Runner Configuration<\/h2>\n
We used an AWS EC2 instance as a runner for GitHub Actions.<\/p>\n
For this workflow to work, the GitHub actions runner should have IAM permissions to get the EKS cluster<\/a> context.<\/p>\n If you are using dynamic docker based or pod based runners, you need to make sure it has permissions to get the cluster contexts.<\/p><\/div>\n<\/div>\n The diagram below shows the workflow for automating the addition of clusters to ArgoCD.<\/p>\n Explanation:<\/strong><\/p>\n You should have the following prerequisites for this setup.<\/p>\n First, fork this<\/a> GitHub repository and configure your actions on it.<\/p>\n The files we will use for this automation are given in the structure below.<\/p>\n The workflow we will use to automate adding clusters is given below.<\/p>\n Explanation:<\/strong><\/p>\n Let me explain each block to show you what it does.<\/p>\n This contains the name of the pipeline, and the workflow can be triggered only manually.<\/p>\n Here we have specified the runner’s label and the first step, which clones every file and folder in the repo to the Actions workspace.<\/p>\n This is the second step, which saves the cluster’s name as an environment variable and substitutes it in the The Our cluster names are stage-cluster and prod-cluster. You can change the options in the first block according to your cluster names.<\/p>\n For example, if your cluster’s names are The cluster at the end will be added from the command Also, update the region where your cluster is created.<\/p>\n This step created the RBAC objects (service account, clusterrole, clusterrole binding) and bearer token on the target cluster.<\/p>\n I have updated the files to create RBAC objects<\/a> and a token<\/a> in the GitHub repo.<\/p>\n This step will get and save the token and clusters CA certificate as environment variables.<\/p>\n Also, it saves the cluster endpoint in If you are using other cloud clusters, change the command accordingly.<\/p>\n You can see I have used the You will understand why I removed This command updates the kubeconfig file<\/a> to use the cluster dev-cluster, where ArgoCD is installed.<\/p>\n Update the This is the final step, which creates a secret on the argocd namespace with the token, CA certificate, and Cluster endpoint.<\/p>\n This secret is the configuration for ArgoCD to connect with a new cluster.<\/p>\n It uses the cluster endpoint to connect, a token, and CA data for authentication and secure connection.<\/p>\n You can see it One with Now, it’s time to trigger the workflow.<\/p>\n Since we have only configured a manual trigger, you have to go to Actions, select the workflow name, click the Run workflow toggle button, select the environment, and click the Run workflow button as shown below.<\/p>\n Once you have triggered the workflow, you will see it start as shown below.<\/p>\n If everything runs without any issues, you can see the workflow build as shown below.<\/p>\n Now, log in to your ArgoCD UI and go to Settings,<\/strong> the final step for workflows.<\/p>\n The only issue you may face in this workflow is that the runner cannot access the target cluster.<\/p>\n If you face this issue, check the following:<\/p>\n That’s all for the automation workflow. With this, you don’t need to add new clusters to ArgoCD repeatedly.<\/p>\n In this guide, you have learned about the workflow for automating cluster additions to ArgoCD, how the workflow works, and how to troubleshoot if a cluster is not added correctly.<\/p>\n If you want to try the manual setup, follow this blog<\/a>.<\/p>\nWorkflow Diagram<\/h2>\n
