Gitops Workflow

Name: Gitops Workflow
Author: wshobson

wshobson/agents

Stand up ArgoCD on Kubernetes and wire GitOps sync so declarative manifests in git stay the source of truth for what runs in cluster.

Install

npx skills add https://github.com/wshobson/agents --skill gitops-workflow

What is this skill?

Documents three ArgoCD install paths: standard manifest, HA manifest, and Helm chart with repo add
Initial access flow: namespace creation, port-forward to argocd-server, and admin initial-password retrieval
Ingress example with TLS, cert-manager cluster-issuer, nginx ssl-passthrough, and HTTPS backend protocol
CLI login and ongoing ArgoCD configuration patterns for day-two GitOps operations

Adoption & trust: 7.4k installs on skills.sh; 36.5k GitHub stars; 1/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Kubernetesmicrosoft/azure-skills

Azure Kubernetes skill supplies fix patterns for AKS Automatic compatibility—adding resource requests, dropping capabili…204k installs·1.2k stars

Github Actions Docsxixu-me/skills

github-actions-docs is a research-oriented agent skill that stops generic CI/CD guesses when the user’s question is real…187k installs·61 stars

Deploy To Vercelvercel-labs/agent-skills

Deploy to Vercel is an agent skill from Vercel Labs that walks solo builders through shipping a project to Vercel with d…67.1k installs·27.7k stars

Vercel Cli With Tokensvercel-labs/agent-skills

Vercel CLI with Tokens is a Vercel Labs agent skill that teaches coding agents how to deploy and manage projects when in…47.2k installs·27.7k stars

Turborepovercel/turborepo

Turborepo Skill is procedural guidance for Vercel’s Turborepo build system on JavaScript and TypeScript monorepos. It ta…36k installs·30.5k stars

Docker Expertsickn33/antigravity-awesome-skills

Docker Expert is an agent skill that acts as a hands-on containerization consultant for solo and indie builders shipping…18.7k installs·40.1k stars

Journey fit

Primary fit

OperateInfrastructure & cost

GitOps is the steady-state pattern for running production—continuous reconcile from repo to cluster—so the canonical shelf is Operate → infra. Subphase infra covers cluster tooling, ingress to the control plane, and deployment controllers that keep live state aligned with git.

Common Questions / FAQ

Is Gitops Workflow safe to install?

skills.sh reports 1 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Gitops Workflow

# ArgoCD Setup and Configuration

## Installation Methods

### 1. Standard Installation

```bash
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
```

### 2. High Availability Installation

```bash
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml
```

### 3. Helm Installation

```bash
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd -n argocd --create-namespace
```

## Initial Configuration

### Access ArgoCD UI

```bash
# Port forward
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get initial admin password
argocd admin initial-password -n argocd
```

### Configure Ingress

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  rules:
    - host: argocd.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: argocd-server
                port:
                  number: 443
  tls:
    - hosts:
        - argocd.example.com
      secretName: argocd-secret
```

## CLI Configuration

### Login

```bash
argocd login argocd.example.com --username admin
```

### Add Repository

```bash
argocd repo add https://github.com/org/repo --username user --password token
```

### Create Application

```bash
argocd app create my-app \
  --repo https://github.com/org/repo \
  --path apps/my-app \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace production
```

## SSO Configuration

### GitHub OAuth

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  url: https://argocd.example.com
  dex.config: |
    connectors:
      - type: github
        id: github
        name: GitHub
        config:
          clientID: $GITHUB_CLIENT_ID
          clientSecret: $GITHUB_CLIENT_SECRET
          orgs:
          - name: my-org
```

## RBAC Configuration

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:developers, applications, *, */dev, allow
    p, role:operators, applications, *, */*, allow
    g, my-org:devs, role:developers
    g, my-org:ops, role:operators
```

## Best Practices

1. Enable SSO for production
2. Implement RBAC policies
3. Use separate projects for teams
4. Enable audit logging
5. Configure notifications
6. Use ApplicationSets for multi-cluster
7. Implement resource hooks
8. Configure health checks
9. Use sync windows for maintenance
10. Monitor with Prometheus metrics


# GitOps Sync Policies

## ArgoCD Sync Policies

### Automated Sync

```yaml
syncPolicy:
  automated:
    prune: true # Delete resources removed from Git
    selfHeal: true # Reconcile manual changes
    allowEmpty: false # Prevent empty sync
```

### Manual Sync

