Why GitOps? Understanding ArgoCD Fundamentals - ArgoCD Tutorial Part 1.
Posted on :: 2012 Words :: Tags: argocd, gitops, kubernetes, devops

Table of Contents

Why GitOps? Understanding ArgoCD Fundamentals

Welcome to this comprehensive ArgoCD tutorial series! Over the next 7 parts, you'll learn everything from GitOps principles to production-ready Kubernetes deployments. By the end, you'll be deploying multi-cluster applications with confidence using ArgoCD.

But first, let's answer the fundamental question: Why GitOps, and why ArgoCD?

📚 ArgoCD Tutorial Series

Part 1 of 7 - You are here!

  1. Why GitOps? ArgoCD Fundamentals ← You are here
  2. Installation & First Application (Coming Jan 22)
  3. Deployment Patterns (Helm/Kustomize) (Coming Jan 24)
  4. Sync Strategies & App of Apps (Coming Jan 27)
  5. ApplicationSets & Multi-Cluster (Coming Jan 29)
  6. RBAC, Secrets & Security (Coming Jan 31)
  7. Production: Monitoring & DR (Coming Feb 3)

📦 Companion Repository

All code examples for this 7-part series will be available on GitHub:

Repository: argocd-gitops-tutorial-series (Coming soon)

Part 1 is conceptual, but the repository will include diagrams and working examples for Parts 2-7.

The Problem: Kubernetes Deployment Hell

Imagine you need to deploy a microservices application to Kubernetes. Using kubectl directly, you:

  1. Write 20 YAML files for deployments, services, configmaps
  2. Run kubectl apply -f . and pray nothing breaks
  3. Forget which version you deployed to staging
  4. Manually copy-paste configs to production, changing a few values
  5. Someone makes a "quick fix" with kubectl edit - now production differs from your files
  6. Six months later, no one knows the actual state of production

Sound familiar? This is Kubernetes deployment hell.

What Goes Wrong with Manual Kubernetes Deployments

Configuration Drift: Your Git repository says replicas=3, but production has replicas=5 because someone scaled manually. Which is correct?

No Audit Trail: Who deployed what, when, and why? Good luck finding that information.

Environment Inconsistencies: Staging works, production breaks. Differences? Nobody knows - configs diverged months ago.

Risky Deployments: One wrong kubectl apply can crash production. No preview, no gradual rollout, no safety net.

Knowledge Silos: Only DevOps team knows how to deploy. Developers wait days for simple config changes.

Painful Rollbacks: "Just revert the deployment!" - but which deployment? What was the previous version? Where's the YAML?

The Solution: GitOps

GitOps is an operational framework where Git repositories become the single source of truth for infrastructure and application configurations. Instead of running imperative commands like kubectl apply, you declare your desired state in Git and let automated systems ensure reality matches that state.

Core GitOps Principles

GitOps isn't just "putting YAML in Git" - it's a complete paradigm shift:

1. Declarative Configuration

Everything is described declaratively - you specify what you want, not how to get there:

# You declare: "I want 3 replicas"
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3  # Desired state
  template:
    spec:
      containers:
      - name: app
        image: myapp:v1.2.3

The system figures out how to achieve this state automatically.

2. Git as Single Source of Truth

All configurations live in Git:

  • Application manifests (Deployments, Services)
  • Infrastructure definitions
  • Configuration data

Git provides:

  • Version history: Every change tracked with author, timestamp, reason
  • Audit trail: Complete history of who changed what
  • Collaboration: Pull requests, code reviews, approvals
  • Rollback: git revert to undo changes instantly

3. Automated Synchronization

A controller continuously:

  • Watches your Git repository for changes
  • Compares desired state (Git) with actual state (cluster)
  • Automatically applies changes to eliminate drift
  • Reverts manual modifications to match Git

4. Continuous Reconciliation

The system constantly asks: "Does reality match Git?"

  • If someone runs kubectl edit → automatically reverted
  • If a pod crashes → automatically recreated
  • If config drifts → automatically corrected

This is self-healing infrastructure.

GitOps vs Traditional CI/CD

Traditional CI/CD (Imperative):

# Push-based deployment
git push → CI pipeline builds → Jenkins runs kubectl apply → Hope it worked

GitOps (Declarative):

# Pull-based deployment
git push → Controller detects change → Controller applies changes → Verify sync

Key difference: Who triggers the deployment?

