argocd
Installation
Entrypoint
Types
Argocd

argocd

rendering ArgoCD resources from OCI-hosted KCL modules.

Functions live in dedicated files:
- cli.go AddClusterCli (logs in with the argocd CLI and runs `cluster add`)
- cluster.go AddClusterK8s (applies a cluster Secret directly; no ArgoCD API call)
- project.go CreateAppProject (renders + optionally applies an AppProject via the shared KCL module)

Installation

dagger install github.com/stuttgart-things/dagger/argocd@v0.96.0

Entrypoint

Return Type

Argocd

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \

func (m *MyModule) Example() *dagger.Argocd  {
	return dag.
			Argocd()
}

@function
def example() -> dagger.Argocd:
	return (
		dag.argocd()
	)

@func()
example(): Argocd {
	return dag
		.argocd()
}

Types

Argocd 🔗

addClusterCli() 🔗

AddClusterCli registers a Kubernetes cluster in ArgoCD via argocd cluster add.

It builds a Wolfi-based container with the argocd CLI and kubectl, logs in to the ArgoCD server, and runs argocd cluster add <context> --name <clusterName>. The kubeconfig context is taken from its current-context (or –source-context when supplied); no context rename is performed.

Return Type

String !

Arguments

Name	Type	Default Value	Description
kubeConfig	Secret !	-	Kubeconfig of the target cluster
argocdServer	String !	-	ArgoCD server address (host[:port], no scheme)
username	String !	-	ArgoCD username (not a secret)
password	Secret !	-	ArgoCD password
clusterName	String !	-	Display name for the cluster in ArgoCD (–name on `argocd cluster add`)
baseImage	String	"cgr.dev/chainguard/wolfi-base:latest"	No description provided
insecure	Boolean	true	No description provided
serverCert	File	-	CA certificate (PEM) to verify the ArgoCD server. When provided, insecure is ignored.
serverCertsDir	Directory	-	Directory of CA certificates (.crt / .pem) concatenated into the trust bundle passed to `argocd login --server-crt`. When provided, insecure is ignored. Takes precedence over serverCert.
sourceContext	String	-	Kubeconfig context to register. If empty, the kubeconfig’s current-context is used.
plaintext	Boolean	false	Use plain HTTP (no TLS) to talk to the ArgoCD server.
cliPackage	String	"argo-cd-2.14"	Wolfi apk package providing the argocd CLI. Pin to a major.minor that matches your ArgoCD server (e.g. argo-cd-2.14, argo-cd-3.3). The “argo-cd” meta-package tracks the latest major and can break against older servers.

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \
 add-cluster-cli --kube-config env:MYSECRET --argocd-server string --username string --password env:MYSECRET --cluster-name string

func (m *MyModule) Example(ctx context.Context, kubeConfig *dagger.Secret, argocdServer string, username string, password *dagger.Secret, clusterName string) string  {
	return dag.
			Argocd().
			AddClusterCli(ctx, kubeConfig, argocdServer, username, password, clusterName)
}

@function
async def example(kube_config: dagger.Secret, argocd_server: str, username: str, password: dagger.Secret, cluster_name: str) -> str:
	return await (
		dag.argocd()
		.add_cluster_cli(kube_config, argocd_server, username, password, cluster_name)
	)

@func()
async example(kubeConfig: Secret, argocdServer: string, username: string, password: Secret, clusterName: string): Promise<string> {
	return dag
		.argocd()
		.addClusterCli(kubeConfig, argocdServer, username, password, clusterName)
}

addClusterK8S() 🔗

AddClusterK8s registers a Kubernetes cluster in ArgoCD without calling the ArgoCD HTTP/gRPC API. It creates (or reuses) a ServiceAccount with cluster-admin permissions in the target cluster, mints a token via kubectl create token, extracts the cluster’s server URL and CA from the kubeconfig, and assembles the ArgoCD cluster Secret (labelled argocd.argoproj.io/secret-type=cluster).

