GitOps on EKS
Git is the source of truth — the cluster just follows.
An end-to-end GitOps pipeline: Terraform provisions an EKS cluster, ArgoCD deploys a Flask app via the App-of-Apps pattern, and the kube-prometheus-stack watches it all — every change driven by a Git commit, every rollout automatic.
The problem
Hand-rolled kubectl deploys drift, aren't auditable, and turn 'what's actually running?' into a guessing game. Infrastructure and apps need one reviewable source of truth.
Our approach
Put Git in charge. A push triggers GitHub Actions to build, Trivy-scan and push the image to ECR, then commit the new tag to the Helm values. ArgoCD sees the diff and reconciles the cluster automatically — zero-downtime rolling updates, with HPA scaling and Grafana watching.
What we built
- EKS + VPC provisioned entirely in Terraform
- OIDC auth — no long-lived CI credentials
- GitHub Actions: build → Trivy → ECR → bump tag
- ArgoCD App-of-Apps auto-sync from Git
- Zero-downtime rolling updates + HPA
- kube-prometheus-stack (Prometheus + Grafana)
Shipped
The outcome
Push to main, walk away — the cluster converges to Git on its own.
Read the code.
Sourcegithub.com/dhanikaa/gitops-argocd-eks