Scaling GitOps across hundreds of clusters often creates security and performance bottlenecks. This session introduces the Argo CD Agent, a new open-source project that flips the script with a decentralized pull model.

Traditional multi-cluster GitOps often requires a "God-mode" control plane with broad network access and stored credentials for every managed cluster. This "Push" architecture creates a significant security risk: if the central orchestrator is compromised, the entire fleet is vulnerable. Furthermore, managing clusters across air-gapped environments or restrictive firewalls often requires punching holes in security perimeters.

This session introduces a new paradigm in secure software delivery: the Argo CD Agent. By shifting from a push-based model to a decentralized pull-based architecture, the Argo CD Agent enables a Zero-Inbound security posture. Remote clusters remain completely isolated, initiating outbound mTLS connections to a central hub to sync desired states without ever exposing their internal APIs.

The session will conclude with a live demo featuring ApplicationSets managing a fleet of remote clusters from a single, secure control plane.