From cb957f146ac1110ba9538cd3cbc78003c4482282 Mon Sep 17 00:00:00 2001 From: Stephen Price Date: Thu, 5 Mar 2026 13:01:48 -0800 Subject: [PATCH 1/3] Update argocd-ops login to use SSO --- argocd-ops/SKILL.md | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/argocd-ops/SKILL.md b/argocd-ops/SKILL.md index d3338ff..f770c9b 100644 --- a/argocd-ops/SKILL.md +++ b/argocd-ops/SKILL.md @@ -42,20 +42,14 @@ Ask the user for: ### Step 2: Login to ArgoCD -Determine the ArgoCD namespace and login: +Login via SSO: ```bash -# Determine namespace (ops uses argocd-infra, others use argocd) -if [ "" = "ops" ]; then - ARGOCD_NS="argocd-infra" -else - ARGOCD_NS="argocd" -fi - -# Login using subshell for password (no temp files) -argocd login argocd..tatari.dev --username admin \ - --password "$(kubectl --context get secret -n "$ARGOCD_NS" argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)" \ - --grpc-web +# Determine server +ARGOCD_SERVER="argocd..tatari.dev" + +# Login via SSO +argocd login "$ARGOCD_SERVER" --sso --grpc-web ``` ### Step 3: Perform Operations @@ -163,11 +157,11 @@ kubectl --context get job "$JOB_NAME" -n \ # Verify cluster context exists kubectl config get-contexts | grep -# Check if secret exists -kubectl --context get secret -n argocd argocd-initial-admin-secret +# Ensure a browser is available for the SSO flow +# If running headless or over SSH, SSO login will not work -# For ops cluster, check argocd-infra namespace -kubectl --context ops get secret -n argocd-infra argocd-initial-admin-secret +# If the default SSO port conflicts, specify an alternative +argocd login argocd..tatari.dev --sso --grpc-web --sso-port 8085 ``` ### App not found From ad6c0aac44639568b8a3e6b419ab605de87d5172 Mon Sep 17 00:00:00 2001 From: Stephen Price Date: Thu, 5 Mar 2026 13:02:18 -0800 Subject: [PATCH 2/3] Remove --sso-port from troubleshooting --- argocd-ops/SKILL.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/argocd-ops/SKILL.md b/argocd-ops/SKILL.md index f770c9b..44a69d2 100644 --- a/argocd-ops/SKILL.md +++ b/argocd-ops/SKILL.md @@ -159,9 +159,6 @@ kubectl config get-contexts | grep # Ensure a browser is available for the SSO flow # If running headless or over SSH, SSO login will not work - -# If the default SSO port conflicts, specify an alternative -argocd login argocd..tatari.dev --sso --grpc-web --sso-port 8085 ``` ### App not found From 88f4ef77fec597a13cd111713a19740df5aa4b4a Mon Sep 17 00:00:00 2001 From: Stephen Price Date: Thu, 5 Mar 2026 13:14:04 -0800 Subject: [PATCH 3/3] Optimize skill description for triggering --- argocd-ops/SKILL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd-ops/SKILL.md b/argocd-ops/SKILL.md index 44a69d2..57df09d 100644 --- a/argocd-ops/SKILL.md +++ b/argocd-ops/SKILL.md @@ -1,6 +1,6 @@ --- name: argocd-ops -description: Manage ArgoCD applications via CLI - verify sync status, trigger jobs from cronjobs, refresh apps, and toggle auto-sync/self-heal settings. Use when deploying, debugging sync issues, or running manual jobs in ArgoCD-managed clusters. +description: Operate existing ArgoCD applications via the argocd CLI — check sync status, refresh or hard-refresh apps, look up Application names from ApplicationSets, toggle auto-sync and self-heal, and log into ArgoCD via SSO. Use this skill whenever the user mentions ArgoCD sync status, ArgoCD app refresh, ArgoCD login, disabling or enabling auto-sync or self-heal, looking up ArgoCD applications, or checking if a deploy has synced. This is for day-to-day ArgoCD operations, not for installing ArgoCD, writing ApplicationSet manifests, configuring RBAC, or setting up notifications. model: claude-haiku-4-5-20251001 allowed-tools: - Bash(argocd:*)