gitops-workflows

GitOps workflows and patterns using ArgoCD and Flux for declarative Kubernetes deployments. Use when implementing CI/CD for Kubernetes, managing multi-environment deployments, or adopting declarative infrastructure practices.

13 stars

Best use case

gitops-workflows is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

GitOps workflows and patterns using ArgoCD and Flux for declarative Kubernetes deployments. Use when implementing CI/CD for Kubernetes, managing multi-environment deployments, or adopting declarative infrastructure practices.

Teams using gitops-workflows should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/gitops-workflows/SKILL.md --create-dirs "https://raw.githubusercontent.com/NickCrew/Claude-Cortex/main/skills/gitops-workflows/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/gitops-workflows/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How gitops-workflows Compares

Feature / Agentgitops-workflowsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

GitOps workflows and patterns using ArgoCD and Flux for declarative Kubernetes deployments. Use when implementing CI/CD for Kubernetes, managing multi-environment deployments, or adopting declarative infrastructure practices.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# GitOps Workflows

Expert guidance for implementing production-grade GitOps workflows using ArgoCD and Flux CD, covering declarative deployment patterns, progressive delivery strategies, multi-environment management, and secure secret handling for Kubernetes infrastructure.

## When to Use This Skill

- Implementing GitOps principles for Kubernetes deployments
- Automating continuous delivery from Git repositories
- Managing multi-cluster or multi-environment deployments
- Implementing progressive delivery (canary, blue-green) strategies
- Configuring automated sync policies and reconciliation
- Managing secrets securely in GitOps workflows
- Setting up environment promotion workflows
- Designing repository structures for GitOps (monorepo vs multi-repo)
- Implementing rollback strategies and disaster recovery
- Establishing compliance and audit trails through Git

## Core Concepts

### The Four Principles

1. **Declarative**: Entire system state expressed in code
2. **Versioned**: Canonical state stored in Git with full history
3. **Pulled Automatically**: Agents pull desired state (no push to prod)
4. **Continuously Reconciled**: Automatic drift detection and correction

### Key Benefits

- Complete deployment history and audit trail
- Fast rollback via Git operations
- Enhanced security (no cluster credentials in CI)
- Self-healing infrastructure
- Multi-cluster consistency
- Familiar Git workflows for infrastructure changes

## Quick Reference

| Task | Load reference |
| --- | --- |
| GitOps principles and benefits | `skills/gitops-workflows/references/core-principles.md` |
| Repository structure patterns (monorepo, multi-repo, branches) | `skills/gitops-workflows/references/repository-structures.md` |
| ArgoCD setup, Applications, ApplicationSets | `skills/gitops-workflows/references/argocd-implementation.md` |
| Flux bootstrap, sources, Kustomizations, HelmReleases | `skills/gitops-workflows/references/flux-implementation.md` |
| Environment promotion strategies | `skills/gitops-workflows/references/environment-promotion.md` |
| Secret management (Sealed Secrets, ESO, SOPS) | `skills/gitops-workflows/references/secret-management.md` |
| Progressive delivery (canary, blue-green) | `skills/gitops-workflows/references/progressive-delivery.md` |
| Rollback strategies and disaster recovery | `skills/gitops-workflows/references/rollback-strategies.md` |
| Best practices and patterns | `skills/gitops-workflows/references/best-practices.md` |

## Workflow Steps

### 1. Choose Repository Structure

**Decision factors:**
- Team size and organization structure
- Application coupling and dependencies
- Access control requirements
- Deployment frequency and independence

**Options:**
- **Monorepo**: Single repo, unified platform teams, shared infrastructure
- **Multi-repo**: Separate repos per app/team, independent release cycles
- **Environment branches**: Git flow style, simple mental model

### 2. Select GitOps Tool

**ArgoCD:**
- UI-focused with visual application management
- App of Apps pattern for hierarchical deployments
- ApplicationSets for multi-cluster deployments
- Strong RBAC and project isolation

**Flux:**
- CLI-first, GitOps Toolkit architecture
- Native Kustomize and Helm support
- Automated image updates
- Lighter weight, cloud-native

### 3. Configure Secret Management

**Never commit unencrypted secrets to Git**

**Options:**
- **Sealed Secrets**: Client-side encryption, simple workflow
- **External Secrets Operator**: Sync from external secret stores (AWS, Vault, GCP)
- **SOPS**: File-based encryption with age or cloud KMS

### 4. Implement Sync Policies

**Non-production environments:**
- Automated sync with `prune` and `selfHeal`
- Frequent reconciliation (1-5 minutes)
- Fail fast with immediate feedback

**Production environments:**
- Manual approval or gated automation
- Health checks and wait conditions
- Progressive delivery for high-risk changes
- Sync windows for maintenance periods

### 5. Set Up Environment Promotion

**Promotion strategies:**
- **Git-based**: Tag or branch promotion with Git operations
- **Kustomize overlays**: Update image tags in environment-specific overlays
- **Automated updates**: Flux ImageUpdateAutomation for semver policies

