playbooks

home / skills / julianobarbosa / claude-code-skills / argocd-cluster-bootstrapping-skill

argocd-cluster-bootstrapping-skill skill

/skills/argocd-cluster-bootstrapping-skill

This skill guides bootstrapping new Kubernetes clusters into a multi-repository GitOps setup with ArgoCD, enabling seamless registration, secret labeling, and

npx playbooks add skill julianobarbosa/claude-code-skills --skill argocd-cluster-bootstrapping-skill

Review the files below or copy the command above to add this skill to your agents.

Files (17)
SKILL.md
6.6 KB
---
name: argocd-cluster-bootstrapping
description: Complete ArgoCD cluster bootstrapping skill for multi-repository GitOps environments. Use when provisioning new Kubernetes clusters, registering clusters with ArgoCD, configuring ApplicationSets, setting up cluster secrets, or troubleshooting cluster connectivity issues.
---

# ArgoCD Cluster Bootstrapping Skill

Complete guide for bootstrapping new Kubernetes clusters into a multi-repository GitOps environment managed by ArgoCD.

## When to Use This Skill

- Provisioning a new AKS/EKS/GKE cluster and integrating it with ArgoCD
- Registering an existing cluster with the ArgoCD hub
- Creating cluster secrets with proper labels for ApplicationSet targeting
- Setting up ArgoCD Projects for new business units
- Configuring multi-source ApplicationSets for new clusters
- Troubleshooting cluster connectivity or sync issues
- Understanding the multi-repository GitOps architecture

## Quick Start

### 1. Pre-Flight Checklist
```bash
# Verify ArgoCD CLI is installed
argocd version --client

# Verify kubectl access to hub cluster
kubectl config use-context aks-cafehyna-default
kubectl get nodes

# Verify access to target cluster
kubectl config use-context <new-cluster-context>
kubectl get nodes
```

### 2. Register Cluster (3 Steps)
```bash
# Step 1: Add cluster to ArgoCD
argocd cluster add <cluster-context> --name <developer-friendly-name>

# Step 2: Create cluster secret with labels (GitOps)
# See templates/cluster-secret.yaml

# Step 3: Create ArgoCD Project (GitOps)
# See templates/argocd-project.yaml
```

### 3. Deploy First Application
```bash
# Sync the master ApplicationSet to pick up new cluster
argocd app sync applicationset-master --resource-filter kind=ApplicationSet
```

## Architecture Overview

```
┌─────────────────────────────────────────────────────────────────────┐
│                        HUB CLUSTER                                  │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │                    ArgoCD Server                             │   │
│  │  ┌─────────────┐ ┌─────────────┐ ┌─────────────────────────┐│   │
│  │  │ApplicationSet│ │  Projects   │ │    Cluster Secrets     ││   │
│  │  │  Controller  │ │  (RBAC)     │ │  (Labels for targeting)││   │
│  │  └─────────────┘ └─────────────┘ └─────────────────────────┘│   │
│  └─────────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────┘
         │                    │                    │
         ▼                    ▼                    ▼
┌─────────────┐      ┌─────────────┐      ┌─────────────┐
│ DEV Cluster │      │ HLG Cluster │      │ PRD Cluster │
│  (Spot OK)  │      │  (Staging)  │      │ (HA Config) │
└─────────────┘      └─────────────┘      └─────────────┘
```

## Repository Structure

```
infra-team/                          # Infrastructure repository
├── applicationset/                  # ApplicationSet definitions
│   ├── kube-addons/                # Add-on ApplicationSets
│   └── applications/               # Business app ApplicationSets
├── argocd-clusters/                # Cluster registration secrets
├── argocd-projects/                # Project definitions (RBAC)
└── applicationset-templates/       # Reusable templates

argo-cd-helm-values/                # Values repository (separate security)
└── kube-addons/
    └── <component>/
        └── <cluster-name>/
            └── values.yaml         # Per-cluster overrides
```

## Key Concepts

### Naming Convention (Critical)
| Context | Developer Name | Azure AKS Name |
|---------|---------------|----------------|
| ArgoCD | `cafehyna-dev` | `aks-cafehyna-dev` |
| Secrets | Uses developer name | - |
| Labels | Uses developer name | - |

