diff --git a/argocd-ops/SKILL.md b/argocd-ops/SKILL.md index d3338ff..57df09d 100644 --- a/argocd-ops/SKILL.md +++ b/argocd-ops/SKILL.md @@ -1,6 +1,6 @@ --- name: argocd-ops -description: Manage ArgoCD applications via CLI - verify sync status, trigger jobs from cronjobs, refresh apps, and toggle auto-sync/self-heal settings. Use when deploying, debugging sync issues, or running manual jobs in ArgoCD-managed clusters. +description: Operate existing ArgoCD applications via the argocd CLI — check sync status, refresh or hard-refresh apps, look up Application names from ApplicationSets, toggle auto-sync and self-heal, and log into ArgoCD via SSO. Use this skill whenever the user mentions ArgoCD sync status, ArgoCD app refresh, ArgoCD login, disabling or enabling auto-sync or self-heal, looking up ArgoCD applications, or checking if a deploy has synced. This is for day-to-day ArgoCD operations, not for installing ArgoCD, writing ApplicationSet manifests, configuring RBAC, or setting up notifications. model: claude-haiku-4-5-20251001 allowed-tools: - Bash(argocd:*) @@ -42,20 +42,14 @@ Ask the user for: ### Step 2: Login to ArgoCD -Determine the ArgoCD namespace and login: +Login via SSO: ```bash -# Determine namespace (ops uses argocd-infra, others use argocd) -if [ "" = "ops" ]; then - ARGOCD_NS="argocd-infra" -else - ARGOCD_NS="argocd" -fi - -# Login using subshell for password (no temp files) -argocd login argocd..tatari.dev --username admin \ - --password "$(kubectl --context get secret -n "$ARGOCD_NS" argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)" \ - --grpc-web +# Determine server +ARGOCD_SERVER="argocd..tatari.dev" + +# Login via SSO +argocd login "$ARGOCD_SERVER" --sso --grpc-web ``` ### Step 3: Perform Operations @@ -163,11 +157,8 @@ kubectl --context get job "$JOB_NAME" -n \ # Verify cluster context exists kubectl config get-contexts | grep -# Check if secret exists -kubectl --context get secret -n argocd argocd-initial-admin-secret - -# For ops cluster, check argocd-infra namespace -kubectl --context ops get secret -n argocd-infra argocd-initial-admin-secret +# Ensure a browser is available for the SSO flow +# If running headless or over SSH, SSO login will not work ``` ### App not found