Push-Based vs Pull-Based: The Critical Distinction

There are two fundamental approaches to GitOps implementation:

Push-Based GitOps (Traditional CI/CD)

How it works:

  1. Developer pushes code to Git
  2. CI/CD pipeline (Jenkins, GitHub Actions) is triggered
  3. Pipeline builds artifacts
  4. Pipeline actively pushes changes to Kubernetes cluster using kubectl apply

Architecture:

[Git Repo] → [CI/CD Pipeline] → [Kubernetes Cluster]
              (Pushes changes)

Pros:

  • Familiar to teams already using CI/CD
  • Direct control over deployment timing
  • Existing CI/CD infrastructure

Cons:

  • Security risk: CI/CD needs cluster credentials (broad permissions)
  • Single point of failure: If CI/CD is down, no deployments
  • No drift detection: Manual changes not automatically reverted
  • Credentials management: Cluster access tokens in CI/CD system
  • Manual rollback: Need to re-run pipeline with old version

Pull-Based GitOps (ArgoCD, Flux)

How it works:

  1. Developer pushes config changes to Git
  2. Controller inside cluster continuously watches Git
  3. Controller detects differences between Git and cluster
  4. Controller pulls changes and applies them

Architecture:

[Git Repo] ← [ArgoCD Controller] ← [Kubernetes Cluster]
            (Pulls and watches)

Pros:

  • Better security: No cluster credentials outside cluster
  • Automatic drift detection: Reverts manual changes automatically
  • Self-healing: Cluster always matches Git
  • Simple rollback: git revert → automatic sync
  • Clear audit trail: Git history = deployment history
  • Declarative: Desired state explicitly defined

Cons:

  • Requires installing controller in cluster
  • Paradigm shift for teams used to push-based CI/CD

Why ArgoCD Uses Pull-Based

ArgoCD implements pull-based GitOps because:

Security: The controller runs inside your cluster with minimal external credentials. No need to store cluster access tokens in CI/CD systems.

Simplicity: Developers just push to Git. No complex pipeline configurations.

Drift Detection: ArgoCD continuously monitors both Git and cluster, automatically fixing any drift.

Disaster Recovery: If someone accidentally deletes resources, ArgoCD immediately recreates them from Git.

Multiple Clusters: Single ArgoCD instance can manage multiple clusters without CI/CD pipeline complexity.

What is ArgoCD?

ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It's the most popular GitOps tool in the Cloud Native Computing Foundation (CNCF) and has achieved Graduated status (the highest maturity level).

Key Features

🎯 GitOps Native

  • Pull-based continuous delivery
  • Git as single source of truth
  • Automatic synchronization

🖥️ Rich Web UI

  • Visual application dashboard
  • Real-time sync status
  • Deployment history and rollback
  • Resource dependency visualization

🔄 Automatic Sync & Self-Healing

  • Continuously monitors Git and cluster
  • Detects configuration drift
  • Auto-reverts manual changes
  • Maintains desired state

📦 Multiple Config Management Tools

  • Plain Kubernetes YAML
  • Helm charts
  • Kustomize overlays
  • Jsonnet templates
  • Custom plugins

🌐 Multi-Cluster Management

  • Manage multiple clusters from single ArgoCD instance
  • ApplicationSets for templated deployments
  • Hub-and-spoke architecture

🔐 Security & RBAC

  • Fine-grained access control
  • SSO integration (OIDC, SAML, LDAP)
  • Multi-tenancy with Projects
  • Secret management integrations

📊 Observability

  • Prometheus metrics
  • Health status monitoring
  • Sync notifications (Slack, email, webhooks)
  • Detailed event logging

ArgoCD vs Alternatives: Quick Comparison

ArgoCD vs Flux CD

FeatureArgoCDFlux CD
Web UI✅ Built-in, feature-rich❌ No native UI
SetupQuick (30 mins)Requires more config
RBACExcellent, built-inUses K8s native RBAC
Multi-tenancyFirst-class supportBasic support
Learning CurveGentleSteeper
Use CaseTeams wanting UI + RBACCLI-first, lightweight

When to choose ArgoCD: Need rich UI, multi-tenant environments, fine-grained access control, easier onboarding.

When to choose Flux: Prefer CLI-first approach, already familiar with Kubernetes RBAC, want lightweight solution.

ArgoCD vs Jenkins X

FeatureArgoCDJenkins X
ScopeCD focusedFull CI/CD platform
Setup Time30 mins - 1 hourSeveral hours
ComplexitySimple, focusedComplex, comprehensive
Use CaseDeployment automationComplete CI/CD pipeline

When to choose ArgoCD: Already have CI pipeline, need modern GitOps CD tool, Kubernetes-native deployments.

When to choose Jenkins X: Building CI/CD platform from scratch, need integrated CI + CD solution.

Why Choose ArgoCD?

