Understand the GitOps model — git as the single source of truth, a controller that syncs your cluster to match — and install ArgoCD on a local Kubernetes cluster.
Why: in GitOps, a git repository is the single source of truth for what should run in your cluster. You never run kubectl apply by hand; instead a controller in the cluster continuously compares the live state against git and reconciles any difference. Every change is a git commit — reviewable, auditable, and revertable. This is "pull-based" delivery: the cluster pulls from git, rather than a pipeline pushing into it.
git repo (desired state) ──watched by──▶ ArgoCD ──syncs──▶ cluster
manifests / Helm / Kustomize (in the cluster) (live state)
▲ │
└────── you commit changes ────────┘ reconciles until live == gitWhy: a traditional CI/CD pipeline PUSHES — it has cluster credentials and runs kubectl/helm to deploy. GitOps PULLS — the agent lives inside the cluster, watches git, and applies changes itself, so no external system needs cluster credentials. The payoff: git is the audit log, drift is detected and corrected automatically, and rollback is just git revert.
push CD: pipeline ──(has cluster creds)──▶ kubectl apply ──▶ cluster
pull GitOps: cluster-side agent ──watches──▶ git ──▶ applies itself
(no external creds; git = source of truth + audit log)Why: ArgoCD is the GitOps controller — it runs as a set of pods in your cluster. Install it into its own namespace from the official manifests. Note: you need a running Kubernetes cluster and kubectl first — the Kubernetes course sets up a local one with kind or minikube.
Create a namespace and install ArgoCD into it
kubectl create namespace argocdkubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlWait for the core pods to be ready
kubectl wait -n argocd --for=condition=available --timeout=300s \
deployment/argocd-serverWhy: ArgoCD has a web UI and a CLI. Port-forward the server to reach the UI locally. The initial admin password is auto-generated and stored in a secret; read it, then log in. From here you can watch applications sync in real time.
Forward the ArgoCD UI to localhost:8080
kubectl port-forward -n argocd svc/argocd-server 8080:443Get the initial admin password (username is "admin")
kubectl -n argocd get secret argocd-initial-admin-secret \
-o jsonpath="{.data.password}" | base64 -dWhy: the argocd CLI drives everything the UI does and is what you script. Log in to the same port-forwarded server with the admin password, then you can create and manage applications from the terminal. The rest of the course uses the CLI alongside YAML.
Log into the ArgoCD API server (accept the self-signed cert)
argocd login localhost:8080 --username admin --insecureConfirm it works
argocd version