Kick off your book project in 3 hours! Live workshop on Zoom. You’ll leave with a real book project, progress on your first chapter, and a clear plan to keep going. Saturday, June 6, 2026. Learn more…

Leanpub Header

Skip to main content
Go to Leanpub.com

GitOps the Hard Way, with Argo CD

Build Real GitOps Pipelines From Empty Clusters to Automated Deploys

This book is 100% completeLast updated on 2026-06-01
Aymen El Amri

Go from an empty cluster to a self-deploying GitOps pipeline, doing every step yourself: Applications, sync policy, hooks, RBAC, Helm, ApplicationSets, and a setup that ships every branch on push. You finish with a pipeline you can explain line by line, not a demo you watched run.

Minimum price

$20.00

$32.00

You pay

Author earns

$
PDF
EPUB
WEB
About

About

About the Book

GitOps the Hard Way, with Argo CD

Build Real GitOps Pipelines From Empty Clusters to Automated Deploys

Most Argo CD tutorials hand you a cluster someone else built, a sample app, one argocd app sync, and a green checkmark. Then you try it at work and the checkmark turns out to have taught you nothing. You do not know why the repo-server rendered that manifest, what a sync wave orders, how an RBAC rule locks a teammate out of the wrong project, or what happens to your running pods when you delete an Application.

This book takes the other route. You start from empty servers and finish with an automated GitOps pipeline you built yourself, end to end. You provision the infrastructure, bootstrap the cluster, install Argo CD from raw manifests, register the repository, and watch the first sync fire because you wired it. Nothing is pre-baked, you'll run every command, apply every manifest, and read every error, because the friction is exactly where the learning lives.

The "hard way" is not difficulty for its own sake. It is doing the work yourself instead of letting a script or a one-click installer hide it, so the knowledge holds up on a cluster you have never seen before. It is the long path that turns out to be the short one, because you never have to come back and learn what the shortcut skipped.

What you will build

You begin with bare servers and end with a pipeline that deploys on every Git push. Along the way you will:

  • Provision real infrastructure with Terraform, bootstrap a Kubernetes cluster, and deploy an application onto it, so Argo CD has something real to manage.
  • Trace a change from a Git commit through Argo CD's reconciliation loop to a running resource, and learn what each component does and what breaks when it fails.
  • Install Argo CD, choose deliberately between the full, core, and custom installs, log in from the CLI, and add more clusters.
  • Create your first Application from the argocd CLI, then redefine the same setup as declarative manifests you keep in Git.
  • Configure sync policy on purpose: automated sync, self-healing, pruning, retries and backoff, ignoreDifferences, namespace creation, and the sync options that change how resources get applied.
  • Run your own code around a sync with resource hooks and sync phases, and order resources with sync waves.
  • Understand the best practices of using hooks and more importantly, when to use them and the bad practices of using hooks.
  • Create a local user and scope one teammate to exactly one project with RBAC, then verify the grant actually resolved.
  • Package your application as a Helm chart and have Argo CD manage it as a versioned release.
  • Generate many Applications from one definition with ApplicationSets.
  • Build a multi-branch pipeline that gives every Git branch its own live environment.

Who this is for

Engineers who already know Kubernetes and Git and now want to run Argo CD for real, not click through a demo. Platform and DevOps engineers running it as a service, SREs who care what happens when state drifts, developers shipping through a platform, security engineers fencing what deploys where, consultants standing up GitOps for clients, and anyone who inherited an Argo CD install and needs the black box to open.

This book assumes you can read a Deployment, run kubectl, and open a pull request without looking it up. If you are still learning what a Pod is, start there first and come back.

The Approach of This Book

This book teaches by building. You do not read about Argo CD reconciling a cluster, you stand up the cluster, install Argo CD, commit a change, and watch it reconcile. Every chapter ends with something running that did not exist when the chapter started, and each one builds on the cluster and the Applications you set up in the chapter before it. Read it in order, run every command, and by the last page you have a full pipeline you assembled yourself, not a folder of notes about one you read about.

