scapilix/gitops-workflow
skills/skills/gitops-workflow/SKILL.md
Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deplo...
development
Updated Apr 12, 2026
$ install --global
skillsauthnpx skillsauth add scapilix/lojadiana gitops-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 10:44 PM242.1s1 file scanned
SKILL.md
- name:
- gitops-workflow
- description:
- Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deplo...
- risk:
- unknown
- source:
- community
- date_added:
- 2026-02-27
GitOps Workflow
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
Purpose
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
Use this skill when
- Set up GitOps for Kubernetes clusters
- Automate application deployments from Git
- Implement progressive delivery strategies
- Manage multi-cluster deployments
- Configure automated sync policies
- Set up secret management in GitOps
Do not use this skill when
- You need a one-off manual deployment
- You cannot manage cluster access or repo permissions
- You are not deploying to Kubernetes
Instructions
- Define repo layout and desired-state conventions.
- Install ArgoCD or Flux and connect clusters.
- Configure sync policies, environments, and promotion flow.
- Validate rollbacks and secret handling.
Safety
- Avoid auto-sync to production without approvals.
- Keep secrets out of Git and use sealed or external secret managers.
OpenGitOps Principles
- Declarative - Entire system described declaratively
- Versioned and Immutable - Desired state stored in Git
- Pulled Automatically - Software agents pull desired state
- Continuously Reconciled - Agents reconcile actual vs desired state
ArgoCD Setup
1. Installation
# Create namespace
kubectl create namespace argocd
# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Reference: See references/argocd-setup.md for detailed setup
2. Repository Structure
gitops-repo/
├── apps/
│ ├── production/
│ │ ├── app1/
│ │ │ ├── kustomization.yaml
│ │ │ └── deployment.yaml
│ │ └── app2/
│ └── staging/
├── infrastructure/
│ ├── ingress-nginx/
│ ├── cert-manager/
│ └── monitoring/
└── argocd/
├── applications/
└── projects/
3. Create Application
# argocd/applications/my-app.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: apps/production/my-app
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
4. App of Apps Pattern
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: applications
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: main
path: argocd/applications
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated: {}
Flux CD Setup
1. Installation
# Install Flux CLI
curl -s https://fluxcd.io/install.sh | sudo bash
# Bootstrap Flux
flux bootstrap github \
--owner=org \
--repository=gitops-repo \
--branch=main \
--path=clusters/production \
--personal
2. Create GitRepository
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: my-app
namespace: flux-system
spec:
interval: 1m
url: https://github.com/org/my-app
ref:
branch: main
3. Create Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: my-app
namespace: flux-system
spec:
interval: 5m
path: ./deploy
prune: true
sourceRef:
kind: GitRepository
name: my-app
Sync Policies
Auto-Sync Configuration
ArgoCD:
syncPolicy:
automated:
prune: true # Delete resources not in Git
selfHeal: true # Reconcile manual changes
allowEmpty: false
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
Flux:
spec:
interval: 1m
prune: true
wait: true
timeout: 5m
Reference: See references/sync-policies.md
Progressive Delivery
Canary Deployment with ArgoCD Rollouts
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 5
strategy:
canary:
steps:
- setWeight: 20
- pause: {duration: 1m}
- setWeight: 50
- pause: {duration: 2m}
- setWeight: 100
Blue-Green Deployment
strategy:
blueGreen:
activeService: my-app
previewService: my-app-preview
autoPromotionEnabled: false
Secret Management
External Secrets Operator
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: db-credentials
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets-manager
kind: SecretStore
target:
name: db-credentials
data:
- secretKey: password
remoteRef:
key: prod/db/password
Sealed Secrets
# Encrypt secret
kubeseal --format yaml < secret.yaml > sealed-secret.yaml
# Commit sealed-secret.yaml to Git
Best Practices
- Use separate repos or branches for different environments
- Implement RBAC for Git repositories
- Enable notifications for sync failures
- Use health checks for custom resources
- Implement approval gates for production
- Keep secrets out of Git (use External Secrets)
- Use App of Apps pattern for organization
- Tag releases for easy rollback
- Monitor sync status with alerts
- Test changes in staging first
Troubleshooting
Sync failures:
argocd app get my-app
argocd app sync my-app --prune
Out of sync status:
argocd app diff my-app
argocd app sync my-app --force
Related Skills
k8s-manifest-generator- For creating manifestshelm-chart-scaffolding- For packaging applications
Related Skills
scapilix/last30days
tools
VerifiedTrustedCommunity
Research a topic from the last 30 days on Reddit + X + Web, become an expert, and write copy-paste-ready prompts for the user's target tool.
SKILL.mdUpdated Apr 12, 2026
scapilix/laravel-security-audit
development
VerifiedTrustedCommunity
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
SKILL.mdUpdated Apr 12, 2026
scapilix/laravel-expert
testing
VerifiedTrustedCommunity
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
SKILL.mdUpdated Apr 12, 2026
scapilix/langgraph
development
VerifiedTrustedCommunity
Expert in LangGraph - the production-grade framework for building stateful, multi-actor AI applications. Covers graph construction, state management, cycles and branches, persistence with checkpoin...
SKILL.mdUpdated Apr 12, 2026