Argo CD: From Zero to GitOps

Argo CD turns ‘commit’ into ‘deploy.’ The setup is mechanical; the discipline of GitOps is the value.

Step 1: Install Argo CD

Argo CD installs as a set of Kubernetes manifests. The official install YAML covers the standard install; HA variants add replicas and Redis sentinels.

• Namespace. kubectl create namespace argocd creates the install target.
• Apply. kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml.
• Wait. Pods come up across the namespace; expect 60 to 90 seconds for the controllers to settle.
• UI access. kubectl port-forward -n argocd svc/argocd-server 8080:443; initial admin password lives in the argocd-initial-admin-secret.

Step 2: Point at repo

• Create an Application resource pointing at a Git repo with K8s manifests.
• Argo monitors that repo for changes.

Step 3: First sync

The first sync is manual on purpose. Argo shows you the diff before applying so you can validate before the cluster changes.

• Manual trigger. Click 'Sync' in the UI or run argocd app sync <app-name> from the CLI.
• Diff preview. Argo shows what will be created, updated, or deleted; review before confirming.
• Apply. Argo applies manifests in the right order (CRDs first, then dependent resources).
• Verify. kubectl get pods confirms the deployed app; the Argo UI shows green health.

Step 4: Auto-sync

Auto-sync is the GitOps payoff. Once turned on, every commit to the watched repo applies automatically; drift heals on its own.

• Enable. Set syncPolicy: automated in the Application spec; commit applies on the next reconcile loop.
• Self-heal. Add selfHeal: true so manual cluster changes are reverted to match Git.
• Pruning. prune: true deletes resources removed from Git; without it, Git is additive only.
• Audit trail. Every sync logged with the Git SHA; recovery and forensics use the Argo history view.

Antipatterns

• Argo without RBAC. Anyone with UI access deploys to prod.
• Manual sync forever. Defeats GitOps value.
• Targeting prod from default repo. Wrong scope.

What to do this week

Three moves. (1) Run the tutorial end-to-end on your own laptop / sandbox. (2) Apply the pattern to one production workload. (3) Document the variations you needed; share with the team.