jpugh.org

Building Resilient CI/CD Pipelines with GitOps

Published: August 25, 2025 DevOps

Introduction to GitOps CI/CD

GitOps represents a paradigm shift in continuous delivery, leveraging Git as the single source of truth for declarative infrastructure and application deployments. This guide explores advanced GitOps strategies using tools like ArgoCD and Flux.

Key GitOps Principles

  • Declarative system description
  • Version-controlled configuration
  • Automated synchronization
  • Immutable infrastructure

ArgoCD: Declarative Continuous Delivery

Application Configuration

Define your application deployment using ArgoCD's Application Custom Resource:

# ArgoCD Application Manifest
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: microservice-app
spec:
  project: default
  source:
    repoURL: https://github.com/org/microservice-repo
    targetRevision: main
    path: k8s/overlays/production
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Flux CD: GitOps Toolkit

Automated Deployment Synchronization

Implement progressive delivery with Flux v2:

# Flux Kustomization for Deployment
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: webapp-deployment
spec:
  interval: 5m
  sourceRef:
    kind: GitRepository
    name: webapp-repo
  path: ./deployment
  prune: true
  targetNamespace: production
  healthChecks:
    - apiVersion: apps/v1
      kind: Deployment
      name: webapp
      namespace: production

Advanced Deployment Strategies

Canary and Blue/Green Deployments

Implement progressive delivery with Argo Rollouts:

# Argo Rollouts Canary Deployment
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: webapp-rollout
spec:
  strategy:
    canary:
      steps:
      - setWeight: 20
      - pause: {duration: 10m}
      - setWeight: 40
      - pause: {duration: 10m}
      - setWeight: 60
      - pause: {duration: 10m}
      - setWeight: 80
      - pause: {duration: 10m}

Security and Compliance

Policy Enforcement with Kyverno

Integrate policy checks into your GitOps workflow:

# Kyverno Policy for Deployment Validation
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-image-pull-policy
spec:
  validationFailureAction: enforce
  rules:
  - name: check-image-pull-policy
    match:
      resources:
        kinds:
        - Deployment
    validate:
      message: "Images must have Always pull policy"
      pattern:
        spec:
          template:
            spec:
              containers:
              - imagePullPolicy: Always

Conclusion

GitOps transforms continuous delivery by providing a declarative, version-controlled approach to infrastructure and application management. By leveraging tools like ArgoCD, Flux, and Argo Rollouts, organizations can achieve more reliable, reproducible, and secure deployments.