πŸ”₯ Trending
Kubernetes OWASP Risks 2026 Force Delete AWS Secrets CLI Guide AI Kubernetes Troubleshooting Rancher 2.14.1 Production Top 10 Kubernetes OWASP Risks 2026 Kubernetes OWASP Risks 2026 Force Delete AWS Secrets CLI Guide CI/CD vs GitOps vs MLOps Rancher 2.14.1 Production Top 10 Kubernetes OWASP Risks 2026
New recipes every week

Turn Complexity Into
Cloud Recipes

Learn Kubernetes, AI, DevOps and DevSecOps the CloudChef way. Practical guides, real-world examples, no fluff.

Browse All Recipes About CloudChef
Free forever No paywall Practical guides Real-world examples
50+Guides
WeeklyNew posts
K8s + AITop topics
FreeAlways
ArgoCD CI/CD Monday, June 1, 2026 ⏱ Calculating...

MCP for Argo CD setup guide

CC
CloudChef
thecloudchef.io
MCP for Argo CD setup guide for Cursor and VS Code - CloudChef

Model Context Protocol (MCP) is becoming the practical bridge between AI assistants and operational platforms. For Argo CD users, mcp-for-argocd gives your assistant structured access to application, cluster, and resource operations instead of guesswork from screenshots and copied CLI output.

πŸ‘‰ This CloudChef guide starts with a plain-language discussion (what it is, who owns it, and why it matters in daily DevOps), then walks through cookbook setup in both Cursor and VS Code.

🧠 Discussion first: What is MCP for Argo CD?

mcp-for-argocd is an MCP server implementation for Argo CD. It exposes Argo CD capabilities as MCP tools so AI clients can query and operate against Argo CD through defined interfaces (for example listing applications, getting resource trees, checking workload logs, and triggering sync operations).

In short: it is a controlled integration layer between your AI assistant and your GitOps control plane.

🏒 Who owns this project?

The repository is under argoproj-labs and published as argocd-mcp. The project credits indicate it was initially created and donated by contributors from Akuity, then maintained in the Argo ecosystem.

That ownership model matters: it aligns with the broader Argo CD community and gives teams a public, inspectable implementation path rather than private glue scripts.

🎯 Purpose of this MCP

  • Standardize AI interactions with Argo CD: replace ad hoc shell snippets with explicit tools.
  • Improve troubleshooting speed: pull app details, resource trees, logs, and events quickly from one chat flow.
  • Enable operational guardrails: use read-only mode when you need investigation without mutation risk.
  • Support multiple clients: runs in stdio and HTTP transport modes for IDE and service integration paths.

πŸ› ️ How this helps in daily DevOps tasks

For platform teams, the value is not "AI magic" - it is reducing context-switch overhead in repetitive GitOps operations:

  • Investigate app health drift faster (list_applications, get_application).
  • Trace blast radius of a failing app via resource tree and managed resources.
  • Pull workload logs and events from the same assistant session while triaging incidents.
  • Trigger sync or controlled actions (when not in read-only mode) with explicit intent.
  • Use stateless mode in scaled deployments when sticky sessions are unavailable.

πŸ“¦ Project details you should know

  • Repository: argoproj-labs/mcp-for-argocd
  • Package: argocd-mcp
  • Protocols: stdio + HTTP stream transport
  • Tooling coverage: cluster listing, application CRUD/sync, resource tree/resources/logs/events/actions
  • Safety modes: MCP_READ_ONLY=true and --stateless for horizontally scaled HTTP deployments

🍳 CloudChef Cookbook: Setup MCP for Argo CD in Cursor and VS Code

πŸ‘₯ Who this is for

DevOps engineers, platform engineers, SREs, and GitOps operators running Argo CD who want AI-assisted diagnostics and operations inside IDE workflows.

🧾 Assumptions

  • You have reachable Argo CD API endpoint URL.
  • You have a valid Argo CD API token.
  • Node/npm is available so npx argocd-mcp@latest can run.
  • You understand security implications of any TLS bypass setting.

