Argazer (a wordplay on "Argo" and "gazer") is a lightweight tool that monitors your ArgoCD applications for Helm chart updates. It connects to ArgoCD via API, scans your applications across multiple repository types (Git, OCI, HTTP), and notifies you when newer versions are available.
- Single-run execution - Runs once on launch, perfect for CI/CD or cron jobs.
- Multiple repository types - Native support for Traditional HTTP Helm repos, OCI Registries, and Git Repositories.
- Interactive configuration - Run
argazer configurefor a step-by-step setup wizard. - Flexible output formats - Table (human-readable), JSON (programmatic), or Markdown (documentation).
- Controllable verbosity - Adjust output noise using the
--verbosityflag (normal,full, oroff). - Flexible filtering - Filter by projects, application names, and labels.
- Semantic version constraints - Only notify on
patch,minor, ormajorupdates. - Multiple notification channels - Telegram, Email, Slack, Microsoft Teams, or Generic Webhooks.
- Graceful error handling & retries - Reliable notifications with exponential backoff on network failures.
brew tap k-krew/tap https://github.com/k-krew/homebrew-tap.git
brew trust k-krew/tap
brew install --cask argazerMulti-architecture images are available for AMD64 and ARM64:
# Pull the latest image
docker pull ghcr.io/kreicer/argazer:latest
# Or a specific version
docker pull ghcr.io/kreicer/argazer:v1.1.0git clone git@github.com:kreicer/argazer.git
cd argazer
go build -o argazer .The easiest way to get started is with the interactive configuration wizard:
./argazer configureThis will guide you through connecting to ArgoCD, selecting filters, configuring notifications, and saving everything to config.yaml.
# Run with config file
./argazer --config config.yaml
# Run with environment variables
AG_ARGOCD_URL="argocd.example.com" AG_ARGOCD_USERNAME="admin" AG_ARGOCD_PASSWORD="password" ./argazer
# Run with flags
./argazer --argocd-url="argocd.example.com" --argocd-username="admin" --argocd-password="password"Argazer allows you to control both the format of the results and the verbosity of its operational logs.
# Change output format (table, json, markdown)
./argazer --output-format="json"
# Control operational log verbosity (normal, full, off)
./argazer --verbosity="off" # Mutes logs, prints only the final scan results
./argazer --verbosity="full" # Enables debug logging
# Change log format for integration (json, text)
./argazer --log-format="text"Control which updates trigger notifications based on semantic versioning:
# Check all versions (default)
./argazer --version-constraint="major"
# Only check for minor or patch updates (e.g. 1.2.3 -> 1.3.0)
./argazer --version-constraint="minor"
# Only check for patch updates (e.g. 1.2.3 -> 1.2.5)
./argazer --version-constraint="patch"Argazer can be configured via a config.yaml file, CLI flags, or environment variables (AG_ prefix).
Note: Full configuration examples can be found in the
examples/directory:
Click to expand full configuration examples
argocd_url: "argocd.example.com"
argocd_username: "admin"
argocd_password: "your-password"
argocd_insecure: false
projects: ["*"]
app_names: ["*"]
labels:
type: "operator"
notification_channel: "telegram"
telegram_webhook: "https://api.telegram.org/botTOKEN/sendMessage"
telegram_chat_id: "123456789"
verbosity: "normal"
version_constraint: "major"
output_format: "table"export AG_ARGOCD_URL="argocd.example.com"
export AG_ARGOCD_USERNAME="admin"
export AG_ARGOCD_PASSWORD="your-password"
export AG_PROJECTS="production,staging"
export AG_LABELS="type=operator,environment=production"
export AG_OUTPUT_FORMAT="table"
export AG_VERBOSITY="normal"
⚠️ SECURITY WARNING
Do NOT store credentials in plain text config files! ALWAYS use environment variables for credentials in production.
Argazer supports authentication for Git, OCI, and HTTP Helm repositories. Provide credentials using environment variables:
# Example: GitHub Container Registry (OCI)
export AG_AUTH_URL_GHCR="ghcr.io"
export AG_AUTH_USER_GHCR="github-user"
export AG_AUTH_PASS_GHCR="ghp_token"
# Example: Private Git Repository
export AG_AUTH_URL_GIT="github.com"
export AG_AUTH_USER_GIT="git-user"
export AG_AUTH_PASS_GIT="git-token"Argazer automatically detects the repository type based on the URL in ArgoCD:
- Git Repositories: Detects
.gitURLs (e.g.,https://github.com/myorg/helm-charts.git). Reads versions directly from git tags. - OCI Registries: Detects registries without
http://orhttps://(e.g.,ghcr.io/myorg/charts). - Traditional Helm: Classic HTTP-based repositories with an
index.yaml.
Argazer requires minimal read-only permissions in ArgoCD. Create a dedicated user with the following RBAC policy:
# argocd-rbac-cm ConfigMap
p, role:argazer-reader, applications, get, */*, allow
p, role:argazer-reader, applications, list, */*, allow
g, argazer, role:argazer-reader- No Applications Found: Verify your
projects,app_names, andlabelsfilters. Ensure the ArgoCD user has RBAC permissions to list applications. - Connection Issues: Ensure
argocd_urldoes not contain thehttps://prefix (e.g., useargocd.example.com). Try settingargocd_insecure: trueif using self-signed certificates. - Seeing too much output?: Use
--verbosity="off"to hide operational logs and only display the final scan results.
Apache 2.0 license. Contributions are welcome! Please feel free to submit a Pull Request.