The rendered Secret is always returned in the output Directory as <clusterName>.yaml. When applyToCluster is true (the default) the Secret is also applied to the ArgoCD-hosting cluster; when false, you get the file back without touching the ArgoCD cluster — handy for git-committing or inspecting before apply. Either way, the target cluster IS mutated (SA + RBAC created, token minted) because the Secret can’t be built without a live token.

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
kubeConfig	Secret !	-	Kubeconfig of the target cluster to register (where the SA is created)
clusterName	String !	-	Display name for the cluster in ArgoCD (also the Secret name and output filename)
argocdKubeConfig	Secret	-	Kubeconfig of the cluster where ArgoCD runs. Required when applyToCluster is true (and you want to apply somewhere other than the target cluster). Ignored when applyToCluster is false.
argocdNamespace	String	"argocd"	Namespace where ArgoCD is installed
serviceAccountName	String	"argocd-manager"	ServiceAccount name created/reused in the target cluster
serviceAccountNamespace	String	"kube-system"	Namespace for the ServiceAccount in the target cluster
sourceContext	String	-	Kubeconfig context of the target cluster. Empty = current-context.
argocdContext	String	-	Kubeconfig context of the ArgoCD cluster. Empty = current-context of argocdKubeConfig.
serverUrl	String	-	Override the server URL written into the cluster Secret. Empty = server from kubeconfig.
tokenDuration	String	"8760h"	Duration passed to `kubectl create token`. Subject to the cluster’s max.
applyToCluster	Boolean	true	Apply the generated cluster Secret to the ArgoCD cluster. When false, the Secret is only rendered and returned — inspect/commit it, apply later with your own tooling.
baseImage	String	"cgr.dev/chainguard/wolfi-base:latest"	No description provided

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \
 add-cluster-k-8-s --kube-config env:MYSECRET --cluster-name string

func (m *MyModule) Example(kubeConfig *dagger.Secret, clusterName string) *dagger.Directory  {
	return dag.
			Argocd().
			AddClusterK8S(kubeConfig, clusterName)
}

@function
def example(kube_config: dagger.Secret, cluster_name: str) -> dagger.Directory:
	return (
		dag.argocd()
		.add_cluster_k8_s(kube_config, cluster_name)
	)

@func()
example(kubeConfig: Secret, clusterName: string): Directory {
	return dag
		.argocd()
		.addClusterK8S(kubeConfig, clusterName)
}

createAppProject() 🔗

CreateAppProject renders an ArgoCD AppProject manifest from the stuttgart-things/argocd-app-project KCL module (hosted as an OCI artifact) and optionally applies it to the ArgoCD-hosting cluster.

Every field of the AppProject can be overridden via the individual parameters below. Complex fields (destinations, whitelists, labels) take JSON strings that are passed straight to kcl run -D key=<json>.

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
name	String	-	AppProject name (metadata.name and the output file basename). Can also be supplied via parametersFile; the CLI value wins.
parametersFile	File	-	YAML/JSON file with KCL parameters as key: value pairs. Every CLI flag below takes precedence over values in this file. Values may be scalars, JSON arrays, or JSON objects (yq/jq stringifies nested values before handing them to `kcl run -D`).
namespace	String	-	Namespace where ArgoCD is installed (KCL default: “argocd”)
description	String	-	Free-form description written to spec.description
sourceRepos	String	-	Allowed source repo URLs, JSON array (e.g. ‘[”https://github.com/org/repo”]’)
destinations	String	-	Deployment destinations, JSON array of {server?,name?,namespace} (e.g. ‘[{“server”:”https://10.0.0.1:6443”,“namespace”:“*”}]’)
clusterResourceWhitelist	String	-	Cluster-scoped resource kinds allowed, JSON array of {group,kind}
namespaceResourceWhitelist	String	-	Namespace-scoped resource kinds allowed, JSON array of {group,kind}
labels	String	-	metadata.labels as JSON object (e.g. ‘{“team”:“platform”}’)
annotations	String	-	metadata.annotations as JSON object
ociSource	String	"oci://ghcr.io/stuttgart-things/argocd-app-project"	OCI source of the KCL module; append ?tag= to pin.
fileExtension	String	"yaml"	File extension for the rendered manifest
applyToCluster	Boolean	false	When true, apply the rendered manifest to the cluster via kubectl.
kubeConfig	Secret	-	Kubeconfig of the ArgoCD-hosting cluster. Required when applyToCluster is true.

