Auto-Discovery
When ArgoCD discovery is enabled (gitops.argoCD.enabled), the in-cluster agent reads ArgoCD Application resources directly from the Kubernetes API and pushes them to ChangeGuard. No ArgoCD API token, admin secret, or server URL is required — and because the read happens inside the cluster, it works even when the ChangeGuard control plane has no network path to your ArgoCD server.
The agent:
- Reads
Applicationcustom resources across all namespaces over the Kubernetes API - Pushes each application’s name, health, sync status, and drift count to the backend
- Re-reads on a short interval so the fleet view stays current
ArgoCD Fleet View
The dashboard shows all ArgoCD instances across all your clusters:- Application health — Healthy, Degraded, Progressing, Missing
- Sync status — Synced, OutOfSync
- Drift detection — tracks configuration drift count
- Controller health — ArgoCD controller component status per instance
Cross-Cluster Correlation
ChangeGuard correlates ArgoCD data across clusters to detect fleet-wide issues:- Same image failing across multiple clusters
- Sync failures spreading across the fleet
- Degraded applications correlated with recent deployments
No tokens to manage
Because discovery readsApplication resources directly, there is no ArgoCD token or admin secret to create, store, or rotate. If applications don’t appear, confirm that gitops.argoCD.enabled is set and that the collector’s ClusterRole can read argoproj.io resources — the Helm chart grants this by default.