// the find
argoproj/argo-cd
Declarative Continuous Deployment for Kubernetes
Argo CD is the de facto standard GitOps CD tool for Kubernetes, reconciling cluster state against Git repositories. It supports Helm, Kustomize, Jsonnet, and plain manifests, with a web UI, CLI, and SSO integration. If you're running Kubernetes in production and doing GitOps, you're either using this or explaining why you aren't.
- ApplicationSet controller is genuinely powerful for managing applications at scale across many clusters—matrix and merge generators let you express complex multi-cluster topologies declaratively without scripting
- Multi-tenancy model via Projects with RBAC, source repo restrictions, and destination cluster/namespace whitelisting is well-thought-out and production-tested at large organizations
- SLSA Level 3 supply chain security, signed releases, CII Best Practices badge, and active CVE response via SECURITY.md—this is one of the better-secured OSS projects in the CNCF ecosystem
- Extensive SCM and Git provider support in ApplicationSet generators (GitHub, GitLab, Bitbucket, Azure DevOps, Gitea, AWS CodeCommit) with both SCM provider and pull request generator types
- The repo-server is a single point of contention—all manifest generation funnels through it, and at high application counts (1000+) or with slow Helm/Kustomize builds, it becomes a bottleneck that's hard to tune without understanding internal caching internals
- Secret management is deliberately out of scope, so you'll need to bolt on Sealed Secrets, External Secrets Operator, or Vault integration yourself—this trips up almost every new adopter
- App-of-apps and ApplicationSet patterns both work but solve overlapping problems in different ways, and the documentation doesn't clearly guide you toward which to use when; teams frequently end up with a mix that becomes hard to reason about
- Upgrading between minor versions can require CRD migrations and occasionally breaks ApplicationSet behavior in subtle ways—the CHANGELOG is detailed but the upgrade path for large installations requires careful planning and often cluster downtime for CRD updates