gitops-workflow
Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.
Install with Tessl CLI
npx tessl i github:majiayu000/claude-skill-registry --skill gitops-workflow72
Does it follow best practices?
Optimize this skill
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
GitOps Workflow
🤖 智能体与 MCP 增强 (Agent & MCP Enhancements)
本 Skill 支持并推荐配合特定的智能体角色和 MCP 工具使用,以获得最佳效果。
推荐智能体角色
- DevOps Engineer: 详见 AGENTS.md。
- 该角色专注于 IaC (基础设施即代码) 和自动化流水线。
- 启用后,AI 将严格遵循声明式 API 原则,避免命令式操作。
推荐 MCP 工具
- Kubectl MCP: 允许 AI 直接监控集群状态和调试 Pod。
- Git/GitHub MCP: 用于管理 GitOps 仓库的配置变更和 PR 流程。
- mcp-feedback-enhanced: 在配置自动同步策略 (Auto-Sync) 或处理敏感信息 (Secrets) 时,使用
ask_followup_question确认用户的安全偏好和操作边界。
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
Purpose
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
When to Use This Skill
- Set up GitOps for Kubernetes clusters
- Automate application deployments from Git
- Implement progressive delivery strategies
- Manage multi-cluster deployments
- Configure automated sync policies
- Set up secret management in GitOps
OpenGitOps Principles
- Declarative - Entire system described declaratively
- Versioned and Immutable - Desired state stored in Git
- Pulled Automatically - Software agents pull desired state
- Continuously Reconciled - Agents reconcile actual vs desired state
ArgoCD Setup
1. Installation
# Create namespace
kubectl create namespace argocd
# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dReference: See references/argocd-setup.md for detailed setup
2. Repository Structure
gitops-repo/
├── apps/
│ ├── production/
│ │ ├── app1/
│ │ │ ├── kustomization.yaml
│ │ │ └── deployment.yaml
│ │ └── app2/
│ └── staging/
├── infrastructure/
│ ├── ingress-nginx/
│ ├── cert-manager/
│ └── monitoring/
└── argocd/
├── applications/
└── projects/3. Create Application
# argocd/applications/my-app.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: apps/production/my-app
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true4. App of Apps Pattern
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: applications
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: argocd/applications
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated: {}Flux CD Setup
1. Installation
# Install Flux CLI
curl -s https://fluxcd.io/install.sh | sudo bash
# Bootstrap Flux
flux bootstrap github \
--owner=org \
--repository=gitops-repo \
--branch=main \
--path=clusters/production \
--personal2. Create GitRepository
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: my-app
namespace: flux-system
spec:
interval: 1m
url: https://github.com/org/my-app
ref:
branch: main3. Create Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: my-app
namespace: flux-system
spec:
interval: 5m
path: ./deploy
prune: true
sourceRef:
kind: GitRepository
name: my-appSync Policies
Auto-Sync Configuration
ArgoCD:
syncPolicy:
automated:
prune: true # Delete resources not in Git
selfHeal: true # Reconcile manual changes
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3mFlux:
spec:
interval: 1m
prune: true
wait: true
timeout: 5mReference: See references/sync-policies.md
Progressive Delivery
Canary Deployment with ArgoCD Rollouts
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 5
strategy:
canary:
steps:
- setWeight: 20
- pause: { duration: 1m }
- setWeight: 50
- pause: { duration: 2m }
- setWeight: 100Blue-Green Deployment
strategy:
blueGreen:
activeService: my-app
previewService: my-app-preview
autoPromotionEnabled: falseSecret Management
External Secrets Operator
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: db-credentials
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets-manager
kind: SecretStore
target:
name: db-credentials
data:
- secretKey: password
remoteRef:
key: prod/db/passwordSealed Secrets
# Encrypt secret
kubeseal --format yaml < secret.yaml > sealed-secret.yaml
# Commit sealed-secret.yaml to GitBest Practices
- Use separate repos or branches for different environments
- Implement RBAC for Git repositories
- Enable notifications for sync failures
- Use health checks for custom resources
- Implement approval gates for production
- Keep secrets out of Git (use External Secrets)
- Use App of Apps pattern for organization
- Tag releases for easy rollback
- Monitor sync status with alerts
- Test changes in staging first
Troubleshooting
Sync failures:
argocd app get my-app
argocd app sync my-app --pruneOut of sync status:
argocd app diff my-app
argocd app sync my-app --forceRelated Skills
k8s-manifest-generator- For creating manifestshelm-chart-scaffolding- For packaging applications
- Repository
- majiayu000/claude-skill-registry
- Commit
dabfdae
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.