GitOps-Driven Kubernetes Delivery with ArgoCD Across Dev, Staging, and Production
TL;DR
- GitOps model where Git is the single source of truth.
- CI builds images via Jenkins and pushes to Docker Registry.
- Deployment is controlled declaratively by Argo CD.
- Automatic sync to Dev, Staging, and Prod Kubernetes clusters.
- Manifest updates trigger environment rollouts without SSH or manual kubectl.
- Webhook/poll model keeps clusters continuously reconciled with Git.
- Clear separation between CI (build) and CD (deploy).
Project Overview
This architecture implements a pure GitOps deployment model for Kubernetes environments where all deployments are driven from Git manifests rather than manual operations.
Developers commit code, CI builds container images, and only a manifest change in Git can trigger deployments. ArgoCD continuously watches the repository and reconciles the desired state with the actual state across multiple Kubernetes clusters.
The result is traceable, auditable, and fully automated multi-environment delivery.
Goals of the Architecture
- Make Git the single source of truth for infrastructure and deployments.
- Eliminate manual kubectl/SSH-based releases.
- Separate responsibilities of build and deploy.
- Ensure consistent releases across Dev, Staging, and Production.
- Provide an easy rollback using Git history.
- Improve visibility and auditability of changes.
- Standardize Kubernetes deployments across environments.
High-Level Architecture
Developer → Git commit → Jenkins CI builds image → Docker Registry→ Manifest updated in Git → ArgoCD detects change → Sync to K8s clusters
Traffic Flow
User request flow
User → Traefik → NGINX → Route to Legacy APIs or Modern APIs based on path/domain → MongoDB RS
Video Flow
User → NGINX → Scalelite → BBB Nodes
Developer / DevOps Flow
Developer → GitHub → Jenkins Pipeline → Docker Registry → Docker Compose Pull → Production
Core Components
| Layer | Tooling |
|---|---|
| Source Control | Git |
| CI Engine | Jenkins |
| Image Storage | Docker Registry |
| GitOps Controller | Argo CD |
| Orchestration | Kubernetes clusters |
| Environments | Dev, Staging, Production |
| Trigger Mechanism | Webhook / Poll from ArgoCD |
Networking & Traffic Flow
CI Flow
Developer → Git → Jenkins → Docker Registry → Git (manifest update)
CD / GitOps Flow
Git (manifests) → ArgoCD (webhook/poll)
→ Dev K8s Cluster
→ Staging K8s Cluster
→ Production K8s Cluster
Data Layer & Persistence Design
- Kubernetes workloads use Persistent Volumes where required.
- Environment-specific values stored via separate manifests/overlays.
- Secrets and configs referenced through Kubernetes secrets.
- Same base manifests reused across environments with minimal drift.
Security Design
- GitHub as source of truth.
- No direct human access to clusters for deployments.
- RBAC enforced at Kubernetes and ArgoCD level.
- Git history provides full audit trail of changes.
- Separation of CI credentials and CD permissions.
- Namespace isolation across environments.
CI/CD & Deployment Strategy
CI (Build)
- Jenkins pipeline builds and tags Docker images.
- Images pushed to Docker Registry.
- Jenkins updates image tag in Kubernetes manifest repo.
CD (Deploy)
- ArgoCD detects manifest change.
- Performs automatic sync to target cluster.
- Health checks and rollout status visible in ArgoCD UI.
- Rollback = revert Git commit.
Production Challenges & Fixes
| Challenge | Fix |
|---|---|
| Environment drift | Single manifest source with overlays |
| Manual deployment errors | Fully Git-driven deployments |
| Lack of rollback clarity | Git revert-based rollback |
| Secret handling | Kubernetes secrets and RBAC |
| Multi-cluster consistency | ArgoCD managing all clusters uniformly |
Key Learnings
- GitOps drastically reduces deployment mistakes
- Separation of CI and CD improves security and clarity
- ArgoCD provides excellent visibility into cluster state
- Declarative manifests scale better across environments
- Rollbacks become trivial when Git is the authority
- Teams gain confidence when deployments are predictable and auditable