# === ArgoCD Application: Single app deployment ===
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: myapp-production
namespace: argocd
labels:
team: platform
environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: production
source:
repoURL: https://github.com/myorg/k8s-manifests.git
targetRevision: main
path: environments/production/myapp
# For Helm charts:
# helm:
# valueFiles:
# - values-production.yaml
# parameters:
# - name: image.tag
# value: "v1.2.3"
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true # Delete resources removed from git
selfHeal: true # Revert manual changes in cluster
allowEmpty: false # Don't sync if manifests are empty
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true # Prune after other syncs complete
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
# Health checks and status
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas # Ignore HPA-managed replica count
info:
- name: url
value: https://myapp.example.com
---
# === ArgoCD ApplicationSet: Multi-environment generator ===
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: myapp-environments
namespace: argocd
spec:
goTemplate: true
goTemplateOptions: ["missingkey=error"]
generators:
- list:
elements:
- env: staging
cluster: https://kubernetes.default.svc
namespace: staging
autoSync: true
branch: develop
- env: production
cluster: https://kubernetes.default.svc
namespace: production
autoSync: false # Manual approval for production
branch: main
template:
metadata:
name: "myapp-{{ .env }}"
namespace: argocd
labels:
environment: "{{ .env }}"
spec:
project: "{{ .env }}"
source:
repoURL: https://github.com/myorg/k8s-manifests.git
targetRevision: "{{ .branch }}"
path: "environments/{{ .env }}/myapp"
destination:
server: "{{ .cluster }}"
namespace: "{{ .namespace }}"
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
---
# === ArgoCD Project: RBAC and source restrictions ===
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: production
namespace: argocd
spec:
description: Production environment project
sourceRepos:
- https://github.com/myorg/k8s-manifests.git
- https://charts.example.com
destinations:
- server: https://kubernetes.default.svc
namespace: production
name: in-cluster
clusterResourceWhitelist:
- group: ""
kind: Namespace
namespaceResourceWhitelist:
- group: "*"
kind: "*"
roles:
- name: deployer
description: Can sync applications
policies:
- p, proj:production:deployer, applications, sync, production/*, allow
- p, proj:production:deployer, applications, get, production/*, allow
groups:
- platform-team
Implement GitOps with ArgoCD for declarative, git-driven Kubernetes deployments. Configure Application and ApplicationSet resources, automated sync policies, health checks, and multi-environment promotion. Keep your cluster state in sync with your Git repository.
