G
GuideDevOps
Lesson 3 of 10

ArgoCD

Part of the GitOps tutorial series.

What is ArgoCD?

ArgoCD is an open-source, declarative, GitOps continuous delivery tool for Kubernetes. It was created by Intuit and is currently a graduated CNCF project.

ArgoCD is heavily celebrated because of its incredibly polished, visual web UI. It allows developers to literally see their Git repositories synchronizing into live Kubernetes pods in real-time.

Core ArgoCD Concepts

When using ArgoCD, you do not use kubectl apply. You create an ArgoCD Application resource.

An Application object connects a Git Repository to a Destination Cluster.

The Application YAML

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-web-app
  namespace: argocd
spec:
  # 1. Where is the desired state?
  source:
    repoURL: 'https://github.com/my-company/k8s-manifests.git'
    path: 'apps/frontend/production'
    targetRevision: HEAD   # Track the main branch
 
  # 2. Where is it being deployed?
  destination:
    server: 'https://kubernetes.default.svc' # The cluster Argo lives in
    namespace: prod-frontend
 
  # 3. How should Argo behave?
  project: default
  syncPolicy:
    automated:
      prune: true     # Delete resources if they are removed from Git
      selfHeal: true  # Revert manual changes made directly to the cluster

Installing ArgoCD

ArgoCD installs directly into your Kubernetes cluster.

# 1. Create a dedicated namespace
kubectl create namespace argocd
 
# 2. Install ArgoCD via the official manifest
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.4/manifests/install.yaml
 
# 3. By default, the ArgoCD API/UI is not exposed externally. 
# For a quick local test, use port-forwarding:
kubectl port-forward svc/argocd-server -n argocd 8080:443

Logging into the UI

  1. Navigate to https://localhost:8080 in your browser.
  2. The default username is admin.
  3. To get the auto-generated password, run:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Sync Status & Health

When you configure an Application, ArgoCD provides two critical pieces of information.

1. Sync Status (Git vs Reality)

  • Synced: The live cluster is perfectly identical to the YAML in the Git repository.
  • OutOfSync: The Git repository has changed, or someone manually modified the live cluster. They are no longer identical.

2. Health Status (Is the app actually working?)

A Deployment might be perfectly "Synced" with Git, but if the Docker image specified in Git crashes upon boot, the app is broken.

  • Healthy: The resource is 100% running (e.g., all 3 out of 3 Pods are active).
  • Progressing: The cluster is currently spinning up the resources.
  • Degraded: The resource failed (e.g., CrashLoopBackOff).

Manual vs Automated Syncing

ArgoCD supports two modes for pushing changes from Git to the cluster.

Manual Sync

When changes are merged into Git, ArgoCD marks the application as "OutOfSync" but does nothing. A human must log into the ArgoCD UI, review the diff (which looks identical to a git diff), and click the "Sync" button to authorize the deployment. Best for: Production environments where you want human authorization before pushing.

Automated Sync

As soon as ArgoCD detects a change in Git, it immediately and aggressively applies it to the cluster with zero human intervention. Best for: Development, Staging, and high-velocity maturity teams.

Auto-Pruning

If a developer deletes service.yaml from the Git repository, what should ArgoCD do? If prune: true is enabled, ArgoCD will actively delete the Service from the live Kubernetes cluster. If it is false (the default), ArgoCD leaves the "orphaned" resource running in the cluster. Over time, disabled pruning leads to extremely messy clusters filled with ghost resources.