Skip to main content


Argo CD components, CRDs and architectural patterns.



It runs the Argo CD API server which exposes the API consumed by the Web UI, CLI, and CI/CD systems.


  • Application management and status reporting
  • Invoking of application operations (e.g. sync, rollback, user-defined actions)
  • Repository and cluster credential management (stored as Kubernetes secrets)
  • Authentication and auth delegation to external identity providers
  • RBAC enforcement
  • Listener/forwarder for Git webhook events


It runs Argo CD Application Controller, which is a Kubernetes controller, that continuously monitors running applications and compares the current state against the desired target state.


  • OutOfSync application state detection
  • Optionally takes corrective actions against OutOfSync states
  • Invoking any user-defined hooks for lifecycle events (e.g. PreSync, Sync, PostSync)


It runs Argo CD Repository Server, which maintains a local cache of the Git repository holding the application manifests.


  • Generating and returning the Kubernetes manifests based on:
    • Repository URL
    • Revision (commit, tag, branch)
    • Application path
    • Template specific settings (e.g. parameters, Helm values.yaml)


It runs Argo CD Dex, which is an identity service that uses OpenID Connect to drive authentication for Argo CD.


  • Deferring authentication to:
  • LDAP servers
  • SAML providers
  • Other identity providers, such as GitHub, Google, and Active Directory


It runs Redis, which is an open source in-memory data structure store, used as a database.


  • Cache

Custom Resourcesโ€‹


Application is a custom Resource Definition (CRD) which represents a deployed application instance in an environment. It is defined by two key pieces of information:

  • Source: reference to the desired state in Git (repository, revision, path, environment)
  • Destination: reference to the target cluster and namespace


Projects provide a logical grouping of applications. It can apply restrictions to applications, such as:

  • What may be deployed (trusted Git sources)
  • Where apps may be deployed to (destination clusters and namespaces)
  • What kinds of objects may be deployed (e.g. RBAC, CRDs, DaemonSets, NetworkPolicy)
  • Defining project roles to provide application RBAC (bound to OIDC groups and/or JWT tokens)

App of Apps (Cluster Bootstrapping)โ€‹

It is a pattern that creates an Argo CD application that creates other apps. This allows you to declaratively manage a group of apps that can be deployed and configured.