wshobson

gitops-workflow

@wshobson/gitops-workflow
wshobson
24,432
2706 forks
Updated 1/6/2026
View on GitHub

Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

Installation

$skills install @wshobson/gitops-workflow
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositorywshobson/agents
Pathplugins/kubernetes-operations/skills/gitops-workflow/SKILL.md
Branchmain
Scoped Name@wshobson/gitops-workflow

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: gitops-workflow description: Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

GitOps Workflow

Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.

Purpose

Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.

When to Use This Skill

  • Set up GitOps for Kubernetes clusters
  • Automate application deployments from Git
  • Implement progressive delivery strategies
  • Manage multi-cluster deployments
  • Configure automated sync policies
  • Set up secret management in GitOps

OpenGitOps Principles

  1. Declarative - Entire system described declaratively
  2. Versioned and Immutable - Desired state stored in Git
  3. Pulled Automatically - Software agents pull desired state
  4. Continuously Reconciled - Agents reconcile actual vs desired state

ArgoCD Setup

1. Installation

# Create namespace
kubectl create namespace argocd

# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Reference: See references/argocd-setup.md for detailed setup

2. Repository Structure

gitops-repo/
├── apps/
│   ├── production/
│   │   ├── app1/
│   │   │   ├── kustomization.yaml
│   │   │   └── deployment.yaml
│   │   └── app2/
│   └── staging/
├── infrastructure/
│   ├── ingress-nginx/
│   ├── cert-manager/
│   └── monitoring/
└── argocd/
    ├── applications/
    └── projects/

3. Create Application

# argocd/applications/my-app.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/org/gitops-repo
    targetRevision: main
    path: apps/production/my-app
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true

4. App of Apps Pattern

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: applications
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/org/gitops-repo
    targetRevision: main
    path: argocd/applications
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated: {}

Flux CD Setup

1. Installation

# Install Flux CLI
curl -s https://fluxcd.io/install.sh | sudo bash

# Bootstrap Flux
flux bootstrap github \
  --owner=org \
  --repository=gitops-repo \
  --branch=main \
  --path=clusters/production \
  --personal

2. Create GitRepository

apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: my-app
  namespace: flux-system
spec:
  interval: 1m
  url: https://github.com/org/my-app
  ref:
    branch: main

3. Create Kustomization

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: my-app
  namespace: flux-system
spec:
  interval: 5m
  path: ./deploy
  prune: true
  sourceRef:
    kind: GitRepository
    name: my-app

Sync Policies

Auto-Sync Configuration

ArgoCD:

syncPolicy:
  automated:
    prune: true      # Delete resources not in Git
    selfHeal: true   # Reconcile manual changes
    allowEmpty: false
  retry:
    limit: 5
    backoff:
      duration: 5s
      factor: 2
      maxDuration: 3m

Flux:

spec:
  interval: 1m
  prune: true
  wait: true
  timeout: 5m

Reference: See references/sync-policies.md

Progressive Delivery

Canary Deployment with ArgoCD Rollouts

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: my-app
spec:
  replicas: 5
  strategy:
    canary:
      steps:
      - setWeight: 20
      - pause: {duration: 1m}
      - setWeight: 50
      - pause: {duration: 2m}
      - setWeight: 100

Blue-Green Deployment

strategy:
  blueGreen:
    activeService: my-app
    previewService: my-app-preview
    autoPromotionEnabled: false

Secret Management

External Secrets Operator

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: db-credentials
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: aws-secrets-manager
    kind: SecretStore
  target:
    name: db-credentials
  data:
  - secretKey: password
    remoteRef:
      key: prod/db/password

Sealed Secrets

# Encrypt secret
kubeseal --format yaml < secret.yaml > sealed-secret.yaml

# Commit sealed-secret.yaml to Git

Best Practices

  1. Use separate repos or branches for different environments
  2. Implement RBAC for Git repositories
  3. Enable notifications for sync failures
  4. Use health checks for custom resources
  5. Implement approval gates for production
  6. Keep secrets out of Git (use External Secrets)
  7. Use App of Apps pattern for organization
  8. Tag releases for easy rollback
  9. Monitor sync status with alerts
  10. Test changes in staging first

Troubleshooting

Sync failures:

argocd app get my-app
argocd app sync my-app --prune

Out of sync status:

argocd app diff my-app
argocd app sync my-app --force

Related Skills

  • k8s-manifest-generator - For creating manifests
  • helm-chart-scaffolding - For packaging applications

More by wshobson

View all
nft-standards
24,432

Implement NFT standards (ERC-721, ERC-1155) with proper metadata handling, minting strategies, and marketplace integration. Use when creating NFT contracts, building NFT marketplaces, or implementing digital asset systems.

secrets-management
24,432

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

linkerd-patterns
24,432

Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead.

sast-configuration
24,432

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.