GitOps with ArgoCD: Managing Kubernetes the Right Way

Why GitOps Changed How I Think About Deployments

Before GitOps, my Kubernetes deployments were a mess. Kubectl commands run from laptops, different versions in different clusters, no clear audit trail.

GitOps flips this around: Git becomes the single source of truth. What's in Git is what's running. No exceptions.

GitOps Principles

1. Declarative: Describe what you want, not how to get there
2. Versioned: All changes go through Git
3. Automated: Changes in Git automatically apply to clusters
4. Auditable: Git history shows who changed what and when

Setting Up ArgoCD

Installation

Create the argocd namespace and apply the installation manifest. Wait for pods to be ready, then get the initial admin password from the secret.

CLI Installation

Install the ArgoCD CLI using brew on macOS or download the binary for Linux.

Repository Structure

gitops-repo/
├── apps/                    # Application definitions
│   ├── production/
│   ├── staging/
│   └── dev/
├── base/                    # Base Kubernetes manifests
├── overlays/                # Environment-specific patches
└── projects/                # ArgoCD project definitions

Creating Your First Application

Create an Application resource that points to your Git repo, specifies the path to your manifests, and defines where to deploy.

Enable automated sync with prune (delete resources not in Git) and selfHeal (fix drift automatically).

Deployment Workflows

Standard Workflow

1. Developer creates PR with manifest changes
2. CI validates YAML and runs security scans (if using Azure DevOps for CI, see our [Azure DevOps Pipelines setup guide](/blog/azure-devops-pipelines-beginners-guide))
3. PR review and approval
4. Merge to main
5. ArgoCD detects change and syncs

Image Updates

Use ArgoCD Image Updater to automatically update image tags in your Git repo when new images are pushed.

Multi-Cluster Management

App of Apps Pattern

Manage multiple applications with one parent Application.

ApplicationSet for Multi-Cluster

Deploy the same app to multiple clusters using ApplicationSet with cluster generators.

Security Best Practices

RBAC Configuration

Create AppProjects that restrict repos, clusters, and who can sync.

Sealed Secrets

Never store plain secrets in Git. Use Sealed Secrets or external secret managers.

Getting Started Checklist

1. Install ArgoCD in your cluster
2. Set up a GitOps repository
3. Create your first Application resource
4. Enable auto-sync on a non-production app
5. Set up sealed secrets
6. Configure RBAC
7. Add monitoring and alerting
8. Document your deployment process

GitOps takes some setup, but the payoff is huge: predictable deployments, easy rollbacks, and a complete audit trail.