kuncoro.io
Back to Argo CD

Argo CD Code Walkthrough

Argo CD Codebase Walkthrough

Argo CD is a GitOps continuous delivery controller for Kubernetes. The codebase is a Go monorepo producing multiple binaries (API server, application controller, repo server, CLI, and supporting services) via a unified cmd/main.go that dispatches based on binary name. It uses client-go informers for Kubernetes watches, gRPC for inter-service communication, and embeds the gitops-engine module for diff/sync primitives. The design emphasizes level-triggered reconciliation, aggressive caching (Redis), and pluggable manifest generation.

1. Where Execution Starts

Argo CD has 10+ entry points compiled into a single Docker image. Each binary name maps to a different component via cmd/main.go, which examines os.Args[0] to dispatch to the correct command. All components use Cobra for CLI flag parsing and follow a consistent startup pattern.

Primary Entry Points

BinaryPurposeEntry CommandStartup Flow
argocd-application-controllerCore reconcilercmd/argocd-application-controller/commands/argocd_application_controller.goFlags -> K8s client -> Informers -> Work queues -> Reconcile loop
argocd-repo-serverManifest generationcmd/argocd-repo-server/commands/argocd_repo_server.goFlags -> gRPC server -> TLS -> Cache init -> Serve
argocd-serverAPI gatewaycmd/argocd-server/commands/argocd_server.goFlags -> HTTP/gRPC mux -> Auth (Dex) -> RBAC -> Serve
argocdCLI toolcmd/argocd/commands/Cobra command tree -> REST/gRPC client calls
argocd-applicationset-controllerApp templatingcmd/argocd-applicationset-controller/commands/Flags -> controller-runtime manager -> Reconcile
argocd-notificationNotificationscmd/argocd-notification/commands/Flags -> Watch Apps -> Trigger engine -> Send

Application Controller Startup Deep Dive (core path):

  1. main() in cmd/main.go detects binary name argocd-application-controller.
  2. Creates NewCommand() (Cobra root) with flags: --repo-server, --redis, --app-resync, --self-heal-timeout, --sharding-algorithm.
  3. Initializes Kubernetes client-go clients (in-cluster or kubeconfig).
  4. Creates ApplicationController struct with informers for Application, AppProject CRDs.
  5. Starts informers, waits for cache sync, then launches goroutines for each work queue.
  6. Enters blocking Run() with context cancellation on SIGTERM.
flowchart TD
    A[main.go dispatch] --> B[NewCommand<br/>Parse flags]
    B --> C[Init K8s clients<br/>In-cluster config]
    C --> D[Create ApplicationController<br/>Setup informers]
    D --> E[Start informers<br/>Wait for cache sync]
    E --> F[Launch queue workers<br/>appRefreshQueue<br/>appOperationQueue<br/>projectRefreshQueue]
    F --> G[Run: block on context<br/>SIGTERM -> shutdown]
    style A fill:#f9f

Trade-off: Single-image multi-binary simplifies container builds but means all components share dependencies (image size ~500MB+).

2. Core Abstractions

Argo CD’s internals revolve around Kubernetes CRDs as state machines, work queues for reliable processing, and gRPC for inter-service calls. Key design: the controller is the orchestrator, the repo server is stateless compute, and Redis is the shared cache layer.

Key Types/Interfaces

  • Application (pkg/apis/application/v1alpha1): CRD with Spec (source, destination, sync policy), Status (sync, health, resources), and Operation (in-flight sync). The controller’s main reconciliation target.
  • AppProject (pkg/apis/application/v1alpha1): Multi-tenancy CRD controlling allowed repos, clusters, namespaces, and RBAC roles.
  • ApplicationSet (pkg/apis/application/v1alpha1): Template CRD with generators producing Application resources.
  • AppStateManager (controller/state.go): Interface for comparing target (Git) vs. live (cluster) state. Returns CompareStateResult with diffs per resource.
  • RepoServerServiceClient (gRPC): Interface to request manifest generation from the repo server.
  • ClusterCache (gitops-engine/pkg/cache): In-memory cache of all resources in a target cluster, updated via watches.
classDiagram
    class Application {
        +Spec ApplicationSpec
        +Status ApplicationStatus
        +Operation *Operation
    }
    class ApplicationSpec {
        +Source *ApplicationSource
        +Destination ApplicationDestination
        +Project string
        +SyncPolicy *SyncPolicy
    }
    class ApplicationStatus {
        +Sync SyncStatus
        +Health HealthStatus
        +Resources []ResourceStatus
        +ReconciledAt Time
    }
    class AppProject {
        +Spec AppProjectSpec
    }
    class AppProjectSpec {
        +SourceRepos []string
        +Destinations []Destination
        +Roles []ProjectRole
    }
    class AppStateManager {
        +CompareAppState() CompareStateResult
    }
    class RepoServerService {
        +GenerateManifest() ManifestResponse
        +ListRefs() Refs
    }
    Application --> ApplicationSpec
    Application --> ApplicationStatus
    Application --> AppProject : belongs to
    AppStateManager --> Application : reconciles
    AppStateManager --> RepoServerService : fetches manifests

Clever Patterns:

  • Rate-limited work queues: Each queue (appRefreshQueue, appOperationQueue) has separate rate limiters preventing thundering herd on mass updates. Items are keyed by namespace/name for deduplication.
  • Two-level cache: In-memory + Redis. The controller caches comparison results in Redis keyed by (app, revision, params). Cache miss triggers repo server call.
  • Comparison types: CompareWithLatest (normal refresh), CompareWithLatestForceResolve (force git fetch), CompareWithRecent (use last known revision). Controls cache bypass granularity.

