ArgoCD Application Management — Deploy and Sync

Why ArgoCD Matters

ArgoCD is the leading GitOps operator for Kubernetes. It automates application deployment, monitors for drift, and ensures the cluster always matches the desired state defined in Git. Understanding ArgoCD is essential for any DevOps or platform engineer working with Kubernetes.

Why this matters for your career:

  • ArgoCD is the most popular GitOps tool (CNCF graduated project)
  • ArgoCD skills are in high demand for Kubernetes platform engineering roles
  • ArgoCD simplifies multi-cluster and multi-environment management
  • It provides a rich web UI, CLI, and API for comprehensive management

Installing ArgoCD

# Create namespace
kubectl create namespace argocd

# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Verify pods
kubectl get pods -n argocd -w
# Expected: argocd-server, argocd-repo-server, argocd-application-controller, argocd-redis, argocd-dex

# Expose the server (port-forward for local access)
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get the admin password
kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d

# Login via CLI
argocd login localhost:8080 --username admin --password <password>

Creating Your First Application

Via CLI

argocd app create my-app \
  --repo https://github.com/myorg/myapp-config.git \
  --path k8s/overlays/production \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace my-app \
  --sync-policy automated \
  --auto-prune \
  --self-heal

Via YAML Manifest

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/myorg/myapp-config.git
    targetRevision: HEAD
    path: k8s/overlays/production
  destination:
    server: https://kubernetes.default.svc
    namespace: my-app
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - PrunePropagationPolicy=foreground
      - PruneLast=true
  info:
    - name: Description
      value: Production deployment of my-app

Sync Policies

| Policy | Description | When to Use | |--------|-------------|-------------| | Manual | User triggers sync | Pre-production, sensitive changes | | Automated | Auto-sync when Git changes | Production, standard workflow | | Automated with prune | Delete resources removed from Git | Production, full lifecycle | | Automated with self-heal | Revert manual changes to match Git | Critical production, drift prevention |

Sync Options Reference

syncPolicy:
  automated:
    prune: true           # Delete resources not in Git
    selfHeal: true        # Revert manual changes
    allowEmpty: false     # Don't delete all resources (safety)
  syncOptions:
    - CreateNamespace=true  # Auto-create namespace
    - PruneLast=true        # Delete old resources after applying new
    - ApplyOutOfSyncOnly=true  # Only sync out-of-sync resources
    - RespectIgnoreDifferences=true  # Respect configured differences
    - PrunePropagationPolicy=foreground

Health Checks

ArgoCD monitors the health of deployed resources:

# Custom health check (Lua script)
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
spec:
  # ...
  ignoreDifferences:
  - group: apps
    kind: Deployment
    jsonPointers:
    - /spec/replicas  # Ignore replica count drift

Health Status Types

| Status | Meaning | |--------|---------| | Healthy | Resource is operating normally | | Progressing | Resource is being deployed or updated | | Degraded | Resource is failing or unhealthy | | Suspended | Resource is paused or suspended | | Missing | Resource not found in cluster | | Unknown | Health status cannot be determined |

ApplicationSet

ApplicationSet generates multiple Applications from a single template:

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: my-app
  namespace: argocd
spec:
  generators:
    - git:
        repoURL: https://github.com/myorg/myapp-config.git
        revision: HEAD
        directories:
          - path: k8s/overlays/*

  template:
    metadata:
      name: 'my-app-{{path.basename}}'
    spec:
      project: default
      source:
        repoURL: https://github.com/myorg/myapp-config.git
        targetRevision: HEAD
        path: '{{path}}'
      destination:
        server: https://kubernetes.default.svc
        namespace: 'my-app-{{path.basename}}'
      syncPolicy:
        automated:
          prune: true
          selfHeal: true

This automatically creates one Application per overlay directory (dev, staging, production). When a new overlay is added, a new Application is created automatically.

Multi-Cluster Deployment

# Add a remote cluster
argocd cluster add my-cluster-context

# List clusters
argocd cluster list

# Deploy to remote cluster
argocd app create my-app-remote \
  --repo https://github.com/myorg/myapp-config.git \
  --path k8s/overlays/production \
  --dest-server https://remote-cluster.example.com:6443 \
  --dest-namespace my-app

Rollback

# View deployment history
argocd app history my-app

# Rollback to a specific revision
argocd app rollback my-app 3 --prune

# Rollback via UI: Select revision → Rollback

Notifications

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my-channel
    notifications.argoproj.io/subscribe.on-sync-failed.slack: my-channel
    notifications.argoproj.io/subscribe.on-health-degraded.slack: my-channel

Best Practices

| Practice | Reason | |----------|--------| | Use ApplicationSet for multi-env | DRY — one template for all environments | | Enable self-heal | Auto-revert manual changes to prevent drift | | Enable prune | Auto-delete resources removed from Git | | Use private repos with SSH deploy keys | Security — never use passwords | | Set resource limits on ArgoCD itself | Prevent ArgoCD from consuming too many resources | | Configure notifications | Get alerted on sync failures | | Use sync windows for prod | Prevent deployments during off-hours | | Set up cluster RBAC | Limit who can create/modify Applications |

Summary

ArgoCD automates Kubernetes application deployment using Git as the source of truth. It detects drift, self-heals, and supports multi-cluster and multi-environment deployments. ApplicationSet generates Applications from templates. Sync policies control automation level. Health checks monitor application status.

Key takeaways:

  • Install ArgoCD with kubectl apply, access via CLI or web UI
  • Application defines source (Git repo) and destination (cluster + namespace)
  • Automated sync: prune (delete) + self-heal (revert manual changes)
  • Health checks: Healthy, Progressing, Degraded, Missing
  • ApplicationSet: one template generates Applications for each environment/cluster
  • Multi-cluster: add clusters and deploy across them
  • Rollback: argocd app rollback to revert to any previous revision
  • Notifications: send sync and health alerts to Slack, email, etc.

What's Next: Kustomize

The next chapter covers Kustomize — overlay-based Kubernetes configuration management — bases, overlays, patches, and generators.

Unlock Full Tutorial

This chapter is paid content. Join the project to unlock over 5000 words of deep analysis, including 10+ god-tier Prompts and real Source Code examples!