### Cluster Labels (Required)
```yaml
labels:
  argocd.argoproj.io/secret-type: cluster
  environment: dev|hlg|prd|hub
  region: brazilsouth|eastus2
  cluster-name: <developer-friendly-name>
  node-type: spot|standard|mixed
  connection-type: internal|external
  tier: platform|application
```

### Environment Characteristics
| Environment | Sync Policy | Replicas | Node Type | Prune |
|-------------|-------------|----------|-----------|-------|
| dev | Automated | 1 | Spot OK | Yes |
| hlg | Manual | 2 | Mixed | Yes |
| prd | Manual | 3 | Standard | No |

## Reference Documentation

- [Complete Workflow](references/workflow.md) - Step-by-step bootstrapping process
- [Templates](references/templates/) - Ready-to-use YAML templates
- [Tools & Commands](references/tools.md) - CLI reference and scripts
- [Best Practices](references/guidance.md) - Security, troubleshooting, patterns
- [Architecture Details](references/architecture.md) - Deep dive into the system

## Common Tasks

### Add New Dev Cluster
```bash
# Use the bootstrap script
./scripts/bootstrap-cluster.sh \
  --name cafehyna-dev-02 \
  --environment dev \
  --region brazilsouth \
  --node-type spot
```

### Troubleshoot Connectivity
```bash
# Check cluster health
argocd cluster get <cluster-name>

# Verify secret labels
kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster

# Test ApplicationSet targeting
argocd appset get <appset-name> --show-params
```

## Safety Rules

1. **Never use `kubectl apply` on managed clusters** - All changes via Git
2. **Always validate before commit** - Run `pre-commit run --all-files`
3. **Test in dev first** - Promote through hlg before prd
4. **Preserve existing labels** - They control ApplicationSet targeting
5. **Use secrets for credentials** - Never hardcode in values files

Overview

This skill provides a complete ArgoCD cluster bootstrapping workflow for multi-repository GitOps environments. It guides provisioning and registering Kubernetes clusters, creating labeled cluster secrets, configuring ApplicationSets and Projects, and troubleshooting connectivity. The focus is on repeatable, secure onboarding from dev through production.

How this skill works

The skill inspects cluster contexts, validates kubectl and argocd CLI access, and automates the three core steps: register the cluster with ArgoCD, create a cluster secret with required labels, and create or update the ArgoCD Project for RBAC and grouping. It also includes patterns for ApplicationSet templates, values overrides per cluster, and health checks to verify ApplicationSet discovery and sync. Troubleshooting commands and safety guardrails are provided to keep clusters managed via Git only.

When to use it

  • Provisioning and integrating a new AKS/EKS/GKE cluster into ArgoCD
  • Registering an existing cluster with the ArgoCD hub server
  • Creating or updating cluster secrets with labels for ApplicationSet targeting
  • Setting up ArgoCD Projects and ApplicationSets for a new business unit
  • Troubleshooting cluster connectivity, sync failures, or ApplicationSet targeting
  • Promoting cluster configs through dev → hlg (staging) → prd workflows

Best practices

  • Always create cluster secrets with the required label set to enable ApplicationSet targeting
  • Keep all cluster configuration changes in Git; never use kubectl apply directly on managed clusters
  • Validate changes with pre-commit hooks and test in dev before promoting to hlg/prd
  • Use per-cluster values overrides for sensitive or environment-specific settings
  • Preserve existing labels and naming conventions to avoid breaking ApplicationSet selection
  • Use argocd CLI and built-in health checks to verify registration and sync status

Example use cases

  • Bootstrap a new dev cluster: register context, add labeled secret, sync master ApplicationSet
  • Register an on-prem cluster with internal connection-type and platform tier labels
  • Create an ArgoCD Project for a new team and scope ApplicationSets by environment label
  • Configure per-cluster Helm values overrides for kube-addons stored in a separate values repo
  • Troubleshoot an ApplicationSet not targeting a cluster by verifying secret labels and appset params

FAQ

What labels are required on cluster secrets?

Cluster secrets must include argocd.argoproj.io/secret-type: cluster plus environment, region, cluster-name, node-type, connection-type, and tier labels for correct ApplicationSet targeting.

How do I verify a cluster is registered correctly?

Use argocd cluster get <cluster-name> and kubectl to check the secret exists in the argocd namespace and that ApplicationSet discovery shows the cluster in the master ApplicationSet.