[Lauro Fialho Müller] GitOps in Practice with Argo CD and Argo Rollouts [ENG, 2026]: Argo CD
Делаю:
2026.01.28
Chapter 05 Argo CD - Core Concepts
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/lm-academy/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
destination:
server: https://kubernetes.default.svc
namespace: default
EOF
$ argocd login <ARGOCD_HOST>
$ argocd app list
$ argocd app sync guestbook
$ kubectl port-forward svc/guestbook-ui 8080:80
http://localhost:8080
Chapter 06 Argo CD - Helm Integration
Делаю:
2026.01.27
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/lm-academy/argocd-example-apps.git
targetRevision: HEAD
path: helm-guestbook
helm:
valueFiles:
- values.yaml
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
EOF
006. Lab - Deploying Public Helm Charts - Solution
https://github.com/lm-academy/argocd-course/tree/main/public-helm-charts/manifests
https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard
$ kubectl create token k8s-dashboard-view -n k8s-dashboard
$ argocd app sync k8s-dashboard
$ kubectl port-forward src/k8s-dashboard-kong-proxy 8443:443 -n k8s-dashboard
http://localhost:8443
$ kubectl get clusterrole
$ kubectl get clusterrole -o yaml
$ kubectl describe clusterrole view
Chapter 08 Argo CD - Private Repositories
Делаю:
2026.01.28
003. Lab - Private Repos via HTTPS
Создаю приватное репо: argocd-course-private-repo-demo
Копирую в него каталог: https://github.com/lm-academy/argocd-example-apps/tree/master/helm-guestbook
Создаю PAT:
https://github.com/settings/tokens
Token name: argocd-private-repo-https
Repository access: Only select repositories
Add permission: Contents (Read-only)
1. Способ в UI
ARGO -> Settings -> Repositories -> Connect Reposistories
Chose your connection method: VIA HTTP/HTTPS
Type: git
Project: default
Repository URL: https://github.com/wildmakaka/argocd-course-private-repo-demo.git
Username: wildmakaka
Passsword: PAT
Connect
2. Способ в CLI
$ export GITHUB_PAT=<YOUR_GITHUB_PAT>
$ kubectl create secret generic private-repo-https --from-literal type=git --from-literal password=${GITHUB_PAT} --from-literal username=wildmakaka --from-literal url=https://github.com/wildmakaka/argocd-course-private-repo-demo.git -n argocd
$ kubectl label secret private-repo-https argocd.argoproj.io/secret-type=repository -n argocd
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/wildmakaka/argocd-course-private-repo-demo.git
targetRevision: HEAD
path: helm-guestbook
helm:
valueFiles:
- values.yaml
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
EOF
$ kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
guestbook-helm-guestbook-5b66c4c879-xbc9x 1/1 Running 0 96s
008. Lab - Private Repos via SSH
$ mkdir .ssh
$ ssh-keygen -t ed25519 -C "argocd-deploy-key" -f ./.ssh/argocd-deploy-key
// Скопировать public key в буфер
$ cat ./.ssh/argocd-deploy-key.pub | xclip -selection clipboard
Github -> Project -> Settings -> Deploy Keys
https://github.com/wildmakaka/argocd-course-private-repo-demo/settings/keys
Title: argocd-deploy-key
Key: Public Key
Add key
1. Способ в UI
ARGO -> Settings -> Repositories -> Connect Reposistories
Chose your connection method: VIA SSH
Project: default
Repository URL: git@github.com:wildmakaka/argocd-course-private-repo-demo.git
SSH private key data: OPENSSH PRIVATE KEY
Username: wildmakaka
Passsword: PAT
Connect
2. Способ в CLI
$ PRIVATE_KEY=$(cat .ssh/argocd-deploy-key)
$ echo ${PRIVATE_KEY}
$ kubectl create secret generic private-repo-ssh --from-literal type=git --from-literal url=git@github.com:wildmakaka/argocd-course-private-repo-demo.git --from-literal sshPrivateKey="${PRIVATE_KEY}" -n argocd
$ kubectl label secret private-repo-ssh argocd.argoproj.io/secret-type=repository -n argocd
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: git@github.com:wildmakaka/argocd-course-private-repo-demo.git
targetRevision: HEAD
path: helm-guestbook
helm:
valueFiles:
- values.yaml
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
EOF
$ kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
guestbook-helm-guestbook-5b66c4c879-xbc9x 1/1 Running 0 34m
Chapter 09 Argo CD - Application Orchestration
Делаю:
2026.01.28
003. Lab - Configuring Projects
$ argocd proj list
$ argocd get default
$ cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: finance
EOF
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: team-finance
namespace: argocd
spec:
description: Project for Team Finance with security guardrails
sourceRepos:
- "https://github.com/lm-academy/argocd-example-apps.git"
destinations:
- server: https://kubernetes.default.svc
namespace: finance
# clusterResourceWhitelist:
# - group: "*"
# kind: "*"
namespaceResourceWhitelist:
- group: "*"
kind: "*"
EOF
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: team-finance
source:
repoURL: https://github.com/lm-academy/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
destination:
server: https://kubernetes.default.svc
namespace: finance
syncPolicy:
automated:
prune: true
selfHeal: true
EOF
008. Lab - Implementing Sync Hooks
$ cat << EOF | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/lm-academy/argocd-example-apps.git
path: helm-guestbook
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
EOF
$ cat << EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
name: db-migration-job
annotation:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation,HookSucceeded
spec:
backoffLimit: 2
template:
spec:
restartPolicy: Never
containers:
- name: migration
image: busybox
command:
- "sh"
- "-c"
- "echo 'Running db migration...'; sleep 10; echo 'Done!'"
EOF
012. Lab - Ordering with Sync Waves
$ cat << EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
name: db-check-job
annotation:
argocd.argoproj.io/sync-wave: "2"
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation,HookSucceeded
spec:
backoffLimit: 2
template:
spec:
restartPolicy: Never
containers:
- name: check
image: busybox
command:
- "sh"
- "-c"
- "echo 'Running db check to $DB_HOST...'; sleep 10; echo 'Connected!'"
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: db-config
key: db_host
EOF
$ cat << EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: db-config
annotation:
argocd.argoproj.io/sync-wave: "1"
data:
db_host: "postgres-db"
EOF