julianobarbosa/argocd-cluster-bootstrapping
skills/argocd-cluster-bootstrapping-skill/SKILL.md
Complete ArgoCD cluster bootstrapping skill for multi-repository GitOps environments. Use when provisioning new Kubernetes clusters, registering clusters with ArgoCD, configuring ApplicationSets, setting up cluster secrets, or troubleshooting cluster connectivity issues.
$ install --global
skillsauthnpx skillsauth add julianobarbosa/claude-code-skills argocd-cluster-bootstrappingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 9:06 PM128.9s21 files scanned
SKILL.md
- name:
- argocd-cluster-bootstrapping
- description:
- Complete ArgoCD cluster bootstrapping skill for multi-repository GitOps environments. Use when provisioning new Kubernetes clusters, registering clusters with ArgoCD, configuring ApplicationSets, setting up cluster secrets, or troubleshooting cluster connectivity issues.
ArgoCD Cluster Bootstrapping Skill
Complete guide for bootstrapping new Kubernetes clusters into a multi-repository GitOps environment managed by ArgoCD.
When to Use This Skill
- Provisioning a new AKS/EKS/GKE cluster and integrating it with ArgoCD
- Registering an existing cluster with the ArgoCD hub
- Creating cluster secrets with proper labels for ApplicationSet targeting
- Setting up ArgoCD Projects for new business units
- Configuring multi-source ApplicationSets for new clusters
- Troubleshooting cluster connectivity or sync issues
- Understanding the multi-repository GitOps architecture
Quick Start
1. Pre-Flight Checklist
# Verify ArgoCD CLI is installed
argocd version --client
# Verify kubectl access to hub cluster
kubectl config use-context aks-cafehyna-default
kubectl get nodes
# Verify access to target cluster
kubectl config use-context <new-cluster-context>
kubectl get nodes
2. Register Cluster (3 Steps)
# Step 1: Add cluster to ArgoCD
argocd cluster add <cluster-context> --name <developer-friendly-name>
# Step 2: Create cluster secret with labels (GitOps)
# See templates/cluster-secret.yaml
# Step 3: Create ArgoCD Project (GitOps)
# See templates/argocd-project.yaml
3. Deploy First Application
# Sync the master ApplicationSet to pick up new cluster
argocd app sync applicationset-master --resource-filter kind=ApplicationSet
Architecture Overview
┌─────────────────────────────────────────────────────────────────────┐
│ HUB CLUSTER │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ ArgoCD Server │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────────┐│ │
│ │ │ApplicationSet│ │ Projects │ │ Cluster Secrets ││ │
│ │ │ Controller │ │ (RBAC) │ │ (Labels for targeting)││ │
│ │ └─────────────┘ └─────────────┘ └─────────────────────────┘│ │
│ └─────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ DEV Cluster │ │ HLG Cluster │ │ PRD Cluster │
│ (Spot OK) │ │ (Staging) │ │ (HA Config) │
└─────────────┘ └─────────────┘ └─────────────┘
Repository Structure
infra-team/ # Infrastructure repository
├── applicationset/ # ApplicationSet definitions
│ ├── kube-addons/ # Add-on ApplicationSets
│ └── applications/ # Business app ApplicationSets
├── argocd-clusters/ # Cluster registration secrets
├── argocd-projects/ # Project definitions (RBAC)
└── applicationset-templates/ # Reusable templates
argo-cd-helm-values/ # Values repository (separate security)
└── kube-addons/
└── <component>/
└── <cluster-name>/
└── values.yaml # Per-cluster overrides
Key Concepts
Naming Convention (Critical)
| Context | Developer Name | Azure AKS Name |
|---------|---------------|----------------|
| ArgoCD | cafehyna-dev | aks-cafehyna-dev |
| Secrets | Uses developer name | - |
| Labels | Uses developer name | - |
Cluster Labels (Required)
labels:
argocd.argoproj.io/secret-type: cluster
environment: dev|hlg|prd|hub
region: brazilsouth|eastus2
cluster-name: <developer-friendly-name>
node-type: spot|standard|mixed
connection-type: internal|external
tier: platform|application
Environment Characteristics
| Environment | Sync Policy | Replicas | Node Type | Prune | |-------------|-------------|----------|-----------|-------| | dev | Automated | 1 | Spot OK | Yes | | hlg | Manual | 2 | Mixed | Yes | | prd | Manual | 3 | Standard | No |
Reference Documentation
- Complete Workflow - Step-by-step bootstrapping process
- Templates - Ready-to-use YAML templates
- Tools & Commands - CLI reference and scripts
- Best Practices - Security, troubleshooting, patterns
- Architecture Details - Deep dive into the system
Common Tasks
Add New Dev Cluster
# Use the bootstrap script
./scripts/bootstrap-cluster.sh \
--name cafehyna-dev-02 \
--environment dev \
--region brazilsouth \
--node-type spot
Troubleshoot Connectivity
# Check cluster health
argocd cluster get <cluster-name>
# Verify secret labels
kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster
# Test ApplicationSet targeting
argocd appset get <appset-name> --show-params
Safety Rules
- Never use
kubectl applyon managed clusters - All changes via Git - Always validate before commit - Run
pre-commit run --all-files - Test in dev first - Promote through hlg before prd
- Preserve existing labels - They control ApplicationSet targeting
- Use secrets for credentials - Never hardcode in values files
Related Skills
julianobarbosa/ship
development
VerifiedTrustedCommunity
End-to-end branch delivery: commit (no AI attribution) → push → open a pull request → ensure a Board work item exists (create one per task, assigned to the configured user, if none) and link it → after merge, clean up branch and worktree. Auto-detects the platform from the remote — Azure Repos + Boards (azure-devops-node-api SDK; OAuth Bearer push fallback via `az`) or GitHub (Octokit; `gh` for auth). Scripts are TypeScript, run via `bun`. Use whenever asked to "ship", "ship it", "ship this branch", "open a PR", "push and open a PR", "raise a PR", "deliver this", "send this for review", or "create a PR and link the work item" — and when a direct push to main is blocked and the change needs to go through a PR instead.
78SKILL.mdUpdated May 30, 2026
julianobarbosa/your-skill-name
testing
VerifiedTrustedCommunity
Brief description of what this skill does. Include specific triggers - when should Claude use this skill? Example triggers, file types, or keywords that indicate this skill applies.
76SKILL.mdUpdated May 30, 2026
julianobarbosa/zsh-path
tools
VerifiedTrustedCommunity
Manage and troubleshoot PATH configuration in zsh. Use when adding tools to PATH (bun, nvm, Python venv, cargo, go), diagnosing "command not found" errors, validating PATH entries, or organizing shell configuration in .zshrc and .zshrc.local files.
76SKILL.mdUpdated May 30, 2026
julianobarbosa/zabbix-api
tools
VerifiedTrustedCommunity
Zabbix monitoring system automation via API and Python. Use when: (1) Managing hosts, templates, items, triggers, or host groups, (2) Automating monitoring configuration, (3) Sending data via Zabbix trapper/sender, (4) Querying historical data or events, (5) Bulk operations on Zabbix objects, (6) Maintenance window management, (7) User/permission management
76SKILL.mdUpdated May 30, 2026