liminfo

ArgoCD Reference

Free reference guide: ArgoCD Reference

19 results

About ArgoCD Reference

The ArgoCD Reference is a searchable cheat sheet covering all major ArgoCD concepts organized into five categories: CRDs (Application, AppProject, ApplicationSet), Sync policies (automated sync with prune/selfHeal, manual sync, sync waves for ordering, retry policy with exponential backoff), Hooks (PreSync for DB migrations, Sync, PostSync for tests and notifications, SyncFail for rollback actions), Auth (RBAC policy.csv rules and SSO via OIDC/Dex with GitHub connector), and CLI (argocd app create, sync, diff, get, delete, cluster add).

This reference is built for platform engineers, DevOps teams, and Kubernetes developers implementing GitOps workflows with ArgoCD. Whether you are defining an Application CRD that points to a Helm chart, configuring ApplicationSet to auto-generate apps from a Git directory tree, or setting up RBAC so developers can sync but not delete, this cheat sheet gives you the exact YAML annotation or CLI flag you need.

ArgoCD's declarative GitOps model means every configuration detail matters — a missing "prune: true" can leave orphaned resources, and sync wave ordering is critical for database-before-application deployments. The five categories mirror the operational concerns you face daily: defining apps, controlling when and how they sync, wiring in lifecycle hooks, securing access, and operating via the CLI. All content is browser-based, free, and supports dark mode.

Key Features

  • Application CRD: full YAML spec with repoURL, path, targetRevision, destination server and namespace
  • AppProject: destination and sourceRepos restrictions for multi-team access control
  • ApplicationSet: Git directory generator for automatically creating one Application per directory
  • Automated sync: prune orphaned resources, selfHeal drift, and allowEmpty flag
  • Sync waves: argocd.argoproj.io/sync-wave annotation to sequence resource creation order
  • Sync retry policy: limit, backoff duration, factor, and maxDuration for resilient deployments
  • Lifecycle hooks: PreSync (DB migration), Sync, PostSync (smoke tests), SyncFail (rollback) with hook-delete-policy
  • RBAC and SSO: policy.csv role definitions and Dex OIDC connector configuration for GitHub SSO

Frequently Asked Questions

What is the Application CRD in ArgoCD?

The Application CRD is the core ArgoCD resource. It defines the source (Git repo URL, path, and target revision) and destination (Kubernetes cluster API server and namespace). ArgoCD continuously reconciles the live cluster state with the declared Git state, reporting Synced/OutOfSync health status.

What is the difference between automated and manual sync in ArgoCD?

With automated sync, ArgoCD detects Git changes and applies them to the cluster automatically. "prune: true" deletes resources removed from Git, and "selfHeal: true" reverts manual cluster changes back to the Git-declared state. With manual sync, changes are only applied when you explicitly run "argocd app sync myapp" or click Sync in the UI.

What are sync waves and why are they important?

Sync waves control the order in which resources are applied during a sync operation. Annotate a resource with "argocd.argoproj.io/sync-wave: \"1\"" to assign it to wave 1. ArgoCD applies lower-numbered waves first and waits for their health checks to pass before proceeding to the next wave. This ensures, for example, that a database Deployment is healthy before the application Deployment starts.

How do PreSync and PostSync hooks work?

PreSync hooks run before any resources are applied — ideal for database schema migrations. Sync hooks run during the sync. PostSync hooks run after all resources are healthy — ideal for integration tests or Slack notifications. SyncFail hooks run only when a sync operation fails, enabling automated rollback or alerting. Use "hook-delete-policy: HookSucceeded" to clean up completed hook Jobs.

How do I set up RBAC so developers can sync but not delete applications?

Define a role in policy.csv with specific permissions: "p, role:developer, applications, sync, */*, allow" grants sync access, and "p, role:developer, applications, get, */*, allow" grants read access. Then bind users or SSO groups to the role with "g, my-team, role:developer". Omit the delete permission to prevent developers from deleting applications.

What is ApplicationSet and when should I use it?

ApplicationSet automates the creation of multiple Application resources using generators. The Git directory generator scans a repository for directories matching a pattern and creates one ArgoCD Application per match. This is ideal for multi-cluster or multi-environment deployments where you want a uniform GitOps setup without manually defining each Application.

How do I compare the live cluster state with Git using the CLI?

Run "argocd app diff myapp" to see what changes ArgoCD would apply on the next sync. Use "--local ./k8s/" to compare against local manifests instead of Git. This is useful for previewing changes before a sync, especially in production environments.

How do I add an external Kubernetes cluster to ArgoCD?

Run "argocd cluster add <kubectl-context-name>" from a machine that has kubectl configured with the target cluster context. ArgoCD will install a service account in the target cluster and store the credentials in argocd-cm. You can then set the cluster as a destination in your Application CRDs.