GitOps Integration
Shoehorn integrates with ArgoCD and FluxCD to provide visibility into GitOps deployments across your Kubernetes clusters.
Overview
Section titled “Overview”When GitOps discovery is enabled, the K8s agent watches GitOps custom resources (CRDs) and pushes sync status, health, and drift information to Shoehorn. This gives you a unified view of all GitOps-managed deployments alongside your service catalog.
Supported Tools
Section titled “Supported Tools”ArgoCD
Section titled “ArgoCD”The agent watches Application resources from argoproj.io/v1alpha1:
- Sync status: Synced, OutOfSync, Unknown
- Health status: Healthy, Progressing, Degraded, Suspended, Missing
- Source URL: Git repository
- Revision: Current and target revisions
- Auto-sync: Whether auto-sync is enabled
FluxCD
Section titled “FluxCD”The agent watches multiple FluxCD CRDs:
| CRD | Group | Purpose |
|---|---|---|
Kustomization | kustomize.toolkit.fluxcd.io/v1 | Kustomize deployments |
HelmRelease | helm.toolkit.fluxcd.io/v2 | Helm chart deployments |
GitRepository | source.toolkit.fluxcd.io/v1 | Git source tracking |
For FluxCD, drift detection compares lastAppliedRevision vs lastAttemptedRevision to identify stuck reconciliations.
Enabling GitOps Discovery
Section titled “Enabling GitOps Discovery”In your K8s agent values file:
agent: gitops: tool: argocd # or fluxcd argocd: namespace: argocd # where Application CRs live serverURL: https://argocd.example.com # for sync/refresh callbacks token: "" # set via secret, not values.yamlThe agent watches without a token (read-only). With a token it can also drive sync and refresh from the Shoehorn UI. Generate one with:
argocd account generate-token --account shoehornThe Helm chart adds the CRD-read RBAC automatically when agent.gitops.tool is set.
Terraform module
Section titled “Terraform module”The shoehorn-kubernetes Terraform module exposes these as first-class variables:
| Variable | Purpose |
|---|---|
agent_gitops_tool | argocd or fluxcd |
argocd_namespace | Defaults to argocd |
argocd_server_url | Public ArgoCD URL |
argocd_token | Sensitive. Wires the token into the agent secret. |
Viewing GitOps Resources
Section titled “Viewing GitOps Resources”Operations Dashboard
Section titled “Operations Dashboard”Navigate to Operations > GitOps to see all GitOps resources across clusters.
The dashboard shows:
- Total resources and sync status breakdown
- Filter by tool (ArgoCD/FluxCD), cluster, namespace, sync status, health status
- Entity linking status
Entity Detail View
Section titled “Entity Detail View”For entities linked to GitOps resources, the Operations tab shows:
- Current sync and health status
- Source repository and revision
- Last sync time
- Drift detection alerts
Entity Linking
Section titled “Entity Linking”GitOps resources are automatically linked to catalog entities using:
- Annotation match: The resource has a
shoehorn.dev/entity: <service-id>annotation - Name match: The resource name matches an entity’s service ID
You can also manually link resources to entities in the UI.
GitOps Commands
Section titled “GitOps Commands”From the Shoehorn UI, you can trigger GitOps operations:
- Sync: Request a sync for an ArgoCD Application or FluxCD Kustomization
- Refresh: Force a refresh of the resource state
Commands are queued and picked up by the K8s agent on its next poll cycle (typically within 30 seconds).
Stats and Monitoring
Section titled “Stats and Monitoring”The GitOps Stats endpoint provides aggregate counts:
| Metric | Description |
|---|---|
| Total | All tracked GitOps resources |
| Synced | Resources in sync |
| Out of Sync | Resources with pending changes |
| Failed | Resources in error state |
| Suspended | Manually suspended resources |
Stats are cached for 30 seconds per tenant and refreshed on each agent push.