Argo CD MCP Server

Create a powerful Model Context Protocol (MCP) server for Argo CD in minutes with our AI Gateway. This guide walks you through setting up seamless GitOps continuous delivery integration with enterprise-grade security and instant API authentication.

About Argo CD API

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of desired application states defined in Git repositories to target Kubernetes clusters, ensuring that deployed applications are always in sync with the declared configurations.

Key Capabilities

• Application Lifecycle Management: Deploy, sync, rollback, and manage application resources across clusters
• GitOps Synchronization: Continuously reconcile Git, Helm, OCI, and Kustomize repositories with live cluster state
• ApplicationSets: Template-based generation of multiple applications using generators
• Multi-Cluster Management: Register and manage multiple Kubernetes clusters with auth rotation
• Project-Scoped RBAC: Define roles, tokens, and sync windows for fine-grained access control
• Repository Management: Connect and manage Git, Helm, and OCI registries with credential templates
• Supply Chain Security: GPG commit signature verification and TLS/SSH certificate management
• Notification System: Event-driven alerts with configurable services, templates, and triggers

API Features

• REST API v2: Comprehensive RESTful interface for all Argo CD operations
• Real-Time Streaming: Server-sent events for application and resource tree changes
• SSO/OIDC Authentication: Enterprise single sign-on with local account and API token support
• Server-Side Diff: Dry-run apply for accurate configuration drift detection
• Webhook Integration: Automated sync triggers from Git providers
• RBAC Engine: Project-scoped permissions with role-based tokens

What You Can Do with Argo CD MCP Server

The MCP server transforms Argo CD's API into a natural language interface, enabling AI agents to:

Application Lifecycle

• Deployment Operations

  • "Deploy the payments service to the staging cluster"
  • "Sync all out-of-sync applications in the production project"
  • "Rollback the frontend application to the previous version"
  • "Show the current sync status of all applications"

• Resource Management

  • "List all managed resources for the checkout application"
  • "Get the resource tree for the API gateway deployment"
  • "Delete the orphaned ConfigMap from the user-service app"
  • "Show the manifests that will be applied on next sync"

• Application Configuration

  • "Create a new application pointing to our Helm chart repository"
  • "Update the target revision for the backend app to release/v2.5"
  • "Patch the application to add automated sync with self-heal"
  • "Get the revision metadata for the last deployed commit"

GitOps & Repository Management

• Repository Operations

  • "Add the team's GitLab repository with SSH credentials"
  • "Validate the connection to our Helm chart registry"
  • "List all Helm charts available in the shared repository"
  • "Browse the Git refs and branches for the infrastructure repo"

• Credential Management

  • "Create repository credentials for all repos under our GitHub org"
  • "Update the SSH key for the deployment repository"
  • "List all configured repository credential templates"

• Application Discovery

  • "Show all applications discovered in the GitOps repository"
  • "Get app details for the Kustomize overlay in the staging folder"
  • "List available Helm chart versions for the monitoring stack"

Multi-Cluster Management

• Cluster Operations

  • "Register the new production cluster with the Argo CD instance"
  • "List all managed clusters and their connection status"
  • "Rotate the authentication credentials for the staging cluster"
  • "Invalidate the resource cache for the development cluster"

• Cluster Configuration

  • "Update the cluster configuration with new namespace restrictions"
  • "Get the detailed settings for the EU production cluster"
  • "Remove the decommissioned test cluster from Argo CD"

Project & Access Control

• Project Management

  • "Create a new project for the data engineering team"
  • "Get the detailed configuration for the platform project"
  • "List all sync windows configured for the production project"
  • "Show the global projects accessible from the mobile team project"

• Role & Token Management

  • "Create an API token for the CI pipeline role in the DevOps project"
  • "List all project events for audit review"
  • "Delete the expired token for the deployment automation role"

ApplicationSet Operations

• Template Management
  • "Create an ApplicationSet to deploy across all clusters"
  • "Generate applications from the Git directory generator template"
  • "List all ApplicationSets and their generated applications"
  • "Get the resource tree for the multi-cluster ApplicationSet"

Monitoring & Security

• Event Monitoring

  • "Stream live application events for the production namespace"
  • "Get the application logs for the failing backend pod"
  • "Show all events for the infrastructure project this week"

• Certificate & Key Management

  • "List all configured TLS certificates for repository connections"
  • "Add a GPG key for commit signature verification"
  • "Show all SSH known host entries managed by Argo CD"

• Notification Configuration

  • "List all configured notification services"
  • "Show the available notification templates"
  • "Get the trigger definitions for deployment alerts"

Prerequisites

• Access to Cequence AI Gateway
• Argo CD instance (v2.0+) with API access enabled
• Argo CD account with appropriate permissions (admin or project-scoped role)
• API token or SSO/OIDC credentials for authentication

Step 1: Create Argo CD API Token

Before setting up the MCP server, you need an API token for authentication.

