Argo CD · Rate Limits

Argocd Rate Limits

Argo CD does not publish hard request-per-second rate limits on its REST/gRPC API. Throttling is the responsibility of the operator — typically enforced via the ingress controller (NGINX, Istio, AWS ALB) sitting in front of argocd-server, or via Kubernetes API server limits affecting the underlying watch/list calls Argo CD makes. Internally, Argo CD throttles its outbound traffic to source repositories (Git/Helm/OCI) and to target Kubernetes API servers via configurable concurrency knobs (reposerver.parallelism.limit, controller.kubectl.parallelism.limit, etc.). Login and account endpoints are protected by built-in failed-login attempt locking.

Argocd Rate Limits is the machine-readable rate-limit profile for Argo CD on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 4 rate-limit definitions, measuring failed-attempts, concurrent-operations, and applications-per-cycle.

The profile also includes 3 backoff/retry policies defined and response codes documented for unauthenticated, forbidden, and tooManyRequests.

Tagged areas include DevOps, GitOps, Kubernetes, Open Source, and Rate Limiting.

4 Limits
DevOpsGitOpsKubernetesOpen SourceRate Limiting

Limits

Failed Login Attempts account
failed-attempts · window
5
argocd-server locks the local account after the configured threshold of consecutive failed login attempts (default 5; controlled by server.failure.max.count and server.failure.window.seconds in argocd-cm).
Repo Server Parallelism repo-server
concurrent-operations · simultaneous
-1
Configurable via reposerver.parallelism.limit; bounds concurrent manifest generation operations against source repositories.
Kubectl Parallelism application-controller
concurrent-operations · simultaneous
-1
controller.kubectl.parallelism.limit caps concurrent kubectl operations the application controller issues against target clusters.
Status Refresh Throttle application-controller
applications-per-cycle · cycle
-1
Application controller refresh interval and reconcile concurrency are tunable; default cycle is short enough to detect drift quickly without overwhelming source repos.

Policies

Operator-Imposed Rate Limiting
Place an ingress / API gateway in front of argocd-server (NGINX, Istio, AWS ALB) and apply per-source-IP or per-token rate limits appropriate to your tenancy.
Sharding for Scale
For large numbers of clusters, shard the application controller (ARGOCD_CONTROLLER_REPLICAS) so each replica reconciles a subset, reducing per-instance load.
Repo Cache Tuning
Tune reposerver.cache.expiration and use the shallow-clone / git-LFS optimizations to reduce upstream Git provider load.

Sources