https://github.com/natrontech/argoplane

ArgoPlane is a collection of ArgoCD UI extensions.
https://github.com/natrontech/argoplane

argocd gitops

Last synced: about 2 months ago
JSON representation

ArgoPlane is a collection of ArgoCD UI extensions.

• Host: GitHub
• URL: https://github.com/natrontech/argoplane
• Owner: natrontech
• License: apache-2.0
• Created: 2026-03-15T09:07:37.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2026-04-22T10:20:09.000Z (about 2 months ago)
• Last Synced: 2026-04-22T10:30:29.243Z (about 2 months ago)
• Topics: argocd, gitops
• Language: TypeScript
• Homepage: https://natrontech.github.io/argoplane
• Size: 2.81 MB
• Stars: 2
• Watchers: 0
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          


  



ArgoPlane




  An ArgoCD extension package. Metrics, logs, backups, network flows, vulnerabilities, and events — all inside ArgoCD.





  

  

  

  

  



---

ArgoPlane is a collection of ArgoCD UI extensions. It adds resource tabs, app views, and status panels so developers can see metrics, logs, backups, network flows, vulnerabilities, and events without leaving ArgoCD. Nothing more, nothing less. Each extension is independent and can be installed on its own.

https://github.com/user-attachments/assets/b9c4a296-9d05-46ca-b421-7011a22bf9b9

## Extensions

| Category | Extension | What it shows | Status | Preview |

|----------|-----------|---------------|--------|---------|

| **Observe** | Metrics | CPU, memory, request rates, latency (Prometheus) | ✅ | 
 |

| **Observe** | Backups | Backup status, schedules, restore triggers (Velero) | ✅ |  |

| **Observe** | Networking | Traffic flows, network policies (Cilium/Hubble) | ✅ | 
 |

| **Observe** | Logs | Log search, severity detection, volume charts (Loki) | ✅ | 
 |

| **Secure** | Vulnerabilities | Image CVEs, config audit, exposed secrets, SBOM (Trivy Operator) | ✅ | 


 |

| **Observe** | Events | Kubernetes events per resource and application | ✅ | 
 |

| **Observe** | Alerts | Firing alerts, PrometheusRules, silences (Alertmanager) | Planned | - |

| **Secure** | Policies | Policy violations, admission results (Kyverno) | Planned | - |

Each extension is independently toggleable. Install only what you need.

## How it works

Every extension follows the same pattern: a **React/TypeScript UI** registers tabs and views via ArgoCD's extension API, a **Go backend** queries the underlying system (Prometheus, Velero, Loki, etc.), and ArgoCD's **proxy extension** mechanism routes requests from the UI to the backend. Extensions inherit ArgoCD's authentication and RBAC. No extra auth layer required.

```

ArgoCD UI

├── ArgoPlane extensions

│   ├── Resource tabs (per Deployment, Pod, etc.)

│   ├── App views (per Application)

│   └── Status panels (app header)

│

│   React/TS ──proxy──▶ Go backends

│                        ├── Prometheus

│                        ├── Velero

│                        ├── Cilium/Hubble

│                        ├── Loki

│                        ├── Trivy Operator

│                        └── K8s Events API

│

└── ArgoCD RBAC + Dex auth

```

## Installation

**Helm (recommended):**

```sh

helm install argoplane oci://ghcr.io/natrontech/charts/argoplane --version 0.2.0

```

Each extension can be enabled or disabled individually in `values.yaml`. The chart deploys extension backends, proxy configuration, RBAC policies, and UI bundles (via an init container on argocd-server).

See the [deployment docs](services/docs/) for full configuration details.

## RBAC

ArgoCD requires explicit `extensions, invoke` permission in `argocd-rbac-cm`. AppProject role policies are ignored for this check — it must be in the global config map.

```csv

g, your-oidc-group-id, role:your-role

p, role:your-role, applications, get, your-project/*, allow

p, role:your-role, extensions, invoke, metrics, allow

p, role:your-role, extensions, invoke, backups, allow

p, role:your-role, extensions, invoke, networking, allow

p, role:your-role, extensions, invoke, logs, allow

p, role:your-role, extensions, invoke, vulnerabilities, allow

p, role:your-role, extensions, invoke, events, allow

```

`applications, get` is a prerequisite: ArgoCD rejects extension calls for applications the user cannot read.

**Security note:** ArgoCD uses a single `extensions, invoke` permission for all HTTP methods. A user with invoke access can call any endpoint the backend exposes — including write operations like backup triggers and restores. Scope `applications, get` as narrowly as your setup allows.

## Development

```sh

make dev-infra            # Create kind cluster + install ArgoCD (idempotent)

make argocd-password      # Print admin password

make argocd-portforward   # Port-forward UI to localhost:8080

make build-extensions     # Build all UI extension bundles

make reload-extensions    # Rebuild + redeploy all extensions

make test-integration     # Run integration tests

make clean-all            # Destroy everything

make help                 # Show all available targets

```

## Built with AI

ArgoPlane is developed with the help of [Claude Code](https://claude.ai/code), Anthropic's AI coding assistant. We're transparent about this because we believe AI-assisted development is the future, and hiding it helps nobody.

The entire Claude Code configuration is checked into this repo:

| Path | What it does |

|------|-------------|

| [`CLAUDE.md`](CLAUDE.md) | Project context, architecture overview, and development instructions for Claude |

| [`.claude/rules/`](.claude/rules/) | Rule files covering Go, React, architecture, design system, git conventions, and more |

| [`.claude/skills/`](.claude/skills/) | Custom skills: dev setup, extension scaffolding, deployment, testing |

We share this openly so others can learn from our approach to AI-assisted development.

## License

[Apache-2.0](LICENSE)

Built with love from Switzerland by [Natron Tech AG](https://natron.io).