CI/CD & GitOps

In the old days, a CI server (Jenkins) would build an artifact and then run a script to deploy it: ssh user@server "docker pull my-app && docker restart my-app"

In Kubernetes, this is dangerous. If you run kubectl apply -f deploy.yaml from your laptop, and someone else does the same, who knows what’s running in the cluster?

[!IMPORTANT] GitOps is a set of practices where Git is the single source of truth for the system’s desired state. An agent (like ArgoCD) runs inside the cluster and continuously syncs the cluster state to match the Git repository.

1. The GitOps Workflow

  1. Developer: Commits code change.
  2. CI (GitHub Actions): Builds Docker image, pushes to Registry.
  3. CI: Updates deployment.yaml in the Config Repo with the new image tag.
  4. ArgoCD: Detects the change in the Config Repo.
  5. Sync: ArgoCD applies the new manifest to the cluster.

2. Interactive: GitOps Sync Visualizer

Simulate a GitOps workflow. Change the Git State and watch the Cluster State catch up.

🐙

Git Repository

replicas: 3
Synced
☸️

Kubernetes Cluster

3. Defining an Application in ArgoCD

ArgoCD uses a Custom Resource called Application to define the sync.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
  repoURL: https://github.com/my-org/my-app-config.git
  targetRevision: HEAD
  path: k8s/production
  destination:
  server: https://kubernetes.default.svc
  namespace: production
  syncPolicy:
  automated:
    prune: true
    selfHeal: true
  • repoURL: Where is the YAML?
  • path: Which folder?
  • destination: Which cluster?
  • syncPolicy: Should it auto-sync? selfHeal means if someone manually deletes a deployment, ArgoCD puts it back immediately.

4. Progressive Delivery (Blue-Green / Canary)

Standard Kubernetes RollingUpdate is basic. You can’t say “Release to 1% of users, check metrics, then rollout to 10%”.

For this, we use Argo Rollouts.

apiVersion: argoproj.io/v1alpha1
kind: Rollout
spec:
  strategy:
  canary:
    steps:
    - setWeight: 20
    - pause: {duration: 1h}
    - setWeight: 40
    - pause: {duration: 1h}
    - setWeight: 60
    ...

This replaces the standard Deployment object and adds traffic splitting capabilities.

5. Summary

  • GitOps: Git is the single source of truth.
  • ArgoCD: The agent that syncs Git to Cluster.
  • Declarative: We don’t script deployments; we declare the end state.
  • Progressive Delivery: Use tools like Argo Rollouts for Canary/Blue-Green deployments.