Declarative management
There are two types of settings that can be managed using the declarative approach:
- End users/developers specific settings such as
Application,ApplicationSet, andAppProjectresources. - Platform-specific settings such as IP allow lists, system accounts and availability of additional Argo CD components.
Developers-specific settings
Declarative management allows you to use the Argo CD control plane on the Akuity platform to host Application, ApplicationSet, and AppProject resources. This is used for implementing:
- Argo CD's app of apps pattern to declaratively specify one Argo CD
Applicationresource that points to a Git repository consisting only of otherApplicationresources. ApplicationSetresources to manage a set of Argo CDApplications.
The resources deployed into the control plane must specify the namespace argocd and the destination name in-cluster (server https://kubernetes.default.svc). The child Applications (that deploy anything other than an Application, ApplicationSet, or AppProject) must target a connected cluster other than in-cluster.
Example: App of Apps
The parent Application created via the Argo CD dashboard:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: example-apps
namespace: argocd
spec:
destination:
namespace: argocd
name: in-cluster
project: default
source:
repoURL: 'https://github.com/argoproj/argocd-example-apps'
path: apps
targetRevision: HEAD
helm: # Set the destination cluster for the child Applications in the Helm chart.
values: |-
spec:
destination:
name: my-cluster
- The
destination.nameisin-clusterand thedestination.namespaceisargocd. This will deploy childApplications into the Argo CD control plane on the Akuity Platform.
The child Application created by the parent app:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: helm-guestbook
namespace: argocd
spec:
destination:
name: my-cluster
namespace: default
project: default
source:
path: helm-guestbook
repoURL: 'https://github.com/argoproj/argocd-example-apps'
targetRevision: HEAD
- The
destination.nameismy-cluster, which is an external cluster connected to the Argo CD instance on the Akuity Platform (See "Connect a Kubernetes cluster"). This is where the resources for theguestbookapp will be deployed (i.e., theDeploymentandService).
Enabling declarative management
To enable declarative management:
-
Navigate to Argo CD → your instance → Settings → General.
-
Scroll down to Control Plane Cluster (in-cluster) and toggle the Enabled switch.
-
Click Save.
Once the Argo CD instance has finished progressing, the in-cluster destination will be available.
Application Set
By default, the ApplicationSet Controller will run on the Control Plane which is fine for most use cases. ApplicationSet Delegate (Single Managed Cluster) compliments the Repo Server Delegate by allowing ApplicationSets that use webhooks, private Helm, or private git repositories to access the credentials needed to perform git operations.
ApplicationSet Delegate
-
Switch from All Managed Clusters to Single Managed Cluster
-
Select the cluster you want to use as the ApplicationSet Delegate.
-
Click Save.
Policy (Global)
A Policy defines how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)
Allow Override
Starting with Argo CD v2.8 a policy can be specified per ApplicationSet. Enabling the override will allow a policy per ApplicationSet to override a global policy.
Permitting the platform in IP Allow lists
When using Declarative Management, if the source for an ApplicationSet or "App of Apps" Application is behind an IP allow list (e.g., a private Git server), add the following addresses to permit access for the Akuity Platform:
52.40.235.49
35.85.123.223
52.32.37.241