Dzero Labs
Published in

Dzero Labs

Turbocharge ArgoCD with App of Apps Pattern and Kustomized Helm

Sculpture at Montserrat, Spain. Photo by Dzero Labs.

Application Deployments Revisited

The App of Apps Pattern

App of Apps Pattern for the Guestbook Application
ArgoCD App of Apps: Sample Root App Definition
ArgoCD App of Apps: Sample Child App Definition
argocd cluster add
CURRENT        NAME         CLUSTER        SERVER
* dev-cluster dev-cluster https://<some_ip>
qa-cluster qa-cluster https://<some_other_ip>

App of Apps Best Practices

  • Define trusted Git repos (so you can’t deploy apps pointing to just any old git repo and potentially wreak havoc)
  • Define what types of resources can be created on a cluster (maybe you don’t want someone to be creating RoleBindings willy-nilly?)
  • Define who has access to the project, and therefore, to the Applications in the project.
  • Restrict what clusters you can deploy an app to. Our good ‘ole separation of concerns at work here.

Kustomized Helm

  • Applying common configs to a set of YAML files at once (e.g.labels, namespaces, annotations)
  • Overriding values by applying selective changes to YAML files
helm template ../../helm_base — name-template $ARGOCD_APP_NAME — include-crds > ../../helm_base/all.yml && kustomize build
Sample ArgoCD Application definition using Kustomized Helm
Kustomized Helm in action
kubectl apply -f argocd-cm.yml
name: kustomized-helm

An Example

  • The ArgoCD project in which the app will reside
  • The ArgoCD root app
  • The ArgoCD child apps (2048-game and Guestbook)


  • A Kubernetes cluster
  • ArgoCD running on the Kubernetes cluster

1- Login to ArgoCD

export ARGOCD_USERNAME=<argocd_username>
export ARGOCD_PASSWORD=<argocd_password>
export ARGOCD_SERVER=<argocd_server>
argocd login $ARGOCD_SERVER --username $ARGOCD_USERNAME --password $ARGOCD_PASSWORD

2- Register the repos with ArgoCD

export GIT_TOKEN=<git_personal_access_token>argocd repo add --username git --password $GIT_TOKENargocd repo add --username git --password $GIT_TOKENargocd repo add --username git --password $GIT_TOKEN
Registering our repos with ArgoCD
argocd repo list
Sample list of repos registered in ArgoCD
Newly-registred repositories in ArgoCD

3- Create the Dev Project

kubectl apply -f argocd/projects/project-dev.yml
Your newly-created ArgoCD project
argocd proj list
Sample list of ArgoCD projects

4- Create the Root App

kubectl apply -f argocd/root-app-dev.yml
Our newly-created Root App

5- Sync the Root App and its children

argocd app sync root-appbundle-app-dev
2048-game hasn’t been synced
Guestbook app hasn’t been synced
argocd app sync -l
2048-game has been successfully deployed
helm-guestbook app has been successfully deployed


argocd app delete root-appbundle-app-dev
argocd repo rm repo rm repo rm
argocd proj delete appbundle-project-dev


Looks good, but it ain’t!
Yup, we definitely have an error!
What we SHOULD be seeing
kubectl describe application -n argocd root-appbundle-app-dev
Classic Picard facepalm. Image source: CNET.

That’s a wrap!

  • The App of Apps pattern is great for bundling related applications together.
  • Creating a separate project in ArgoCD for each App of Apps bundle, per target Kubernetes environment (DEV, QA, PROD) is good.
  • Kustomize + Helm make a hell of a tag-team!
  • When you need to nuke your App of Apps app bundle, deleting the Root App in ArgoCD by default does a cascade delete, which cleans up all Child App resources, including namespaces, so you don’t lose your mind doing cleanup.
  • App deletion in ArgoCD does not nukify projects and repos.
Photo by Paige Cody on Unsplash

One more thing…

Other stories in my ArgoCD journey



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adri Villela

I push the boundaries of software delivery by learning from smart people who challenge the status quo | Former corporate 🤖 | On-Call Me Maybe Podcast co-host