Skip to main content

Overview

ArgoCD implements GitOps-based continuous delivery, automatically syncing Kubernetes manifests from Git repositories to the cluster. It manages application deployments using ApplicationSets for dynamic application generation.

Installation

ArgoCD is bootstrapped via argocd-bootstrap.sh: 
# Build nixidy manifests
nix build "#legacyPackages.${PLATFORM}.nixidyEnvs.local.environmentPackage" -o manifests-result

# Create namespace and apply manifests
kubectl create namespace argocd
kubectl apply -f manifests-result/argocd/ --server-side --force-conflicts
Manifests are generated by nixidy (Nix-based Kustomize wrapper) from Helm charts.

Configuration

Nixidy Module (nixidy/env/local/argocd.nix)

applications.argocd = {
  namespace = "argocd";
  createNamespace = true;
  
  helm.releases.argocd = {
    chart = charts.argoproj.argo-cd;
    values = {
      global.domain = "argocd.local";
      server = {
        replicas = 1;
        service = {
          type = "NodePort";
          nodePortHttp = 30080;
          nodePortHttps = 30443;
        };
        extraArgs = [ "--insecure" ];
      };
      controller.replicas = 1;
      redis.enabled = true;
      dex.enabled = false;
      configs.params."server.insecure" = true;
    };
  };
};

Key Settings

SettingValuePurpose
server.replicas1Single instance for local dev
service.typeNodePortDirect host access
server.insecuretrueHTTP mode (no TLS locally)
dex.enabledfalseNo SSO in local env
redis.enabledtrueSession caching

Access

Web UI

kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath="{.data.password}" | base64 -d

Ports

PortProtocolPurpose
30080HTTPWeb UI and API
30443HTTPSSecure access (not used locally)

Components

ArgoCD consists of several components:

Application Controller

StatefulSet that monitors Git repositories and reconciles cluster state:
  • Compares desired state (Git) with live state (cluster)
  • Performs sync operations
  • Detects configuration drift

Repo Server

Generates Kubernetes manifests from source repositories:
  • Helm chart rendering
  • Kustomize builds
  • Directory-based applications

Server

API server and Web UI:
  • REST/gRPC API
  • Web interface
  • CLI authentication

ApplicationSet Controller

Dynamically generates Applications based on templates and generators.

Redis

Caches repository data and sessions for performance.

ApplicationSet

The infrastructure uses ApplicationSet for dynamic application deployment (argocd/services-appset.yaml): 
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: services
  namespace: argocd
spec:
  generators:
    - git:
        repoURL: https://github.com/thirdlf03/microservice-app.git
        directories:
          - path: services/*/k8s/generated
          - path: frontend/k8s/generated
  template:
    spec:
      source:
        repoURL: https://github.com/thirdlf03/microservice-app.git
        targetRevision: main
        path: '{{path}}'
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
This automatically creates an Application for each service directory in the repository.

Auto-Sync Behavior

  • prune: Removes resources deleted from Git
  • selfHeal: Reverts manual changes to match Git

Manifest Generation

Manifests are pre-generated using nixidy: 
gen-manifests  # Regenerates manifests from nixidy modules
Generated manifests are stored in manifests/argocd/.

Integration

Nixidy

ArgoCD configuration is defined in Nix expressions and rendered to Kubernetes YAML via nixidy. This provides:
  • Type-safe configuration
  • Reproducible builds
  • Helm chart management

Application Repositories

ArgoCD watches the microservice-app repository and automatically deploys services when manifests change.

Observability

ArgoCD metrics are exposed and scraped by Prometheus:
  • Application sync status
  • Sync history
  • Repository fetch metrics
  • API request metrics

Build docs developers (and LLMs) love

Get started for freeTalk to us