Skip to content

Portal | Level: L2: Operations | Topics: GitOps | Domain: DevOps & Tooling

GitOps (ArgoCD) - Skill Check

Mental model (bottom-up)

Git is the single source of truth. An in-cluster controller (ArgoCD/Flux) watches Git, compares desired state to live state, and reconciles continuously. Changes flow through pull requests, not kubectl apply.

Visual stack

[Git Repository   ]  desired state (YAML/Helm/Kustomize)
|
[ArgoCD Controller]  polls Git, computes diff, applies changes
|
[Kubernetes API   ]  live cluster state
|
[Self-Heal        ]  manual changes reverted automatically

Glossary

  • Application - ArgoCD CRD connecting a Git source to a cluster destination
  • sync - the act of applying desired state from Git to the cluster
  • drift - when live state differs from Git (OutOfSync)
  • self-heal - ArgoCD automatically reverts manual changes
  • prune - delete resources removed from Git
  • sync wave - annotation controlling resource apply order
  • App-of-Apps - parent Application managing child Applications

Core questions (easy -> hard)

  • What is GitOps?
  • Git is truth. Agent in cluster pulls desired state and reconciles.
  • Push vs pull deployment?
  • Push: CI applies to cluster. Pull: agent in cluster watches Git. Pull is more secure.
  • What happens if someone runs kubectl edit?
  • With selfHeal: ArgoCD reverts within sync interval (~3 min).
  • How do you handle secrets in GitOps?
  • Sealed Secrets, SOPS, or External Secrets Operator. Never plaintext in Git.
  • What causes sync loops?
  • Two controllers managing the same field (e.g., HPA + ArgoCD on replicas).
  • How do you roll back?
  • Preferred: git revert + push. Alternative: argocd app rollback.

Wiki Navigation

Related Content