๐ Introduction: Why GitOps? Because CI/CD Needed a Makeover
Picture this: Your team is manually deploying apps to Kubernetes. The YAMLs are scattered, and no one knows which version is running in production. Jenkins jobs fail randomly, and rollback is a prayer-based process. Sound familiar?
Enter GitOpsโthe DevOps methodology that treats Git as the single source of truth for your infrastructure and applications. Instead of manually applying changes, you commit them to Git, and a tool like ArgoCD ensures your cluster stays in sync. Pair this with Helm to manage Kubernetes manifests like a pro, and you've got a rock-solid deployment strategy.
By the end of this guide, you'll:
โ
Understand the core principles of GitOps
โ
Set up ArgoCD for automated Kubernetes deployments
โ
Use Helm to simplify and manage Kubernetes applications
โ
Implement CI/CD pipelines to build, test, and scan container images
โ
Learn how to separate application and infrastructure repositories for better modularity
So, grab your coffee โ, and letโs dive into automated deployments with ArgoCD, Helm, and CI/CD pipelines!
๐ What is GitOps? (And Why You Should Care)
๐ GitOps in a Nutshell
GitOps is a developer-centric approach to managing infrastructure and applications using Git. Itโs based on these core principles:
1๏ธโฃ Declarative Configuration โ Everything (infra, apps) is defined as code.
2๏ธโฃ Versioned & Immutable โ Git acts as the source of truth. Rollbacks are as easy as git revert.
3๏ธโฃ Automated Syncing โ A tool (like ArgoCD) ensures the actual state in Kubernetes matches the desired state in Git.
4๏ธโฃ Continuous Reconciliation โ If someone accidentally applies a change outside Git, GitOps automatically fixes it.
๐ฏ Why ArgoCD?
ArgoCD is a lightweight, Kubernetes-native GitOps tool that continuously monitors Git repositories and applies the desired state to your cluster.
โ
Self-healing โ If someone changes something manually, ArgoCD will fix it.
โ
Multi-cluster support โ Manage multiple clusters from a single dashboard.
โ
Easy Rollbacks โ Revert to a previous commit and ArgoCD will handle the rest.
โ
RBAC & SSO support โ Secure your deployments with fine-grained access control.
๐ง Setting Up ArgoCD in Kubernetes
Before we automate anything, letโs get ArgoCD installed on our Kubernetes cluster.
๐น Step 1: Install ArgoCD
ArgoCD runs inside Kubernetes, and installing it is as simple as:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Verify the installation:
kubectl get pods -n argocd
๐น Step 2: Expose the ArgoCD API Server
By default, ArgoCD runs internally. To access the UI, expose it via kubectl port-forward:
kubectl port-forward svc/argocd-server -n argocd 8080:443
Now, open your browser and navigate to https://localhost:8080. ๐
๐น Step 3: Login to ArgoCD
Get the initial admin password:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Login using the CLI:
argocd login localhost:8080 --username admin --password <your-password>
๐ Deploying an Application with ArgoCD and Helm
Now that we have ArgoCD running, letโs deploy a sample application using Helm.
๐ What is Helm?
Helm is a package manager for Kubernetes that simplifies deploying applications by using charts. Instead of managing hundreds of YAML files, you define parameters in values.yaml, and Helm takes care of the rest.
๐น Step 1: Separate Your Repositories
To follow GitOps best practices, separate your repositories into:
โ
Application Repository โ Contains your app code, Dockerfile, and CI/CD pipeline for building images.
โ
Infrastructure Repository โ Contains your Helm charts, ArgoCD configurations, and Kubernetes manifests.
๐ app-repo/
โโโ src/
โโโ Dockerfile
โโโ .github/workflows/build-and-push.yaml # CI/CD pipeline
โโโ README.md
๐ infra-repo/
โโโ charts/
โโโ values.yaml
โโโ applications/
โโโ argocd.yaml
โโโ README.md
๐น Step 2: CI/CD Pipeline for Building, Testing, and Scanning
Use GitHub Actions, GitLab CI, or Jenkins to:
1๏ธโฃ Build the container image
2๏ธโฃ Scan for vulnerabilities (Trivy, Snyk, or Clair)
3๏ธโฃ Run tests (Unit tests, integration tests)
4๏ธโฃ Push the image to a container registry
Example GitHub Actions Workflow (build-and-push.yaml):
name: Build and Push Docker Image
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Login to DockerHub
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: Build and tag Docker image
run: |
docker build -t my-app:latest .
docker tag my-app:latest my-dockerhub/my-app:${{ github.sha }}
- name: Scan image for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: 'my-dockerhub/my-app:${{ github.sha }}'
format: 'table'
- name: Push Docker image
run: |
docker push my-dockerhub/my-app:${{ github.sha }}
๐น Step 3: Configure ArgoCD to Watch Helm Chart Repo
Now, create an ArgoCD application that points to your Helm chart repository:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-helm-app
namespace: argocd
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
project: default
source:
chart: my-app
repoURL: https://github.com/example/infra-repo
targetRevision: main
helm:
values: |
image:
repository: my-dockerhub/my-app
tag: latest
syncPolicy:
automated:
prune: true
selfHeal: true
Apply the application manifest:
kubectl apply -f my-app.yaml
๐ Best Practices for GitOps with ArgoCD and Helm
โ
Separate Application & Infrastructure Repositories โ Keep your app code and deployment configs independent.
โ
Use CI/CD Pipelines โ Automate image building, scanning, and testing.
โ
Enable RBAC in ArgoCD โ Restrict who can apply changes.
โ
Use Helm Secrets or SOPS โ Never store plaintext secrets in Git.
โ
Monitor with Prometheus & Grafana โ Use ArgoCD metrics for insights.
โ
Automate Image Updates โ Use ArgoCD Image Updater to pull new images.
๐ข Conclusion: GitOps FTW! ๐
By combining ArgoCD, Helm, and CI/CD pipelines, you get:
โ Automated deployments
โ Self-healing applications
โ Secure & scalable pipelines
๐ฅ Try deploying your own apps using GitOps and let me know how it goes! ๐
๐ Next Steps:
- Explore ArgoCD docs
- Learn about Helm
- Check out Argocd Image Updater for automatically update container images
Happy GitOps-ing! ๐
Top comments (0)