// the find
argoproj-labs/argocd-agent
Redefining the multi cluster story of Argo CD
argocd-agent extends Argo CD with a pull-based multi-cluster architecture: lightweight agents running on remote clusters connect outbound to a central hub, instead of the hub reaching into each cluster. This inverts the network topology, which matters a lot for edge, air-gapped, or NAT-heavy environments. It's under active development from the Argo community and still pre-GA.
1. The pull model genuinely solves a real operational problem — outbound-only connections from agents mean no VPN, no firewall holes, no exposed cluster API servers. This isn't just a deployment preference, it changes what's physically possible in edge and telco scenarios. 2. Two distinct agent modes (managed vs. autonomous) with documented tradeoffs, not a one-size-fits-all design. You can mix them in the same fleet, which reflects how real organizations actually work. 3. mTLS everywhere by default, certificate-based agent identity — the security model is baked in, not bolted on. The protocol design doc shows they thought about authentication seriously. 4. Solid CI hygiene: codecov, golangci-lint, integration test workflow, CodeQL, and a chaos tester utility in hack/. That's not just README decoration.
1. Still pre-GA with no committed timeline — the README explicitly says 'we kindly ask for help to battle-test it.' For production multi-cluster GitOps, that's a real risk. Check the milestones page before committing to this for anything critical. 2. The Redis dependency per agent (visible in dev-env kustomizations) adds operational overhead at the edge. If you're deploying to resource-constrained nodes or factory floors, running Redis alongside the agent is not trivial. 3. No native Helm chart for the control plane in a single install — setup involves separate principal and agent charts plus Argo CD itself, with multiple layered kustomizations. The getting-started path is non-trivial. 4. The hub is a single point of failure for observability: if the principal goes down, agents keep running but you're flying blind. The HA docs exist but it's an additional operational concern that vanilla Argo CD doesn't force on you.