Back to DevOps & CI/CD
gitops-workflow
GitOpsKubernetesArgoCDFlux CDCI/CDDevOpsDeclarativeAutomationCloud-Native
Install this skill
npx skills add wshobson/agentsWorks across Claude Code, Cursor, Codex, Copilot & Antigravity
The GitOps workflow skill focuses on establishing Kubernetes cluster states that strictly mirror source code repositories. By treating Git as the single source of truth, it ensures that your cluster configuration, application deployments, and infrastructure components remain synchronized through automated reconciliation agents. This skill encompasses the technical implementation of either ArgoCD or Flux CD, enabling developers to manage environment-specific configurations, progressive delivery strategies, and secure secret handling without manual kubectl interventions. By adhering to the core OpenGitOps principles of declarative, immutable, and versioned state, this skill provides a rigorous framework for continuous delivery. It facilitates environment consistency across staging and production clusters, eliminates configuration drift, and maintains a clear audit log of every change applied to your container orchestration platform.
When to Use This Skill
- โขStandardizing deployment patterns across dev, staging, and production namespaces
- โขEnforcing configuration consistency in multi-tenant Kubernetes environments
- โขReducing downtime during release cycles with automated rollbacks and progressive delivery
- โขImplementing strict audit trails for infrastructure changes via Git commit history
How to Invoke This Skill
Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:
- โSet up ArgoCD for my Kubernetes cluster
- โImplement a GitOps pipeline for production deployments
- โHow to manage multi-environment configs using Flux CD
- โAutomate Kubernetes application synchronization from my GitHub repository
- โConfigure progressive delivery for my microservices
Pro Tips
- ๐กAlways use separate Git repositories for application manifests and infrastructure configuration to maintain clear separation of concerns.
- ๐กImplement robust secret management solutions (e.g., Sealed Secrets, External Secrets Operator) to keep sensitive data encrypted in your Git repositories.
- ๐กStart with a single application or environment to refine your GitOps workflow before scaling to more complex deployments.
What this skill does
- โขDeclarative configuration management for Kubernetes clusters
- โขAutomated sync and self-healing of cluster resources via controller reconciliation
- โขMulti-cluster environment propagation using the App of Apps pattern
- โขCanary and blue-green deployment orchestration with Argo Rollouts
- โขExternal Secret integration for secure credential injection into Git-managed workflows
When not to use it
- โHigh-frequency manual experimentation on local clusters where constant reconciliation triggers conflicts
- โEnvironments requiring immediate 'hot-fixes' that must bypass version control workflows
Example workflow
- Install the GitOps controller into the target Kubernetes cluster
- Define a Git repository containing Kubernetes manifests or Helm charts
- Create an Application resource in the cluster pointing to the repository path
- Set the sync policy to automated for continuous reconciliation
- Push changes to the Git branch to trigger cluster updates
Prerequisites
- โA running Kubernetes cluster
- โAdministrative access with kubectl
- โA Git repository for configuration storage
Pitfalls & limitations
- !Direct manual edits to cluster resources will be overwritten by the reconciliation agent
- !Exposing sensitive data in plain text within the Git repository
- !Bootstrapping cyclic dependencies where the GitOps agent is removed by its own configuration
FAQ
What happens if I make a change with kubectl?
If self-healing is enabled, the GitOps controller will detect the drift and automatically overwrite your manual change to restore the state defined in Git.
Should I store production secrets in my Git repository?
No. Always use tools like Sealed Secrets or the External Secrets Operator to keep actual credentials outside of your version control system.
What is the App of Apps pattern?
It is a strategy where a parent ArgoCD application manages a set of child applications, allowing you to bootstrap entire environments with a single root configuration.
How it compares
Unlike manual deployments via scripts or CI pipelines that 'push' to clusters, GitOps uses 'pull' reconciliation to ensure the cluster state never deviates from the declared Git state.
๐ Full skill instructions โ original source: wshobson/agents
# GitOps Workflow
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
## Purpose
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
## When to Use This Skill
- Set up GitOps for Kubernetes clusters
- Automate application deployments from Git
- Implement progressive delivery strategies
- Manage multi-cluster deployments
- Configure automated sync policies
- Set up secret management in GitOps
## OpenGitOps Principles
1. **Declarative** - Entire system described declaratively
2. **Versioned and Immutable** - Desired state stored in Git
3. **Pulled Automatically** - Software agents pull desired state
4. **Continuously Reconciled** - Agents reconcile actual vs desired state
## ArgoCD Setup
### 1. Installation
**Reference:** See
### 2. Repository Structure
### 3. Create Application
### 4. App of Apps Pattern
## Flux CD Setup
### 1. Installation
### 2. Create GitRepository
### 3. Create Kustomization
## Sync Policies
### Auto-Sync Configuration
**ArgoCD:**
**Flux:**
**Reference:** See
## Progressive Delivery
### Canary Deployment with ArgoCD Rollouts
### Blue-Green Deployment
## Secret Management
### External Secrets Operator
### Sealed Secrets
## Best Practices
1. **Use separate repos or branches** for different environments
2. **Implement RBAC** for Git repositories
3. **Enable notifications** for sync failures
4. **Use health checks** for custom resources
5. **Implement approval gates** for production
6. **Keep secrets out of Git** (use External Secrets)
7. **Use App of Apps pattern** for organization
8. **Tag releases** for easy rollback
9. **Monitor sync status** with alerts