![\"Workflow](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/04\/multi-cluster-workflow--1-.png\")
<\/figure>\n\n
argocd.argoproj.io\/secret-type: cluster<\/code> annotation in the secret.<\/li>\nPrerequisites<\/h2>\n
\n
How to Automate Adding Clusters to ArgoCD?<\/h2>\n
.\n\u251c\u2500\u2500 README.md\n\u251c\u2500\u2500 .github\n\u2502 \u2514\u2500\u2500 workflows\n\u2502 \u2514\u2500\u2500 add-cluster.yaml\n\u2514\u2500\u2500 multi-cluster-configurations\n \u251c\u2500\u2500 target-cluster-rbac.yaml\n \u2514\u2500\u2500 traget-cluster-token.yaml<\/code><\/pre>\nname: Pipeline to Add Cluster to ArgoCD\non:\n workflow_dispatch:\n inputs:\n environment:\n description: 'Environment to add (stage or prod)'\n required: true\n type: choice\n options:\n - stage\n - prod\n\njobs:\n add-cluster:\n runs-on: infra\n steps:\n - name: Checkout code\n uses: actions\/checkout@v3\n\n - name: Update kubeconfig file of Target Cluster\n run: |\n CLUSTER_NAME=\"${{ github.event.inputs.environment }}-cluster\"\n echo \"CLUSTER_NAME=$CLUSTER_NAME\" >> $GITHUB_ENV\n aws eks update-kubeconfig --name $CLUSTER_NAME --region us-east-1\n\n - name: RBAC and Token creation on Target Cluster\n run: |\n kubectl apply -f .\/multi-cluster-configurations\/target-cluster-rbac.yaml\n kubectl apply -f .\/multi-cluster-configurations\/target-cluster-token.yaml \n\n - name: Save Token and CA Data to Environment Variables\n run: |\n TARGET_TOKEN=$(kubectl get -n kube-system secret\/argocd-manager-token -o jsonpath='{.data.token}' | base64 --decode)\n TARGET_CA_DATA=$(kubectl get -n kube-system secret\/argocd-manager-token -o jsonpath='{.data.ca\\.crt}')\n TARGET_CLUSTER_ENDPOINT=$(aws eks describe-cluster --name $CLUSTER_NAME --query \"cluster.endpoint\" --output text | sed 's~https:\/\/~~')\n\n echo \"TARGET_TOKEN=$TARGET_TOKEN\" >> $GITHUB_ENV\n echo \"TARGET_CA_DATA=$TARGET_CA_DATA\" >> $GITHUB_ENV\n echo \"TARGET_CLUSTER_ENDPOINT=$TARGET_CLUSTER_ENDPOINT\" >> $GITHUB_ENV\n\n - name: Update kubeconfig file to Dev Cluster\n run: |\n aws eks update-kubeconfig --name dev-cluster --region us-east-1\n\n - name: Add Target Cluster to ArgoCD\n run: |\n\n cat <<EOF | kubectl apply -n argocd -f -\n apiVersion: v1\n kind: Secret\n metadata:\n name: ${{ github.event.inputs.environment }}-cluster-secret\n labels:\n argocd.argoproj.io\/secret-type: cluster\n type: Opaque\n stringData:\n name: ${{ github.event.inputs.environment }}-cluster\n server: https:\/\/$TARGET_CLUSTER_ENDPOINT\n config: |\n {\n \"bearerToken\": \"$TARGET_TOKEN\",\n \"tlsClientConfig\": {\n \"serverName\": \"$TARGET_CLUSTER_ENDPOINT\",\n \"caData\": \"$TARGET_CA_DATA\"\n }\n }\n EOF<\/code><\/pre>\nname: Pipeline to Add Cluster to ArgoCD\non:\n workflow_dispatch:\n inputs:\n environment:\n description: 'Environment to add (stage or prod)'\n required: true\n type: choice\n options:\n - stage\n - prod<\/code><\/pre>\njobs:\n add-cluster:\n runs-on: infra\n steps:\n - name: Checkout code\n uses: actions\/checkout@v3<\/code><\/pre>\n- name: Update kubeconfig file of Target Cluster\n run: |\n CLUSTER_NAME=\"${{ github.event.inputs.environment }}-cluster\"\n echo \"CLUSTER_NAME=$CLUSTER_NAME\" >> $GITHUB_ENV\n aws eks update-kubeconfig --name $CLUSTER_NAME --region $REGION<\/code><\/pre>\nkubeconfig update<\/code> command to update the cluster’s context.