VaarakVaarak
Back to BlogDevOps

GitOps with ArgoCD: Declarative Infrastructure Management

How to implement GitOps workflows with ArgoCD for Kubernetes — from repository structure to multi-environment promotion.

Marcus Rodriguez Oct 25, 2025 10 min read
GitOps ArgoCD Kubernetes Infrastructure
GitOps with ArgoCD: Declarative Infrastructure Management

GitOps is a simple idea with profound implications: your Git repository is the single source of truth for your infrastructure. Every change — application deployments, configuration updates, infrastructure modifications — goes through Git. ArgoCD watches your Git repository and automatically synchronizes your Kubernetes clusters to match the declared state. No more kubectl apply, no more SSH-ing into servers, no more 'who deployed what?' questions.

Git-based workflow and version control
GitOps: every infrastructure change is a Git commit with full audit trail

Repository Structure

We use a two-repository model: the application repo (source code + Dockerfile) and the GitOps repo (Kubernetes manifests + Helm values). Separating them ensures that application CI (lint, test, build) is decoupled from deployment — a new image is built by CI, the GitOps repo is updated with the new image tag, and ArgoCD deploys it.

gitops-repo/apps/api/values-production.yaml
# Environment-specific values for the API service
replicaCount: 3
image:
  repository: ghcr.io/vaarak/api
  tag: "sha-a1b2c3d"  # Updated by CI pipeline
resources:
  requests:
    cpu: 250m
    memory: 256Mi
  limits:
    cpu: 1000m
    memory: 512Mi
autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 10
  targetCPUUtilization: 70

Multi-Environment Promotion

Changes flow through environments: dev → staging → production. In the GitOps model, promotion is a Git operation: update the image tag in the staging values file, then (after validation) update the production values file. ArgoCD detects the change and deploys automatically. Rollback is equally simple: git revert the commit.

  • Dev: Auto-sync enabled. Every commit to the GitOps repo deploys immediately.
  • Staging: Auto-sync enabled. Mirrors production config with lower resource limits.
  • Production: Manual sync with approval required. ArgoCD detects drift but waits for human approval before applying changes.

Drift Detection and Self-Healing

ArgoCD continuously compares the live cluster state against the Git repository. If someone manually changes a resource with kubectl (drift), ArgoCD detects it and can either alert or automatically revert the change. This self-healing ensures that the Git repository always reflects reality — no more 'the cluster doesn't match what we think it should be' incidents.

Enable self-healing for all environments. It sounds scary at first, but it prevents the most common cause of production incidents: manual changes that weren't tracked, reviewed, or tested.

The single biggest benefit of GitOps isn't automation — it's auditability. Every deployment, every config change, every rollback is a Git commit with an author, timestamp, review, and explanation. When something goes wrong at 3am, you can git log your way to the answer.

Marcus Rodriguez, Vaarak DevOps
M

Marcus Rodriguez

DevOps Engineering Lead