ArgoCD has become the industry standard for Kubernetes GitOps deployments because:

1. Developer Experience

Simple Workflow:

# 1. Developer makes change
git add deployment.yaml
git commit -m "scale to 5 replicas"
git push

# 2. ArgoCD automatically syncs (no pipeline config needed)
# 3. Done! Changes live in 30 seconds

Compare with traditional CI/CD:

# 1. Developer makes change
git push

# 2. Wait for CI pipeline (5-10 mins)
# 3. Jenkins builds
# 4. Jenkins runs kubectl apply
# 5. Hope nothing broke
# 6. Check cluster manually

2. Safety & Rollback

Instant Rollback:

# Deployment went wrong? Just revert the commit
git revert HEAD
git push
# ArgoCD automatically syncs back to previous state

Preview Before Sync: ArgoCD shows you exactly what will change before applying:

  • Resources to be created
  • Resources to be updated
  • Resources to be deleted

You can sync manually after reviewing changes.

3. Visibility

The ArgoCD UI shows:

  • ✅ Which apps are healthy
  • ⚠️ Which apps are out of sync
  • 🔄 Current sync status
  • 📜 Complete deployment history
  • 🔍 Resource dependency tree

No more "What's actually deployed?" confusion.

4. Multi-Cluster Made Easy

Manage 10 clusters? 100 clusters? ArgoCD handles them all:

# One ApplicationSet deploys to all clusters
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
spec:
  generators:
  - clusters: {}  # Auto-discovers all registered clusters
  template:
    # Template applied to each cluster

5. Security by Default

Pull-based = Secure:

  • ArgoCD controller runs in-cluster (no external credentials)
  • Git repos only need read access
  • No cluster credentials in CI/CD systems
  • Built-in RBAC and multi-tenancy

What You'll Build in This Series

Over the next 7 parts, we'll build a complete production-ready GitOps deployment system:

Part 2: Installation & First App

  • Install ArgoCD in Kubernetes cluster
  • Deploy your first application from Git
  • Understand Application CRDs
  • Basic sync operations

Part 3: Deployment Patterns

  • Deploy with plain YAML manifests
  • Helm chart integration
  • Kustomize overlays
  • When to use each approach

Part 4: Sync Strategies & App of Apps

  • Automatic vs manual sync
  • Prune and self-heal policies
  • Sync waves for ordered deployments
  • Manage multiple apps with App of Apps pattern

Part 5: Multi-Environment & Multi-Cluster

  • ApplicationSets for templating
  • Dev/staging/production environments
  • Multi-cluster deployments
  • Hub-and-spoke architecture

Part 6: Security & Secrets

  • RBAC and access control
  • SSO integration
  • Secrets management (External Secrets Operator)
  • Multi-tenancy with Projects

Part 7: Production Deployment

  • High availability setup
  • Prometheus monitoring
  • Slack/email notifications
  • Disaster recovery strategies

Prerequisites

To follow along with this series, you'll need:

Required:

  • Basic Kubernetes knowledge (pods, deployments, services)
  • kubectl CLI installed
  • Access to Kubernetes cluster (local or cloud):
    • Local: kind, minikube, Docker Desktop
    • Cloud: GKE, EKS, AKS free tier
  • Git basics (commit, push, pull)

Recommended:

  • Familiarity with Helm or Kustomize
  • Basic YAML understanding
  • Experience with CI/CD concepts

Optional:

  • GitHub/GitLab account for hosting configs
  • Cloud account for production examples (Parts 6-7)

Key Concepts Recap

Before diving into hands-on tutorials, let's recap the core concepts:

GitOps = Git + Operations

Git Repository (Source of Truth)
ArgoCD Controller (Reconciliation)
Kubernetes Cluster (Reality)

Pull-Based Wins

  • Controller inside cluster
  • Watches Git continuously
  • Applies changes automatically
  • Reverts drift automatically

ArgoCD Advantages

  • Rich UI for visibility
  • Multi-cluster management
  • Built-in RBAC
  • Automatic sync & self-heal
  • Production-ready from day 1

What Makes GitOps Powerful

  • Declarative: Describe desired state
  • Versioned: Git history = deployment history
  • Automated: No manual kubectl apply
  • Auditable: Full change tracking
  • Recoverable: Instant rollback via git revert

Coming Up Next

In Part 2: Installation & First Application, we'll:

  • Install ArgoCD in your Kubernetes cluster
  • Access the ArgoCD UI
  • Deploy your first application from Git
  • Understand Application CRDs
  • Perform sync operations

You'll go from zero to deploying applications in under 30 minutes!

Resources

Official Documentation

Further Reading

Next in Series

Part 2: Installation & First Application - Install ArgoCD and deploy your first app from Git (Coming Jan 22)

Have questions about GitOps or ArgoCD? Drop a comment below! I'll be answering questions throughout the series.