Capargo is yet another project to handle the creation of argocd cluster secrets based on capi cluster objects.
| Project | Listener(s) | ClusterDeletion | Labels | Opt-out | Projects |
|---|---|---|---|---|---|
| Capargo | Clusters and Secrets | Handled | From Cluster object | Trough Cluster labels | Not managed |
| argocd-cluster-register | Clusters | static | Not implemented | Managed | |
| argocdsecretsynchronizer | Custom CRD and Secret | static | Through CRD | Not managed | |
| capi2argo-cluster-operator | Secrets | Handled | Prefixed from cluster object | Not implemented | Not managed |
This project differs from previous implementation as it allows to simply opt-in or opt-out argocd cluster creation, while keeping a simple interface to assign labels to ArgoCD cluster objects, enabling ApplicationSet generators.
It also ensures that the argocd cluster object is kept up-to-date with the latest available kubeconfig and prevents from manual undesired modifications of the ArgoCD cluster object. In particular:
- credentials are enforced. If the argocd cluster object credentials are changed, its credentials will be restored from the kubeconfig
- labels are enforced. If the argocd cluster labels are changed, they will be restored from the cluster object.
For each cluster object, a matching argocd cluster secret is created, as soon as a kubeconfig has been created by the provisioner of this cluster.
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
namespace: default
name: my-cluster
labels:
some: labelwill generate, by default, an argocd cluster object
apiVersion: v1
kind: Secret
metadata:
namespace: argocd
name: capargo-default-my-cluster
labels: # New labels can't be added
some: label
argocd.argoproj.io/secret-type: cluster
annotations:
capargo.jamet.dev/cluster-object-name: thibus # This can't be changed
capargo.jamet.dev/cluster-object-namespace: default # This can't be changedCapargo accepts some customzation.
You can change the default capargo.jamet.dev annotation and labels prefix using the command line argument --metadata-prefix=my-prefix.
The resulting argocd object will be
apiVersion: v1
kind: Secret
metadata:
namespace: argocd
name: capargo-default-my-cluster
labels: # New labels can't be added
some: label
argocd.argoproj.io/secret-type: cluster
annotations:
my-prefix/cluster-object-name: thibus # This can't be changed
my-prefix/cluster-object-namespace: default # This can't be changedYou can enable or disable the integration at the cluster level adding the label capargo.jamet.dev/argocd: (enable|disable) to the cluster object.
In practice, any value different from enable or enabled will disable the creation of argocd cluster secret
✍️ Note that if you changed the metadata prefix using --metadata-prefix=my-prefix the label becomes my-prefix/argocd: (enable|disable)
By default, capargo will create argocd cluster secrets for all clusters.
You can change this behaviour and disable by default using the command line argument --enable-by-default=false.
✍️ In this case, only clusters with a label capargo.jamet.dev/argocd: (enable|enabled) will have a matching argocd cluster created.