Argazer (a wordplay on "Argo" and "gazer") is a lightweight tool that monitors your ArgoCD applications for Helm chart updates. It connects to ArgoCD via API, scans your applications across multiple repository types (Git, OCI, HTTP), and notifies you when newer versions are available.
Features
- Single-run execution - Runs once on launch, perfect for CI/CD or cron jobs.
- Multiple repository types - Native support for Traditional HTTP Helm repos, OCI Registries, and Git Repositories.
- Interactive configuration - Run
argazer configurefor a step-by-step setup wizard. - Flexible output formats - Table (human-readable), JSON (programmatic), or Markdown (documentation).
- Controllable verbosity - Adjust output noise using the
--verbosityflag (normal,full, oroff). - Flexible filtering - Filter by projects, application names, and labels.
- Semantic version constraints - Only notify on
patch,minor, ormajorupdates. - Multiple notification channels - Telegram, Email, Slack, Microsoft Teams, or Generic Webhooks.
- Graceful error handling & retries - Reliable notifications with exponential backoff on network failures.
Installation
Homebrew (macOS / Linux)
brew tap k-krew/tap https://github.com/k-krew/homebrew-tap.git brew trust k-krew/tap brew install --cask argazer
Using Docker
Multi-architecture images are available for AMD64 and ARM64:
# Pull the latest image docker pull ghcr.io/kreicer/argazer:latest # Or a specific version docker pull ghcr.io/kreicer/argazer:v1.1.0
From Source
git clone git@github.com:kreicer/argazer.git cd argazer go build -o argazer .
Quick Start
The easiest way to get started is with the interactive configuration wizard:
This will guide you through connecting to ArgoCD, selecting filters, configuring notifications, and saving everything to config.yaml.
Usage
Basic Execution
# Run with config file ./argazer --config config.yaml # Run with environment variables AG_ARGOCD_URL="argocd.example.com" AG_ARGOCD_USERNAME="admin" AG_ARGOCD_PASSWORD="password" ./argazer # Run with flags ./argazer --argocd-url="argocd.example.com" --argocd-username="admin" --argocd-password="password"
Output and Verbosity Control
Argazer allows you to control both the format of the results and the verbosity of its operational logs.
# Change output format (table, json, markdown) ./argazer --output-format="json" # Control operational log verbosity (normal, full, off) ./argazer --verbosity="off" # Mutes logs, prints only the final scan results ./argazer --verbosity="full" # Enables debug logging # Change log format for integration (json, text) ./argazer --log-format="text"
Version Constraints
Control which updates trigger notifications based on semantic versioning:
# Check all versions (default) ./argazer --version-constraint="major" # Only check for minor or patch updates (e.g. 1.2.3 -> 1.3.0) ./argazer --version-constraint="minor" # Only check for patch updates (e.g. 1.2.3 -> 1.2.5) ./argazer --version-constraint="patch"
Configuration
Argazer can be configured via a config.yaml file, CLI flags, or environment variables (AG_ prefix).
Note: Full configuration examples can be found in the
examples/directory:
Click to expand full configuration examples
config.yaml Example
argocd_url: "argocd.example.com" argocd_username: "admin" argocd_password: "your-password" argocd_insecure: false projects: ["*"] app_names: ["*"] labels: type: "operator" notification_channel: "telegram" telegram_webhook: "https://api.telegram.org/botTOKEN/sendMessage" telegram_chat_id: "123456789" verbosity: "normal" version_constraint: "major" output_format: "table"
Environment Variables
export AG_ARGOCD_URL="argocd.example.com" export AG_ARGOCD_USERNAME="admin" export AG_ARGOCD_PASSWORD="your-password" export AG_PROJECTS="production,staging" export AG_LABELS="type=operator,environment=production" export AG_OUTPUT_FORMAT="table" export AG_VERBOSITY="normal"
Authentication for Private Repositories
⚠️ SECURITY WARNING
Do NOT store credentials in plain text config files! ALWAYS use environment variables for credentials in production.
Argazer supports authentication for Git, OCI, and HTTP Helm repositories. Provide credentials using environment variables:
# Example: GitHub Container Registry (OCI) export AG_AUTH_URL_GHCR="ghcr.io" export AG_AUTH_USER_GHCR="github-user" export AG_AUTH_PASS_GHCR="ghp_token" # Example: Private Git Repository export AG_AUTH_URL_GIT="github.com" export AG_AUTH_USER_GIT="git-user" export AG_AUTH_PASS_GIT="git-token"
Supported Repository Types
Argazer automatically detects the repository type based on the URL in ArgoCD:
- Git Repositories: Detects
.gitURLs (e.g.,https://github.com/myorg/helm-charts.git). Reads versions directly from git tags. - OCI Registries: Detects registries without
http://orhttps://(e.g.,ghcr.io/myorg/charts). - Traditional Helm: Classic HTTP-based repositories with an
index.yaml.
ArgoCD RBAC Setup
Argazer requires minimal read-only permissions in ArgoCD. Create a dedicated user with the following RBAC policy:
# argocd-rbac-cm ConfigMap p, role:argazer-reader, applications, get, */*, allow p, role:argazer-reader, applications, list, */*, allow g, argazer, role:argazer-reader
Troubleshooting
- No Applications Found: Verify your
projects,app_names, andlabelsfilters. Ensure the ArgoCD user has RBAC permissions to list applications. - Connection Issues: Ensure
argocd_urldoes not contain thehttps://prefix (e.g., useargocd.example.com). Try settingargocd_insecure: trueif using self-signed certificates. - Seeing too much output?: Use
--verbosity="off"to hide operational logs and only display the final scan results.
License & Contributing
Apache 2.0 license. Contributions are welcome! Please feel free to submit a Pull Request.