1.1 Generate API Token via Argo CD UI

1. Log in to your Argo CD instance
2. Navigate to Settings > Accounts
3. Select the account you want to use for the integration
4. Click Generate New under the Tokens section
5. Configure:
   • Token name: "AI Gateway Integration"
   • Expiration: Set an appropriate expiration period
6. Copy the generated token immediately (it will not be shown again)

1.2 Verify Token Permissions

Ensure the account associated with your token has the required permissions:

• Application read/write access for target projects
• Cluster management permissions (if managing clusters)
• Repository management permissions (if managing repos)
• Project management permissions (if managing projects)

1.3 Alternative: SSO/OIDC Authentication

For enterprise environments with SSO:

1. Configure your identity provider (Okta, Azure AD, Google Workspace)
2. Obtain the OIDC client credentials from your identity provider
3. Note the Authorization URL and Token URL for your provider

Step 2: Access AI Gateway Apps

1. Log in to your Cequence AI Gateway dashboard
2. Navigate to Apps in the left sidebar
3. You'll see the list of available third-party applications

Step 3: Find and Select Argo CD API

1. In the Apps section, browse through the Third-party category
2. Look for Argo CD or use the search function
3. Click on the Argo CD API card to view details

The Argo CD API card shows:

• Number of available endpoints
• Integration capabilities
• Quick description of functionality

Step 4: Create MCP Server

1. Click the Create MCP Server button on the Argo CD API card
2. You'll be redirected to the MCP Server creation wizard

Step 5: Configure API Endpoints

In the App Configuration step:

1. Base URL: Enter your Argo CD instance URL (e.g., https://argocd.your-company.com)
2. Select API endpoints to expose to your MCP server based on your needs
3. Click Next to proceed

Step 6: MCP Server Basic Setup

Configure your MCP server details:

1. MCP Server Name: Enter a descriptive name

   • Example: "Argo CD GitOps Automation"
   • This name will identify your server in the dashboard

2. Description (Optional): Add details about the server's purpose

   • Example: "GitOps deployment management and multi-cluster operations"

3. Production Mode: Toggle based on your needs

   • ON for production environments
   • OFF for development/testing

4. Click Next to continue

Step 7: Configure Authentication

Option A: Bearer Token Authentication

1. Authentication Type: Select Bearer Token
2. Token: Paste the API token generated from your Argo CD instance
3. Header: Authorization: Bearer YOUR_TOKEN
4. Test connection to verify access

Option B: OAuth 2.0 / OIDC Authentication

1. Authentication Type: Select OAuth 2.0
2. Fill in the OAuth configuration:
   • Authorization URL: Your identity provider's authorization endpoint
   • Token URL: Your identity provider's token endpoint
   • Client ID: Paste from your OIDC application
   • Client Secret: Paste from your OIDC application
   • Redirect URI:

     https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback

3. Scopes: Configure based on your identity provider requirements

Step 8: Configure Security

Set up API protection features:

1. API Protection: Toggle ON to enable

   • Protects against bot attacks, DDoS, and threats
   • Monitors for suspicious activity
   • Rate limiting and anomaly detection

2. Protection Features (when enabled):

   • Auto-scaling protection
   • Managed infrastructure
   • Built-in monitoring
   • Zero maintenance required

3. Click Next to continue

Step 9: Choose Deployment Method

Select your deployment preference:

Option A: Deploy to Cequence Cloud (Recommended)

• Fully managed deployment
• Automatic scaling and monitoring
• Built-in high availability
• Features included:
  • Auto-scaling
  • Managed infrastructure
  • Built-in monitoring
  • Zero maintenance

Option B: Deploy with Helm Chart

• Self-managed Kubernetes deployment
• Full control over infrastructure
• Requires:
  • Kubernetes cluster
  • Helm 3.x installed
  • Container registry access

Click Next after selecting your deployment method.

Step 10: Review and Deploy

Review your MCP server configuration:

• MCP Server Name: Your chosen name
• Base URL: Your Argo CD instance URL
• Selected Endpoints: Number of endpoints selected
• Authentication: Bearer Token or OAuth 2.0 (Configured)
• API Protection: Enabled/Disabled
• Deployment: Cequence Cloud or Helm

Click Create & Deploy to finalize the setup.