3. Request/Operation Lifecycle

Example: Application Sync (typical op: user clicks “Sync” -> resources applied to cluster). Traces API Server -> Controller -> Repo Server -> GitOps Engine -> Cluster.

  1. API Server receives sync request via gRPC/REST -> validates RBAC (AppProject permissions) -> writes Operation field on the Application CRD (server/application/application.go).
  2. Controller detects Application update via informer -> enqueues to appOperationQueue (controller/appcontroller.go).
  3. Controller calls Repo Server GenerateManifest(repoURL, revision, path) via gRPC -> repo server clones repo, runs tool (e.g., helm template), returns manifests.
  4. Controller passes target manifests to GitOps Engine Sync() -> engine plans sync waves (annotations: argocd.argoproj.io/sync-wave), runs PreSync hooks.
  5. Engine applies resources to target cluster via kubectl apply (server-side or client-side) per wave, waits for health between waves.
  6. Controller updates Application.Status.OperationState with result (succeeded/failed), clears Operation.
sequenceDiagram
    participant User as User (CLI/UI)
    participant API as API Server
    participant K8s as Host Cluster (CRDs)
    participant AC as Application Controller
    participant RS as Repo Server
    participant GE as GitOps Engine
    participant Target as Target Cluster

    User->>API: Sync Application "myapp"
    API->>API: RBAC check (AppProject)
    API->>K8s: Patch Application.Operation
    K8s-->>AC: Informer: Application updated
    AC->>AC: Enqueue to appOperationQueue
    AC->>RS: GenerateManifest(repo, rev, path)
    RS->>RS: git clone + helm template
    RS-->>AC: Target manifests
    AC->>GE: Sync(target, live)
    GE->>GE: Plan waves + hooks
    loop Each sync wave
        GE->>Target: kubectl apply
        Target-->>GE: Applied
        GE->>GE: Wait healthy
    end
    GE-->>AC: Sync result
    AC->>K8s: Update Application.Status

Key Functions:

Trade-off: The CRD-based operation model (writing Operation to the resource) is resilient to controller restarts but adds API server write latency.

4. Reading Order

Prioritize controller -> repo server -> API -> engine. Experienced Go/K8s developers should budget focused reading sessions per step.

  1. Entry Points (15min): cmd/main.go for dispatch, cmd/argocd-application-controller/ for controller flags and bootstrap.
  2. CRD Types (30min): pkg/apis/application/v1alpha1/types.go - understand Application, AppProject, ApplicationSet structs and their status fields.
  3. Application Controller (2hr): controller/appcontroller.go - focus on processAppRefreshQueueItem and processAppOperationQueueItem. Then controller/state.go for comparison logic.
  4. Sync Flow (1hr): controller/sync.go - trace from sync request to resource application. Understand waves and hooks.
  5. Repo Server (1.5hr): reposerver/repository/ - manifest generation per tool type. Caching in reposerver/cache/.
  6. GitOps Engine (2hr): gitops-engine/pkg/diff/ for three-way merge, gitops-engine/pkg/sync/ for wave planning.
  7. API Server (1hr): server/server.go for multiplexing, server/application/ for CRUD handlers.
  8. Advanced: ApplicationSet generators in applicationset/, health assessment Lua scripts in resource_customizations/.

Pro Tip: Run argocd app get <app> -o yaml to see the full Application resource structure. Use argocd app diff <app> to trace the comparison flow end-to-end.

5. Common Patterns

  • Work Queue per Concern: Separate rate-limited queues for app refresh, sync operations, project updates, and hydration. Prevents one slow operation type from blocking others. Idiom: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()).
  • Informer + Queue Pattern: Kubernetes informer event handlers enqueue keys (namespace/name) to work queues. Workers dequeue, fetch the latest object, and process. Idempotent handlers tolerate duplicate deliveries.
  • gRPC Service Boundaries: Controller -> Repo Server communication is strictly gRPC (Protocol Buffers). Enables independent scaling and language-agnostic contracts.
  • Cache-Aside with Redis: All expensive computations (manifest generation, comparison results) are cached in Redis with composite keys. Cache miss triggers computation, result is stored. TTL-based invalidation with force-refresh bypass.
  • CRD as State Machine: Application lifecycle (synced -> out-of-sync -> syncing -> synced) is encoded in CRD status. Operations are written to the resource, then processed by the controller. Controller restarts resume from CRD state.
  • Resource Customizations via Lua: Health checks and custom actions for specific resource types are Lua scripts in resource_customizations/. Loaded at runtime, enabling community contributions without Go code changes.
  • Sharding for Scale: Applications are assigned to controller replicas via consistent hashing on cluster. controller/sharding/sharding.go implements multiple algorithms (legacy, round-robin, consistent-hashing).
  • Testing: Unit tests alongside source files (*_test.go), integration tests in test/, e2e tests with real Kind clusters. Test fixtures in testdata/ directories.

This covers the core reconciliation flow. For GitOps engine internals, start with pkg/diff/diff.go for the three-way merge algorithm, then pkg/sync/sync_context.go for wave execution.