CNCF-hosted Co-located Events North America 2024

ArgoCD has the capability to manage more then one cluster, the question is how to securely connect to those remote clusters? This session will explore how to securely connect your remote clusters, regardless of if they're cloud managed or on-prem, using ArgoCD's own native Kubernetes identity through a token exchange to get an identity for that remote cluster. We'll start with the challenge of connecting to remote clusters securely, detail how token exchange works, then walk through updating the ArgoCD container with custom tools, creating Secrets to represent remote clusters, and ApplicationSets to generate the Application without any static tokens. The session will demo management of cloud hosted clusters, on-prem clusters, and clusters that support Kubernetes' beta of AuthenticationConfiguration in 1.30. By the end of this session you'll see where the configuration points are in ArgoCD to secure your GitOps infrastructure without relying on a single cloud provider's IAM.