Part 5: GitOps with ArgoCD

5: GitOps with ArgoCD — Hub-Spoke Model Part of the series: Building a Production-Grade DevSecOps Pipeline on AWS Introduction GitOps flips the traditional CI/CD model. Instead of a pipeline pushing manifests into a cluster, the cluster pulls its desired state from Git. The result: Audit trail built-in: every cluster change is a Git commit with author, timestamp, and diff Self-healing: ArgoCD continuously reconciles — if someone kubectl apply s something manually, ArgoCD reverts it within minutes Rollback is git revert : no special tooling, no cluster access needed Drift detection: ArgoCD shows you exactly when a cluster diverges from what's in Git This pipeline uses ArgoCD in a hub-spoke topology: one ArgoCD installation on myapp-production-use1 manages all six clusters. ┌─────────────────────────────────────────────────────────────────┐ │ ArgoCD HUB: myapp-production-use1 │ │ │ │ Watches: github.com/MatthewDipo/myapp-gitops (main branch) │ │ Manages: 6 clusters via registered cluster