adaptive-enforcement-lab/argo-workflows-patterns
plugins/patterns/skills/argo-workflows-patterns/SKILL.md
Production Argo Workflows patterns: reusable templates, error handling, concurrency control, composition, and scheduled automation for Kubernetes operators.
tools
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add adaptive-enforcement-lab/claude-skills argo-workflows-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 10:49 AM36.6s3 files scanned
SKILL.md
- name:
- argo-workflows-patterns
- description:
- >-
- Production Argo Workflows patterns:
- reusable templates, error handling, concurrency control, composition, and scheduled automation for Kubernetes operators.
Argo Workflows Patterns
When to Use This Skill
Production patterns for Argo Workflows: reusable templates, error handling, concurrency control, workflow composition, and scheduled automation.
Implementation
- Define WorkflowTemplates - Create reusable, tested building blocks
- Add Error Handling - Configure retry strategies for transient failures
- Control Concurrency - Use mutexes or semaphores for shared resources
- Compose Workflows - Chain templates into complex pipelines
- Schedule Automation - Run workflows on cron schedules
Techniques
Why Argo Workflows?
Kubernetes provides primitives (Pods, Jobs, CronJobs), but building complex automation from primitives is painful. You end up with shell scripts that check Pod status in loops, cleanup logic scattered across multiple places, and debugging that requires correlating logs from dozens of sources.
Argo Workflows provides higher-level abstractions designed for automation. Define workflows declaratively. Let the controller handle scheduling, retries, and cleanup. Visualize execution in a purpose-built UI. Focus on what the automation does, not how to orchestrate it.
Pattern Categories
| Category | Description | | ---------- | ------------- | | WorkflowTemplate Patterns | Reusable workflow definitions with error handling, volumes, and RBAC | | Concurrency Control | Mutex synchronization, semaphores, and TTL strategies | | Workflow Composition | Parent/child workflows, orchestration, and cross-workflow communication | | Scheduled Workflows | CronWorkflow patterns and GitHub integration |
Quick Start
- Define WorkflowTemplates - Create reusable, tested building blocks
- Add Error Handling - Configure retry strategies for transient failures
- Control Concurrency - Use mutexes or semaphores for shared resources
- Compose Workflows - Chain templates into complex pipelines
- Schedule Automation - Run workflows on cron schedules
Troubleshooting
Workflow Stuck in Pending
- Check service account permissions:
kubectl describe rolebinding -n argo-workflows - Verify resource quotas:
kubectl describe quota -n argo-workflows - Check node resources:
kubectl top nodes - Look for mutex waits:
kubectl get workflows -l workflows.argoproj.io/sync-id
Workflow Failed with RBAC Error
- Verify ServiceAccount exists in workflow namespace
- Check ClusterRoleBinding subjects match namespace
- Use
kubectl auth can-ito test permissions:
kubectl auth can-i patch deployments \
--as=system:serviceaccount:argo-workflows:my-sa \
-n target-namespace
Mutex Deadlock
- Find workflows waiting on mutex:
kubectl get workflows -l workflows.argoproj.io/sync-id - Identify the workflow holding the lock
- Check if the holding workflow is stuck or failed
- Terminate stuck workflows to release mutex
Prerequisites
Argo Workflows must be installed in your cluster. See the official installation guide for setup instructions.
Related
- Argo Events Setup - EventSource, EventBus, and Sensor configuration
- ConfigMap as Cache - Volume mounts for zero-API reads
- Event-Driven Deployments - The journey to zero-latency automation
Troubleshooting
See troubleshooting.md for common issues and solutions.
Related Patterns
- Argo Events Setup
- ConfigMap as Cache
- Event-Driven Deployments
References
- Source Documentation
- AEL Patterns
Related Skills
adaptive-enforcement-lab/workload-identity-federation-implementation
documentation
VerifiedTrustedCommunity
Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/workflow-trigger-security
development
VerifiedTrustedCommunity
Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/third-party-action-risk-assessment
development
VerifiedTrustedCommunity
Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/storing-credentials
testing
VerifiedTrustedCommunity
Securely store GitHub App credentials across different environments. GitHub Actions secrets, external CI, Kubernetes, and automated rotation patterns.
SKILL.mdUpdated Mar 27, 2026