Protego
Zero Trust14 min read

GitOps with ArgoCD: Managing Kubernetes the Right Way

GitOps makes Kubernetes deployments predictable and auditable. Learn how to set up ArgoCD and implement GitOps practices for your clusters.

I
Idan Ohayon
Microsoft Cloud Solution Architect
December 22, 2024
GitOpsArgoCDKubernetesDevOpsCD

Why GitOps Changed How I Think About Deployments

Before GitOps, my Kubernetes deployments were a mess. Kubectl commands run from laptops, different versions in different clusters, no clear audit trail.

GitOps flips this around: Git becomes the single source of truth. What's in Git is what's running. No exceptions.

GitOps Principles

  1. Declarative: Describe what you want, not how to get there
  2. Versioned: All changes go through Git
  3. Automated: Changes in Git automatically apply to clusters
  4. Auditable: Git history shows who changed what and when

Setting Up ArgoCD

Installation

Create the argocd namespace and apply the installation manifest. Wait for pods to be ready, then get the initial admin password from the secret.

CLI Installation

Install the ArgoCD CLI using brew on macOS or download the binary for Linux.

Repository Structure

gitops-repo/
├── apps/                    # Application definitions
│   ├── production/
│   ├── staging/
│   └── dev/
├── base/                    # Base Kubernetes manifests
├── overlays/                # Environment-specific patches
└── projects/                # ArgoCD project definitions

Creating Your First Application

Create an Application resource that points to your Git repo, specifies the path to your manifests, and defines where to deploy.

Enable automated sync with prune (delete resources not in Git) and selfHeal (fix drift automatically).

Deployment Workflows

Standard Workflow

  1. Developer creates PR with manifest changes
  2. CI validates YAML and runs security scans
  3. PR review and approval
  4. Merge to main
  5. ArgoCD detects change and syncs

Image Updates

Use ArgoCD Image Updater to automatically update image tags in your Git repo when new images are pushed.

Multi-Cluster Management

App of Apps Pattern

Manage multiple applications with one parent Application.

ApplicationSet for Multi-Cluster

Deploy the same app to multiple clusters using ApplicationSet with cluster generators.

Security Best Practices

RBAC Configuration

Create AppProjects that restrict repos, clusters, and who can sync.

Sealed Secrets

Never store plain secrets in Git. Use Sealed Secrets or external secret managers.

Getting Started Checklist

  1. Install ArgoCD in your cluster
  2. Set up a GitOps repository
  3. Create your first Application resource
  4. Enable auto-sync on a non-production app
  5. Set up sealed secrets
  6. Configure RBAC
  7. Add monitoring and alerting
  8. Document your deployment process

GitOps takes some setup, but the payoff is huge: predictable deployments, easy rollbacks, and a complete audit trail.

I

Idan Ohayon

Microsoft Cloud Solution Architect

Cloud Solution Architect with deep expertise in Microsoft Azure and a strong background in systems and IT infrastructure. Passionate about cloud technologies, security best practices, and helping organizations modernize their infrastructure.

Share this article

TwitterLinkedIn

Questions & Answers

Related Articles

🛡️
Zero Trust

Microsoft Entra ID Conditional Access: Protect Your Organization

14 min read

Need Help with Your Security?

Our team of security experts can help you implement the strategies discussed in this article.

Contact Us