Skip to content

argocd

Metadata

Field Value
Service argocd
Purpose Alternate GitOps control plane and migration reference alongside Fleet
Criticality Tier 1
Owner Platform / GitOps owner
Clusters homelab, oci
Namespace argocd
Exposure internet
Stateful yes
Backup class cluster backup
RPO / RTO Git is authoritative, 30 to 60 minutes to restore controller state
Last reviewed 2026-05-20

1. Service Overview

Argo CD remains in the repository as the alternate GitOps controller and as the source of older Application and ApplicationSet layouts that predate the Fleet-first model.

Summary

If this service is unavailable, the legacy GitOps path and any workloads still depending on Argo CD lose reconciliation and operator visibility.

Dependencies

Dependency Type Why it matters
Git repository credentials secret Argo CD must read the Git source of truth
Redis and Argo CD control-plane pods runtime Application and sync state depend on the controller stack
Traefik ingress External access to the UI and API

2. Architecture Diagram

[Git repository]
  -> [Argo CD API and controllers]
  -> [Applications / ApplicationSets]
  -> [Target clusters and namespaces]

3. Deployment Specifications

Item Value
Source path argocd/base, argocd/shared, argocd/prod, argocd/oci
Deployment model Kustomize
Namespace argocd
Workload kind Deployments, Stateful supporting components, ApplicationSet resources
Chart or image version Argo CD 3.3.x family in current manifests
Config files base/kustomization.yaml, shared/kustomization.yaml, prod/kustomization.yaml, oci/kustomization.yaml

Cluster mapping

Cluster Overlay path Notes
homelab argocd/prod Main legacy deployment path
oci argocd/oci OCI-specific ingress and access path

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
Repository and controller settings argocd/shared and overlay manifests Git access, application scope, notifications mixed

ConfigMaps

Resource Path Purpose
argocd-notifications-cm argocd/prod/argocd-notifications-cm.yaml Notifications and messaging behavior

Secrets management

  • Secret names: repository credentials and cluster access secrets under argocd/shared
  • Source of truth: committed placeholder manifests plus runtime secret material
  • Rotation trigger: Git credential rotation or cluster access changes
  • Recovery note: restore repository and cluster secrets before reconciling applications

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal argocd server and repo-server services in the argocd namespace Platform operators Argo CD RBAC Argo CD / Traefik
External https://argocd.mutana.fr or environment-specific hostname Platform operators Argo CD auth plus ingress controls Traefik

6. Operations and Observability

  • Primary health indicators: application controller healthy, repo-server healthy, Application sync status current.
  • Dashboards or alerts: shared cluster monitoring and Argo CD object status.
  • Log locations: controller, repo-server, and API server pod logs.
  • Known failure modes: bad Git credentials, stale Application paths, broken ingress, cluster secret drift, or ApplicationSet generation failures.

7. Backup and Recovery Notes

  • Backup method: Git plus cluster backup for controller state and secrets.
  • Restore prerequisites: Argo CD namespace, repository secrets, and controller deployments.
  • Related runbook: ../runbooks/argocd.md

8. Release and Change Notes

  • Current deployed app version: Argo CD 3.3.x family in the current repo state.
  • Current chart version: N/A.
  • Last significant change: retained as the alternate GitOps controller while the repository standardized on Fleet-first bootstrap and overlays.
  • Rollback reference: previous Kustomize overlay revision in Git.