GitOps & ArgoCD Tutorial: CI/CD Workflow to Deploy on Kubernetes

✅ What is GitOps?

GitOps is a modern DevOps approach where Git becomes the single source of truth for your entire infrastructure and application deployments. Instead of manually running kubectl apply or using scripts, you declare your desired state (like app version, replicas, configs) in a Git repository. Then tools like ArgoCD continuously sync those changes to your Kubernetes cluster.

🔁 In GitOps, your deployment flow becomes:
Git Commit → Git Push → ArgoCD Sync → Kubernetes Deployment

✅ What is ArgoCD?

ArgoCD is a powerful GitOps tool that:

Watches a Git repository for changes in Kubernetes manifests.
Automatically syncs those changes to a Kubernetes cluster.
Visualizes applications and sync status via a UI or CLI.
Provides rollback, version control, and audit capabilities.

🧠 Think of ArgoCD as a Kubernetes-native deployment controller powered by Git.

📦 Traditional Deployment vs GitOps Deployment

Feature	Traditional Way	GitOps Way
Source of Truth	Your terminal or CI/CD tool	Git Repository
Manual Work	`kubectl apply` after every build	Auto sync via ArgoCD
Rollbacks	Manual	One-click from Git history
Security	Depends on user access	Controlled by Git permissions
Audit Trail	None or via logs	Built-in Git commit history

🔁 GitOps Deployment Workflow (End-to-End)

Let’s walk through how to deploy a Node.js backend application using GitOps with ArgoCD.

🔧 Step-by-Step GitOps Flow

1. Write Code

Build a simple Node.js backend app.

// server.js
const express = require('express');
const app = express();
app.get('/', (req, res) => res.send('Node backend working!'));
app.listen(3000, () => console.log('Server started on port 3000'));

2. Dockerize the App

Create a Dockerfile in the project:

FROM node:18
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]

3. CI Pipeline (GitHub Actions)

We’ll automate Docker build and push to DockerHub.

# .github/workflows/docker-ci.yml
name: Build and Push Docker Image

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
      uses: actions/checkout@v3

    - name: Login to DockerHub
      run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin

    - name: Build and Push Image
      run: |
        docker build -t ${{ secrets.DOCKER_USERNAME }}/node-backend:latest .
        docker push ${{ secrets.DOCKER_USERNAME }}/node-backend:latest

🔐 Store DockerHub credentials in GitHub Secrets.

4. GitOps Repository Setup

Create a second repo, e.g., node-backend-ops, for Kubernetes manifests.

deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: node-backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: node-backend
  template:
    metadata:
      labels:
        app: node-backend
    spec:
      containers:
      - name: node
        image: your-docker-username/node-backend:latest
        ports:
        - containerPort: 3000

service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: node-backend-service
spec:
  selector:
    app: node-backend
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000
  type: LoadBalancer

5. Update CI to Trigger GitOps

After pushing Docker image, commit new image tag to ops repo.

# Add a job in docker-ci.yml (add after Docker push)
- name: Update GitOps Repo
  run: |
    git config --global user.name "GitOps Bot"
    git config --global user.email "bot@example.com"
    git clone https://x-access-token:${{ secrets.GITOPS_TOKEN }}@github.com/your-org/node-backend-ops.git
    cd node-backend-ops
    sed -i 's|image:.*|image: your-docker-username/node-backend:latest|' deployment.yaml
    git commit -am "Update image to latest"
    git push

✅ You can also use tools like Kustomize or [Helm] for templating versions.

