AI-driven GitOps with MCP and Argo CD¶
This was one of those talks where the demo felt uncomfortably close to real life. You could see the practical value straight away: fewer support bottlenecks, faster incident triage, and less context-switching for developers.
Quick takeaways¶
- Put AI where engineers already work (Slack/Teams), not in a new interface.
- MCP makes Argo CD actions discoverable and reusable for different AI clients.
- Start with operational tasks where feedback is fast: deploy, check health, roll back.
- Capture troubleshooting logic once and reuse it through Agent Skills.
The Slack bot beat the UI extension — by a lot
Intuit built the AI troubleshooting feature twice: once as an Argo CD UI extension (poor adoption) and once as a Slack bot in existing support channels (dramatically higher engagement). The lesson isn't that UI extensions are bad. It's that adoption follows workflow proximity. If your engineers debug in Slack, that's where the AI assistance belongs.
What was getting in the way¶
At KubeCon EU 2026, Alexander Matyushentsev (Argo CD co-founder) and Leonardo Luz Almeida (Intuit) laid out the problem clearly: managing 350+ Kubernetes clusters with 3,000+ production services across 50,000+ namespaces creates massive support bottlenecks. Developers wait in Slack channels for troubleshooting help. Expert DevOps engineers drown in repetitive diagnostic work. Traditional UI extensions fail because they don't meet users where they already are.
What we actually wanted¶
An AI-powered GitOps experience where developers use natural language to deploy applications, troubleshoot production issues, and automatically roll back failures - all through the tools they already use daily (Slack, Claude, Copilot).
Architecture in one view¶

Model Context Protocol (MCP): the universal connector¶
MCP is a standardised bridge between AI clients and services like Argo CD. Instead of building custom integrations for every LLM, MCP provides:
- JSON-RPC protocol over stdio or HTTP (Server-Sent Events or polling)
- Discovery API exposing tools (functions), resources (read-only data), and prompts (guidance text)
- Token passthrough for authentication - MCP delegates auth to underlying services
- One-to-one tool mapping with Argo CD CLI/UI capabilities (sync, inspect, logs, manifests)
Open Source MCP for Argo CD¶
Available at github.com/argoproj-labs/argocd-mcp with growing community adoption (#mcp-for-argocd on CNCF Slack with 16 members at conference time).
Three use cases that worked in practice¶
1. Natural Language Application Creation¶
Before: Fill out complex forms, specify manifest repos, branches, namespaces, sync policies
After: "Create an app called 'frontend' using the manifests from github.com/myorg/apps, main branch, deploy to production namespace"
The AI agent discovers available MCP tools, constructs the Argo CD Application resource, and deploys - faster than manual creation.
2. Batch Deployment from Git Directories¶
Prompt: "Connect to my GitOps repo and create an Argo CD application for each directory under /apps"
The agent: - Scans the Git repository structure - Identifies manifest directories - Creates multiple applications automatically - Implements app-of-apps patterns without manual intervention
This is genuinely faster than human assembly for repetitive structures.
3. Automated Deployment with Intelligent Rollback¶
Prompt: "Deploy version 2.0 of my service, monitor its health, and roll back to the previous version if it degrades"
The agent: 1. Syncs the new version 2. Continuously checks application health via Argo CD API 3. Analyzes degradation patterns from status conditions 4. Automatically reverts manifests on failure detection
This reduces Mean Time To Recovery (MTTR) from hours to minutes.
Intuit's production journey¶
Failed Experiment: Argo CD UI Extension¶
Intuit initially built an AI-powered troubleshooting extension directly in the Argo CD UI: - Extracted logs, Kubernetes events, live state, desired state via Argo CD API - Provided LLM-powered root cause analysis - Result: Poor adoption - experts went straight to logs, novices never opened Argo CD
Key Lesson: Don't build new interfaces; integrate where users already are.
Breakthrough: Slack Bot Integration¶
Moving AI troubleshooting into existing Slack support channels achieved dramatically higher engagement:
Example 1: Stack Trace Analysis
Developer: "I'm seeing warnings in argo logs, not sure if critical"
Bot: "Not critical. The class is attempting to cast byte array during schema validation. Check implementation at line 76, ensure serialization order is: byte array → deserialized logic → schema validation."
Example 2: Multi-Failure Triage
Developer: "Production deployment issue"
Bot: "I see TWO failures: (1) Recent deployment can't reach config server, (2) Current running version is degraded. Which should I investigate?"
