Application Controller
Continuously monitors running applications and compares the current live state against the desired target state specified in Git.
ArgoCD
Information
Section titled “Information”ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by synchronizing the desired state defined in Git repositories with the actual state in Kubernetes clusters.
Architecture
Section titled “Architecture”ArgoCD follows the GitOps pattern where Git repositories are the source of truth for defining the desired application state. Key components include:
Repo Server
Internal service that maintains a local cache of Git repositories holding application manifests.
API Server
gRPC/REST server that exposes the API consumed by the Web UI, CLI, and CI/CD systems.
Application Definitions
Kubernetes custom resources (CRDs) that define applications, projects, and repositories.
KBVE Cluster Integration
Section titled “KBVE Cluster Integration”The KBVE production cluster runs ArgoCD to manage 68+ applications across multiple namespaces. All application manifests are stored in the apps/kube/ directory.
Dashboard Access
Section titled “Dashboard Access”View live deployment status: ArgoCD Dashboard
Application Annotation Standard
Section titled “Application Annotation Standard”Overview
Section titled “Overview”KBVE uses a standardized annotation schema on ArgoCD Application resources to link them back to their source directories in apps/kube. These annotations provide zero-risk metadata that enables traceability, automation, and better observability.
Schema Version: v1
Section titled “Schema Version: v1”Core Annotations (Required)
Section titled “Core Annotations (Required)”These annotations MUST be present on every ArgoCD Application resource:
| Annotation | Description | Example |
|---|---|---|
kbve.com/source-path | Relative path from repo root to the application directory | apps/kube/agones/arpg |
kbve.com/manifest-path | Relative path to the actual Kubernetes manifest directory | apps/kube/agones/arpg/manifests |
kbve.com/application-file | Relative path to this ArgoCD Application resource file | apps/kube/agones/arpg/application.yaml |
kbve.com/managed-by | Management tool (always argocd for these resources) | argocd |
kbve.com/schema-version | Version of this annotation schema | v1 |
Classification Annotations (Recommended)
Section titled “Classification Annotations (Recommended)”These annotations SHOULD be present to enable categorization and filtering:
| Annotation | Description | Example Values |
|---|---|---|
kbve.com/category | Application category | game-server, application, infrastructure, database, observability, ci-cd, networking |
kbve.com/stack | Technology stack or framework | agones, rows, supabase, clickhouse, cilium, core |
Optional Annotations
Section titled “Optional Annotations”Additional context-specific annotations:
| Annotation | Description | When to Use | Example |
|---|---|---|---|
kbve.com/tenant | Tenant identifier | Multi-tenant deployments | chuckrpg-beta, rentearth-release |
kbve.com/deployment-model | Deployment architecture pattern | Complex deployments | multi-tenant-overlay, singleton, replicated |
kbve.com/environment | Environment stage | When explicit environment tracking needed | dev, staging, prod |
kbve.com/owner | Team or individual responsible | Large teams with ownership boundaries | platform-team, game-dev |
Examples
Section titled “Examples”apiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: kbve namespace: argocd annotations: kbve.com/source-path: "apps/kube/kbve" kbve.com/manifest-path: "apps/kube/kbve/manifest" kbve.com/application-file: "apps/kube/kbve/application.yaml" kbve.com/managed-by: "argocd" kbve.com/schema-version: "v1" kbve.com/category: "application" kbve.com/stack: "core"spec: project: default source: repoURL: https://github.com/KBVE/kbve targetRevision: HEAD path: apps/kube/kbve/manifest destination: server: https://kubernetes.default.svc namespace: kbveapiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: agones-arpg namespace: argocd labels: app.kubernetes.io/part-of: arpg annotations: kbve.com/source-path: "apps/kube/agones/arpg" kbve.com/manifest-path: "apps/kube/agones/arpg/manifests" kbve.com/application-file: "apps/kube/agones/arpg/application.yaml" kbve.com/managed-by: "argocd" kbve.com/schema-version: "v1" kbve.com/category: "game-server" kbve.com/stack: "agones"spec: project: default source: repoURL: https://github.com/kbve/kbve targetRevision: main path: apps/kube/agones/arpg/manifests destination: server: https://kubernetes.default.svc namespace: arpgapiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: rows-chuckrpg-beta namespace: argocd annotations: kbve.com/source-path: "apps/kube/rows/tenants/overlays/chuckrpg-beta" kbve.com/manifest-path: "apps/kube/rows/tenants/overlays/chuckrpg-beta" kbve.com/application-file: "apps/kube/rows/tenants/overlays/chuckrpg-beta/application.yaml" kbve.com/managed-by: "argocd" kbve.com/schema-version: "v1" kbve.com/category: "game-server" kbve.com/stack: "rows" kbve.com/tenant: "chuckrpg-beta" kbve.com/deployment-model: "multi-tenant-overlay" finalizers: - resources-finalizer.argocd.argoproj.iospec: project: default source: repoURL: https://github.com/KBVE/kbve targetRevision: main path: apps/kube/rows/tenants/overlays/chuckrpg-beta destination: server: https://kubernetes.default.svc namespace: rows-chuckrpg-betaCategory Reference
Section titled “Category Reference”| Category | Description | Example Apps |
|---|---|---|
game-server | Game server deployments | arpg, cryptothrone, factorio, mc |
application | Core business applications | kbve, herbmail, n8n, jobboard |
infrastructure | Infrastructure components | argocd, cert-manager, reloader, gateway-api |