πŸ§‚ Ingredients (environment values)

export ARGOCD_BASE_URL="https://argocd.example.com"
export ARGOCD_API_TOKEN="your-token-here"

πŸ”₯ Step 1: Configure MCP in Cursor

Create .cursor/mcp.json in your project: 

{
  "mcpServers": {
    "argocd-mcp": {
      "command": "npx",
      "args": [
        "argocd-mcp@latest",
        "stdio"
      ],
      "env": {
        "ARGOCD_BASE_URL": "https://argocd.example.com",
        "ARGOCD_API_TOKEN": "your-token-here"
      }
    }
  }
}

Then start an Agent-mode conversation in Cursor and ask for a safe read operation first, such as listing applications.

⚡ Step 2: Configure MCP in VS Code

Create .vscode/mcp.json in your project: 

{
  "servers": {
    "argocd-mcp-stdio": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "argocd-mcp@latest",
        "stdio"
      ],
      "env": {
        "ARGOCD_BASE_URL": "https://argocd.example.com",
        "ARGOCD_API_TOKEN": "your-token-here"
      }
    }
  }
}

Open your AI assistant panel in VS Code and run a read-only query against Argo CD tools.

πŸ›‘️ Step 3: Optional safety hardening (recommended)

If you only want diagnostics, enforce read-only mode: 

{
  "env": {
    "ARGOCD_BASE_URL": "https://argocd.example.com",
    "ARGOCD_API_TOKEN": "your-token-here",
    "MCP_READ_ONLY": "true"
  }
}

This disables mutation tools like create/update/delete/sync/resource-action and is ideal for production incident triage sessions.

🌐 Step 4: Stateless mode note for Kubernetes/HPA deployments

If you run MCP over HTTP with multiple replicas and no sticky sessions, use stateless mode: 

node dist/index.js http --stateless

In this mode, session-affinity assumptions are removed, and each request must provide required credentials context.

✅ Step 5: Test if setup is working

Run a progressive validation flow from lowest risk to higher impact:

  1. Connection test: ask the assistant to list clusters (list_clusters).
  2. App visibility test: list applications (list_applications).
  3. Deep read test: fetch a specific application resource tree.
  4. Operational test (non-read-only only): run sync on a non-production app.

If steps 1 to 3 succeed, your MCP path is correctly wired for day-to-day diagnostics.

⚠️ Common mistakes to double-check

  • ❌ Wrong ARGOCD_BASE_URL (missing scheme, wrong path, internal URL unreachable from IDE runtime).
  • ❌ Expired or insufficient Argo CD API token.
  • ❌ Expecting write operations while MCP_READ_ONLY=true.
  • ❌ Using self-signed certs without handling trust chain (or temporarily setting TLS bypass in non-prod only).
  • ❌ HTTP multi-replica deployment without sticky sessions and without --stateless.
  • ❌ Running high-risk tools in production before validating read-only behavior first.

⚡ Best practices

  • Start every new environment with read-only mode and promote to write only after controls are reviewed.
  • Use dedicated Argo CD tokens per environment (dev/stage/prod) and rotate regularly.
  • Gate mutation actions behind approval workflows outside the assistant chat path.
  • Use stateless mode for horizontally scaled HTTP deployments where session stickiness is unreliable.

πŸ”₯ CloudChef Pro Tip

Treat MCP for Argo CD like any production integration: apply least privilege, separate read vs write credentials, and validate tool behavior in non-prod before exposing production scopes.

πŸ”— Continue Your CloudChef Journey

πŸ“š References

πŸš€ Final Thoughts

MCP for Argo CD gives DevOps teams a practical interface between AI assistants and GitOps operations. The real win is not novelty - it is faster, safer triage and controlled execution in daily workflows.

πŸ‘‰ Roll it out with read-only defaults, validate your IDE integration path, then expand capabilities with intentional guardrails.

Tags: ArgoCD CI/CD

πŸ”₯ Trending CloudChef Recipes

⭐ Popular CloudChef Recipes

No comments:

Post a Comment

πŸ’‘ Found this useful?

Share it with your Team or DevOps Friends πŸ‘‡