Skip to content

docs: Explain repo definition for source hydrators #23454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 17, 2025
Merged

docs: Explain repo definition for source hydrators #23454

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 22 additions & 8 deletions docs/user-guide/source-hydrator.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,9 @@ Tools like Helm and Kustomize allow users to express their Kubernetes manifests
(keeping it DRY - Don't Repeat Yourself). However, these tools can obscure the actual Kubernetes manifests that are
applied to the cluster.

The "rendered manifest pattern" is a way to push the hydrated manifests to git before syncing them to the cluster. This
The "rendered manifest pattern" is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them to the cluster. This
allows users to see the actual Kubernetes manifests that are applied to the cluster.

The source hydrator is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them
to the cluster.

## Enabling the Source Hydrator

The source hydrator is disabled by default.
Expand Down Expand Up @@ -49,7 +46,7 @@ With hydrator: https://raw.githubusercontent.com/argoproj/argo-cd/stable/mani

## Using the Source Hydrator

To use the source hydrator, you must first install a push secret. This example uses a GitHub App for authentication, but
To use the source hydrator, you must first install a push and a pull secret. This example uses a GitHub App for authentication, but
you can use [any authentication method that Argo CD supports for repository access](../operator-manual/declarative-setup.md#repositories).

```yaml
Expand All @@ -61,6 +58,22 @@ metadata:
labels:
argocd.argoproj.io/secret-type: repository-write
type: Opaque
stringData:
url: "https://github.com"
type: "git"
githubAppID: "<your app ID here>"
githubAppInstallationID: "<your installation ID here>"
githubAppPrivateKey: |
<your private key here>
---
apiVersion: v1
kind: Secret
metadata:
name: my-pull-secret
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
type: Opaque
stringData:
url: "https://github.com"
type: "git"
Expand All @@ -70,10 +83,11 @@ stringData:
<your private key here>
```

The label `argocd.argoproj.io/secret-type: repository-write` causes this Secret to be used for pushing manifests to git
instead of pulling from git.
The only difference between the secrets above, besides the resource name, is that the push secret contains the label
`argocd.argoproj.io/secret-type: repository-write`, which causes the Secret to be used for pushing manifests to git
instead of pulling from git. Argo CD requires different secrets for pushing and pulling to provide better isolation.

Once your push secret is installed, set the `spec.sourceHydrator` field of the Application. For example:
Once your secrets are installed, set the `spec.sourceHydrator` field of the Application. For example:

```yaml
apiVersion: argoproj.io/v1alpha1
Expand Down
Loading