Why GitOps?
GitOps is more than a deployment methodology — it's a paradigm shift in how we think about infrastructure management. By treating Git as the single source of truth, every change is auditable, reversible, and reproducible.
At TechTransLab, we run our entire multi-application platform on GKE using ArgoCD as the continuous delivery engine. This article walks through our architecture and the lessons learned from operating it in production.
The App-of-Apps Pattern
The core of our setup is the App-of-Apps pattern. A single root Application manifest generates individual ArgoCD Applications for each service. This gives us:
- Centralized control over all deployments
- Environment-specific overlays via Kustomize
- Sync waves for dependency ordering
- Automatic pruning and self-healing
Sync Waves in Practice
Sync waves let you control the order in which resources are applied. For example, databases deploy at wave 10, application backends at wave 20, and frontends at wave 30.
annotations:
argocd.argoproj.io/sync-wave: "10"Secret Management
We use External Secrets Operator with GCP Secret Manager. Secrets are stored as JSON in GSM and synced into Kubernetes Secrets via ClusterSecretStore. Zero plaintext secrets in Git.
The best secret management is the one where developers never touch secrets directly.
Lessons Learned
After running this setup for over a year, here are our key takeaways:
- Start simple. Don't over-engineer your GitOps setup on day one.
- ServerSideApply is your friend. It resolves most conflict issues.
- Monitor sync status. A custom health check script saves hours of debugging.
GitOps has fundamentally changed how we ship software. The confidence that comes from knowing every production change is a git commit is invaluable.