[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-3af460f8-8a3c-402a-982b-cfaa80601117":3,"$fNftxYNNlwyEiA24uEOivsHKvAXTgBnCmn88k_GRB2A0":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"3af460f8-8a3c-402a-982b-cfaa80601117","gitops-workflow","GitOps工作流程使用ArgoCD和Flux实现自动化Kubernetes部署的完整指南。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: gitops-workflow\ndescription: \"Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.\"\nrisk: critical\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n\u003C!-- security-allowlist: curl-pipe-bash -->\n\n# GitOps Workflow\n\nComplete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.\n\n## Purpose\n\nImplement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.\n\n## Use this skill when\n\n- Set up GitOps for Kubernetes clusters\n- Automate application deployments from Git\n- Implement progressive delivery strategies\n- Manage multi-cluster deployments\n- Configure automated sync policies\n- Set up secret management in GitOps\n\n## Do not use this skill when\n\n- You need a one-off manual deployment\n- You cannot manage cluster access or repo permissions\n- You are not deploying to Kubernetes\n\n## Instructions\n\n1. Define repo layout and desired-state conventions.\n2. Install ArgoCD or Flux and connect clusters.\n3. Configure sync policies, environments, and promotion flow.\n4. Validate rollbacks and secret handling.\n\n## Safety\n\n- Avoid auto-sync to production without approvals.\n- Keep secrets out of Git and use sealed or external secret managers.\n\n## OpenGitOps Principles\n\n1. **Declarative** - Entire system described declaratively\n2. **Versioned and Immutable** - Desired state stored in Git\n3. **Pulled Automatically** - Software agents pull desired state\n4. **Continuously Reconciled** - Agents reconcile actual vs desired state\n\n## ArgoCD Setup\n\n### 1. Installation\n\n```bash\n# Create namespace\nkubectl create namespace argocd\n\n# Install ArgoCD\nkubectl apply -n argocd -f https:\u002F\u002Fraw.githubusercontent.com\u002Fargoproj\u002Fargo-cd\u002Fstable\u002Fmanifests\u002Finstall.yaml\n\n# Get admin password\nkubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=\"{.data.password}\" | base64 -d\n```\n\n**Reference:** See `references\u002Fargocd-setup.md` for detailed setup\n\n### 2. Repository Structure\n\n```\ngitops-repo\u002F\n├── apps\u002F\n│   ├── production\u002F\n│   │   ├── app1\u002F\n│   │   │   ├── kustomization.yaml\n│   │   │   └── deployment.yaml\n│   │   └── app2\u002F\n│   └── staging\u002F\n├── infrastructure\u002F\n│   ├── ingress-nginx\u002F\n│   ├── cert-manager\u002F\n│   └── monitoring\u002F\n└── argocd\u002F\n    ├── applications\u002F\n    └── projects\u002F\n```\n\n### 3. Create Application\n\n```yaml\n# argocd\u002Fapplications\u002Fmy-app.yaml\napiVersion: argoproj.io\u002Fv1alpha1\nkind: Application\nmetadata:\n  name: my-app\n  namespace: argocd\nspec:\n  project: default\n  source:\n    repoURL: https:\u002F\u002Fgithub.com\u002Forg\u002Fgitops-repo\n    targetRevision: main\n    path: apps\u002Fproduction\u002Fmy-app\n  destination:\n    server: https:\u002F\u002Fkubernetes.default.svc\n    namespace: production\n  syncPolicy:\n    automated:\n      prune: true\n      selfHeal: true\n    syncOptions:\n    - CreateNamespace=true\n```\n\n### 4. App of Apps Pattern\n\n```yaml\napiVersion: argoproj.io\u002Fv1alpha1\nkind: Application\nmetadata:\n  name: applications\n  namespace: argocd\nspec:\n  project: default\n  source:\n    repoURL: https:\u002F\u002Fgithub.com\u002Forg\u002Fgitops-repo\n    targetRevision: main\n    path: argocd\u002Fapplications\n  destination:\n    server: https:\u002F\u002Fkubernetes.default.svc\n    namespace: argocd\n  syncPolicy:\n    automated: {}\n```\n\n## Flux CD Setup\n\n### 1. Installation\n\n```bash\n# Install Flux CLI\ncurl -s