1. Why GitOps?
- Single Source of Truth
Store both your application code and cluster manifests in Git. Every change is versioned, auditable, and the ground truth for your infrastructure. - Continuous Reconciliation
GitOps controllers (e.g., Argo CD, Flux) watch your repos and automatically sync any updates to the live cluster—no manualkubectlcommands required. - Self‑healing
If someone “drifts” the cluster with an ad‑hoc change, the controller will detect it and revert back to the desired state you’ve defined in Git.
2. Helm Charts Made Simple
- What Is a Helm Chart?
A Chart is a package containing templated Kubernetes manifests plus default configuration in avalues.yaml. - Why Use Helm v3?
- No separate server component (no Tiller)
- Better security and dependency management
- Library charts for reusable templates
3. From Imperative to Declarative
- Imperative Workflow
You run commands (kubectl apply …) and hope nothing breaks. Drift and human error are common. - Declarative GitOps
You commit a change to Git. A controller applies it automatically. Your Git history is your deployment log.
4. Hands‑On: Deploy the Sample Python App
We’ll use the codefresh-contrib/helm-gitops-example repo, which includes a simple Python web‑app packaged as a Helm chart.
- Clone the demo repo
git clone https://github.com/codefresh-contrib/helm-gitops-example.git cd helm-gitops-example - Inspect the Chart
- Open
charts/python/Chart.yamlto see metadata - Edit
charts/python/values.yamlto customize replica count or image tag
- Open
- Install with Helm
helm install demo-app charts/python --namespace default - Verify & Rollback
helm list --namespace default helm history demo-app helm rollback demo-app 1 - Access the App
Then open your browser atkubectl port-forward svc/demo-app-python 5000:80http://localhost:5000to see the running app.
5. Set Up Argo CD
- Install Argo CD
kubectl create namespace argocd kubectl apply -n argocd \ -f https://github.com/argoproj/argo-cd/releases/latest/download/install.yaml - Point Argo CD at Your Helm Chart
Create
demo-app.yaml:apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: demo-app namespace: argocd spec: project: default source: repoURL: https://github.com/codefresh-contrib/helm-gitops-example.git path: charts/python targetRevision: main destination: server: https://kubernetes.default.svc namespace: default syncPolicy: automated: prune: true selfHeal: truekubectl apply -f demo-app.yaml
6. Automate CI with GitHub Actions
Add this to .github/workflows/ci.yml in your charts/ folder:
name: Lint & Publish Helm Chart
on:
push:
paths:
- 'charts/**'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Lint Chart
run: helm lint charts/python
- name: Package Chart
run: helm package charts/python --destination ./packages
- name: Publish Chart
uses: charts/publish-action@v1
with:
chart-version: ${{ github.sha }}7. Tools & Tips
- Argo CD v2.5+: Advanced Helm support, RBAC, health checks.
- Flux v2: GitOps with Helm Controller, multi‑cluster deployments.
- Helmfile: Manage multiple charts and environments together.
- Kustomize: Overlay patches on Helm outputs for environment‑specific tweaks.
- Secrets: Use SealedSecrets or Vault—never store raw secrets in Git.
- Versioning: Automate chart version bumps in CI.
- RBAC: Grant least‑privilege permissions to GitOps controllers.
8. Looking Ahead
- GitOps Hubs centralizing policies across clusters.
- Crossplane to manage cloud resources via GitOps.
- AI‑Assisted Pipelines, suggesting optimal sync intervals and Helm values.
- Federated GitOps for thousands of clusters with Argo CD Federation.
By combining Helm’s flexible templating with GitOps’ declarative model—using a real, working demo repo—you get fast, reliable, and fully auditable Kubernetes deployments. Merge your change, and the pipeline takes care of the rest.
Image credit: Designed by Freepik
