Skip to content

HOWTO: GitOps Onboarding with ArgoCD

Purpose: Onboard workloads to the RKE2 cluster via ArgoCD using the App-of-Apps pattern with structured sync policy governance.

Difficulty: Intermediate

Track: GitOps & Kubernetes Foundation

Overview

The onprem/rke2-workloads@v1 module establishes the ArgoCD App-of-Apps root application, wires the workload repository, and configures sync policies that enforce Git as the sole source of truth. Once onboarded, workload changes flow exclusively through Git: no manual kubectl apply. This HOWTO covers the initial onboarding sequence and the verification steps that confirm the deployed state matches Git.

1. Repository Registration

  • Register the workload Git repository in ArgoCD.
  • Use the public HTTPS repo path for exported workload targets, or register a deploy-key-backed SSH repository for private canonical targets.

2. App-of-Apps Configuration

  • Define the root Application manifest pointing to the App-of-Apps directory.
  • Apply via the onprem/rke2-workloads@v1 module.

3. Sync Policy and Self-Heal

  • Configure automated sync with self-heal enabled.
  • Set prune policy aligned with production governance requirements.

4. Workload State Verification

  • Confirm all child Applications are synced and healthy in ArgoCD.
  • Verify deployed manifests match the Git-defined intent.
  • Review the module run record confirming onboarding records.

References

License: MIT-0 for code, CC-BY-4.0 for documentation unless otherwise stated.