Last Updated: November 21, 2025
GitOps Principles
Git as single source of truth
All configuration stored in Git repositories
Declarative infrastructure
Define desired state, not imperative steps
Automated synchronization
Automatic deployment from Git to clusters
Continuous reconciliation
System constantly moves toward desired state
Pull-based deployment
Cluster pulls changes from Git (not pushed)
Immutable infrastructure
Changes via Git commits, not manual edits
Version control everything
Infrastructure, apps, configs all in Git
Audit trail through Git history
Full history of changes and rollback capability
ArgoCD Installation
kubectl create namespace argocd
Create ArgoCD namespace
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Install ArgoCD in cluster
kubectl get pods -n argocd
Verify ArgoCD pods are running
kubectl port-forward svc/argocd-server -n argocd 8080:443
Access ArgoCD UI locally
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Get initial admin password
argocd login localhost:8080
Login via ArgoCD CLI
argocd account update-password
Change admin password
ArgoCD Applications
argocd app create myapp --repo https://github.com/user/repo --path manifests --dest-server https://kubernetes.default.svc --dest-namespace default
Create ArgoCD application via CLI
argocd app list
List all applications
argocd app get myapp
Get application details
argocd app sync myapp
Manually sync application
argocd app set myapp --sync-policy automated
Enable auto-sync for application
argocd app set myapp --auto-prune
Enable automatic pruning of resources
argocd app set myapp --self-heal
Enable self-healing for drift correction
argocd app delete myapp
Delete application from ArgoCD
argocd app rollback myapp
Rollback to previous version
argocd app history myapp
View deployment history
argocd app diff myapp
Show diff between Git and cluster
argocd app wait myapp
Wait for application to reach synced state
ArgoCD Application YAML
apiVersion: argoproj.io/v1alpha1
ArgoCD Application API version
kind: Application
Resource kind for Application
spec.source.repoURL: https://github.com/user/repo
Git repository URL
spec.source.targetRevision: HEAD
Branch, tag, or commit to track
spec.source.path: ./k8s
Path to manifests in repo
spec.destination.server: https://kubernetes.default.svc
Target Kubernetes cluster
spec.destination.namespace: production
Target namespace
spec.syncPolicy.automated.prune: true
Enable automatic pruning
spec.syncPolicy.automated.selfHeal: true
Enable automatic self-healing
spec.syncPolicy.syncOptions: ["CreateNamespace=true"]
Sync options like auto-create namespace
ArgoCD with Helm
spec.source.helm.releaseName: myrelease
Specify Helm release name
spec.source.helm.valueFiles: [values-prod.yaml]
Specify Helm values files
spec.source.helm.values: |
Inline Helm values in Application
spec.source.helm.parameters: [{name: image.tag, value: v1.0}]
Override specific Helm values
spec.source.chart: mychart
Helm chart name (for chart repos)
spec.source.repoURL: https://charts.example.com
Helm chart repository URL
spec.source.targetRevision: 1.2.3
Helm chart version
ArgoCD with Kustomize
spec.source.kustomize.namePrefix: prod-
Add prefix to resource names
spec.source.kustomize.nameSuffix: -v2
Add suffix to resource names
spec.source.kustomize.images: [nginx=nginx:1.21]
Override container images
spec.source.kustomize.commonLabels: {env: prod}
Add labels to all resources
spec.source.kustomize.commonAnnotations: {owner: team-a}
Add annotations to all resources
argocd app set myapp --kustomize-image nginx=nginx:1.22
Override image via CLI
FluxCD Installation
curl -s https://fluxcd.io/install.sh | sudo bash
Install Flux CLI
flux check --pre
Check cluster prerequisites
export GITHUB_TOKEN=<token>
Set GitHub personal access token
flux bootstrap github --owner=user --repository=fleet --path=clusters/prod --personal
Bootstrap Flux to GitHub repository
flux check
Verify Flux installation
kubectl get pods -n flux-system
Check Flux components
FluxCD GitRepository
flux create source git myapp --url=https://github.com/user/repo --branch=main
Create Git source
flux get sources git
List Git sources
apiVersion: source.toolkit.fluxcd.io/v1
GitRepository API version
kind: GitRepository
Resource kind for Git source
spec.url: https://github.com/user/repo
Repository URL
spec.ref.branch: main
Track specific branch
spec.interval: 1m
Sync interval for repository
spec.secretRef.name: git-credentials
Reference to authentication secret
FluxCD Kustomization
flux create kustomization myapp --source=myapp --path="./kustomize" --prune=true
Create Kustomization resource
flux get kustomizations
List all Kustomizations
apiVersion: kustomize.toolkit.fluxcd.io/v1
Kustomization API version
kind: Kustomization
Resource kind for Flux Kustomization
spec.sourceRef.kind: GitRepository
Reference to Git source
spec.path: ./deploy/production
Path to manifests in repository
spec.prune: true
Enable pruning of deleted resources
spec.interval: 10m
Reconciliation interval
spec.targetNamespace: production
Override namespace for resources
spec.healthChecks: [{kind: Deployment, name: app}]
Define health check resources
spec.wait: true
Wait for resources to be ready
spec.timeout: 5m
Timeout for reconciliation
FluxCD HelmRelease
flux create helmrelease myapp --source=HelmRepository/myrepo --chart=mychart --target-namespace=default
Create Helm release
apiVersion: helm.toolkit.fluxcd.io/v2
HelmRelease API version
spec.chart.spec.chart: nginx
Helm chart name
spec.chart.spec.version: "1.2.x"
Chart version (supports semver)
spec.values: {replicaCount: 3}
Inline Helm values
spec.valuesFrom: [{kind: ConfigMap, name: values}]
Load values from ConfigMap/Secret
spec.install.remediation.retries: 3
Retry failed installations
spec.upgrade.remediation.strategy: rollback
Rollback on failed upgrade
Secrets Management
kubectl create secret generic git-credentials --from-literal=username=user --from-literal=password=token
Create Git credentials secret
flux create secret git flux-system --url=https://github.com/user/repo --username=user --password=token
Create Flux Git secret via CLI
Mozilla SOPS integration
Encrypt secrets in Git with SOPS
Sealed Secrets with ArgoCD/Flux
Encrypt secrets for safe Git storage
External Secrets Operator
Sync secrets from external vaults
spec.decryption.provider: sops
Enable SOPS decryption in Flux
sops --encrypt --in-place secret.yaml
Encrypt secret file with SOPS
age-keygen -o age.key
Generate age key for SOPS
Multi-Cluster Management
argocd cluster add context-name
Add cluster to ArgoCD
argocd cluster list
List registered clusters
spec.destination.name: production-cluster
Target named cluster in Application
ApplicationSet for multiple clusters
Deploy to multiple clusters with templates
flux bootstrap for each cluster
Bootstrap Flux on each cluster separately
Cluster-specific paths: clusters/prod, clusters/dev
Organize manifests by cluster
Pro Tip:
Use Git branches for different environments (dev/staging/prod) and leverage automated sync policies with self-healing enabled. Always encrypt secrets with SOPS or Sealed Secrets before committing to Git. Combine Kustomize overlays with GitOps for environment-specific configurations!