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \
 create-app-project

func (m *MyModule) Example() *dagger.Directory  {
	return dag.
			Argocd().
			CreateAppProject()
}

@function
def example() -> dagger.Directory:
	return (
		dag.argocd()
		.create_app_project()
	)

@func()
example(): Directory {
	return dag
		.argocd()
		.createAppProject()
}

createApplication() 🔗

CreateApplication renders an ArgoCD Application manifest from the stuttgart-things/argocd-application KCL module (hosted as an OCI artifact) and optionally applies it to the ArgoCD-hosting cluster.

See https://github.com/stuttgart-things/kcl/tree/main/kubernetes/argocd-application for the full parameter reference. Common scalar fields are exposed directly; complex nested fields (helm, kustomize, sources, syncPolicy, …) take JSON strings that pass straight through to kcl run -D key=<json>.

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
name	String	-	metadata.name and output file basename. Can also be supplied via parametersFile; the CLI value wins.
parametersFile	File	-	YAML/JSON file with KCL parameters as key: value pairs. Every CLI flag below takes precedence over values in this file.
namespace	String	-	Namespace where ArgoCD is installed (KCL default: “argocd”)
project	String	-	AppProject this Application belongs to (KCL default: “default”)
repoUrl	String	-	spec.source.repoURL (git URL or Helm repo URL)
path	String	-	spec.source.path (git dir; mutually exclusive with chart)
targetRevision	String	-	spec.source.targetRevision
chart	String	-	spec.source.chart (Helm chart name; mutually exclusive with path)
destServer	String	-	spec.destination.server
destName	String	-	spec.destination.name (mutually exclusive with destServer)
destNamespace	String	-	spec.destination.namespace
syncOptions	String	-	syncPolicy.syncOptions as JSON array (e.g. ‘[“CreateNamespace=true”]’)
helm	String	-	Full spec.source.helm dict as JSON
kustomize	String	-	Full spec.source.kustomize dict as JSON
source	String	-	Entire spec.source dict as JSON (overrides repoURL/path/chart/helm/etc.)
sources	String	-	Multi-source spec.sources as JSON array (replaces source when set)
destination	String	-	Entire spec.destination dict as JSON (overrides destServer/destName/destNamespace)
syncPolicy	String	-	Entire spec.syncPolicy dict as JSON
automated	String	-	spec.syncPolicy.automated as JSON
retry	String	-	spec.syncPolicy.retry as JSON
info	String	-	spec.info as JSON array
labels	String	-	metadata.labels as JSON object
annotations	String	-	metadata.annotations as JSON object
finalizers	String	-	metadata.finalizers as JSON array
revisionHistoryLimit	String	-	spec.revisionHistoryLimit
ociSource	String	"oci://ghcr.io/stuttgart-things/argocd-application"	OCI source of the KCL module; append ?tag= to pin
fileExtension	String	"yaml"	No description provided
applyToCluster	Boolean	false	Apply the rendered manifest via kubectl
kubeConfig	Secret	-	Kubeconfig of the ArgoCD-hosting cluster (required when applyToCluster is true)

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \
 create-application

func (m *MyModule) Example() *dagger.Directory  {
	return dag.
			Argocd().
			CreateApplication()
}

@function
def example() -> dagger.Directory:
	return (
		dag.argocd()
		.create_application()
	)

@func()
example(): Directory {
	return dag
		.argocd()
		.createApplication()
}

createApplicationSet() 🔗

CreateApplicationSet renders an ArgoCD ApplicationSet manifest from the stuttgart-things/argocd-application-set KCL module (hosted as an OCI artifact) and optionally applies it to the ArgoCD-hosting cluster.

