From Chaos to Control: A GitOps Journey with ArgoCD, AWS CodeCommit, EKS, and CDK

The deployment nightmare: A story every developer knows

Picture this: It’s 2 AM, and you’re staring at a screen filled with error messages. Another unexpected cluster deployment has gone wrong. Your team has spent hours tracking down a configuration drift, manually patching systems, and wrestling with infrastructure that seems to have a mind of its own. Sound familiar?

This is the world before GitOps — a chaotic landscape of manual interventions, inconsistent deployments, and sleepless nights.

The GitOps revolution: Turning chaos into control

GitOps isn’t just another buzzword. It’s a game-changing approach that transforms how we manage Kubernetes clusters. Think of it as a GPS for your cloud infrastructure — always knowing exactly where you are, how you got there, and how to get back if something goes wrong. In this article, we’ll explore the power of GitOps and walk through a real-world example using ArgoCD, AWS CodeCommit, EKS, and CDK.

What exactly is GitOps?

GitOps is a modern approach to software deployment that leverages Git as the single source of truth for both infrastructure and application code. It applies the familiar Git pull request workflow to operational procedures, providing a unified and automated approach to deployments.

The traditional CI/CD workflow vs. GitOps

Traditional CI/CD

1. Developer writes code and pushes to a repository (e.g., GitHub, CodeCommit)
2. CI process builds the Docker image
3. CI pushes the image to a repository (e.g., Amazon ECR)
4. CD process deploys the manifest to the Kubernetes cluster

This push-based model works but has limitations. What happens when things go wrong?

Enter GitOps: The push-pull model

GitOps introduces a crucial difference in the CD part:

1. CI remains the same (code push, build, image push)
2. A GitOps tool (e.g., ArgoCD) continuously runs in the Kubernetes cluster
3. This tool constantly checks the Git repository for changes
4. When changes are detected, it automatically syncs the cluster state

The power of GitOps: A real-world scenario

Imagine a “hands-on” team member with cluster access who makes unauthorized changes:

• With traditional CD: Changes might go unnoticed, requiring manual intervention
• With GitOps: The tool detects discrepancies and automatically reverts to the desired state

GitOps ensures that your Git repository truly becomes the single source of truth for your infrastructure.

Implementing GitOps: A practical guide

Let’s walk through setting up a GitOps workflow using AWS services and ArgoCD.

Prerequisites

• AWS CLI (v2)
• AWS CDK (v2.19.0+)
• kubectl
• eksctl
• CDK bootstrapping (https://docs.aws.amazon.com/cdk/v2/guide/ref-cli-cmd-bootstrap.html)

Step-by-step implementation

1. Download the code from github
   https://github.com/mukherarn1/argocd-demo.git
   
2. Create a CodeCommit repository
   aws codecommit create-repository --repository-name argocd-demo
3. Set up Git credentials
   

   git config --global credential.helper '!aws codecommit credential-helper $@'
   git config --global credential.UseHttpPath true

4. Clone the CodeCommit repository
   

   git clone codecommit::ap-south-1://argocd-demo
   cd argocd-demo

5. Initialize CDK project
   

   cdk init app --language python
   python -m venv .venv
   source .venv/Scripts/activate
   pip install -r requirements.txt

6. Deploy the CDK stacks
   
   • Update var.config.json with your environment details
   • Change the image name in the argocd/deploymnet.yaml
   • Verify the repoURL under manifests/guestbook-app.yaml
   • Push changes to CodeCommit
   • Run cdk deploy
7. Verify deployment
   • Check CodePipeline in AWS Console
   • Verify Load Balancers in EC2 dashboard -> You will see two Classic load balancer is created, One for Argocd and the other for application
     
8. Access ArgoCD
   

   Run the below command to authenticate your kubectl with AWS EKS

   eks update-kubeconfig — name eksargocd — region ap-south-1 — role-arn arn:aws:iam::<accountID>:role/eksmasterrole to retrieve the password

   Paste the ELB DNS URL for ArgoCD and enter the credentials

   • • Username: admin
     • Password — kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=”{.data.password}” | base64 -d
        

Understanding the CDK stacks

Our implementation uses three main stacks:

1. CodeBuildEksStack: Sets up the CI process
2. EksClusterStack: Creates the EKS cluster
3. CodeBuildArgocdStack: Installs ArgoCD and deploys the application

These stacks handle everything from creating IAM roles to setting up CodeBuild projects and installing necessary CLI tools.

Note: You can use any code repository, such as GitHub. Just ensure the integration is set up and update the source configuration in the CDK code accordingly.

Beyond just another deployment strategy

GitOps is more than a tool — it’s a philosophy. It’s about transforming infrastructure management from a reactive process to a proactive strategy. By making Git your single source of truth, you’re not just deploying code. You’re:

• Ensuring consistent, reliable deployments
• Creating an audit trail for every change
• Empowering your team to innovate faster
• Reducing the risk of human error

The future is declarative: Are you ready?

Cloud-native development is evolving. GitOps represents the next frontier — where infrastructure becomes as agile, trackable, and manageable as the code we write.

Are you tired of deployment chaos? Ready to take control of your Kubernetes infrastructure? Your GitOps journey starts here.

Pro Tip: GitOps isn’t just a technology. It’s a mindset. Start small, iterate quickly, and watch your infrastructure transform.