10. **Test changes** in staging first
## Troubleshooting
**Sync failures:**
**Out of sync status:**
## Related Skills
-
-
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
## Purpose
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
## When to Use This Skill
- Set up GitOps for Kubernetes clusters
- Automate application deployments from Git
- Implement progressive delivery strategies
- Manage multi-cluster deployments
- Configure automated sync policies
- Set up secret management in GitOps
## OpenGitOps Principles
1. **Declarative** - Entire system described declaratively
2. **Versioned and Immutable** - Desired state stored in Git
3. **Pulled Automatically** - Software agents pull desired state
4. **Continuously Reconciled** - Agents reconcile actual vs desired state
## ArgoCD Setup
### 1. Installation
# Create namespace
kubectl create namespace argocd
# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d**Reference:** See
references/argocd-setup.md for detailed setup### 2. Repository Structure
gitops-repo/
โโโ apps/
โ โโโ production/
โ โ โโโ app1/
โ โ โ โโโ kustomization.yaml
โ โ โ โโโ deployment.yaml
โ โ โโโ app2/
โ โโโ staging/
โโโ infrastructure/
โ โโโ ingress-nginx/
โ โโโ cert-manager/
โ โโโ monitoring/
โโโ argocd/
โโโ applications/
โโโ projects/### 3. Create Application
# argocd/applications/my-app.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: apps/production/my-app
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true### 4. App of Apps Pattern
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: applications
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: argocd/applications
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated: {}## Flux CD Setup
### 1. Installation
# Install Flux CLI
curl -s https://fluxcd.io/install.sh | sudo bash
# Bootstrap Flux
flux bootstrap github \
--owner=org \
--repository=gitops-repo \
--branch=main \
--path=clusters/production \
--personal### 2. Create GitRepository
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: my-app
namespace: flux-system
spec:
interval: 1m
url: https://github.com/org/my-app
ref:
branch: main### 3. Create Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: my-app
namespace: flux-system
spec:
interval: 5m
path: ./deploy
prune: true
sourceRef:
kind: GitRepository
name: my-app## Sync Policies
### Auto-Sync Configuration
**ArgoCD:**
syncPolicy:
automated:
prune: true # Delete resources not in Git
selfHeal: true # Reconcile manual changes
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m**Flux:**
spec:
interval: 1m
prune: true
wait: true
timeout: 5m**Reference:** See
references/sync-policies.md## Progressive Delivery
### Canary Deployment with ArgoCD Rollouts
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 5
strategy:
canary:
steps:
- setWeight: 20
- pause: { duration: 1m }
- setWeight: 50
- pause: { duration: 2m }
- setWeight: 100### Blue-Green Deployment
strategy:
blueGreen:
activeService: my-app
previewService: my-app-preview
autoPromotionEnabled: false## Secret Management
### External Secrets Operator
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: db-credentials
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets-manager
kind: SecretStore
target:
name: db-credentials
data:
- secretKey: password
remoteRef:
key: prod/db/password### Sealed Secrets
# Encrypt secret
kubeseal --format yaml < secret.yaml > sealed-secret.yaml
# Commit sealed-secret.yaml to Git## Best Practices
1. **Use separate repos or branches** for different environments
2. **Implement RBAC** for Git repositories
3. **Enable notifications** for sync failures
4. **Use health checks** for custom resources
5. **Implement approval gates** for production
6. **Keep secrets out of Git** (use External Secrets)
7. **Use App of Apps pattern** for organization
8. **Tag releases** for easy rollback
9. **Monitor sync status** with alerts
10. **Test changes** in staging first
## Troubleshooting
**Sync failures:**
argocd app get my-app
argocd app sync my-app --prune**Out of sync status:**
argocd app diff my-app
argocd app sync my-app --force## Related Skills
-
k8s-manifest-generator - For creating manifests-
helm-chart-scaffolding - For packaging applicationsBy W. Shobson
How to Use This Skill Unit
Option A: Project-Specific (Recommended)
- Click "Download" above
- In your project, create the directory:
.agent/skills/gitops-workflow/ - Save the file as
SKILL.md - The agent will automatically discover the skill based on its description.
Option B: Global Installation (All Agents)
Save the file to these locations to make it available across all projects:
- Claude Code:
~/.claude/skills/wshobson/agents/gitops-workflow/SKILL.md - Cursor:
~/.cursor/skills/wshobson/agents/gitops-workflow/SKILL.md - Antigravity:
~/.gemini/antigravity/skills/wshobson/agents/gitops-workflow/SKILL.md
๐ Install with CLI:npx skills add wshobson/agents
Recommended Rules
View more rules โGitOps & ArgoCD Expert
GitOpsArgoCDKubernetes
You are an expert in GitOps methodology and ArgoCD. Key Principles: - Git as the single source of truth - Declarative infrastructure and applications...
๐ DevOps & CI/CD Agent - Pipeline Expert
Agentic AIDevOpsCI/CD
You are an expert DevOps and CI/CD agent specialized in designing and implementing robust deployment pipelines and infrastructure. Apply systematic re...
Python DevOps & Infrastructure Automation
PythonDevOpsInfrastructure
You are an expert in Python for DevOps, infrastructure automation, and CI/CD. Key Principles: - Automate repetitive tasks - Use infrastructure as cod...
Recommended Workflows
View more workflows โSetup Husky Git Hooks
GitAutomationQuality
--- description: Automate code quality checks with pre-commit and pre-push hooks --- 1. **Install Husky**: - Install husky and lint-staged. // ...
Setup Environment Variables Per Branch
DevOpsEnvironmentVercel
--- description: Configure different env vars for dev, staging, and production --- 1. **Local Development (.env.local)**: - Create `.env.local` fo...
Setup Vercel Cron Jobs
VercelCronAutomation
--- description: Create and test scheduled tasks in Next.js --- 1. **Create Cron Config**: - Add `crons` to `vercel.json`. ```json { "c...
