GitOps has become the de facto standard for managing Kubernetes deployments. By treating Git as the single source of truth, we gain declarative infrastructure, version control, and audit trails—all critical for production environments.
What is GitOps?
GitOps is an operational model that uses Git repositories as the source of truth for declarative infrastructure and applications. The key principles are:
- Git as the single source of truth
- Declarative descriptions of the desired state
- Automated reconciliation by software agents
- Observability and auditability
Why ArgoCD?
ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It provides:
- Automatic synchronization from Git repositories
- Multi-environment support (dev, staging, prod)
- RBAC and multi-tenancy
- Web UI for monitoring and management
- Health checks and automatic rollbacks
Pipeline Architecture
Our setup uses GitHub Actions for CI and ArgoCD for CD:
1. Build and Push
GitHub Actions builds the Docker image, runs tests, and pushes to Azure Container Registry (ACR).
2. Git Commit
Once the image is ready, we update the Kubernetes manifests in a separate Git repository with the new image tag.
3. ArgoCD Sync
ArgoCD detects the changes and automatically syncs the new configuration to the AKS cluster.
Implementation Details
One key challenge was handling secrets management. We used Azure Key Vault Provider for Secrets Store CSI Driver to inject secrets directly into pods without storing them in Git.
Another important aspect is health checks. ArgoCD uses Kubernetes readiness and liveness probes to determine application health. If a deployment fails health checks, ArgoCD can automatically roll back to the previous working version.
Benefits
- Speed: Faster deployments with automatic synchronization
- Reliability: Automatic rollbacks on failures
- Security: RBAC and audit trails
- Compliance: All changes tracked in Git
The full implementation is available on GitHub, including Helm charts and GitHub Actions workflows.