Intermediate Architecture

GitOps at Scale with Argo CD and Multi-Cluster Kubernetes

Published Nov 15, 2024 9 min read

GitOps shifts the operational model for Kubernetes to a Git-centric approach. All desired state lives in version control, and a reconciliation loop continuously drives the cluster toward that state. Argo CD is the industry-standard tool implementing this loop at scale.

Why GitOps Changes Everything

Traditional deployment pipelines push changes to infrastructure. GitOps inverts this — the cluster pulls its desired state from Git. This shift has three structural implications:

  • Auditability — Every change is a Git commit. History is the deployment log.
  • Self-healing — Any manual drift is automatically reverted on the next sync.
  • Rollback — Rolling back is a git revert. No runbooks required.

Architectural Pro Tip

Separate your application manifests repository from your application code repository. This prevents accidental coupling between deployment state and source history.

Multi-Cluster Application Set

Argo CD’s ApplicationSet controller enables fleet-level management. A single ApplicationSet resource can generate individual Application objects for every cluster in your fleet:

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: guestbook
spec:
  generators:
    - clusters: {}
  template:
    metadata:
      name: '{{name}}-guestbook'
    spec:
      project: default
      source:
        repoURL: https://github.com/org/gitops-repo
        targetRevision: HEAD
        path: apps/guestbook/overlays/{{name}}
      destination:
        server: '{{server}}'
        namespace: guestbook
      syncPolicy:
        automated:
          prune: true
          selfHeal: true

Progressive Delivery with Rollouts

Pair Argo CD with Argo Rollouts for progressive delivery. A canary rollout stages traffic across multiple steps before full promotion:

apiVersion: argoproj.io/v1alpha1
kind: Rollout
spec:
  strategy:
    canary:
      steps:
        - setWeight: 10
        - pause: { duration: 5m }
        - setWeight: 40
        - pause: { duration: 10m }
        - setWeight: 100

Operational Warning

Enabling automated sync with pruning on production clusters without a proper promotion gate will delete resources when branches are merged. Always gate production sync behind a manual approval step.

Drift Detection and Alerting

Argo CD’s health status surfaces drift in real time. Integrate with your alerting stack by exposing the argocd_app_sync_status Prometheus metric and alerting on OutOfSync states persisting beyond your SLA threshold.