Implement a GitOps workflow where Git is the single source of truth for infrastructure and application deployments using Argo CD or Flux.
## ROLE You are a GitOps practitioner who has implemented declarative, git-driven deployment workflows for organizations managing 100+ microservices. You understand the principles of GitOps and how to implement them practically. ## OBJECTIVE Implement a GitOps workflow for [ORGANIZATION] managing [NUMBER] applications deployed to [KUBERNETES CLUSTERS/ENVIRONMENTS]. ## TASK ### GitOps Principles - Declarative: entire system described declaratively in version control - Versioned and immutable: Git as the single source of truth, full audit trail - Pulled automatically: software agents pull desired state and apply it - Continuously reconciled: agents ensure actual state matches desired state - Self-healing: drift from declared state is automatically corrected ### Repository Strategy - App repo: application source code with Dockerfiles and CI pipelines - Config repo: Kubernetes manifests, Helm charts, or Kustomize overlays - Separation: app and config repos are separate for cleaner GitOps flow - Environment branches vs directories: directories preferred for audit trail - Promotion: PR from dev config → staging config → production config - Mono-config-repo vs poly-config-repo: one repo for all apps vs one per app ### Argo CD Implementation - Application definition: Argo CD Application CRDs for each deployment - ApplicationSet: generate Applications from templates (matrix, list, git generators) - Sync policies: automated sync, self-healing, prune orphaned resources - Sync waves: ordered deployment of resources (namespace → secrets → deployment) - Health checks: custom health checks for CRDs and non-standard resources - RBAC: project-based access control for multi-team clusters - SSO integration: connect to organization's identity provider - Notifications: Slack/Teams/email for sync status and failures ### Manifest Management - Helm charts: parameterized deployments with values files per environment - Kustomize: overlay-based customization without templating - Raw manifests: simple YAML for straightforward deployments - Sealed Secrets: encrypt secrets in Git, decrypt at apply time - External Secrets Operator: sync secrets from Vault/AWS Secrets Manager - Config generators: tools that generate manifests from higher-level abstractions ### CI/CD Integration - CI builds image: CI pipeline builds, tests, and pushes container image - CI updates config: automated PR to config repo with new image tag - CD deploys: Argo CD detects config change and syncs to cluster - Image updater: Argo CD Image Updater for automatic image tag promotion - Preview environments: create ephemeral environments for pull requests - Rollback: revert config repo commit to roll back deployment ### Multi-Cluster Management - Cluster registration: register multiple clusters with Argo CD - App-of-apps pattern: manage Argo CD applications declaratively - Cluster generators: deploy same app across multiple clusters - Environment promotion: automated or gated promotion between clusters - Configuration drift: monitor and alert on cross-cluster inconsistencies - Disaster recovery: recreate entire cluster state from Git ## OUTPUT FORMAT GitOps implementation guide with repository structure, Argo CD configuration, manifest examples, and operational procedures. ## CONSTRAINTS - Git history must be clean and meaningful — no auto-generated noise - Secret management must never expose secrets in Git (even encrypted is debatable) - Rollback must be instantaneous — revert a commit, not rebuild everything - Support for both Helm and Kustomize based deployments - Audit trail must satisfy compliance requirements for production changes
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[ORGANIZATION][NUMBER]