/ Verzeichnis / Playground / ArgoCD
← Alle Server ↗ GitHub
● Offiziell argoproj-labs 🔑 Eigener Schlüssel nötig

ArgoCD

von argoproj-labs · argoproj-labs/mcp-for-argocd

Inspect, diff, and sync ArgoCD applications from Claude — GitOps cluster state without kubectl context switching.

ArgoProj Labs' MCP wraps the ArgoCD API: list applications, view sync/health status, diff desired-vs-live, trigger syncs, and read app manifests. Scope tokens read-only for observability, writable only when you explicitly need to sync or override.

▶ Demo ansehen 📦 Installieren 💡 Anwendungsfälle

Warum nutzen

Hauptfunktionen

Live-Demo

In der Praxis

argocd.replay ▶ bereit
0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "argocd": {
      "command": "uvx",
      "args": [
        "mcp-for-argocd"
      ]
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "argocd": {
      "command": "uvx",
      "args": [
        "mcp-for-argocd"
      ]
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "argocd": {
      "command": "uvx",
      "args": [
        "mcp-for-argocd"
      ]
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "argocd": {
      "command": "uvx",
      "args": [
        "mcp-for-argocd"
      ]
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "argocd",
      "command": "uvx",
      "args": [
        "mcp-for-argocd"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json
{
  "context_servers": {
    "argocd": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-for-argocd"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add argocd -- uvx mcp-for-argocd

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: ArgoCD

Find ArgoCD apps that have drifted out of sync

👤 Platform / SRE teams running GitOps ⏱ ~20 min intermediate

Wann einsetzen: Weekly: which apps in which clusters are OutOfSync or Degraded, and why?

Voraussetzungen
  • ArgoCD API token with read scope — argocd account generate-token --account <read-only-user>
  • ArgoCD server URLARGOCD_SERVER=argocd.my.company.com
Ablauf
  1. List apps with status
    List all ArgoCD apps. For each: name, project, sync status, health status, last sync time.✓ Kopiert
    → Full inventory
  2. Focus on drift
    Filter to apps with syncStatus != 'Synced' or health != 'Healthy'. Rank by time since last sync.✓ Kopiert
    → Problem apps list
  3. Diff a specific app
    For app <name>, show the diff between desired (git) and live. What resources are out of sync?✓ Kopiert
    → Resource-level diff

Ergebnis: A weekly drift report identifying which apps need attention and why.

Fallstricke
  • Drift caused by a legitimate runtime-only resource (e.g. HPA scaled replicas) — Configure ignoreDifferences in the Application spec to exclude fields that change at runtime
Kombinieren mit: notion

Review and apply a sync for a specific application

👤 DevOps engineers promoting changes ⏱ ~15 min intermediate

Wann einsetzen: A PR merged to main; ArgoCD shows the app as OutOfSync pending your approval.

Voraussetzungen
  • Token with sync permission on the target project — Role with applications, sync, <project>/* allowed
Ablauf
  1. Inspect the pending change
    For app <name>, show the diff. What resources change, what's the blast radius?✓ Kopiert
    → Concrete diff
  2. Check the source commit
    What commit SHA does the desired state point at? Show the GitHub commit message and PR.✓ Kopiert
    → Commit + PR context
  3. Sync with prune=false first
    Trigger sync for <name> with prune=false, dryRun=false. Wait for completion, show final status.✓ Kopiert
    → Sync Succeeded; health Healthy

Ergebnis: A deploy with prior-review, not a surprise; deletion-by-prune only happens explicitly.

Fallstricke
  • Sync with prune=true can delete resources you still need — Always start with prune=false; only enable prune when you've confirmed no manually-created resources exist in the namespace
Kombinieren mit: github

Emergency rollback to a previous git revision

👤 SREs during a bad-deploy incident ⏱ ~15 min advanced

Wann einsetzen: A deploy went out, errors spiked, and you need to roll back to last known good.

