ArgoCD Application Management — Deploy and Sync
Why ArgoCD Matters
ArgoCD is the leading GitOps operator for Kubernetes. It automates application deployment, monitors for drift, and ensures the cluster always matches the desired state defined in Git. Understanding ArgoCD is essential for any DevOps or platform engineer working with Kubernetes.
Why this matters for your career:
- ArgoCD is the most popular GitOps tool (CNCF graduated project)
- ArgoCD skills are in high demand for Kubernetes platform engineering roles
- ArgoCD simplifies multi-cluster and multi-environment management
- It provides a rich web UI, CLI, and API for comprehensive management
Installing ArgoCD
# Create namespace
kubectl create namespace argocd
# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Verify pods
kubectl get pods -n argocd -w
# Expected: argocd-server, argocd-repo-server, argocd-application-controller, argocd-redis, argocd-dex
# Expose the server (port-forward for local access)
kubectl port-forward svc/argocd-server -n argocd 8080:443
# Get the admin password
kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
# Login via CLI
argocd login localhost:8080 --username admin --password <password>
Creating Your First Application
Via CLI
argocd app create my-app \
--repo https://github.com/myorg/myapp-config.git \
--path k8s/overlays/production \
--dest-server https://kubernetes.default.svc \
--dest-namespace my-app \
--sync-policy automated \
--auto-prune \
--self-heal
Via YAML Manifest
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/myorg/myapp-config.git
targetRevision: HEAD
path: k8s/overlays/production
destination:
server: https://kubernetes.default.svc
namespace: my-app
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
info:
- name: Description
value: Production deployment of my-app
Sync Policies
| Policy | Description | When to Use | |--------|-------------|-------------| | Manual | User triggers sync | Pre-production, sensitive changes | | Automated | Auto-sync when Git changes | Production, standard workflow | | Automated with prune | Delete resources removed from Git | Production, full lifecycle | | Automated with self-heal | Revert manual changes to match Git | Critical production, drift prevention |
Sync Options Reference
syncPolicy:
automated:
prune: true # Delete resources not in Git
selfHeal: true # Revert manual changes
allowEmpty: false # Don't delete all resources (safety)
syncOptions:
- CreateNamespace=true # Auto-create namespace
- PruneLast=true # Delete old resources after applying new
- ApplyOutOfSyncOnly=true # Only sync out-of-sync resources
- RespectIgnoreDifferences=true # Respect configured differences
- PrunePropagationPolicy=foreground
Health Checks
ArgoCD monitors the health of deployed resources:
# Custom health check (Lua script)
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
# ...
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas # Ignore replica count drift
Health Status Types
| Status | Meaning | |--------|---------| | Healthy | Resource is operating normally | | Progressing | Resource is being deployed or updated | | Degraded | Resource is failing or unhealthy | | Suspended | Resource is paused or suspended | | Missing | Resource not found in cluster | | Unknown | Health status cannot be determined |
ApplicationSet
ApplicationSet generates multiple Applications from a single template:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: my-app
namespace: argocd
spec:
generators:
- git:
repoURL: https://github.com/myorg/myapp-config.git
revision: HEAD
directories:
- path: k8s/overlays/*
template:
metadata:
name: 'my-app-{{path.basename}}'
spec:
project: default
source:
repoURL: https://github.com/myorg/myapp-config.git
targetRevision: HEAD
path: '{{path}}'
destination:
server: https://kubernetes.default.svc
namespace: 'my-app-{{path.basename}}'
syncPolicy:
automated:
prune: true
selfHeal: true
This automatically creates one Application per overlay directory (dev, staging, production). When a new overlay is added, a new Application is created automatically.
Multi-Cluster Deployment
# Add a remote cluster
argocd cluster add my-cluster-context
# List clusters
argocd cluster list
# Deploy to remote cluster
argocd app create my-app-remote \
--repo https://github.com/myorg/myapp-config.git \
--path k8s/overlays/production \
--dest-server https://remote-cluster.example.com:6443 \
--dest-namespace my-app
Rollback
# View deployment history
argocd app history my-app
# Rollback to a specific revision
argocd app rollback my-app 3 --prune
# Rollback via UI: Select revision → Rollback
Notifications
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
annotations:
notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my-channel
notifications.argoproj.io/subscribe.on-sync-failed.slack: my-channel
notifications.argoproj.io/subscribe.on-health-degraded.slack: my-channel
Best Practices
| Practice | Reason | |----------|--------| | Use ApplicationSet for multi-env | DRY — one template for all environments | | Enable self-heal | Auto-revert manual changes to prevent drift | | Enable prune | Auto-delete resources removed from Git | | Use private repos with SSH deploy keys | Security — never use passwords | | Set resource limits on ArgoCD itself | Prevent ArgoCD from consuming too many resources | | Configure notifications | Get alerted on sync failures | | Use sync windows for prod | Prevent deployments during off-hours | | Set up cluster RBAC | Limit who can create/modify Applications |
Summary
ArgoCD automates Kubernetes application deployment using Git as the source of truth. It detects drift, self-heals, and supports multi-cluster and multi-environment deployments. ApplicationSet generates Applications from templates. Sync policies control automation level. Health checks monitor application status.
Key takeaways:
- Install ArgoCD with kubectl apply, access via CLI or web UI
- Application defines source (Git repo) and destination (cluster + namespace)
- Automated sync: prune (delete) + self-heal (revert manual changes)
- Health checks: Healthy, Progressing, Degraded, Missing
- ApplicationSet: one template generates Applications for each environment/cluster
- Multi-cluster: add clusters and deploy across them
- Rollback: argocd app rollback to revert to any previous revision
- Notifications: send sync and health alerts to Slack, email, etc.
What's Next: Kustomize
The next chapter covers Kustomize — overlay-based Kubernetes configuration management — bases, overlays, patches, and generators.