Overview

Argo CD Diff Preview is a tool that renders the diff between two branches in a Git repository. It is designed to render manifests generated by Argo CD, providing a clear and concise view of the changes between two branches. It operates similarly to Atlantis for Terraform, creating a plan that outlines the proposed changes.

3 Example Pull Requests:

• Helm Example | Internal Chart
• Helm example | External Chart: Nginx
• Kustomize Example

---

Overview

The safest way to make changes to you Helm Charts and Kustomize Overlays in your GitOps repository is to let Argo CD render them for you. This can be done by spinning up an ephemeral cluster in your automated pipelines. Since the diff is rendered by Argo CD itself, it is as accurate as possible.

The implementation is actually quite simple. It just follows the steps below:

10 Steps

1. Start a local cluster
2. Install Argo CD
3. Add the required credentials (git credentials, image pull secrets, etc.)
4. Fetch all Argo CD applications from your PR branch
5. Point their targetRevision to the Pull Request branch
6. Remove the syncPolicy from the applications (to avoid the applications syncing locally)
7. Apply the modified applications to the cluster
8. Let Argo CD do its magic
9. Extract the rendered manifests from the Argo CD server
10. Repeat steps 4–7 for the base branch (main branch)
11. Create a diff between the manifests rendered from each branch
12. Display the diff in the PR

Features

• Renders manifests generated by Argo CD
• Does not require access to your real cluster or Argo CD instance. The tool runs in complete isolation.
• Can be run locally before you open the pull request
• Works with private repositories and Helm charts
• Provides a clear and concise view of the changes
• Render resources from external sources (e.g., Helm charts). For example, when you update the chart version of Nginx, you can get a render of the new output. For example, this is useful to spot changes in default values. PR example.

Why do we need this?

In the Kubernetes world, we often use templating tools like Kustomize and Helm to generate our Kubernetes manifests. These tools make maintaining and streamlining configuration easier across applications and environments. However, they also make it harder to visualize the application's actual configuration in the cluster.

Mentally parsing Helm templates and Kustomize patches is hard without rendering the actual output. Thus, making mistakes while modifying an application's configuration is relatively easy.

In the field of GitOps and infrastructure as code, all configurations are checked into Git and modified through PRs. The code changes in the PR are reviewed by a human, who needs to understand the changes made to the configuration. This is hard when the configuration is generated through templating tools like Kustomize and Helm.

ArgoCon 2024 Talk

argocd-diff-preview will be presented at ArgoCon 2024 in Utah, US. The talk will cover the current tools and methods for visualizing code changes in GitOps workflows and introduce this new approach, which uses ephemeral clusters to render accurate diffs directly on your pull requests.

• GitOps Safety: Rendering Accurate ArgoCD Diffs Directly on Pull Requests