GitOps Workflow: Managing Infrastructure with Git and ArgoCD

GitOps is an operational framework that uses Git as the single source of truth for declarative infrastructure and application delivery. ArgoCD is the most popular GitOps tool for Kubernetes, automating deployment synchronization between your Git repository and live cluster.

What Is GitOps?

• Git as single source of truth: All desired state is stored in Git
• Declarative: You describe the desired state, not the steps to get there
• Automated: Changes in Git automatically apply to infrastructure
• Observable: Drift detection alerts when actual state differs from desired state

GitOps vs Traditional CI/CD

• Traditional: CI builds → CD pushes to cluster (push-based)
• GitOps: CI builds → commits to Git → ArgoCD pulls from Git → syncs cluster (pull-based)

Installing ArgoCD

# Create namespace
kubectl create namespace argocd

# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Wait for pods
kubectl wait --for=condition=Ready pods --all -n argocd --timeout=300s

# Get initial admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

# Port forward to access UI
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Install CLI
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd

Repository Structure

infrastructure-repo/
├── apps/
│   ├── web-app/
│   │   ├── deployment.yaml
│   │   ├── service.yaml
│   │   └── ingress.yaml
│   ├── api/
│   │   ├── deployment.yaml
│   │   └── service.yaml
│   └── database/
│       ├── statefulset.yaml
│       └── service.yaml
├── base/
│   ├── namespace.yaml
│   └── network-policy.yaml
└── overlays/
    ├── development/
    │   └── kustomization.yaml
    ├── staging/
    │   └── kustomization.yaml
    └── production/
        └── kustomization.yaml

Creating an ArgoCD Application

# application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: web-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/company/infrastructure
    targetRevision: main
    path: apps/web-app
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

Sync Strategies

• Manual sync: Review changes before applying (recommended for production)
• Auto sync: Automatically apply changes when Git changes
• Self-heal: Revert manual cluster changes to match Git state
• Prune: Delete resources removed from Git

Deployment Workflow

1. Developer creates a Pull Request with infrastructure changes
2. Team reviews the PR (code review for infrastructure)
3. PR is merged to main branch
4. ArgoCD detects the change and syncs the cluster
5. ArgoCD reports sync status (Healthy, Degraded, or OutOfSync)

Rollback

# ArgoCD CLI rollback
argocd app rollback web-app

# Or simply revert the Git commit
git revert HEAD
git push origin main
# ArgoCD automatically syncs to the reverted state

Best Practices

1. Separate application code repositories from infrastructure repositories
2. Use branch protection rules on the infrastructure repo
3. Require PR reviews for all infrastructure changes
4. Use Kustomize or Helm for environment-specific configurations
5. Enable notifications for sync failures
6. Implement RBAC for ArgoCD access control
7. Use sealed secrets or external secret operators for sensitive data

GitOps with ArgoCD brings the same rigor and auditability to infrastructure management that we expect from application development. Every change is versioned, reviewed, and traceable — making your operations more reliable and your team more confident.