Ablauf
  1. Get current + history
    For app <name>, show current revision and the last 5 deployed revisions with timestamps.✓ Kopiert
    → History table
  2. Pick the rollback target
    What was the revision 2 syncs ago? Confirm its SHA matches the git commit before the incident started.✓ Kopiert
    → Target SHA identified
  3. Rollback
    Sync <name> to revision <SHA> with prune=false. Watch until Healthy. Post in Teams when done.✓ Kopiert
    → App reverted + notification sent

Ergebnis: A clean rollback with an audit trail, typically under 5 minutes.

Fallstricke
  • Rolling back only the app but DB migration already ran forward — DB migrations need their own rollback plan; sometimes 'roll forward' with a fix is safer than rolling back code against mutated schema
Kombinieren mit: sentry · ms-teams

Build a cross-cluster app inventory

👤 Platform teams managing many clusters ⏱ ~20 min intermediate

Wann einsetzen: You run ArgoCD in a hub-spoke model and want a flat list: 'which apps run where'.

Ablauf
  1. List clusters ArgoCD manages
    List all clusters registered in ArgoCD with their name and server URL.✓ Kopiert
    → Cluster inventory
  2. Map apps to clusters
    For each app, show its destination cluster and namespace. Group by cluster.✓ Kopiert
    → Per-cluster app list
  3. Flag unusual placements
    Any app deployed in an unexpected cluster (e.g. 'prod-only' app in a dev cluster)? Flag with reason.✓ Kopiert
    → Anomaly list

Ergebnis: An up-to-date map of what runs where, useful for audits and capacity planning.

Fallstricke
  • Stale cluster entries — secrets removed but cluster still listed — Periodically verify each cluster is reachable; remove stale ones

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

argocd + github

Cross-reference Argo sync with the PR that caused it

For app <name>, show the current revision SHA; fetch the GitHub PR that introduced it and summarize the change.✓ Kopiert
argocd + sentry

Correlate an Argo sync with a post-deploy error spike

App <name> synced at 14:02; did Sentry errors spike after that? If yes, show the top issue introduced.✓ Kopiert
argocd + ms-teams

Post sync/rollback events to a Teams channel

After any manual sync of app <name>, post a message to Teams #deploys with revision SHA and who triggered it.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

WerkzeugEingabenWann aufrufenKosten
list_applications project?, selector? Inventory apps free
get_application name Detailed state of a specific app free
get_application_diff name, revision? Preview what a sync would change free
sync_application name, revision?, prune?, dryRun?, resources? Apply pending changes free (triggers cluster work)
get_application_resource_tree name Inspect the live resources an app owns free
list_clusters Cross-cluster inventory free

Kosten & Limits

Was der Betrieb kostet

API-Kontingent
Bounded by your ArgoCD server capacity; practical limit ~10 req/s
Tokens pro Aufruf
App list: 500–3000 tokens. Diff: up to 5000.
Kosten in €
Free — ArgoCD is open source, you only pay for the infra hosting it.
Tipp
Cache app list; use selectors (project, label) to narrow queries rather than listing everything.

Sicherheit

Rechte, Secrets, Reichweite

Minimale Scopes: read on applications, clusters for read-only sessions
Credential-Speicherung: ARGOCD_AUTH_TOKEN and ARGOCD_SERVER in env
Datenabfluss: Calls to your ArgoCD server only
Niemals gewähren: admin sync on all projects without reason account:update

Fehlerbehebung

Häufige Fehler und Lösungen

401 Unauthenticated

ARGOCD_AUTH_TOKEN expired or revoked. Regenerate via argocd account generate-token.

Prüfen: argocd account get-user-info --auth-token $ARGOCD_AUTH_TOKEN
403 Permission denied on sync

Role lacks applications, sync, <project>/* permission. Update AppProject or account role.

Sync stuck in Progressing for >10 min

Usually a stuck resource — check resource-tree for a failing hook or a stuck controller; may need manual intervention in-cluster.

Diff shows unexpected drift on every sync

Controllers mutating fields at runtime. Add ignoreDifferences to the Application spec for those fields.

Alternativen

ArgoCD vs. andere

AlternativeWann stattdessenKompromiss
Flux MCPYou use Flux instead of ArgoCD for GitOpsDifferent GitOps engine; CLI-first model
Kubernetes MCP (raw kubectl)You want direct cluster access without GitOps abstractionImperative — defeats the purpose of GitOps for managed apps

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen