> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# ArgoCD

> Connect ArgoCD to CloudThinker for GitOps operations and application management

Connect your ArgoCD instances to enable [Kai](/guide/agents/kai) (Kubernetes Engineer) to analyze deployments, manage applications, and troubleshoot GitOps workflows.

***

## Supported Platforms

| Platform               | Support                |
| ---------------------- | ---------------------- |
| **Self-hosted ArgoCD** | All versions           |
| **Akuity Platform**    | Managed ArgoCD service |

***

## Setup

Select your ArgoCD platform:

<Tabs>
  <Tab title="Self-hosted ArgoCD">
    For ArgoCD already running on your cluster.

    <Steps>
      <Step title="Get Connection Details">
        Ensure ArgoCD is accessible. The default port is `8888`.

        Get your host IP address:

        ```bash theme={null}
        hostname -I | awk '{print $1}'
        ```

        Ensure ArgoCD CLI is installed:

        ```bash theme={null}
        brew install argocd
        ```
      </Step>

      <Step title="Generate API Token">
        Enable apiKey and generate token:

        ```bash theme={null}
        kubectl -n argocd patch configmap argocd-cm --type merge -p '{"data":{"accounts.admin":"apiKey, login"}}'
        argocd login <host-ip>:8888 --username admin --password '<password>' --insecure
        argocd account generate-token --account admin --insecure
        ```
      </Step>

      <Step title="Configure CloudThinker Connection">
        In CloudThinker, navigate to **Connections → ArgoCD** and enter:

        * **Base URL**: `https://<host-ip>:8888`
        * **API Token**: Token from previous step
        * **TLS Verification**: Disable
        * **Read-only Mode**: Enable
      </Step>
    </Steps>
  </Tab>

  <Tab title="Akuity Platform">
    For managed ArgoCD via Akuity Platform.

    <Steps>
      <Step title="Install CLI">
        Install ArgoCD CLI:

        ```bash theme={null}
        brew install argocd
        ```

        Install Akuity CLI:

        ```bash theme={null}
        curl -sSL -o /tmp/akuity \
          "https://dl.akuity.io/akuity-cli/$(curl -sL https://dl.akuity.io/akuity-cli/stable.txt)/$(uname)/$(uname -m)/akuity"
        chmod +x /tmp/akuity
        sudo mv /tmp/akuity /usr/local/bin/akuity
        ```
      </Step>

      <Step title="Create Admin Account">
        In the [Akuity Portal](https://akuity.cloud):

        1. Navigate to **Organization** → **API Keys** → Click **Create API Key** (role: Owner)
        2. Under your ArgoCD instance → **Settings** → **System Accounts**
        3. Click **Add Account** → Name: `admin`
        4. Enable both **login** and **apiKey** capabilities
        5. Set a password
      </Step>

      <Step title="Generate API Token">
        Login and generate token:

        ```bash theme={null}
        argocd login <instance-id>.cd.akuity.cloud --grpc-web \
          --username admin --password '<your-password>'
        argocd account generate-token --account admin --grpc-web
        ```
      </Step>

      <Step title="Configure CloudThinker Connection">
        In CloudThinker, navigate to **Connections → ArgoCD** and enter:

        * **Base URL**: `https://<instance-id>.cd.akuity.cloud`
        * **API Token**: Token from previous step
        * **TLS Verification**: Enable
        * **Read-only Mode**: Enable
      </Step>
    </Steps>
  </Tab>
</Tabs>

***

## Connection Options

| Option               | Description                 | Self-hosted       | Akuity       |
| -------------------- | --------------------------- | ----------------- | ------------ |
| **TLS Verification** | Validate server certificate | Disable           | Enable       |
| **API Key Setup**    | Enable `apiKey` capability  | Patch `argocd-cm` | Portal UI    |
| **CLI Flags**        | ArgoCD CLI flags            | `--insecure`      | `--grpc-web` |

***

## Required Permissions

The CloudThinker user needs ArgoCD RBAC permissions:

```yaml theme={null}
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:cloudthinker-readonly, applications, get, */*, allow
    p, role:cloudthinker-readonly, applications, list, */*, allow
    p, role:cloudthinker-readonly, repositories, get, *, allow
    p, role:cloudthinker-readonly, repositories, list, *, allow
    p, role:cloudthinker-readonly, clusters, get, *, allow
    p, role:cloudthinker-readonly, clusters, list, *, allow
    g, cloudthinker-readonly, role:cloudthinker-readonly
```

Apply:

```bash theme={null}
kubectl apply -f argocd-rbac.yaml
```

***

## Agent Capabilities

Once connected, [Kai](/guide/agents/kai) can:

| Capability              | Description                                    |
| ----------------------- | ---------------------------------------------- |
| **Application Status**  | View sync status, health state, last sync time |
| **Deployment Analysis** | Identify out-of-sync and failed deployments    |
| **Repository Insights** | Analyze Git repository state and commits       |
| **Sync Operations**     | Trigger manual syncs                           |
| **Health Monitoring**   | Track application health                       |

### Example Prompts

```bash theme={null}
@kai show me all out-of-sync applications in ArgoCD
@kai analyze deployment failures for the payment service
@kai sync the frontend application to latest commit
@kai check health status of all apps in production
@kai list applications with degraded health
```

***

## Troubleshooting

<Accordion title="Cannot connect to ArgoCD server">
  * **Self-hosted**: Use host IP (not localhost) in Base URL
  * Verify port-forward: `kubectl port-forward svc/argocd-server -n argocd 8888:443 --address 0.0.0.0`
  * Check firewall rules
</Accordion>

<Accordion title="401 Unauthorized">
  * Verify API token is correct
  * Ensure admin has `login` + `apiKey` capabilities
  * Self-hosted: Check `argocd-cm` ConfigMap patched
  * Akuity: Check System Account capabilities
</Accordion>

<Accordion title="Cannot generate API token">
  * Check `apiKey` capability enabled
  * Run: `argocd account get`
</Accordion>

<Accordion title="TLS certificate errors">
  * Self-hosted: Disable TLS verification
  * Akuity: Enable TLS verification
</Accordion>

***

## Security Best Practices

* **Read-only access** - Use read-only RBAC
* **Token rotation** - Rotate periodically
* **Network isolation** - Restrict server access
* **Audit logging** - Enable ArgoCD audit logs
* **Least privilege** - Grant only `get`/`list`

***

## Related

<CardGroup cols={2}>
  <Card title="Kai Agent" icon="dharmachakra" href="/guide/agents/kai">
    Kubernetes and GitOps agent
  </Card>

  <Card title="Kubernetes Connection" icon="https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/kubernetes.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=7c03292954ff635a1994623a5c39971b" href="/guide/connections/kubernetes" width="24" height="24" data-path="images/icons/kubernetes.svg">
    Connect clusters
  </Card>
</CardGroup>