Our current Jenkins pipeline for kubernetes feels clunky. We are manually updating image tags in our YAML files, which is prone to error. Should we be moving toward a GitOps approach with tools like ArgoCD, or is there a better way to handle automated deployments and rollbacks?
3 answers
Moving to GitOps is the best decision you can make for your kubernetes strategy. With ArgoCD, your Git repository becomes the "single source of truth." When you push a new image tag to Git, ArgoCD detects the difference and automatically syncs the cluster to match the repo. This eliminates the "clunky" manual steps you mentioned. We implemented this workflow in early 2023 and it made rollbacks as simple as reverting a Git commit. It also provides a clear audit log of who changed what in the kubernetes environment, which is great for team transparency and stability.
How do you handle secrets in your GitOps flow? Putting them in plain text in a Git repo is a huge security risk for any kubernetes deployment.
Use Helm charts to template your kubernetes manifests. It makes managing different environments (Dev, Staging, Prod) much cleaner within your CI/CD pipeline.
Helm plus ArgoCD is the industry standard right now. Kimberly’s point about the audit log is exactly why we made the switch last year for our kubernetes apps.
We definitely don't store secrets in Git! We were looking at using Bitnami Sealed Secrets or integrating HashiCorp Vault with our kubernetes cluster. Kevin, have you found one of those to be easier to maintain when working with a GitOps tool like ArgoCD? We want a solution that doesn't require the developers to jump through too many hoops.