Posted inDevOps

GitOps with ArgoCD — Auto Deploy from Git

DevOps tutorial - IT technology blog
DevOps tutorial - IT technology blog

The Pain of Manual Deployments

Deploying applications in modern software development often feels like walking a tightrope. Even with CI/CD pipelines, traditional deployment methods frequently encounter difficulties:

  • Configuration Drift: Over time, environments often drift apart. This causes inconsistencies across development, staging, and production. Imagine a developer tests a feature locally, and it works perfectly, but then fails in staging because of a slightly different database version or an unapplied configuration.
  • Manual Errors: Human intervention in deployment processes is a frequent cause of mistakes. These can lead to outages or unexpected application behavior.
  • Slow Rollbacks: When incidents occur, reverting to a previous stable state can be cumbersome and time-consuming. This prolongs downtime.
  • Lack of Auditability: Without a clear, centralized record, it becomes difficult to understand who changed what, when and why.

Continuous Integration (CI) and Continuous Delivery (CD) pipelines automate builds and tests. However, many still use a push-based model to deploy artifacts to target environments. This approach doesn’t inherently guarantee that the deployed state perfectly matches the intended configuration. This is precisely where GitOps provides a robust solution to these frequent deployment challenges.

Enter GitOps: Your Source of Truth

GitOps is an operational framework. It extends DevOps best practices—such as version control, collaboration, compliance, and CI/CD—to infrastructure automation. Fundamentally, GitOps establishes Git as the single source of truth. It defines the desired state for both your applications and infrastructure.

This philosophy rests on four core principles:

  1. Declarative: Infrastructure, applications, and configurations are all described and stored declaratively as code. This means you define what you want, rather than how to achieve it. Kubernetes manifests, for instance, perfectly embody declarative configuration.

  2. Versioned and Immutable: The desired state resides in Git, offering robust version control. This allows for easy change tracking, rollbacks, and auditing. Each change generates a new commit, creating a complete historical record.

  3. Pulled Automatically: Unlike a CI/CD pipeline pushing changes to the cluster, an automated operator (such as ArgoCD) continuously pulls the desired state from Git and applies it. This pull-based mechanism significantly enhances security by eliminating the need for cluster credentials within the CI pipeline itself.

  4. Continuously Reconciled: The operator constantly compares the actual infrastructure state with the desired state defined in Git. Should any discrepancies arise—for example, if a pod is manually deleted—the operator automatically reconciles the cluster. It ensures the cluster always matches the Git repository’s definition.

Adopting GitOps offers teams significant benefits. These include faster, more frequent deployments, easier and safer rollbacks, an improved security posture, and a clear audit trail for all changes. Ultimately, this contributes to greater operational stability.

ArgoCD: The GitOps Enforcer

If Git serves as your source of truth, then ArgoCD acts as the vigilant guardian, ensuring that truth is consistently maintained within your Kubernetes clusters. ArgoCD is a declarative, GitOps continuous delivery tool built specifically for Kubernetes. It automates the deployment, monitoring, and management of applications within your cluster. All these operations are driven by configurations stored in Git.

Typically, ArgoCD operates as follows:

  • First, ArgoCD continuously monitors your Git repositories. It looks for changes to your application manifests, such as Kubernetes YAML files, Helm charts, or Kustomize configurations.
  • Concurrently, it monitors the live state of your applications running within the Kubernetes cluster.
  • When ArgoCD detects a difference between the desired state in Git and the actual state in the cluster, it flags this as an ‘out of sync’ condition.
  • With auto-sync enabled, ArgoCD automatically reconciles these differences. It applies the Git-defined state to the cluster, effectively ‘healing’ any configuration drift.

Several key features make ArgoCD a standout choice. These include an intuitive web UI for visualizing deployments, a powerful CLI for automation, support for various manifest management tools, and robust Role-Based Access Control (RBAC).

Hands-On: Automating Deployments with ArgoCD

We’ll now configure ArgoCD to automatically deploy a simple Nginx application to a Kubernetes cluster.

Prerequisites

Before we begin, ensure you have the following:

  • You’ll need a running Kubernetes cluster. Minikube or Kind are excellent for local testing, or you can use a cloud-managed cluster like GKE, EKS, or AKS.
  • kubectl must be installed and configured to interact with your cluster.
  • A basic understanding of Git and Kubernetes YAML manifests is recommended.

Step 1: Install ArgoCD

To begin, we’ll install ArgoCD into our Kubernetes cluster. This involves creating a dedicated namespace and applying its installation manifests.

# Create a new namespace for ArgoCD
kubectl create namespace argocd

# Install ArgoCD into the 'argocd' namespace
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Wait for ArgoCD pods to become ready
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=argocd-server -n argocd --timeout=300s

# Expose the ArgoCD UI using port-forwarding for local access.
# In a production environment, you would typically use an Ingress or LoadBalancer service instead.
kubectl port-forward svc/argocd-server -n argocd 8080:443 &

# Retrieve the initial admin password.
# This password is dynamically generated and stored as a Kubernetes secret.
ARGOCD_SERVER_POD=$(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $ARGOCD_SERVER_POD -n argocd -- argocd admin initial-password

# Save this password for future use. The default username is 'admin'.

After installation, access the ArgoCD UI by navigating to https://localhost:8080 in your browser. Log in using the username admin and the password you previously retrieved.

Step 2: Prepare Your Application Repository

Next, we’ll create a simple Git repository for ArgoCD to monitor. This repository will store the Kubernetes manifests for our application. For this tutorial, we’ll define a basic Nginx deployment and its corresponding service.