See https://github.com/stuttgart-things/kcl/tree/main/kubernetes/argocd-application-set for the full parameter reference. The generators field is the main lever; every complex nested field takes a JSON string that passes straight through to kcl run -D key=<json>. Argo Go-template expressions like {{ .cluster.name }} survive the JSON parser untouched as long as they’re inside string values.

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
name	String	-	metadata.name and output file basename. Can also be supplied via parametersFile; the CLI value wins.
parametersFile	File	-	YAML/JSON file with KCL parameters as key: value pairs. Every CLI flag below takes precedence over values in this file.
namespace	String	-	Namespace where ArgoCD is installed (KCL default: “argocd”)
goTemplate	String	-	spec.goTemplate (pass “false” to disable Go templating)
goTemplateOptions	String	-	spec.goTemplateOptions as JSON array
generators	String	-	spec.generators as JSON array. The module’s default renders the `kro` example.
project	String	-	template.spec.project
templateName	String	-	template.metadata.name (usually contains Go-template expressions)
templateNamespace	String	-	template.metadata.namespace
templateLabels	String	-	template.metadata.labels as JSON object
templateAnnotations	String	-	template.metadata.annotations as JSON object
templateFinalizers	String	-	template.metadata.finalizers as JSON array
templateMetadata	String	-	Whole template.metadata dict as JSON (overrides templateName/templateLabels/…)
source	String	-	template.spec.source dict as JSON (single-source apps)
sources	String	-	template.spec.sources as JSON array (multi-source apps; replaces source)
destServer	String	-	template.spec.destination.server
destName	String	-	template.spec.destination.name (mutually exclusive with destServer)
destNamespace	String	-	template.spec.destination.namespace
destination	String	-	Whole template.spec.destination dict as JSON
syncOptions	String	-	template.spec.syncPolicy.syncOptions as JSON array
automated	String	-	template.spec.syncPolicy.automated as JSON
retry	String	-	template.spec.syncPolicy.retry as JSON
templateSyncPolicy	String	-	Whole template.spec.syncPolicy dict as JSON
templateSpec	String	-	Whole template.spec dict as JSON
template	String	-	Whole spec.template dict as JSON (overrides everything under template.*)
syncPolicyTopLevel	String	-	spec.syncPolicy (appset-level, e.g. preserveResourcesOnDeletion) as JSON
strategy	String	-	spec.strategy (RollingSync) as JSON
preservedFields	String	-	spec.preservedFields as JSON
templatePatch	String	-	spec.templatePatch (raw string)
labels	String	-	metadata.labels as JSON object
annotations	String	-	metadata.annotations as JSON object
finalizers	String	-	metadata.finalizers as JSON array
ociSource	String	"oci://ghcr.io/stuttgart-things/argocd-application-set"	OCI source of the KCL module; append ?tag= to pin
fileExtension	String	"yaml"	No description provided
applyToCluster	Boolean	false	Apply the rendered manifest via kubectl
kubeConfig	Secret	-	Kubeconfig of the ArgoCD-hosting cluster (required when applyToCluster is true)

Example

dagger -m github.com/stuttgart-things/dagger/argocd@c717f83559de253d6dd1e30af362eca79e445889 call \
 create-application-set

func (m *MyModule) Example() *dagger.Directory  {
	return dag.
			Argocd().
			CreateApplicationSet()
}

@function
def example() -> dagger.Directory:
	return (
		dag.argocd()
		.create_application_set()
	)

@func()
example(): Directory {
	return dag
		.argocd()
		.createApplicationSet()
}