Developer: "Current failure"
Bot (2.5 min later): "Application cannot retrieve configuration from Spring config server due to connection issue. Root cause: App configured with e2e environment URL while this is production. Update URL from config-e2e.company.com to config-prod.company.com"
Reverse Proxy Pattern¶
Single MCP server acts as facade for 40+ Argo CD instances, simplifying: - Developer access management - Service-to-service communication - Security boundaries and token distribution
Agent Skills: The Next Evolution¶
To avoid duplicating troubleshooting logic across UI extensions, bots, and CLI tools, Intuit is experimenting with Agent Skills - reusable markdown-based diagnostic recipes.
Skills define: - How to extract Argo CD base URLs and application names - Step-by-step troubleshooting procedures for degraded apps - Which API calls to make and how to interpret responses
This creates a library of operational knowledge that any agent can consume.
Apply this: document one troubleshooting flow as an Agent Skill before the next incident
Pick the most common Argo CD failure your team handles (image pull errors, resource limit violations, sync hook timeouts) and write it up as a SKILL.md. The next time that failure pattern appears, the agent has the diagnostic steps rather than someone having to remember them at 2am. One skill, written once, reused indefinitely.
Implementation Guide¶
For platform teams¶
- Deploy MCP for Argo CD from argo-cd-labs
- Configure HTTP transport for remote access (OAuth 2.0 or token passthrough)
- Integrate with existing support channels (Slack, Teams) rather than building standalone UIs
- Create prompts that instruct AI on common failure patterns:
- Image pull errors from Kubernetes events
- Resource limit violations from quota checks
- Config server misconfigurations from environment mismatches
For developers¶
- Test free-form application creation with natural language
- Experiment with batch operations via Git directory scanning
- Implement automated health monitoring with roll back conditions
- Measure engagement: track before/after metrics for bot interactions vs UI usage
For organisations¶
- Document troubleshooting workflows as Agent Skills in markdown format
- Share diagnostic logic across tools to eliminate duplication
- Consider MCP for other GitOps ecosystem tools (Flux, Argo Rollouts, External Secrets Operator)
The 'new interface' adoption trap
Intuit's first attempt failed because it built yet another UI tab — this time inside Argo CD. Experts bypassed it (they went straight to logs) and novices never opened Argo CD in the first place. Before building an AI interface, ask: where do engineers currently go when something breaks? Build there, not where you wish they'd go.
What changed in practice¶
Before: Weeks-long support backlogs, expert knowledge bottlenecks, manual deployments
After: Conversational GitOps operations, automated diagnostics, self-service at scale
The convergence of GitOps and AI through standardised protocols like MCP changes how platform teams operate. By meeting users where they are and encoding operational knowledge in reusable formats, teams move from "Platform as Code" to "Platform as Conversation".
References¶
- MCP for Argo CD - Open source project
- Model Context Protocol - Specification
- CNCF Slack #mcp-for-argocd - Community discussion
- KubeCon EU 2026 Conference Notes - Full session details
Presented at KubeCon + CloudNativeCon Europe 2026 by Alexander Matyushentsev (Akuity) and Leonardo Luz Almeida (Intuit)
Frequently asked questions¶
Is the MCP for Argo CD project production-ready?
At KubeCon EU 2026, github.com/argoproj-labs/argocd-mcp had 16 members in the CNCF Slack channel — community adoption was early-stage. Intuit's production Slack bot predated the open-source MCP server and used custom integrations. Treat the open-source MCP server as a strong starting point for experimentation; validate it against your specific Argo CD version and scale before putting it on a critical support path.
Where can I watch the KubeCon session?
The talk by Alexander Matyushentsev (Akuity) and Leonardo Luz Almeida (Intuit) is on the CNCF YouTube channel. Search "AI-driven GitOps MCP Argo CD KubeCon EU 2026".
Does the reverse proxy pattern work with Argo CD OIDC authentication?
Yes — the MCP server acts as a facade and handles token distribution to the underlying Argo CD instances. OIDC tokens are passed through to each Argo CD instance, which enforces its own RBAC. The key benefit is that developers interact with one MCP endpoint rather than managing credentials for 40+ Argo CD instances separately.
How do Agent Skills relate to SKILL.md files?
They're the same concept. Intuit calls them Agent Skills; the open standard uses SKILL.md. A skill packages a diagnostic or operational procedure as a reusable markdown file any compliant agent can follow. The Kyverno session at KubeCon used the same pattern for policy operations. It's the same idea independently converging on the same solution — which is a strong signal the pattern is right.
Can this pattern be applied to other GitOps tools like Flux?
Yes — the MCP protocol is tool-agnostic. The ArgoCD MCP server exposes Argo CD-specific tools, but the same architecture applies to Flux: an MCP server that wraps Flux CLI operations and the Flux API would give AI agents the same natural language access to Flux-managed resources. The MCP session at KubeCon explicitly noted this as a direction for the broader GitOps ecosystem.