database | Database systems | cnpg, clickhouse, valkey, rabbitmq |
observability | Monitoring and logging | monitoring, metrics, vector, analytics |
ci-cd | CI/CD tools and runners | github/runners, github/controller, forgejo |
networking | Network infrastructure | cilium, kong, multus |
virtualization | Virtualization platforms | kubevirt, kasm, firecracker |
operator | Kubernetes operators | agones, clickhouse-operator, kyverno, keda |
security | Security tooling | sealed-secrets, external-secrets, security-profiles-operator |
Querying Applications
Section titled “Querying Applications”These annotations enable powerful kubectl queries:
# List all game serverskubectl get applications -n argocd -o json | \ jq '.items[] | select(.metadata.annotations."kbve.com/category" == "game-server") | .metadata.name'
# Find all ROWS tenantskubectl get applications -n argocd -o json | \ jq '.items[] | select(.metadata.annotations."kbve.com/stack" == "rows") | {name: .metadata.name, tenant: .metadata.annotations."kbve.com/tenant"}'
# Get source paths for all applicationskubectl get applications -n argocd -o json | \ jq '.items[] | {name: .metadata.name, path: .metadata.annotations."kbve.com/source-path"}'Talos Integration
Section titled “Talos Integration”Pause ArgoCD During Upgrades
Section titled “Pause ArgoCD During Upgrades”When performing Talos node upgrades, pause ArgoCD reconciliation to prevent it from fighting manual scale-down operations:
# Pause ArgoCD application controllerkubectl -n argocd scale sts argocd-application-controller --replicas=0
# After upgrade completes, restorekubectl -n argocd scale sts argocd-application-controller --replicas=1This prevents the application-controller from interfering with:
- Pre-upgrade workload scale-down
- Longhorn maintenance mode preparation
- Manual pod eviction for graceful drain
See the full Talos upgrade procedure in Kubernetes - Talos.
CLI Commands
Section titled “CLI Commands”Installation
Section titled “Installation”brew install argocdcurl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocdrm argocd-linux-amd64# Port-forward ArgoCD serverkubectl port-forward svc/argocd-server -n argocd 8080:443
# Login via CLIargocd login localhost:8080Common Commands
Section titled “Common Commands”# List all applicationsargocd app list
# Get application detailsargocd app get <app-name>
# Sync an applicationargocd app sync <app-name>
# Get sync statusargocd app sync-status <app-name>
# View application logsargocd app logs <app-name>
# Delete an applicationargocd app delete <app-name>
# Create an application from YAMLargocd app create -f application.yamlApplication Management
Section titled “Application Management”Sync Policies
Section titled “Sync Policies”KBVE applications use automated sync with self-healing:
syncPolicy: automated: prune: true # Delete resources removed from Git selfHeal: true # Revert manual kubectl changes syncOptions: - CreateNamespace=true - PrunePropagationPolicy=foreground - RespectIgnoreDifferences=trueIgnore Differences
Section titled “Ignore Differences”Some resources have fields that ArgoCD should not sync (e.g., Agones Fleet replicas managed by autoscalers):
ignoreDifferences: - group: agones.dev kind: Fleet jsonPointers: - /spec/replicasFinalizers
Section titled “Finalizers”Multi-tenant applications use finalizers to ensure cascading deletion:
metadata: finalizers: - resources-finalizer.argocd.argoproj.ioThis ensures when an ArgoCD Application is deleted, all deployed resources are cleaned up.
Troubleshooting
Section titled “Troubleshooting”Application Stuck in Progressing
Section titled “Application Stuck in Progressing”# Check sync operation statusargocd app get <app-name>
# Terminate stuck operationargocd app terminate-op <app-name>
# Force syncargocd app sync <app-name> --forceOut of Sync Despite Matching Git
Section titled “Out of Sync Despite Matching Git”# Hard refresh (bypass cache)argocd app get <app-name> --hard-refresh
# Check diffargocd app diff <app-name>Health Check Failing
Section titled “Health Check Failing”Some resources need custom health checks. ArgoCD has built-in checks for common resources, but custom CRDs may require configuration:
# ConfigMap in argocd namespaceapiVersion: v1kind: ConfigMapmetadata: name: argocd-cm namespace: argocddata: resource.customizations: | agones.dev/Fleet: health.lua: | hs = {} if obj.status ~= nil then if obj.status.readyReplicas ~= nil and obj.status.readyReplicas > 0 then hs.status = "Healthy" return hs end end hs.status = "Progressing" return hsController Logs
Section titled “Controller Logs”# View application controller logskubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller -f
# View repo server logskubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server -fBest Practices
Section titled “Best Practices”-
Use Git as Source of Truth
- Never manually apply manifests that are managed by ArgoCD
- All changes should go through Git commits
-
Enable Auto-Sync with Self-Heal
- Automatically corrects drift from manual changes
- Ensures cluster state matches Git
-
Use Annotations for Metadata
- Link applications back to source code
- Enable programmatic discovery and automation
-
Implement Proper RBAC
- Limit who can sync/delete applications in production
- Use ArgoCD Projects for multi-tenant isolation
-
Monitor Sync Status
- Set up alerts for applications stuck in Progressing
- Track sync failures in observability stack
-
Use Resource Hooks
PreSync,Sync,PostSynchooks for migrationsSyncFailhooks for rollback logic
Related Documentation
Section titled “Related Documentation”- Kubernetes - General Kubernetes operations
- ArgoCD Dashboard - Live cluster deployment status
- GitHub Actions - CI/CD integration with ArgoCD