# Create a new directory for your app manifests
mkdir my-nginx-app
cd my-nginx-app

# Create a deployment.yaml file
cat <<EOF > deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.21.6-alpine # We'll update this later
        ports:
        - containerPort: 80
EOF

# Create a service.yaml file
cat <<EOF > service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP
EOF

# Initialize a Git repository and push it to a remote (e.g., GitHub, GitLab)
# Replace <YOUR_GIT_REPO_URL> with your actual repository URL.
git init
git add .
git commit -m "Initial Nginx app manifests"
git branch -M main
git remote add origin <YOUR_GIT_REPO_URL>
git push -u origin main

Ensure your Git repository is either publicly accessible or that ArgoCD possesses the necessary credentials to access it if it’s private.

Step 3: Create an ArgoCD Application

Our Kubernetes cluster now runs ArgoCD, and our application manifests are in Git. The next step is to inform ArgoCD about our application. We’ll define an ArgoCD Application resource. This resource will point to our Git repository and specify where in the cluster the application should be deployed.

We’ll utilize the ArgoCD CLI. You can install it by following instructions on the ArgoCD website (e.g., brew install argocd on macOS, or direct download for Linux/Windows). Then, log in to the ArgoCD CLI:

# Connect the CLI to your ArgoCD server
argocd login localhost:8080
# Use 'admin' and the password you retrieved earlier

Now, create the ArgoCD Application:

# Create an ArgoCD Application pointing to our Git repo
# Replace <YOUR_GIT_REPO_URL> with the URL of your repository
argocd app create my-nginx-app \
  --repo <YOUR_GIT_REPO_URL> \
  --path .
  --dest-server https://kubernetes.default.svc \
  --dest-namespace default \
  --sync-policy automated \
  --auto-prune \
  --self-heal

Let’s break down these flags:

  • --repo: The URL of your Git repository.
  • --path: The subdirectory within the repository where your manifests are located. Use . for the root directory.
  • --dest-server: The API server URL of your Kubernetes cluster. https://kubernetes.default.svc is a common choice for in-cluster deployments.
  • --dest-namespace: The Kubernetes namespace where the application should be deployed.
  • --sync-policy automated: This flag is essential for GitOps! It instructs ArgoCD to automatically synchronize any changes detected between Git and the cluster.
  • --auto-prune: Permits ArgoCD to delete resources from the cluster that are no longer defined in Git.
  • --self-heal: If a resource is manually modified or deleted in the cluster, ArgoCD will automatically revert it to the state defined in Git.

Alternatively, you can define this ArgoCD Application as a Kubernetes manifest and apply it directly:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-nginx-app
  namespace: argocd
spec:
  destination:
    namespace: default
    server: https://kubernetes.default.svc
  project: default
  source:
    path: .
    repoURL: <YOUR_GIT_REPO_URL> # Replace with your repo URL
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Save this configuration as argocd-app.yaml. Then, apply it using kubectl apply -n argocd -f argocd-app.yaml.

Step 4: Observe Automatic Deployment and Synchronization

After creating the ArgoCD Application, you’ll immediately see it appear in the ArgoCD UI. Initially, it will likely display as OutOfSync. It will then transition to Syncing, and finally Healthy and Synced, as it applies your Nginx manifests to the Kubernetes cluster.

You can also verify its status using the CLI:

# List all applications
argocd app list

# Get detailed status of your application
argocd app get my-nginx-app

Verify your Nginx deployment is running in Kubernetes:

kubectl get deployments -n default
kubectl get pods -n default -l app=nginx
kubectl get services -n default

Witnessing Self-Healing

To observe self-healing, let’s simulate configuration drift. Manually delete one of the Nginx pods:

# Get the name of one of your Nginx pods
NGINX_POD=$(kubectl get pods -n default -l app=nginx -o jsonpath='{.items[0].metadata.name}')

# Delete the pod manually
kubectl delete pod $NGINX_POD -n default

Monitor the ArgoCD UI or execute argocd app get my-nginx-app. You’ll briefly see the application transition to OutOfSync. Almost immediately, ArgoCD will detect the discrepancy and re-create the deleted pod. This action restores the application to a Healthy and Synced state. This continuous reconciliation is a fundamental principle of GitOps.

Automatic Updates from Git

Let’s proceed by updating our Nginx application. Modify your my-nginx-app/deployment.yaml file to specify a newer Nginx image:

# ... (previous lines)
      containers:
      - name: nginx
        image: nginx:1.23.4-alpine # Changed from 1.21.6-alpine
        ports:
        - containerPort: 80
# ... (remaining lines)

Commit this change and push it to your Git repository:

cd my-nginx-app # If you are not already in the directory
git add deployment.yaml
git commit -m "Update Nginx image to 1.23.4-alpine"
git push origin main

Within seconds—the exact time depends on ArgoCD’s sync interval, which defaults to 3 minutes, or immediately if a webhook is configured—ArgoCD will detect the change in your Git repository. It will then mark your application as OutOfSync. Subsequently, it will automatically deploy the new Nginx image version to your Kubernetes cluster. You can observe the deployment rollout in the ArgoCD UI and by running kubectl get deployments -n default.

In a production setting, this approach consistently yields stable results. It offers significant peace of mind, knowing that environments remain aligned with the version control system. This alignment makes rollbacks trivial and simplifies debugging configuration issues.

Conclusion: The Future of CD is GitOps

GitOps, powered by tools like ArgoCD, presents a transformative approach to continuous delivery for Kubernetes. By establishing Git as the single source of truth and enabling continuous reconciliation, teams can achieve highly automated, reliable, and auditable deployments.

This methodology not only simplifies operations and minimizes manual errors, but also empowers development teams with greater control over their deployments. This fosters a truly collaborative and efficient DevOps culture. Embracing GitOps with ArgoCD means progressing towards a future where infrastructure and application deployments are predictable, transparent, and consistently stable.

Share:
Tags: