Cluster Generator

In Argo CD, managed clusters are stored within Secrets in the Argo CD namespace. The ApplicationSet controller uses those same Secrets to generate parameters to identify and target available clusters.

For each cluster registered with Argo CD, the Cluster generator produces parameters based on the list of items found within the cluster secret.

It automatically provides the following parameter values to the Application template for each cluster:

  • name
  • nameNormalized (‘name’ but normalized to contain only lowercase alphanumeric characters, ‘-‘ or ‘.’)
  • server
  • metadata.labels.<key> (for each label in the Secret)
  • metadata.annotations.<key> (for each annotation in the Secret)

Note

Use the nameNormalized parameter if your cluster name contains characters (such as underscores) that are not valid for Kubernetes resource names. This prevents rendering invalid Kubernetes resources with names like my_cluster-app1, and instead would convert them to my-cluster-app1.

Within Argo CD cluster Secrets are data fields describing the cluster:

  1. kind: Secret
  2. data:
  3. # Within Kubernetes these fields are actually encoded in Base64; they are decoded here for convenience.
  4. # (They are likewise decoded when passed as parameters by the Cluster generator)
  5. config: "{'tlsClientConfig':{'insecure':false}}"
  6. name: "in-cluster2"
  7. server: "https://kubernetes.default.svc"
  8. metadata:
  9. labels:
  10. argocd.argoproj.io/secret-type: cluster
  11. # (...)

The Cluster generator will automatically identify clusters defined with Argo CD, and extract the cluster data as parameters:

  1. apiVersion: argoproj.io/v1alpha1
  2. kind: ApplicationSet
  3. metadata:
  4. name: guestbook
  5. namespace: argocd
  6. spec:
  7. goTemplate: true
  8. goTemplateOptions: ["missingkey=error"]
  9. generators:
  10. - clusters: {} # Automatically use all clusters defined within Argo CD
  11. template:
  12. metadata:
  13. name: '{{.name}}-guestbook' # 'name' field of the Secret
  14. spec:
  15. project: "my-project"
  16. source:
  17. repoURL: https://github.com/argoproj/argocd-example-apps/
  18. targetRevision: HEAD
  19. path: guestbook
  20. destination:
  21. server: '{{.server}}' # 'server' field of the secret
  22. namespace: guestbook

(The full example can be found here.)

In this example, the cluster secret’s name and server fields are used to populate the Application resource name and server (which are then used to target that same cluster).

Label selector

A label selector may be used to narrow the scope of targeted clusters to only those matching a specific label:

  1. kind: ApplicationSet
  2. metadata:
  3. name: guestbook
  4. namespace: argocd
  5. spec:
  6. goTemplate: true
  7. goTemplateOptions: ["missingkey=error"]
  8. generators:
  9. - clusters:
  10. selector:
  11. matchLabels:
  12. staging: true
  13. # The cluster generator also supports matchExpressions.
  14. #matchExpressions:
  15. # - key: staging
  16. # operator: In
  17. # values:
  18. # - "true"
  19. template:
  20. # (...)

This would match an Argo CD cluster secret containing:

  1. kind: Secret
  2. data:
  3. # (... fields as above ...)
  4. metadata:
  5. labels:
  6. argocd.argoproj.io/secret-type: cluster
  7. staging: "true"
  8. # (...)

The cluster selector also supports set-based requirements, as used by several core Kubernetes resources.

Deploying to the local cluster

In Argo CD, the ‘local cluster’ is the cluster upon which Argo CD (and the ApplicationSet controller) is installed. This is to distinguish it from ‘remote clusters’, which are those that are added to Argo CD declaratively or via the Argo CD CLI.

The cluster generator will automatically target both local and non-local clusters, for every cluster that matches the cluster selector.

If you wish to target only remote clusters with your Applications (e.g. you want to exclude the local cluster), then use a cluster selector with labels, for example:

  1. spec:
  2. goTemplate: true
  3. goTemplateOptions: ["missingkey=error"]
  4. generators:
  5. - clusters:
  6. selector:
  7. matchLabels:
  8. argocd.argoproj.io/secret-type: cluster
  9. # The cluster generator also supports matchExpressions.
  10. #matchExpressions:
  11. # - key: staging
  12. # operator: In
  13. # values:
  14. # - "true"

This selector will not match the default local cluster, since the default local cluster does not have a Secret (and thus does not have the argocd.argoproj.io/secret-type label on that secret). Any cluster selector that selects on that label will automatically exclude the default local cluster.

However, if you do wish to target both local and non-local clusters, while also using label matching, you can create a secret for the local cluster within the Argo CD web UI:

  1. Within the Argo CD web UI, select Settings, then Clusters.
  2. Select your local cluster, usually named in-cluster.
  3. Click the Edit button, and change the NAME of the cluster to another value, for example in-cluster-local. Any other value here is fine.
  4. Leave all other fields unchanged.
  5. Click Save.

These steps might seem counterintuitive, but the act of changing one of the default values for the local cluster causes the Argo CD Web UI to create a new secret for this cluster. In the Argo CD namespace, you should now see a Secret resource named cluster-(cluster suffix) with label argocd.argoproj.io/secret-type": "cluster". You may also create a local cluster secret declaratively, or with the CLI using argocd cluster add "(context name)" --in-cluster, rather than through the Web UI.

Fetch clusters based on their K8s version

There is also the possibility to fetch clusters based upon their Kubernetes version. To do this, the label argocd.argoproj.io/auto-label-cluster-info needs to be set to true on the cluster secret. Once that has been set, the controller will dynamically label the cluster secret with the Kubernetes version it is running on. To retrieve that value, you need to use the argocd.argoproj.io/kubernetes-version, as the example below demonstrates:

  1. spec:
  2. goTemplate: true
  3. generators:
  4. - clusters:
  5. selector:
  6. matchLabels:
  7. argocd.argoproj.io/kubernetes-version: 1.28
  8. # matchExpressions are also supported.
  9. #matchExpressions:
  10. # - key: argocd.argoproj.io/kubernetes-version
  11. # operator: In
  12. # values:
  13. # - "1.27"
  14. # - "1.28"

Pass additional key-value pairs via values field

You may pass additional, arbitrary string key-value pairs via the values field of the cluster generator. Values added via the values field are added as values.(field)

In this example, a revision parameter value is passed, based on matching labels on the cluster secret:

  1. spec:
  2. goTemplate: true
  3. goTemplateOptions: ["missingkey=error"]
  4. generators:
  5. - clusters:
  6. selector:
  7. matchLabels:
  8. type: 'staging'
  9. # A key-value map for arbitrary parameters
  10. values:
  11. revision: HEAD # staging clusters use HEAD branch
  12. - clusters:
  13. selector:
  14. matchLabels:
  15. type: 'production'
  16. values:
  17. # production uses a different revision value, for 'stable' branch
  18. revision: stable
  19. template:
  20. metadata:
  21. name: '{{.name}}-guestbook'
  22. spec:
  23. project: "my-project"
  24. source:
  25. repoURL: https://github.com/argoproj/argocd-example-apps/
  26. # The cluster values field for each generator will be substituted here:
  27. targetRevision: '{{.values.revision}}'
  28. path: guestbook
  29. destination:
  30. server: '{{.server}}'
  31. namespace: guestbook

In this example the revision value from the generators.clusters fields is passed into the template as values.revision, containing either HEAD or stable (based on which generator generated the set of parameters).

Note

The values. prefix is always prepended to values provided via generators.clusters.values field. Ensure you include this prefix in the parameter name within the template when using it.

In values we can also interpolate the following parameter values (i.e. the same values as presented in the beginning of this page)

  • name
  • nameNormalized (‘name’ but normalized to contain only lowercase alphanumeric characters, ‘-‘ or ‘.’)
  • server
  • metadata.labels.<key> (for each label in the Secret)
  • metadata.annotations.<key> (for each annotation in the Secret)

Extending the example above, we could do something like this:

  1. spec:
  2. goTemplate: true
  3. goTemplateOptions: ["missingkey=error"]
  4. generators:
  5. - clusters:
  6. selector:
  7. matchLabels:
  8. type: 'staging'
  9. # A key-value map for arbitrary parameters
  10. values:
  11. # If `my-custom-annotation` is in your cluster secret, `revision` will be substituted with it.
  12. revision: '{{index .metadata.annotations "my-custom-annotation"}}'
  13. clusterName: '{{.name}}'
  14. - clusters:
  15. selector:
  16. matchLabels:
  17. type: 'production'
  18. values:
  19. # production uses a different revision value, for 'stable' branch
  20. revision: stable
  21. clusterName: '{{.name}}'
  22. template:
  23. metadata:
  24. name: '{{.name}}-guestbook'
  25. spec:
  26. project: "my-project"
  27. source:
  28. repoURL: https://github.com/argoproj/argocd-example-apps/
  29. # The cluster values field for each generator will be substituted here:
  30. targetRevision: '{{.values.revision}}'
  31. path: guestbook
  32. destination:
  33. # In this case this is equivalent to just using {{name}}
  34. server: '{{.values.clusterName}}'
  35. namespace: guestbook