Step 11: Post-Deployment Setup

After successful deployment:

1. Note the MCP Server URL provided

2. Test the connection:

   • Click Test Connection
   • Verify successful authentication
   • Confirm access to your Argo CD instance

3. Configure AI Agents:

   • The MCP server is now available for AI agent connections
   • Use the provided server URL in your AI agent configuration

Available Argo CD API Operations

Application APIs

• Application Management

  • List, create, get, update, and delete applications
  • Update application spec and patch configuration
  • Sync application to desired state
  • Rollback to a previous version

• Resource Operations

  • Get managed resources and resource tree
  • Create, get, and delete individual resources
  • Execute and list resource actions
  • Get application and resource links

• Monitoring & History

  • Get application events and logs
  • Get revision metadata and chart details
  • Stream real-time application events
  • Get sync window status

ApplicationSet APIs

• List, create, get, and delete ApplicationSets
• Generate applications from templates
• Get ApplicationSet events and resource tree

Project APIs

• List, create, get, update, and delete projects
• Get detailed project configuration
• Get project events, links, and sync windows
• Get global project references
• Manage project role tokens

Cluster APIs

• List, create, get, update, and delete clusters
• Invalidate cluster resource cache
• Rotate cluster authentication credentials

Repository APIs

• Repository Management

  • List, create, get, update, and delete repositories
  • Validate repository connectivity
  • Get repository refs and branches

• Repository Applications

  • Discover applications in repositories
  • Get Helm charts from repository
  • Get application details from source

Repository Credential APIs

• List, create, update, and delete credential templates
• URL-pattern based credential matching

Certificate APIs

• List, add, and delete TLS/SSH certificates

GPG Key APIs

• List, add, get, and delete GPG keys

Account APIs

• List accounts and get account details
• Check account permissions
• Create and delete account tokens
• Update account password

Session APIs

• Create and delete sessions (login/logout)
• Get current user information

Settings & Notifications

• Get server settings and installed plugins
• Get notification services, templates, and triggers
• Get server version information

Using Your Argo CD MCP Server

Setup Instructions:

• Claude Desktop
• Claude Code
• Cursor
• VS Code
• Windsurf

Common Use Cases

GitOps Deployment Automation

• Automated application syncing from Git repositories
• Multi-environment promotion workflows (dev, staging, production)
• Helm chart deployment and version management
• Kustomize overlay management across clusters

Multi-Cluster Operations

• Centralized management of applications across multiple clusters
• Cluster health monitoring and auth credential rotation
• Cross-cluster application deployment with ApplicationSets
• Environment-specific configuration management

Compliance & Audit

• Application sync status monitoring and drift detection
• Deployment history tracking with revision metadata
• GPG signature verification for supply chain security
• Project-scoped access control auditing

Incident Response

• Real-time application event streaming for troubleshooting
• Quick rollback to known-good application versions
• Application log retrieval for debugging
• Resource tree inspection for dependency analysis

Best Practices

1. Token Management:

   • Use dedicated service accounts for AI Gateway integration
   • Set appropriate token expiration periods
   • Rotate tokens regularly following your security policy

2. Project Scoping:

   • Limit MCP server access to specific Argo CD projects
   • Use project-scoped tokens instead of admin tokens when possible
   • Configure sync windows to prevent deployments during maintenance

3. Security Configuration:

   • Enable API protection for production deployments
   • Use OIDC/SSO authentication for enterprise environments
   • Restrict cluster management operations to authorized projects

4. Operational Safety:

   • Start with read-only endpoints and gradually enable write operations
   • Use automated sync with self-heal for production applications
   • Configure notification triggers for sync failures and health degradation

Troubleshooting

Common Issues

1. Authentication Errors

   • Verify the API token has not expired
   • Check that the account has the required RBAC permissions
   • Ensure the Argo CD server URL is correct and accessible
   • For OIDC, verify the client credentials and redirect URI

2. Sync Failures

   • Verify the target repository is accessible from Argo CD
   • Check that the target cluster is registered and reachable
   • Review sync window restrictions on the project
   • Inspect application events for detailed error messages

3. Connection Issues

   • Confirm the Argo CD API is exposed and reachable from the network
   • Verify TLS certificates if using HTTPS
   • Check firewall rules allow traffic from AI Gateway
   • Validate the base URL includes the correct port if non-standard

Getting Help

• Documentation: AI Gateway Docs
• Support: support@cequence.ai
• Community: AI Gateway Forum
• Argo CD Docs: argo-cd.readthedocs.io
• Argo CD API Reference: Swagger UI

---