specify one Argo CD Application resource that points to a Git repository consisting only of other Application resources.
  • ApplicationSet resources to manage a set of Argo CD Applications.

The resources deployed into the control plane must specify the namespace argocd and the destination name in-cluster (server https://kubernetes.default.svc). The child Applications (that deploy anything other than an Application, ApplicationSet, or AppProject) must target a connected cluster other than in-cluster.

Example: App of Apps

The parent Application created via the Argo CD dashboard:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: example-apps
  namespace: argocd
spec:
    destination:
      namespace: argocd
      name: in-cluster
    project: default
    source:
      repoURL: 'https://github.com/argoproj/argocd-example-apps'
      path: apps
      targetRevision: HEAD  
      helm:  # Set the destination cluster for the child Applications in the Helm chart.
        values: |-
          spec:
            destination:
              name: my-cluster
  • The destination.name is in-cluster and the destination.namespace is argocd. This will deploy child Applications into the Argo CD control plane on the Akuity Platform.

The child Application created by the parent app:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: helm-guestbook
  namespace: argocd
spec:
  destination:
    name: my-cluster
    namespace: default
  project: default
  source:
    path: helm-guestbook
    repoURL: 'https://github.com/argoproj/argocd-example-apps'
    targetRevision: HEAD
  • The destination.name is my-cluster, which is an external cluster connected to the Argo CD instance on the Akuity Platform (See "Connect a Kubernetes cluster"). This is where the resources for the guestbook app will be deployed (i.e., the Deployment and Service).

Enabling declarative management

To enable declarative management:

  1. Navigate to Argo CDyour instanceSettingsGeneral.

  2. Scroll down to Control Plane Cluster (in-cluster) and toggle the Enabled switch.

  3. Click Save.

Once the Argo CD instance has finished progressing, the in-cluster destination will be available.

Application Set

By default, the ApplicationSet Controller will run on the Control Plane which is fine for most use cases. ApplicationSet Delegate (Single Managed Cluster) compliments the Repo Server Delegate by allowing ApplicationSets that use webhooks, private Helm, or private git repositories to access the credentials needed to perform git operations.

ApplicationSet Delegate

  1. Switch from All Managed Clusters to Single Managed Cluster

  2. Select the cluster you want to use as the ApplicationSet Delegate.

  3. Click Save.

Policy (Global)

A Policy defines how application is synced between the generator and the cluster. Default is 'empty', options: 'sync' (create & update & delete), 'create-only', 'create-update' (no deletion), 'create-delete' (no update)

Allow Override

Starting with Argo CD v2.8 a policy can be specified per ApplicationSet. Enabling the override will allow a policy per ApplicationSet to override a global policy.

Using secrets in ApplicationSets

For security reasons, the Akuity platform enforces that all secret references in ApplicationSets point exclusively to the platform-managed secret named application-set-secret. This ensures that the credentials used by your ApplicationSets are securely managed and audited by the platform.

Setting Up Secrets

To configure secrets for use with ApplicationSets:

  1. Navigate to Argo CDyour instanceSettingsApplication Set.

  2. Scroll down to Secrets and add your key-value pairs (e.g., tokens, credentials) that you want to store in the application-set-secret.

  3. Save the configuration. The platform will automatically create or update the application-set-secret.