The work happens in your terminal, on real infrastructure. You provision the servers, bootstrap the cluster, and install Argo CD from manifests you can read, so nothing in your setup is a black box you have to trust. When a command fails, you read the error and fix it, because that is where the understanding comes from. The friction is not in the way of the lesson, it is the lesson.

Every concept is anchored to something you do, run, or decide. Theory shows up only when it changes a choice in front of you: the reconciliation loop appears next to the sync command it explains, the component split appears next to the failure it causes when one part is unhealthy.

Versions are pinned and called out, because Argo CD changes behavior between releases. A field gets deprecated, a flag gets renamed, a default flips, and prose written against an old version quietly stops being true. When you run these steps against a newer release and something differs, check it against the version you actually installed rather than trusting the page.

Every code listing, full-color diagram, and screenshot lives in the companion kit. Copy and run from there, not from your reader, where wrapped lines and smart quotes break the moment you paste them into a terminal.

Share this book

Categories

Computers and ProgrammingCloud ComputingDevOpsDockerInfrastructure as CodeKubernetesGitVersion ControlSystems AdministrationSoftware Engineering

Feedback

Email the Author

Author

About the Author

Aymen El Amri

Aymen El Amri is an author, entrepreneur, trainer, and polymath software engineer who has excelled in a range of roles and responsibilities in the field of technology including DevOps & Cloud Native, Cloud Architecture, Python, NLP, Data Science, and more.

Aymen has trained hundreds of software engineers and written multiple books and courses read by thousands of other developers and software engineers.

Aymen El Amri has a practical approach to teaching based on breaking down complex concepts into easy-to-understand language and providing real-world examples that resonate with his audience.

Some projects he founded are FAUN, eralabs.io, and Marketto. You can find Aymen on Twitter and Linkedin.

Leanpub Podcast

Episode 88

An Interview with Aymen El Amri

Contents

Table of Contents

Why This Book Exists

  1. Who This Guide Is For
  2. What You Will Learn
  3. About the Author
  4. Join the Community
  5. Your Feedback Matters

How to Get the Most Out of This Book

  1. What This Book Asks of You
  2. How to Read This So It Sticks
  3. The Companion Kit
  4. Recommended Environment
  5. Conventions
  6. Heredoc

What Argo CD Actually Does: GitOps, Reconciliation, and Why Immutable Wins

  1. Where Argo CD Came From, and Why That Gap Existed
  2. Argo CD in One Sentence, Then the Five-Step Loop
  3. Declare the Outcome, Not the Steps: The Irrigation Analogy
  4. Why Servers Should Be Disposable: Entropy, Kernighan’s Law, and Immutable Infrastructure

Inside Argo CD: The Components and the Reconciliation Loop

  1. The Seven Parts That Make Up Argo CD
  2. The Web UI
  3. The CLI
  4. The API Server
  5. The Application Controller
  6. The ApplicationSet Controller
  7. The Repo Server
  8. The Redis Server
  9. The Dex Server
  10. The Kubernetes API
  11. Git
  12. How a Change Travels From Git to the Cluster
  13. Applications and Projects: The Two Core Resources
  14. How the Repo Server Turns Git Into Manifests
  15. Reconciliation: Comparing Live State Against Target State
  16. Synchronization and the Sync Status
  17. What Argo CD Shows You About Sync History

Stand Up the Lab: Two Servers, a Cluster, and an App to Deploy

  1. The Infrastructure
  2. The Application
  3. The Container
  4. The Repository
  5. The Registry
  6. The Platform
  7. Installing K3s
  8. Making the API server reachable
  9. Getting the kubeconfig
  10. Installing kubectl

Install Argo CD: From kubectl apply to argocd login

  1. The Four Install Methods, and When Each Fits
  2. The Full Installation
  3. The Minimal Installation (Argo CD Core)
  4. The Custom Installation
  5. The Helm Chart Installation
  6. The Kustomize Installation
  7. Deploying Argo CD With the Full Install
  8. Reaching the Argo CD Web UI
  9. Installing the Argo CD CLI
  10. Configuring the Argo CD CLI
  11. Logging in With a Token
  12. Adding More Clusters
  13. Argo CD Configuration

