Advanced GitOps with ArgoCD for Kubernetes

Introduction
Modern software development demands speed, reliability, and scalability. Kubernetes has emerged as the de facto standard for orchestrating containerized applications, but managing its deployments manually can be error-prone and inefficient. This is where GitOps comes in—a declarative approach to continuous delivery that leverages Git as the single source of truth.
In this article, we will explore GitOps with ArgoCD, a powerful tool that enables automated, Git-driven deployments for Kubernetes. We will cover:
The principles of GitOps and its advantages
Setting up ArgoCD in a Kubernetes cluster
Deploying applications using Helm charts and Kubernetes YAML files
Integrating ArgoCD with GitLab/GitHub for automated deployment workflows
What is GitOps?
GitOps is a methodology that applies DevOps best practices—such as version control, collaboration, and continuous delivery—to infrastructure automation. It operates under the principle that a Git repository should be the source of truth for all deployment configurations.
Core GitOps Principles:
Declarative Configuration: The desired state of the system is stored as declarative configuration files (YAML/Helm charts) in Git.
Version Control and History: Git provides an auditable history of all changes, allowing rollback and traceability.
Automated Synchronization: A GitOps operator (such as ArgoCD) continuously monitors the repository and reconciles the cluster state.
Continuous Deployment: Any commit to the Git repository automatically triggers deployment updates.
Why ArgoCD?
ArgoCD is a declarative GitOps continuous delivery tool for Kubernetes. It provides:
Automated Sync: Reconciles Kubernetes resources with Git repository changes.
GUI and CLI: A user-friendly dashboard and CLI for managing applications.
RBAC and Multi-Tenancy: Role-based access control for security.
Helm and Kustomize Support: Native support for templated configurations.
Setting Up ArgoCD in a Kubernetes Cluster
Prerequisites:
A Kubernetes cluster (Minikube, AKS, EKS, or GKE)
kubectl installed
Helm installed (for Helm-based deployments)
Git repository for storing application manifests
Step 1: Install ArgoCD
Execute the following command to install ArgoCD in the argocd
namespace:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Step 2: Access ArgoCD UI
After installation, port-forward the ArgoCD API server to access the UI:
kubectl port-forward svc/argocd-server -n argocd 8080:443
Visit https://localhost:8080
to access the ArgoCD dashboard.
Step 3: Retrieve ArgoCD Admin Password
Get the initial password for the admin
user:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Log in using admin
as the username.
Deploying Applications with ArgoCD
1. Creating an ArgoCD Application
We will create an ArgoCD application that deploys a sample Nginx app from a Git repository.
Create an Application
manifest (e.g., nginx-app.yaml
):
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx-app
namespace: argocd
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/devops-dojo/nginx-k8s.git
targetRevision: HEAD
path: manifests
syncPolicy:
automated:
selfHeal: true
prune: true
Apply the manifest:
kubectl apply -f nginx-app.yaml -n argocd
ArgoCD will now monitor the repository and deploy the application whenever a change is detected.
2. Deploying Applications with Helm
Helm simplifies Kubernetes deployments by using templated YAML manifests.
Example Application
manifest for deploying an Nginx Helm chart:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx-helm
namespace: argocd
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
source:
repoURL: https://charts.bitnami.com/bitnami
chart: nginx
targetRevision: 13.2.17
helm:
values: |
service:
type: LoadBalancer
syncPolicy:
automated:
selfHeal: true
prune: true
Apply the manifest:
kubectl apply -f nginx-helm.yaml -n argocd
ArgoCD will fetch and deploy the Helm chart from the Bitnami repository.
GitLab/GitHub Integration for Automated Deployments
ArgoCD can automatically deploy applications when changes are pushed to GitLab or GitHub.
1. Create a Git Repository
Host your Kubernetes manifests in a GitHub or GitLab repository.
2. Configure a Webhook (GitHub Example)
Go to GitHub Repository Settings → Webhooks.
Click Add Webhook.
Set the Payload URL to
http://argocd-server.argocd.svc/api/webhook
.Choose application/json as the Content type.
Enable Push Events.
ArgoCD will now react to Git commits and synchronize the Kubernetes cluster accordingly.
Best Practices for GitOps with ArgoCD
1. Use Separate Repositories for Applications and Infrastructure
Keep application manifests and infrastructure definitions in different repositories to maintain clarity.
2. Implement Role-Based Access Control (RBAC)
Restrict who can modify application configurations to prevent unauthorized changes.
3. Enable Auto-Sync with Self-Healing
This ensures that the cluster state always matches the desired state in Git.
4. Monitor and Audit Changes
Use ArgoCD notifications and logging to track deployments and troubleshoot issues.
5. Use ArgoCD Image Updater
Automate container image updates by integrating ArgoCD Image Updater with a CI/CD pipeline.
Conclusion
GitOps with ArgoCD revolutionizes Kubernetes application deployment by enabling automated, Git-driven workflows. By implementing ArgoCD, teams can achieve:
Faster, more reliable deployments
Enhanced security and auditability
Improved collaboration through Git-based version control
By following the steps in this guide, you can leverage GitOps principles to streamline your Kubernetes application management with ArgoCD.
Next Steps:
Explore ArgoCD Rollouts for canary deployments.
Integrate ArgoCD with FluxCD for hybrid GitOps workflows.
Automate security scanning with OPA Gatekeeper.
Happy deploying! 🚀
Subscribe to my newsletter
Read articles from The DevOps Dojo directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
