9th Week :- GitOps with ArgoCD: Automate Kubernetes Deployments from Code to Cluster

Lav kushwahaLav kushwaha
6 min read

βœ… What is GitOps?

GitOps is a modern DevOps approach where Git becomes the single source of truth for your entire infrastructure and application deployments. Instead of manually running kubectl apply or using scripts, you declare your desired state (like app version, replicas, configs) in a Git repository. Then tools like ArgoCD continuously sync those changes to your Kubernetes cluster.

πŸ” In GitOps, your deployment flow becomes:
Git Commit β†’ Git Push β†’ ArgoCD Sync β†’ Kubernetes Deployment


βœ… What is ArgoCD?

ArgoCD is a powerful GitOps tool that:

  • Watches a Git repository for changes in Kubernetes manifests.

  • Automatically syncs those changes to a Kubernetes cluster.

  • Visualizes applications and sync status via a UI or CLI.

  • Provides rollback, version control, and audit capabilities.

🧠 Think of ArgoCD as a Kubernetes-native deployment controller powered by Git.


πŸ“¦ Traditional Deployment vs GitOps Deployment

FeatureTraditional WayGitOps Way
Source of TruthYour terminal or CI/CD toolGit Repository
Manual Workkubectl apply after every buildAuto sync via ArgoCD
RollbacksManualOne-click from Git history
SecurityDepends on user accessControlled by Git permissions
Audit TrailNone or via logsBuilt-in Git commit history

πŸ” GitOps Deployment Workflow (End-to-End)

Let’s walk through how to deploy a Node.js backend application using GitOps with ArgoCD.

πŸ”§ Step-by-Step GitOps Flow

1. Write Code

  • Build a simple Node.js backend app.
// server.js
const express = require('express');
const app = express();
app.get('/', (req, res) => res.send('Node backend working!'));
app.listen(3000, () => console.log('Server started on port 3000'));

2. Dockerize the App

Create a Dockerfile in the project:

FROM node:18
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]

3. CI Pipeline (GitHub Actions)

We’ll automate Docker build and push to DockerHub.

# .github/workflows/docker-ci.yml
name: Build and Push Docker Image

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
      uses: actions/checkout@v3

    - name: Login to DockerHub
      run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin

    - name: Build and Push Image
      run: |
        docker build -t ${{ secrets.DOCKER_USERNAME }}/node-backend:latest .
        docker push ${{ secrets.DOCKER_USERNAME }}/node-backend:latest

πŸ” Store DockerHub credentials in GitHub Secrets.


4. GitOps Repository Setup

Create a second repo, e.g., node-backend-ops, for Kubernetes manifests.

deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: node-backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: node-backend
  template:
    metadata:
      labels:
        app: node-backend
    spec:
      containers:
      - name: node
        image: your-docker-username/node-backend:latest
        ports:
        - containerPort: 3000

service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: node-backend-service
spec:
  selector:
    app: node-backend
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000
  type: LoadBalancer

5. Update CI to Trigger GitOps

After pushing Docker image, commit new image tag to ops repo.

# Add a job in docker-ci.yml (add after Docker push)
- name: Update GitOps Repo
  run: |
    git config --global user.name "GitOps Bot"
    git config --global user.email "bot@example.com"
    git clone https://x-access-token:${{ secrets.GITOPS_TOKEN }}@github.com/your-org/node-backend-ops.git
    cd node-backend-ops
    sed -i 's|image:.*|image: your-docker-username/node-backend:latest|' deployment.yaml
    git commit -am "Update image to latest"
    git push

βœ… You can also use tools like Kustomize or [Helm] for templating versions.


