GitOps Workflow

GitOps Workflow

Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments

Category: design Source: wshobson/agents

What Is This

The GitOps Workflow skill provides a comprehensive approach for implementing automated, declarative application and infrastructure deployments to Kubernetes using Git as the single source of truth. This skill is centered on using ArgoCD and Flux, two leading GitOps tools, to manage Kubernetes resources by continuously reconciling the desired state defined in Git repositories with the actual state of your clusters. By following OpenGitOps principles, teams can achieve repeatable, auditable, and secure deployment pipelines with minimal manual intervention.

Why Use It

Adopting a GitOps workflow offers a standardized, scalable, and secure method for managing complex Kubernetes environments. Key benefits include:

  • Declarative Infrastructure: All cluster and application configurations are described in YAML manifests stored in Git. This makes the system state transparent and easily auditable.
  • Version Control: Changes to infrastructure and application manifests are tracked through Git, enabling rollbacks, traceability, and collaborative workflows.
  • Automated Deployments: GitOps operators like ArgoCD and Flux continuously monitor Git repositories and automatically apply changes to Kubernetes clusters, reducing manual deployment steps and decreasing the risk of human error.
  • Continuous Reconciliation: Agents regularly compare the cluster state with the Git-defined desired state, ensuring drift correction and consistent environments.
  • Scalability: GitOps workflows can easily scale across multiple clusters, teams, and environments, enabling progressive delivery and advanced deployment strategies, such as blue-green and canary releases.

How to Use It

1. Prerequisites

  • A running Kubernetes cluster (local or cloud-based)
  • Access to a Git repository containing your Kubernetes manifests
  • kubectl configured for cluster access

2. Setup with ArgoCD

Install ArgoCD:

## Create a dedicated namespace for ArgoCD
kubectl create namespace argocd

## Install ArgoCD components
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Access ArgoCD UI:

Retrieve the admin password:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Port-forward the ArgoCD API server to your local machine:

kubectl port-forward svc/argocd-server -n argocd 8080:443

Log in to the ArgoCD UI at https://localhost:8080 using the default admin user and the retrieved password.

Connect a Git Repository:

Create an Application resource pointing to your manifest repository:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: 'https://github.com/your-org/your-repo.git'
    targetRevision: HEAD
    path: k8s/manifests
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: my-app-namespace
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Apply the Application resource:

kubectl apply -f application.yaml

ArgoCD will now monitor your repository and deploy any changes automatically.

3. Setup with Flux

Install Flux CLI:

brew install fluxcd/tap/flux

Bootstrap Flux on Your Cluster:

flux bootstrap github \
  --owner=your-org \
  --repository=your-repo \
  --branch=main \
  --path=clusters/my-cluster

This command sets up Flux controllers and configures them to watch your repository for changes. Manifests placed under clusters/my-cluster are automatically reconciled to your cluster.

4. Secret Management

Both ArgoCD and Flux support integration with Kubernetes secrets and external secret stores (such as HashiCorp Vault, SOPS, or Sealed Secrets). For example, with Sealed Secrets:

kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml

You can then encrypt secrets and store them safely in Git, allowing secure and automated deployment alongside your manifests.

When to Use It

The GitOps Workflow skill is best suited for scenarios such as:

  • Setting up end-to-end automated deployments to Kubernetes clusters
  • Enabling team collaboration through Git-based change management
  • Implementing progressive delivery (canary, blue-green deployments)
  • Managing multi-cluster or multi-environment deployments
  • Enforcing compliance and auditability for infrastructure changes
  • Automating sync and remediation of cluster state drift
  • Integrating secure secret management in deployment pipelines

Important Notes

  • Declarative Only: Ensure all Kubernetes resources are described declaratively in your Git repository. Imperative changes made directly to the cluster will be reverted by the GitOps agent.
  • Security: Restrict write access to the Git repository and use branch protection to prevent unauthorized changes.
  • Continuous Reconciliation: Both ArgoCD and Flux agents continuously monitor and reconcile the actual state of the cluster against the desired state in Git. Any manual changes made outside Git will be overwritten.
  • Scalability: For large environments, organize manifests by environment, team, or application, and consider using Helm or Kustomize for templating and reuse.
  • Disaster Recovery: Git history acts as a backup and source for cluster restoration.
  • Secret Management: Never store plaintext secrets in Git. Always use encrypted solutions or secret management integrations.

By following these guidelines and leveraging the GitOps Workflow skill, you can achieve automated, reliable, and secure Kubernetes deployments with minimal operational overhead.