<\/p>\n${{ github.event.inputs.environment }}<\/code> gets the values from the option we select in the first block, which is either stage or prod.<\/p>\nstage-web-app-cluster<\/code> and prod-web-app-cluster<\/code>, then modify the options like:<\/p>\n options:\n - stage-web-app\n - prod-web-app<\/code><\/pre>\nCLUSTER_NAME=\"${{ github.event.inputs.environment }}-cluster<\/code>.<\/p>\n- name: RBAC and Token creation on Target Cluster\n run: |\n kubectl apply -f .\/multi-cluster-configurations\/target-cluster-rbac.yaml\n kubectl apply -f .\/multi-cluster-configurations\/target-cluster-token.yaml <\/code><\/pre>\n- name: Save Token and CA Data to Environment Variables\n run: |\n TARGET_TOKEN=$(kubectl get -n kube-system secret\/argocd-manager-token -o jsonpath='{.data.token}' | base64 --decode)\n \n TARGET_CA_DATA=$(kubectl get -n kube-system secret\/argocd-manager-token -o jsonpath='{.data.ca\\.crt}')\n \n TARGET_CLUSTER_ENDPOINT=$(aws eks describe-cluster --name $CLUSTER_NAME --query \"cluster.endpoint\" --output text | sed 's~https:\/\/~~')\n\n echo \"TARGET_TOKEN=$TARGET_TOKEN\" >> $GITHUB_ENV\n echo \"TARGET_CA_DATA=$TARGET_CA_DATA\" >> $GITHUB_ENV\n echo \"TARGET_CLUSTER_ENDPOINT=$TARGET_CLUSTER_ENDPOINT\" >> $GITHUB_ENV<\/code><\/pre>\n$TARGET_CLUSTER_ENDPOINT<\/code> a variable using the AWS command specified in it<\/p>\nSED<\/code> command at the end of the cluster endpoint command to remove it https:\/\/<\/code> from the endpoint while saving it as a variable.<\/p>\nhttps:\/\/<\/code> it before saving the cluster endpoint in the final step.<\/p>\n- name: Update kubeconfig file to Dev Cluster\n run: |\n aws eks update-kubeconfig --name dev-cluster --region us-east-1<\/code><\/pre>\ncluster name<\/code> and region<\/code>, in the above step.<\/p>\n- name: Add Target Cluster to ArgoCD\n run: |\n\n cat <<EOF | kubectl apply -n argocd -f -\n apiVersion: v1\n kind: Secret\n metadata:\n name: ${{ github.event.inputs.environment }}-cluster-secret\n labels:\n argocd.argoproj.io\/secret-type: cluster\n type: Opaque\n stringData:\n name: ${{ github.event.inputs.environment }}-cluster\n server: https:\/\/$TARGET_CLUSTER_ENDPOINT\n config: |\n {\n \"bearerToken\": \"$TARGET_TOKEN\",\n \"tlsClientConfig\": {\n \"serverName\": \"$TARGET_CLUSTER_ENDPOINT\",\n \"caData\": \"$TARGET_CA_DATA\"\n }\n }\n EOF<\/code><\/pre>\n$TARGET_CLUSTER_ENDPOINT<\/code> is used in two places in the above command.<\/p>\nhttps:\/\/<\/code> and another without it, this is the reason I saved the cluster endpoint without https:\/\/<\/code> using the SED command<\/p>\nTrigger the Workflow<\/h2>\n
![\"manual](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/04\/image-72.png\")
<\/figure>\n![\"workflow](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/04\/image-74.png\")
<\/figure>\n![\"workflow](\"https:\/\/storage.ghost.io\/c\/5f\/2f\/5f2f4d20-2abf-4534-8d40-7aa233aedd43\/content\/images\/2025\/04\/image-73.png\")
<\/figure>\nCommon Issues and Troubleshooting<\/h2>\n
\n
Conclusion<\/h2>\n
\n