```yaml
syncPolicy:
  syncOptions:
    - PrunePropagationPolicy=foreground
    - CreateNamespace=true
```

### Sync Windows

```yaml
syncWindows:
  - kind: allow
    schedule: "0 8 * * *"
    duration: 1h
    applications:
      - my-app
  - kind: deny
    schedule: "0 22 * * *"
    duration: 8h
    applications:
      - "*"
```

### Retry Policy

```yaml
syncPolicy:
  retry:
    limit: 5
    backoff:
      duration: 5s
      factor: 2
      maxDuration: 3m
```

## Flux Sync Policies

### Kustomization Sync

```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: my-app
spec:
  interval: 5m
  prune: true
  wait: true
  timeout: 5m
  retryInterval: 1m
  force: false
```

### Source Sync Interval

```yaml
apiVersion: source.toolkit.fluxcd.io/v1
k

What is this skill?

Documents three ArgoCD install paths: standard manifest, HA manifest, and Helm chart with repo add

Initial access flow: namespace creation, port-forward to argocd-server, and admin initial-password retrieval

Ingress example with TLS, cert-manager cluster-issuer, nginx ssl-passthrough, and HTTPS backend protocol

CLI login and ongoing ArgoCD configuration patterns for day-two GitOps operations

Adoption & trust: 7.4k installs on skills.sh; 36.5k GitHub stars; 1/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

OperateInfrastructure & cost

SKILL.md

READMESKILL.md - Gitops Workflow

# ArgoCD Setup and Configuration

## Installation Methods

### 1. Standard Installation

```bash
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
```

### 2. High Availability Installation

```bash
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml
```

### 3. Helm Installation

```bash
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd -n argocd --create-namespace
```

## Initial Configuration

### Access ArgoCD UI

```bash
# Port forward
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get initial admin password
argocd admin initial-password -n argocd
```

### Configure Ingress

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  rules:
    - host: argocd.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: argocd-server
                port:
                  number: 443
  tls:
    - hosts:
        - argocd.example.com
      secretName: argocd-secret
```

## CLI Configuration

### Login

```bash
argocd login argocd.example.com --username admin
```

### Add Repository

```bash
argocd repo add https://github.com/org/repo --username user --password token
```

### Create Application

```bash
argocd app create my-app \
  --repo https://github.com/org/repo \
  --path apps/my-app \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace production
```

## SSO Configuration

### GitHub OAuth

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  url: https://argocd.example.com
  dex.config: |
    connectors:
      - type: github
        id: github
        name: GitHub
        config:
          clientID: $GITHUB_CLIENT_ID
          clientSecret: $GITHUB_CLIENT_SECRET
          orgs:
          - name: my-org
```

## RBAC Configuration

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:developers, applications, *, */dev, allow
    p, role:operators, applications, *, */*, allow
    g, my-org:devs, role:developers
    g, my-org:ops, role:operators
```

## Best Practices

1. Enable SSO for production
2. Implement RBAC policies
3. Use separate projects for teams
4. Enable audit logging
5. Configure notifications
6. Use ApplicationSets for multi-cluster
7. Implement resource hooks
8. Configure health checks
9. Use sync windows for maintenance
10. Monitor with Prometheus metrics


# GitOps Sync Policies

## ArgoCD Sync Policies

### Automated Sync

```yaml
syncPolicy:
  automated:
    prune: true # Delete resources removed from Git
    selfHeal: true # Reconcile manual changes
    allowEmpty: false # Prevent empty sync
```

### Manual Sync

```yaml
syncPolicy:
  syncOptions:
    - PrunePropagationPolicy=foreground
    - CreateNamespace=true
```

### Sync Windows

```yaml
syncWindows:
  - kind: allow
    schedule: "0 8 * * *"
    duration: 1h
    applications:
      - my-app
  - kind: deny
    schedule: "0 22 * * *"
    duration: 8h
    applications:
      - "*"
```

### Retry Policy

```yaml
syncPolicy:
  retry:
    limit: 5
    backoff:
      duration: 5s
      factor: 2
      maxDuration: 3m
```

## Flux Sync Policies

### Kustomization Sync

```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: my-app
spec:
  interval: 5m
  prune: true
  wait: true
  timeout: 5m
  retryInterval: 1m
  force: false
```

### Source Sync Interval

```yaml
apiVersion: source.toolkit.fluxcd.io/v1
k

Install

What is this skill?

Recommended Skills

Journey fit

Is Gitops Workflow safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Gitops Workflow safe to install?

SKILL.md