How I Built a Scalable GitOps Platform from Scratch with ArgoCD, Helm, and ApplicationSet

In this blog, I’ll walk you through how I built a fully automated, multi-tenant GitOps platform from scratch using:

• 🔁 ArgoCD (for GitOps deployment)

• 📦 Helm (for templated applications)

• 📁 ApplicationSet (for dynamic app generation)

• 🌐 Kubernetes (EKS-ready)

💡 This platform is built on top of the Google Cloud microservices-demo — a real-world e-commerce application with 10+ microservices. All manifests, charts, and automation are available in my GitHub repo:

🔗 multitenant-github-repo

---

🎯 Goals of This Project

1. Learn how GitOps can work in a multi-team, multi-environment setup

2. Reduce duplication across Helm charts using shared templates

3. Scale microservice deployments using ApplicationSet

4. Handle secrets securely with SealedSecrets

---

🧱 Folder Structure at a Glance

enterprise-multitenant-gitops/
├── apps/                          # Shared Helm chart templates
│   └── microservices-demo/charts/
├── tenants/                      # Environment-specific Helm values
│   └── microservices-team/overlays/dev/values-*.yaml
├── clusters/dev/                 # ArgoCD entrypoint
│   └── applicationset.yaml
├── common/                       # Kustomize overlays (RBAC, NS, etc.)
└── secrets/                      # Sealed secrets for each environment

---

🌀 Step 1: Bootstrap ArgoCD into the Cluster

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Then expose ArgoCD UI:

kubectl port-forward svc/argocd-server -n argocd 8080:443

Open http://localhost:8080 and log in.

📸 ArgoCD Dashboard:

---

🧩 Step 2: Build One Helm Chart for All Services

Instead of managing 10 separate Helm charts, I used one shared chart with templates like:

apps/microservices-demo/charts/
├── deployment.yaml
├── service.yaml
├── hpa.yaml
├── ingress.yaml
└── values.yaml

And each microservice like adservice, frontend, or checkoutservice just overrides values via:

tenants/microservices-team/overlays/dev/values-adservice.yaml

---

📦 Step 3: ApplicationSet – GitOps Automation at Scale

Here’s the magic. I created one ApplicationSet YAML like this:

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: microservices-team-dev
spec:
  generators:
    - git:
        repoURL: https://github.com/prathyushreddy123/enterprise-multitenant-gitops
        revision: HEAD
        files:
          - path: tenants/microservices-team/overlays/dev/values-*.yaml
  template:
    metadata:
      name: '{{path.basenameNormalized}}-dev'
    spec:
      source:
        path: apps/microservices-demo/charts
        helm:
          valueFiles:
            - '{{path}}'
      destination:
        namespace: microservices-team-dev
      syncPolicy:
        automated:
          prune: true
          selfHeal: true

🔄 Now any time I add a file like values-productcatalogservice.yaml, ArgoCD auto-generates a new app 🎉

📸 Dynamic Apps Created in ArgoCD:

---

🔐 Step 4: Secure Secrets with SealedSecrets

kubectl create secret generic app-secret --from-literal=DB_PASSWORD=securepass123 -n microservices-team-dev
kubeseal --controller-namespace=argocd -o yaml < secret.yaml > sealed-secret.yaml

Place sealed secret under:

secrets/sealed/dev-app-secret.yaml

Commit → Sync → Applied securely 🔒

---

🧪 Step 5: Deploy Everything

kubectl apply -f clusters/dev/applicationset.yaml -n argocd

Watch the apps appear:

kubectl get applications -n argocd

Or view in UI 🎯

---

✨ What I Learned

• Helm reuse is game-changing when dealing with 10+ microservices

• ApplicationSet keeps your GitOps repo DRY, flexible, and scalable

• Secrets can be handled securely even in a GitOps flow

• ArgoCD’s UI + automation is a powerful combo

---

Feel free to ⭐️ the GitHub repo or follow me for updates:

🔗 https://github.com/prathyushreddy123/enterprise-multitenant-gitops

Let me know what you think — and if you'd like help building your own GitOps setup!

---