There are two types of settings that can be managed using the declarative approach:
- End users/developers specific settings such as
- Platform-specific settings such as IP allow lists, system accounts and availability of additional Argo CD components.
Declarative management allows you to use the Argo CD control plane on the Akuity platform to host
AppProject resources. This is used for implementing:
- Argo CD's app of apps pattern to declaratively specify one Argo CD
Applicationresource that points to a Git repository consisting only of other
ApplicationSetresources to manage a set of Argo CD
The resources deployed into the control plane must specify the namespace
argocd and the destination name
https://kubernetes.default.svc). The child
Applications (that deploy anything other than an
AppProject) must target a connected cluster other than
Example: App of Apps
Application created via the Argo CD dashboard:
helm: # Set the destination cluster for the child Applications in the Helm chart.
argocd. This will deploy child
Applications into the Argo CD control plane on the Akuity Platform.
Application created by the parent app:
my-cluster, which is an external cluster connected to the Argo CD instance on the Akuity Platform (See "Connect a Kubernetes cluster"). This is where the resources for the
guestbookapp will be deployed (i.e., the
Enabling declarative management
To enable declarative management:
Argo CD→ your instance→ Settings→ Declarative Management.
Enabledswitch to Enabled.
Once the Argo CD instance has finished progressing, the
in-cluster destination will be available.
By default, the ApplicationSet Controller will run on the Control Plane which is fine for most use cases. ApplicationSet Delegate (Single Managed Cluster) compliments the Repo Server Delegate by allowing ApplicationSets that use webhooks, private Helm, or private git repositories to access the credentials needed to perform git operations.
All Managed Clustersto Single Managed Cluster
Select the cluster you want to use as the ApplicationSet Delegate.
A Policy defines how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)
Starting with Argo CD v2.8 a policy can be specified per ApplicationSet. Enabling the override will allow a policy per ApplicationSet to override a global policy.
Permitting the platform in IP Allow lists
When using Declarative Management, if the source for an ApplicationSet or "App of Apps" Application is behind an IP allow list (e.g., a private Git server), add the following addresses to permit access for the Akuity Platform: