Declarative management

There are two types of settings that can be managed using the declarative approach:

• End users/developers specific settings such as Application, ApplicationSet, and AppProject resources.
• Platform-specific settings such as IP allow lists, system accounts and availability of additional Argo CD components.

Developers-specific settings

Declarative management allows you to use the Argo CD control plane on the Akuity platform to host Application, ApplicationSet, and AppProject resources. This is used for implementing:

• Argo CD's app of apps pattern to declaratively specify one Argo CD Application resource that points to a Git repository consisting only of other Application resources.
• ApplicationSet resources to manage a set of Argo CD Applications.

The resources deployed into the control plane must specify the namespace argocd and the destination name in-cluster (server https://kubernetes.default.svc). The child Applications (that deploy anything other than an Application, ApplicationSet, or AppProject) must target a connected cluster other than in-cluster.

Example: App of Apps

The parent Application created via the Argo CD dashboard:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: example-apps
  namespace: argocd
spec:
    destination:
      namespace: argocd
      name: in-cluster
    project: default
    source:
      repoURL: 'https://github.com/morey-tech/argocd-example-apps'
      path: apps
      targetRevision: HEAD  
      helm:  # Set the destination cluster for the child Applications in the Helm chart.
        values: |-
          spec:
            destination:
              name: my-cluster

• The destination.name is in-cluster and the destination.namespace is argocd. This will deploy child Applications into the Argo CD control plane on the Akuity Platform.

The child Application created by the parent app:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: helm-guestbook
  namespace: argocd
spec:
  destination:
    name: my-cluster
    namespace: default
  project: default
  source:
    path: helm-guestbook
    repoURL: 'https://github.com/morey-tech/argocd-example-apps'
    targetRevision: HEAD

• The destination.name is my-cluster, which is an external cluster connected to the Argo CD instance on the Akuity Platform (See "Connect a Kubernetes cluster "). This is where the resources for the guestbook app will be deployed (i.e., the Deployment and Service).

Enabling declarative management

To enable declarative management:

1. Navigate to Argo CD → your instance → Settings → Declarative Management.

2. Toggle the Enabled switch to Enabled.

3. Click Save.

Once the Argo CD instance has finished progressing, the in-cluster destination will be available.

Permitting the platform in IP Allow lists

When using Declarative Management, if the source for an ApplicationSet or "App of Apps" Application is behind an IP allow list (e.g., a private Git server), add the following addresses to permit access for the Akuity Platform:

52.40.235.49
35.85.123.223
52.32.37.241

Platform-specific settings

Declarative management of platform-specific settings is implemented using akuity cli.

Use the following steps to start managing existing Argo CD instance managed by the Akuity Platform:

1. Export existing instance configuration using akuity argocd export <name> --organization-name <org-name> command:

   Note. yq provides a convenient way to split the output into multiple files.

   akuity argocd export demo --organization-name demo | yq -s '.metadata.name' -

2. Compare local configuration with the current state of the Akuity Platform using akuity argocd diff <name> --organization-name <org-name> command:

   akuity argocd diff demo --organization-name demo -f argocd/demo/
   
   ===== argoproj.io/v1alpha1/ArgoCD/demo ======
   6c6
   <   description: Demo purposes (https://demo.cd.akuity.cloud/)
   ---
   >   description: Demo purposes
   ▸ print diff: exit status 1%

3. Apply changes to the Akuity Platform using akuity argocd apply -f <configuration-path> command:

   akuity argocd apply -f argocd/demo/

Configuration specifications

The declarative configuration that defines Argo CD instance state has the same format as open-source Argo CD and described here. The Akuity Platform specific settings, such as instance name, IP allows lists and other additional features are defined using argocd.akuity.io/v1alpha1/ArgoCD resource.

Example of the declarative configuration:

apiVersion: argocd.akuity.io/v1alpha1
kind: ArgoCD
metadata:
  name: test-inst
spec:
  version: v2.6.0
  description: test-inst
  instanceSpec:
    ipAllowList:
      - ip: "1.2.3.4"
        description: dummy entry
    declarativeManagementEnabled: true

The reference specifications are available here.

Automated workflow

The GitOps workflow is implemented using GitHub Actions and is provides the following experience:

1. Engineers make changes to the declarative configuration of the Akuity Platform in the argocd directory and create Pull Request with the proposed changes.
2. GitHub action workflow compares the proposed changes with the current state of the Akuity Platform and posts detected changes as a comment to the Pull Request.
3. Reviewers review the proposed changes and detected changes report and approve the Pull Request.
4. GitHub action workflow applies the proposed changes to the Akuity Platform.

See the example live demo at https://github.com/akuity/akp-declarative/.