Mar 19
Loading video player...
In this video I set up argocd-agent on a homelab from scratch ā k3d hub cluster, two vClusters as workloads, mTLS PKI bootstrapped by hand, and a live GitOps sync at the end. The whole point of argocd-agent is that it flips the connection model. Instead of your control plane reaching into every cluster it manages (open firewall rules, stored kubeconfigs, 50 attack surfaces), each workload cluster runs a lightweight agent that dials back to the hub over gRPC with mutual TLS. The hub never touches your clusters directly. Every command in this video is in the blog post ā link below. š Blog: https://blog.tinkerwithtech.io/blog/ep01-argocd-agent New CNCF tutorial every week. Subscribe so you don't miss it. ### Chapters - 0:00 The problem with traditional Argo CD at scale - 0:30 How argocd-agent fixes it - 1:00 Create the hub cluster with k3d - 1:30 Spin up workload clusters with vCluster - 2:00 Install Argo CD and disable the hub controller - 2:30 Bootstrap PKI and install the principal - 3:15 Configure namespace routing - 3:45 Register agents and issue client certs - 4:15 Deploy agents on workload clusters - 4:30 Hero moment ā mTLS handshake in the logs - 4:45 Test with a live guestbook sync