6. Configure ArgoCD to Watch Ops Repo

Install ArgoCD on cluster:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Access UI:

kubectl port-forward svc/argocd-server -n argocd 8080:443

kubectl get secret argocd-initial-admin-secret -n argocd -o yaml

Create App in ArgoCD (UI or CLI):

argocd app create node-backend \
  --repo https://github.com/your-org/node-backend-ops.git \
  --path . \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace default

Sync App:

argocd app sync node-backend

🧩 GitOps Flow Recap (Visual)

1. Developer writes Node backend code
2. Commit & push to GitHub backend repo
3. GitHub Actions:
   └─ Builds Docker image
   └─ Pushes to DockerHub
   └─ Updates image tag in GitOps repo (deployment.yaml)
4. ArgoCD (connected to GitOps repo):
   └─ Detects change in manifest
   └─ Applies new image to Kubernetes

✅ Why GitOps with ArgoCD is Awesome

Benefit	Description
🧠 Declarative	Everything is in Git, version-controlled.
🔁 Automated	No manual `kubectl apply`. ArgoCD does it.
👥 Collaboration	Team members can propose changes via PRs.
📜 Audit Trail	Every change is tracked in Git.
💥 Rollbacks	Easily revert to old version with `git revert`.
🔐 Secure	CI/CD pipelines don’t need cluster access.

📚 Useful Commands

ArgoCD

argocd login <argocd-server>
argocd app list
argocd app sync <app-name>
argocd app rollback <app-name> <revision>

CPU Monitoring

kubectl top nodes
kubectl top pods

🔐 What is a Personal Access Token (PAT) in GitHub?

A PAT (Personal Access Token) is like a password alternative that allows programmatic access to your GitHub account via HTTPS.

✅ Why use it?

Secure access without exposing your password.
Useful for GitHub Actions, CI/CD, scripts, and Git clients.
Lets you commit, clone, push, pull, and access GitHub APIs.

🛠️ How to Create a PAT on GitHub (Step-by-Step)

Go to GitHub Settings:
- Click your profile picture > Settings
Go to Developer Settings:
- Left sidebar > Developer settings
Choose Personal Access Tokens → Tokens (classic)
Click “Generate new token (classic)”
Give a Name and Expiration:
- Example: ci-bot-token
- Choose expiration (e.g., 30 or 90 days)
Select Required Scopes (Permissions):
For pushing commits to your GitOps (ops) repo, you only need:
```
 ✅ repo (Full control of private repositories)
```
If your ops repo is public, then just:
```
 ✅ public_repo
```
Generate the Token

📋 IMPORTANT: Copy the token immediately. You won’t see it again!

🔐 How to Use PAT to Push to GitHub from CI/CD

✅ Store PAT in GitHub Secrets

Go to the repo where your CI/CD lives (like your backend code repo)
Settings > Secrets and variables > Actions
Click New repository secret

Name: GITOPS_TOKEN
Value: (paste your PAT)

✅ Use PAT in GitHub Actions to Commit to Your Ops Repo

Example CI step to push updates to the ops repo:

- name: Push updated manifest to GitOps repo
  run: |
    git config --global user.name "GitOps Bot"
    git config --global user.email "bot@example.com"
    git clone https://x-access-token:${{ secrets.GITOPS_TOKEN }}@github.com/your-org/your-ops-repo.git
    cd your-ops-repo
    sed -i 's|image:.*|image: yourdockerhubuser/node-backend:latest|' deployment.yaml
    git commit -am "update image to latest"
    git push

🔐 https://x-access-token:<PAT>@github.com/... is how you authenticate with GitHub using the token.

⚠️ Tips & Best Practices

✅ Use a separate token for automation, not your personal login.
⏰ Set token expiry (don’t leave it valid forever).
🔒 Limit scopes to only what's needed (repo, workflow, etc.).
🔁 Rotate tokens regularly (delete expired/unused ones).
🧪 Use environment variables or GitHub Secrets, never hardcode PATs.

✅ Final Thoughts

GitOps with ArgoCD is a game-changer for Kubernetes-based applications. It brings automation, stability, security, and auditability into the core of your deployment pipeline. With a Git-based flow, teams can scale faster with more control and confidence.

9th Week :- GitOps with ArgoCD: Automate Kubernetes Deployments from Code to Cluster

Table of contents