Your First Argo CD Application: From CLI to Declarative Manifests

  1. Creating an Application With the argocd CLI
  2. A Better Way: Define the Same Setup as Manifests

Sync Policy: Every Field, Every Sync Option, Every Annotation

  1. Reading the Application Manifest Field by Field
  2. Automating Synchronization
  3. Spreading the Load With Jitter
  4. Auto-Sync and Self-Healing
  5. Self-Healing Cluster Drift
  6. Pruning Resources
  7. Pruning Exceptions
  8. Pruning With Human Approval
  9. Pruning Last
  10. Pruning Propagation Policy and Garbage Collection
  11. Allow Empty Sync
  12. Summary of Pruning Options
  13. What Happens to Resources When You Delete an Application
  14. Retrying Failed Sync Attempts and Backoff Strategy
  15. Ignoring Differences During Sync
  16. Skipping Schema Validation Before Apply
  17. Syncing Only the Resources That Changed
  18. Overwriting Resources Instead of Merging Into Them
  19. Letting the API Server Compute the Merge
  20. Failing the Sync When Two Applications Manage the Same Resource
  21. Creating the Destination Namespace Automatically
  22. Adding Labels and Annotations to the Application Namespace
  23. Limiting How Many Sync Records Argo CD Keeps
  24. A Recap Exercise
  25. The Exercise
  26. Solution

Sync Phases and Hooks: Run Your Own Code Around a Sync

  1. A Sync Runs in Phases
  2. Your First Hook: A PostSync Smoke Test
  3. Write the Hook
  4. Commit and Watch It Run
  5. Why generateName and Not name
  6. Cleaning Up Hook Resources
  7. The Other Phases
  8. Run One Hook in More Than One Phase
  9. Ordering Within a Phase: Sync Waves
  10. What Happens if a Hook Fails
  11. Hook Anti-Patterns
  12. The Default Delete Policy Is BeforeHookCreation, Not “None”
  13. Static Hook Names That Survive Into the Next Sync
  14. Forgetting That Self-Heal Reruns Your Hooks
  15. Hooks that aren’t idempotent
  16. Treating PreSync as a Safe Place for Flaky Work
  17. One-Time Notifications Inside a PostSync Hook
  18. Expecting Hooks to Run on a Selective Sync
  19. Heavy Hooks With No Deadline
  20. Multi-Step Logic Crammed Into One Hook
  21. The Wrong Delete-Phase Hook

Local Users and RBAC: Give One Teammate One Project

  1. “Creating a User” Is Two Unrelated Operations
  2. Step 1: Create the Account
  3. Step 2: Grant Rights
  4. The p Line
  5. The g Line
  6. Putting It Together
  7. Verify the Grant Resolved

Argo CD With Helm: Charts, Values, and Versioned Releases

  1. Helm vs. Plain Kubernetes Resources
  2. Creating a Helm Chart for Our Application
  3. Deploying the Helm Chart With Argo CD
  4. Understanding Helm Chart Versioning
  5. Creating a Helm Package
  6. Creating a Helm Repository
  7. Deploying Helm Charts With Argo CD Using a Helm Repository
  8. Upgrading the Helm Chart
  9. Overriding the Helm Chart’s Default Values
  10. Using Multiple Sources for a Single Application
  11. Helm Hooks vs. Argo CD Hooks

ApplicationSets: Generate Applications from Templates

  1. The problem ApplicationSets solve
  2. Prerequisite: The CRDs
  3. The ApplicationSet: a List generator
  4. Doing More with the ApplicationSet
  5. Practicing the ApplicationSet

Multi-Branch CI/CD: One Argo CD Application Per Git Branch

  1. Goal: A Live Environment for Every Branch Push
  2. Design and Implementation
  3. Build the Docker Image
  4. Push the Docker Image to the GitLab Registry
  5. Create a Helm Package
  6. Push the Helm Package to the GitLab Registry
  7. Update the Argo CD Application
  8. Putting It All Together
  9. Reducing the Noise

Afterword: Where to Go From Here

  1. What’s Next?
  2. Your Feedback Matters

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub