π Introduction: Why GitOps? Because CI/CD Needed a Makeover
Picture this: Your team is manually deploying apps to Kubernetes. The YAMLs are scattered, and no one knows which version is running in production. Jenkins jobs fail randomly, and rollback is a prayer-based process. Sound familiar?
Enter GitOpsβthe DevOps methodology that treats Git as the single source of truth for your infrastructure and applications. Instead of manually applying changes, you commit them to Git, and a tool like ArgoCD ensures your cluster stays in sync. Pair this with Helm to manage Kubernetes manifests like a pro, and you've got a rock-solid deployment strategy.
By the end of this guide, you'll:
β
Understand the core principles of GitOps
β
Set up ArgoCD for automated Kubernetes deployments
β
Use Helm to simplify and manage Kubernetes applications
β
Implement CI/CD pipelines to build, test, and scan container images
β
Learn how to separate application and infrastructure repositories for better modularity
So, grab your coffee β, and letβs dive into automated deployments with ArgoCD, Helm, and CI/CD pipelines!
π What is GitOps? (And Why You Should Care)
π GitOps in a Nutshell
GitOps is a developer-centric approach to managing infrastructure and applications using Git. Itβs based on these core principles:
1οΈβ£ Declarative Configuration β Everything (infra, apps) is defined as code.
2οΈβ£ Versioned & Immutable β Git acts as the source of truth. Rollbacks are as easy as git revert.
3οΈβ£ Automated Syncing β A tool (like ArgoCD) ensures the actual state in Kubernetes matches the desired state in Git.
4οΈβ£ Continuous Reconciliation β If someone accidentally applies a change outside Git, GitOps automatically fixes it.
π― Why ArgoCD?
ArgoCD is a lightweight, Kubernetes-native GitOps tool that continuously monitors Git repositories and applies the desired state to your cluster.
β
Self-healing β If someone changes something manually, ArgoCD will fix it.
β
Multi-cluster support β Manage multiple clusters from a single dashboard.
β
Easy Rollbacks β Revert to a previous commit and ArgoCD will handle the rest.
β
RBAC & SSO support β Secure your deployments with fine-grained access control.
π§ Setting Up ArgoCD in Kubernetes
Before we automate anything, letβs get ArgoCD installed on our Kubernetes cluster.
πΉ Step 1: Install ArgoCD
ArgoCD runs inside Kubernetes, and installing it is as simple as:
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml Verify the installation:
kubectl get pods -n argocd πΉ Step 2: Expose the ArgoCD API Server
By default, ArgoCD runs internally. To access the UI, expose it via kubectl port-forward:
kubectl port-forward svc/argocd-server -n argocd 8080:443 Now, open your browser and navigate to https://localhost:8080. π
πΉ Step 3: Login to ArgoCD
Get the initial admin password:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d Login using the CLI:
argocd login localhost:8080 --username admin --password <your-password> π Deploying an Application with ArgoCD and Helm
Now that we have ArgoCD running, letβs deploy a sample application using Helm.
π What is Helm?
Helm is a package manager for Kubernetes that simplifies deploying applications by using charts. Instead of managing hundreds of YAML files, you define parameters in values.yaml, and Helm takes care of the rest.
πΉ Step 1: Separate Your Repositories
To follow GitOps best practices, separate your repositories into:
β
Application Repository β Contains your app code, Dockerfile, and CI/CD pipeline for building images.
β
Infrastructure Repository β Contains your Helm charts, ArgoCD configurations, and Kubernetes manifests.
π app-repo/ βββ src/ βββ Dockerfile βββ .github/workflows/build-and-push.yaml # CI/CD pipeline βββ README.md π infra-repo/ βββ charts/ βββ values.yaml βββ applications/ βββ argocd.yaml βββ README.md πΉ Step 2: CI/CD Pipeline for Building, Testing, and Scanning
Use GitHub Actions, GitLab CI, or Jenkins to:
1οΈβ£ Build the container image
2οΈβ£ Scan for vulnerabilities (Trivy, Snyk, or Clair)
3οΈβ£ Run tests (Unit tests, integration tests)
4οΈβ£ Push the image to a container registry
Example GitHub Actions Workflow (build-and-push.yaml):
name: Build and Push Docker Image on: push: branches: - main jobs: build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Login to DockerHub run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - name: Build and tag Docker image run: | docker build -t my-app:latest . docker tag my-app:latest my-dockerhub/my-app:${{ github.sha }} - name: Scan image for vulnerabilities uses: aquasecurity/trivy-action@master with: image-ref: 'my-dockerhub/my-app:${{ github.sha }}' format: 'table' - name: Push Docker image run: | docker push my-dockerhub/my-app:${{ github.sha }} πΉ Step 3: Configure ArgoCD to Watch Helm Chart Repo
Now, create an ArgoCD application that points to your Helm chart repository:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: my-helm-app namespace: argocd spec: destination: namespace: default server: https://kubernetes.default.svc project: default source: chart: my-app repoURL: https://github.com/example/infra-repo targetRevision: main helm: values: | image: repository: my-dockerhub/my-app tag: latest syncPolicy: automated: prune: true selfHeal: true Apply the application manifest:
kubectl apply -f my-app.yaml π Best Practices for GitOps with ArgoCD and Helm
β
Separate Application & Infrastructure Repositories β Keep your app code and deployment configs independent.
β
Use CI/CD Pipelines β Automate image building, scanning, and testing.
β
Enable RBAC in ArgoCD β Restrict who can apply changes.
β
Use Helm Secrets or SOPS β Never store plaintext secrets in Git.
β
Monitor with Prometheus & Grafana β Use ArgoCD metrics for insights.
β
Automate Image Updates β Use ArgoCD Image Updater to pull new images.
π’ Conclusion: GitOps FTW! π
By combining ArgoCD, Helm, and CI/CD pipelines, you get:
β Automated deployments
β Self-healing applications
β Secure & scalable pipelines
π₯ Try deploying your own apps using GitOps and let me know how it goes! π
π Next Steps:
- Explore ArgoCD docs
- Learn about Helm
- Check out Argocd Image Updater for automatically update container images
Happy GitOps-ing! π
Top comments (0)