Declarative management
There are two types of settings that can be managed using the declarative approach:
- End users/developers specific settings such as
Application,ApplicationSet, andAppProjectresources. - Platform-specific settings such as IP allow lists, system accounts and availability of additional Argo CD components.
Developers-specific settings
Declarative management allows you to use the Argo CD control plane on the Akuity platform to host Application, ApplicationSet, and AppProject resources. This is used for implementing:
- Argo CD's app of apps pattern to declaratively specify one Argo CD
Applicationresource that points to a Git repository consisting only of otherApplicationresources. ApplicationSetresources to manage a set of Argo CDApplications.
The resources deployed into the control plane must specify the namespace argocd and the destination name in-cluster (server https://kubernetes.default.svc). The child Applications (that deploy anything other than an Application, ApplicationSet, or AppProject) must target a connected cluster other than in-cluster.
Example: App of Apps
The parent Application created via the Argo CD dashboard:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: example-apps
namespace: argocd
spec:
destination:
namespace: argocd
name: in-cluster
project: default
source:
repoURL: 'https://github.com/argoproj/argocd-example-apps'
path: apps
targetRevision: HEAD
helm: # Set the destination cluster for the child Applications in the Helm chart.
values: |-
spec:
destination:
name: my-cluster
- The
destination.nameisin-clusterand thedestination.namespaceisargocd. This will deploy childApplications into the Argo CD control plane on the Akuity Platform.
The child Application created by the parent app:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: helm-guestbook
namespace: argocd
spec:
destination:
name: my-cluster
namespace: default
project: default
source:
path: helm-guestbook
repoURL: 'https://github.com/argoproj/argocd-example-apps'
targetRevision: HEAD
- The
destination.nameismy-cluster, which is an external cluster connected to the Argo CD instance on the Akuity Platform (See "Connect a Kubernetes cluster"). This is where the resources for theguestbookapp will be deployed (i.e., theDeploymentandService).
Enabling declarative management
To enable declarative management:
-
Navigate to Argo CD → your instance → Settings → General.
-
Scroll down to Control Plane Cluster (in-cluster) and toggle the Enabled switch.
-
Click Save.
Once the Argo CD instance has finished progressing, the in-cluster destination will be available.
Application Set
By default, the ApplicationSet Controller will run on the Control Plane which is fine for most use cases. ApplicationSet Delegate (Single Managed Cluster) compliments the Repo Server Delegate by allowing ApplicationSets that use webhooks, private Helm, or private git repositories to access the credentials needed to perform git operations.
ApplicationSet Delegate
-
Switch from All Managed Clusters to Single Managed Cluster
-
Select the cluster you want to use as the ApplicationSet Delegate.
-
Click Save.
Policy (Global)
A Policy defines how application is synced between the generator and the cluster. Default is 'empty', options: 'sync' (create & update & delete), 'create-only', 'create-update' (no deletion), 'create-delete' (no update)
Allow Override
Starting with Argo CD v2.8 a policy can be specified per ApplicationSet. Enabling the override will allow a policy per ApplicationSet to override a global policy.
Using secrets in ApplicationSets
For security reasons, the Akuity platform enforces that all secret references in ApplicationSets point exclusively to the platform-managed secret named application-set-secret. This ensures that the credentials used by your ApplicationSets are securely managed and audited by the platform.
Setting Up Secrets
To configure secrets for use with ApplicationSets:
-
Navigate to Argo CD → your instance → Settings → Application Set.
-
Scroll down to Secrets and add your key-value pairs (e.g., tokens, credentials) that you want to store in the application-set-secret.
-
Save the configuration. The platform will automatically create or update the application-set-secret.
Plugins Generator
The ApplicationSet Plugin Generator allows you to configure custom plugin generators that can be used with ApplicationSets. This feature enables you to extend the functionality of ApplicationSet generators by providing your own custom logic for generating application parameters.
For detailed information about implementing plugin generators, see the Argo CD Plugin Generator documentation.
Adding a Plugin
-
Navigate to Argo CD → your instance → Settings → Application Set.
-
Scroll down to the Plugins Generator section.
-
Configure the following fields:
- Name: A unique identifier for your plugin (the field is pre-filled with
plugin-, so you would enter something likemy-custom-pluginto createplugin-my-custom-plugin) - Base URL: The base URL of the Kubernetes service exposing your plugin in the cluster (e.g.,
http://myplugin.plugin-ns.svc.cluster.local). In most cases, this will be a deployment running on your cluster and not publicly accessible. - Request Timeout: Timeout for requests to the plugin in seconds
- Token: A token used to authenticate HTTP requests to your plugin
- Name: A unique identifier for your plugin (the field is pre-filled with
-
Click + Add Plugin to add the plugin configuration.
-
Click Save to apply the changes.
The token should be a strong, randomly generated string that will be used to authenticate requests between the ApplicationSet controller and your plugin.
The base URL should point to a Kubernetes service that exposes your plugin. The service should be accessible from the ApplicationSet controller's namespace.
Important: If your plugin service is not publicly accessible, you will need to enable the ApplicationSet Delegate feature and delegate to the cluster where your plugin service is running.