https:\u002F\u002Ffluxcd.io\u002Finstall.sh | sudo bash\n\n# Bootstrap Flux\nflux bootstrap github \\\n  --owner=org \\\n  --repository=gitops-repo \\\n  --branch=main \\\n  --path=clusters\u002Fproduction \\\n  --personal\n```\n\n### 2. Create GitRepository\n\n```yaml\napiVersion: source.toolkit.fluxcd.io\u002Fv1\nkind: GitRepository\nmetadata:\n  name: my-app\n  namespace: flux-system\nspec:\n  interval: 1m\n  url: https:\u002F\u002Fgithub.com\u002Forg\u002Fmy-app\n  ref:\n    branch: main\n```\n\n### 3. Create Kustomization\n\n```yaml\napiVersion: kustomize.toolkit.fluxcd.io\u002Fv1\nkind: Kustomization\nmetadata:\n  name: my-app\n  namespace: flux-system\nspec:\n  interval: 5m\n  path: .\u002Fdeploy\n  prune: true\n  sourceRef:\n    kind: GitRepository\n    name: my-app\n```\n\n## Sync Policies\n\n### Auto-Sync Configuration\n\n**ArgoCD:**\n```yaml\nsyncPolicy:\n  automated:\n    prune: true      # Delete resources not in Git\n    selfHeal: true   # Reconcile manual changes\n    allowEmpty: false\n  retry:\n    limit: 5\n    backoff:\n      duration: 5s\n      factor: 2\n      maxDuration: 3m\n```\n\n**Flux:**\n```yaml\nspec:\n  interval: 1m\n  prune: true\n  wait: true\n  timeout: 5m\n```\n\n**Reference:** See `references\u002Fsync-policies.md`\n\n## Progressive Delivery\n\n### Canary Deployment with ArgoCD Rollouts\n\n```yaml\napiVersion: argoproj.io\u002Fv1alpha1\nkind: Rollout\nmetadata:\n  name: my-app\nspec:\n  replicas: 5\n  strategy:\n    canary:\n      steps:\n      - setWeight: 20\n      - pause: {duration: 1m}\n      - setWeight: 50\n      - pause: {duration: 2m}\n      - setWeight: 100\n```\n\n### Blue-Green Deployment\n\n```yaml\nstrategy:\n  blueGreen:\n    activeService: my-app\n    previewService: my-app-preview\n    autoPromotionEnabled: false\n```\n\n## Secret Management\n\n### External Secrets Operator\n\n```yaml\napiVersion: external-secrets.io\u002Fv1beta1\nkind: ExternalSecret\nmetadata:\n  name: db-credentials\nspec:\n  refreshInterval: 1h\n  secretStoreRef:\n    name: aws-secrets-manager\n    kind: SecretStore\n  target:\n    name: db-credentials\n  data:\n  - secretKey: password\n    remoteRef:\n      key: prod\u002Fdb\u002Fpassword\n```\n\n### Sealed Secrets\n\n```bash\n# Encrypt secret\nkubeseal --format yaml \u003C secret.yaml > sealed-secret.yaml\n\n# Commit sealed-secret.yaml to Git\n```\n\n## Best Practices\n\n1. **Use separate repos or branches** for different environments\n2. **Implement RBAC** for Git repositories\n3. **Enable notifications** for sync failures\n4. **Use health checks** for custom resources\n5. **Implement approval gates** for production\n6. **Keep secrets out of Git** (use External Secrets)\n7. **Use App of Apps pattern** for organization\n8. **Tag releases** for easy rollback\n9. **Monitor sync status** with alerts\n10. **Test changes** in staging first\n\n## Troubleshooting\n\n**Sync failures:**\n```bash\nargocd app get my-app\nargocd app sync my-app --prune\n```\n\n**Out of sync status:**\n```bash\nargocd app diff my-app\nargocd app sync my-app --force\n```\n\n## Related Skills\n\n- `k8s-manifest-generator` - For creating manifests\n- `helm-chart-scaffolding` - For packaging applications\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,248,252,"2026-05-16 13:20:40",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"bad7885d-77c6-4aa6-bcbf-f367b8cf22da","1.0.0","gitops-workflow.zip",5140,"uploads\u002Fskills\u002F3af460f8-8a3c-402a-982b-cfaa80601117\u002Fgitops-workflow.zip","f44cf67a3b7181abd38944d337b36344636ba7f1360b06062f81962ba3b10484","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6701},{\"path\":\"references\u002Fargocd-setup.md\",\"isDirectory\":false,\"size\":2894},{\"path\":\"references\u002Fsync-policies.md\",\"isDirectory\":false,\"size\":2767}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]