### 6. Configure Progressive Delivery

**For high-risk changes:**
- **ArgoCD Rollouts**: Canary deployments with automated analysis
- **Flagger**: Progressive delivery with metric-based promotion
- Traffic shifting with Istio or other service mesh
- Automated rollback on failed analysis

### 7. Establish Rollback Procedures

**Git rollback:**
- `git revert` for specific commits
- Tag-based rollback by updating targetRevision
- Fast and declarative

**Tool-specific:**
- ArgoCD: `argocd app rollback` with revision history
- Flux: Suspend automation, manual rollback, resume

## Common Mistakes

1. **Committing unencrypted secrets** - Always use secret management solution
2. **No automated sync in non-prod** - Slows development feedback
3. **Automated sync in production without gates** - High risk of breaking changes
4. **Ignoring drift detection** - Manual changes should be reconciled or alerted
5. **No health checks** - Sync succeeds but app is unhealthy
6. **Missing dependency ordering** - Apps deploy before infrastructure ready
7. **No rollback testing** - Discover issues during actual incidents
8. **Inconsistent environments** - Staging differs too much from production
9. **No promotion testing** - Manual errors during environment promotion
10. **Weak RBAC** - Too many permissions for GitOps service accounts

## Resources

- **OpenGitOps**: https://opengitops.dev/
- **ArgoCD Documentation**: https://argo-cd.readthedocs.io/
- **Flux Documentation**: https://fluxcd.io/docs/
- **ArgoCD Rollouts**: https://argoproj.github.io/argo-rollouts/
- **Flagger**: https://docs.flagger.app/
- **External Secrets Operator**: https://external-secrets.io/
- **Sealed Secrets**: https://github.com/bitnami-labs/sealed-secrets
- **SOPS**: https://github.com/mozilla/sops

Related Skills

github-actions-workflows

13
from NickCrew/Claude-Cortex

GitHub Actions workflow patterns for CI/CD including matrix builds, reusable workflows, secrets management, and caching strategies. Use when setting up or optimizing GitHub Actions pipelines.

dev-workflows

13
from NickCrew/Claude-Cortex

Use when running builds, executing tests, or improving developer experience workflows - provides structured guidance for build/test execution and DX improvement.

writing-skills

13
from NickCrew/Claude-Cortex

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

workflow-security-audit

13
from NickCrew/Claude-Cortex

Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.

workflow-performance

13
from NickCrew/Claude-Cortex

Systematic performance analysis and optimization. Use when things are slow, need optimization, or preparing for scale.

workflow-feature

13
from NickCrew/Claude-Cortex

Complete feature development workflow from design to deployment. Use when implementing new features or functionality.

workflow-feature-development

13
from NickCrew/Claude-Cortex

Complete workflow for developing new features from design to deployment. Use when starting a new feature, adding functionality, or building something new.

workflow-bug-fix

13
from NickCrew/Claude-Cortex

Systematic approach to identifying, fixing, and validating bug fixes. Use when fixing bugs, resolving issues, or addressing errors.

wiring-audit

13
from NickCrew/Claude-Cortex

User-triggered audit that finds wiring drift between a project's UI surfaces and backend capabilities — orphan surfaces (UI calls endpoints/hooks/procedures that no longer exist), unwired capabilities (backend routes/exports that nothing surfaces), shape drift (both exist but contracts mismatch), method drift (URL matches, HTTP verb does not), validation drift (frontend vs backend rules diverged), permission drift (UI exposes what backend forbids or vice versa), stale labels (UI text references renamed backend concepts), and unsurfaced configuration (env vars or flags that gate behavior with no UI or CLI to control them). This skill should be used when the user asks to "audit our wiring," "find UI/backend drift," "find unwired capabilities," "find stale surfaces," "check for contract violations," "find unused endpoints," "find unused hooks," "what mismatches between UI and backend," or any similar request whose deliverable is a prioritized findings report rather than a descriptive snapshot. Generic across UI frameworks but optimized for React applications (hooks, fetch, react-query, SWR, tRPC, server actions, react-router, Next.js). Not for descriptive architectural snapshots (use architectural-analysis), security audits (use security-auditor), or performance audits (use workflow-performance).

webapp-testing

13
from NickCrew/Claude-Cortex

Toolkit for interacting with and testing local web applications using Playwright. Use when verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

web-researcher

13
from NickCrew/Claude-Cortex

Use this skill when you need to research a topic online, gather information from multiple sources, or evaluate source credibility. Trigger phrases: 'research', 'find information about', 'look up', 'investigate'. Not for academic systematic reviews (use literature-reviewer) or fact-checking specific claims (use fact-checker).

visual-modes

13
from NickCrew/Claude-Cortex

Use when activating visual showcase modes (supersaiyan, kamehameha, over9000) for UI or interaction design - provides mode-specific enhancement checklists.