6. Configure ArgoCD to Watch Ops Repo

  1. Install ArgoCD on cluster:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
  1. Access UI:
kubectl port-forward svc/argocd-server -n argocd 8080:443
  1. Login:
kubectl get secret argocd-initial-admin-secret -n argocd -o yaml
  1. Create App in ArgoCD (UI or CLI):
argocd app create node-backend \
  --repo https://github.com/your-org/node-backend-ops.git \
  --path . \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace default
  1. Sync App:
argocd app sync node-backend

🧩 GitOps Flow Recap (Visual)

1. Developer writes Node backend code
2. Commit & push to GitHub backend repo
3. GitHub Actions:
   └─ Builds Docker image
   └─ Pushes to DockerHub
   └─ Updates image tag in GitOps repo (deployment.yaml)
4. ArgoCD (connected to GitOps repo):
   └─ Detects change in manifest
   └─ Applies new image to Kubernetes

βœ… Why GitOps with ArgoCD is Awesome

BenefitDescription
🧠 DeclarativeEverything is in Git, version-controlled.
πŸ” AutomatedNo manual kubectl apply. ArgoCD does it.
πŸ‘₯ CollaborationTeam members can propose changes via PRs.
πŸ“œ Audit TrailEvery change is tracked in Git.
πŸ’₯ RollbacksEasily revert to old version with git revert.
πŸ” SecureCI/CD pipelines don’t need cluster access.

πŸ“š Useful Commands

ArgoCD

argocd login <argocd-server>
argocd app list
argocd app sync <app-name>
argocd app rollback <app-name> <revision>

CPU Monitoring

kubectl top nodes
kubectl top pods

πŸ” What is a Personal Access Token (PAT) in GitHub?

A PAT (Personal Access Token) is like a password alternative that allows programmatic access to your GitHub account via HTTPS.

βœ… Why use it?

  • Secure access without exposing your password.

  • Useful for GitHub Actions, CI/CD, scripts, and Git clients.

  • Lets you commit, clone, push, pull, and access GitHub APIs.


πŸ› οΈ How to Create a PAT on GitHub (Step-by-Step)

  1. Go to GitHub Settings:

    • Click your profile picture > Settings
  2. Go to Developer Settings:

    • Left sidebar > Developer settings
  3. Choose Personal Access Tokens β†’ Tokens (classic)

  4. Click β€œGenerate new token (classic)”

  5. Give a Name and Expiration:

    • Example: ci-bot-token

    • Choose expiration (e.g., 30 or 90 days)

  6. Select Required Scopes (Permissions):
    For pushing commits to your GitOps (ops) repo, you only need:

     βœ… repo (Full control of private repositories)
    

    If your ops repo is public, then just:

     βœ… public_repo
    
  7. Generate the Token

πŸ“‹ IMPORTANT: Copy the token immediately. You won’t see it again!


πŸ” How to Use PAT to Push to GitHub from CI/CD

βœ… Store PAT in GitHub Secrets

  • Go to the repo where your CI/CD lives (like your backend code repo)

  • Settings > Secrets and variables > Actions

  • Click New repository secret

Name: GITOPS_TOKEN
Value: (paste your PAT)


βœ… Use PAT in GitHub Actions to Commit to Your Ops Repo

Example CI step to push updates to the ops repo:

- name: Push updated manifest to GitOps repo
  run: |
    git config --global user.name "GitOps Bot"
    git config --global user.email "bot@example.com"
    git clone https://x-access-token:${{ secrets.GITOPS_TOKEN }}@github.com/your-org/your-ops-repo.git
    cd your-ops-repo
    sed -i 's|image:.*|image: yourdockerhubuser/node-backend:latest|' deployment.yaml
    git commit -am "update image to latest"
    git push

πŸ” https://x-access-token:<PAT>@github.com/... is how you authenticate with GitHub using the token.


⚠️ Tips & Best Practices

  • βœ… Use a separate token for automation, not your personal login.

  • ⏰ Set token expiry (don’t leave it valid forever).

  • πŸ”’ Limit scopes to only what's needed (repo, workflow, etc.).

  • πŸ” Rotate tokens regularly (delete expired/unused ones).

  • πŸ§ͺ Use environment variables or GitHub Secrets, never hardcode PATs.

βœ… Final Thoughts

GitOps with ArgoCD is a game-changer for Kubernetes-based applications. It brings automation, stability, security, and auditability into the core of your deployment pipeline. With a Git-based flow, teams can scale faster with more control and confidence.

0
Subscribe to my newsletter

Read articles from Lav kushwaha directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Lav kushwaha
Lav kushwaha