ArgoCD

By enabling this toolset, HolmesGPT will be able to fetch the status, deployment history, and configuration of ArgoCD applications.

Prerequisites

Generating an ArgoCD token

This toolset requires an ARGOCD_AUTH_TOKEN environment variable. Generate an auth token by following these steps.

Adding a Read-only Policy to ArgoCD

HolmesGPT requires specific permissions to access ArgoCD data. Add the permissions below to your ArgoCD RBAC configuration.

Edit the RBAC ConfigMap: kubectl edit configmap argocd-rbac-cm -n argocd

# Add this to the data section of your argocd-rbac-cm configmap.
# Creates a 'holmesgpt' user with read-only permissions for troubleshooting.
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:admin, *, *, *, allow
    p, role:admin, accounts, apiKey, *, allow
    p, holmesgpt, accounts, apiKey, holmesgpt, allow
    p, holmesgpt, projects, get, *, allow
    p, holmesgpt, applications, get, *, allow
    p, holmesgpt, repositories, get, *, allow
    p, holmesgpt, clusters, get, *, allow
    p, holmesgpt, applications, manifests, */*, allow
    p, holmesgpt, applications, resources, */*, allow
    g, admin, role:admin

Configuration

In addition to setting permissions and generating an auth token, you will need to tell HolmesGPT how to connect to the server. This can be done two ways:

1. Using port forwarding. This is the recommended approach if your ArgoCD is inside your Kubernetes cluster.
2. Setting the env var ARGOCD_SERVER. This is the recommended approach if your ArgoCD is reachable through a public DNS.

1. Port Forwarding

This is the recommended approach if your ArgoCD is inside your Kubernetes cluster.

HolmesGPT needs permission to establish a port-forward to ArgoCD. The configuration below includes that authorization.

Holmes CLIRobusta Helm Chart

Set the following environment variables:

export ARGOCD_AUTH_TOKEN="<your-argocd-token>"
export ARGOCD_OPTS="--port-forward --port-forward-namespace <your_argocd_namespace> --server <your_server_address> --grpc-web"

Then add the following to ~/.holmes/config.yaml:

toolsets:
    argocd/core:
        enabled: true

After making changes to your configuration, run:

holmes toolset refresh

holmes:
    customClusterRoleRules:
        - apiGroups: [""]
          resources: ["pods/portforward"]
          verbs: ["create"]
    additionalEnvVars:
        - name: ARGOCD_AUTH_TOKEN
          value: "<your-argocd-token>"
        - name: ARGOCD_OPTS
          value: "--port-forward --port-forward-namespace <your_argocd_namespace> --server <your_server_address> --grpc-web"
    toolsets:
        argocd/core:
            enabled: true

Update your Helm values and run a Helm upgrade:

helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>

Note

For in-cluster address, use the cluster DNS. For example: --port-forward --port-forward-namespace argocd --server argocd-server.argocd.svc.cluster.local --insecure --grpc-web

• Add --insecure to work with self-signed certificates
• Change the namespace --port-forward-namespace <your_argocd_namespace> to the namespace in which your ArgoCD service is deployed
• The option --grpc-web in ARGOCD_OPTS prevents some connection errors from leaking into the tool responses and provides a cleaner output for HolmesGPT

2. Server URL

This is the recommended approach if your ArgoCD is reachable through a public DNS.

Holmes CLIRobusta Helm Chart

Set the following environment variables:

export ARGOCD_AUTH_TOKEN="<your-argocd-token>"
export ARGOCD_SERVER="argocd.example.com"

Then add the following to ~/.holmes/config.yaml:

toolsets:
    argocd/core:
        enabled: true

After making changes to your configuration, run:

holmes toolset refresh

To test, run:

holmes ask "Which ArgoCD applications are failing and why?"

holmes:
    additionalEnvVars:
        - name: ARGOCD_AUTH_TOKEN
          value: "<your-argocd-token>"
        - name: ARGOCD_SERVER
          value: "argocd.example.com"
    toolsets:
        argocd/core:
            enabled: true

Update your Helm values and run a Helm upgrade:

helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>

Note

In production, always use a Kubernetes secret instead of hardcoding the token value in your Helm values.

Capabilities

The table below describes the specific capabilities provided by this toolset. HolmesGPT can decide to invoke any of these capabilities when answering questions or investigating issues.

Tool Name	Description
argocd_app_list	List the applications in ArgoCD
argocd_app_get	Retrieve information about an existing application, such as its status and configuration
argocd_app_manifests	Retrieve manifests for an application
argocd_app_resources	List resources of an application
argocd_app_diff	Display the differences between the current state of an application and the desired state specified in its Git repository
argocd_app_history	List the deployment history of an application in ArgoCD
argocd_repo_list	List all the Git repositories that ArgoCD is currently managing
argocd_proj_list	List all available projects
argocd_proj_get	Retrieve information about an existing project, such as its applications and policies
argocd_cluster_list	List all known clusters