Sometimes you want to create a lot of Applications based on some dynamic source of truth. You could create an App of Apps, a pipeline to update the Apps, and a trigger to start the pipeline. Or you could let ApplicationSets do the work for you.
ApplicationSet is a CRD which describes how to create Applications. The CRD includes an Application template and an area to define the source of truth. ApplicationSets support several sources of truth through a variety of generators.
The ApplicationSets manifests (CRD, operator, etc.) are bundled with Argo CD. If you are running a recent version of Argo CD, then you already have the ability to use ApplicationSets.
It's important to use limited projects whenever possible. We'll install a project that can only deploy Deployments,
ReplicaSets, and Pods the the default namespace in the local cluster. We'll also allow-list only one source repo.
Keep in mind that it's not currently safe (as of Argo CD 2.4) to allow non-admins to install or modify ApplicationSets. The project's limitations do no good if the user can simply edit the ApplicationSet to use a different project.
-
(Optional) Change
crenshaw-devinmanifests/ArgoCD201-ApplicationSets/project.yamlto your GitHub username. (If you make this change, you will also need to edit the ApplicationSet'sspec.template.spec.source.repoURLfield in the next step.) -
Apply the project manifest to the
argocdnamespace.kubectl apply -n argocd -f manifests/ArgoCD201-ApplicationSets/project.yaml
The ApplicationSet controller makes a lot of GitHub API requests. To avoid hitting the rate limit, use an API token.
-
Go to New personal access token on GitHub.
-
Use the following details:
Name:
ApplicationSetExpiration:
7 daysSelect scopes:
public_repo(only this one) -
Click "Generate token" and copy the token into your clipboard
-
Create a new Secret to hold the token
github_token=<Your GiHub Token>
echo '{"apiVersion": "v1", "kind": "Secret", "metadata": {"name": "github-token"}, "stringData": {"token": "'$github_token'"}}' | kubectl apply -n argocd -f --
(Optional) Change
crenshaw-devin thespec.template.spec.source.repoURLfield ofmanifests/ArgoCD201-ApplicationSets/appset.yamlto your GitHub username. (Only do this if you also did so in section 1.) -
Change
crenshaw-devin thespec.generators[0].pullRequest.github.ownerfield ofmanifests/ArgoCD201-ApplicationSets/appset.yamlto your GitHub username. -
Apply the ApplicationSet manifest to the
argocdnamespace.kubectl apply -n argocd -f manifests/ArgoCD201-ApplicationSets/appset.yaml
-
Confirm that the ApplicationSet was applied.
kubectl get appset -n argocd
argocd --port-forward-namespace argocd app list --project appsetThe list should be empty. Since you don't have any open PRs in your repo, the ApplicationSet's generator will not produce any parameters, and the Application template in the ApplicationSet will be applied to the cluster zero times.
git checkout -b my-test-branch
git add manifests/*
git commit -m "edit manifests"
git push --set-upstream originThe last command should print a link which you can use to open a PR.
Be sure to open the PR against your fork. By default, it will open against the original repo.
Add a label called preview to your PR. The appset filters
by that label.
argocd --port-forward --port-forward-namespace argocd login
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
(Username: admin)
(Password:<Output from above command>)
argocd --port-forward-namespace argocd app list --project appsetThe list should contain an Application corresponding to your new PR.
To create more Applications, create new PRs.
git checkout -b another-branch
git push --set-upstream originLeave the preview label off a PR to show that the ApplicationSet's filter is working.