Ace Cloud Interviews
QuestionsAWSKubernetesCheat SheetsTerraformLearning PathsDay in the LifeCI/CDComparisonsWar StoriesCV TemplatesCertifications
GitOps / CI/CDAdvanced10-15 hours

GitOps Multi-Environment Deployment with ArgoCD

KubernetesArgoCDGitHubKustomizeHelmSealed Secrets

Best for: Platform Engineer, Cloud/DevOps Engineer, Site Reliability Engineer

Overview

Implement a GitOps workflow using ArgoCD to manage deployments across dev, staging, and production environments. The goal is to eliminate manual kubectl apply entirely: every change to application config or infrastructure flows through a pull request, is reviewed, and is applied automatically by ArgoCD watching the Git repository. Secrets are handled safely - nothing sensitive is stored in plaintext in Git.

What you will build

  • Install ArgoCD and configure it to watch a Git repository for Kubernetes manifest changes
  • Structure the repository using Kustomize: a base directory and per-environment overlays (dev, staging, prod)
  • Use Kustomize patches to manage environment-specific config without duplicating manifests
  • Build a CI pipeline that builds the image, pushes it, and opens a PR updating the image tag in the config repo
  • Implement environment promotion: auto-sync for dev, manual approval gate for staging, manual sync for prod
  • Handle secrets safely using Sealed Secrets so no plaintext credentials are committed to Git

Before you start

  • Solid Kubernetes knowledge - Deployments, Services, ConfigMaps, namespaces, RBAC
  • A Kubernetes cluster with at least three namespaces available
  • A GitHub account and comfort with pull requests
  • Basic Kustomize or Helm knowledge

Deliverables

A complete submission should include all of the following.

  • A Git repository with clear structure: apps/ for manifests, base/ for shared config, overlays/dev, overlays/staging, overlays/prod
  • ArgoCD Application or ApplicationSet CRDs defining each environment with appropriate sync policies
  • Kustomize overlays with environment-specific patches for replica count, resource limits, and config values
  • A CI workflow that builds, pushes, and opens a PR updating the image tag in the manifests repo
  • Sealed Secrets configuration so all secrets in Git are encrypted and can only be decrypted in the cluster
  • A PROMOTION.md documenting the exact steps to promote a release from dev to staging to prod

Stretch goals

Optional extras that demonstrate deeper understanding and make your project stand out.

  • +Add Argo Rollouts with a canary strategy for production deployments with automated analysis
  • +Add OPA Gatekeeper or Kyverno policies that ArgoCD enforces before syncing (e.g. no images without a digest)
  • +Set up ArgoCD notifications to Slack for sync success, failure, and health degradation events
  • +Configure drift detection alerts so you are notified when the live cluster state diverges from Git

Interview talking points

When you discuss this project in an interview, be ready to answer these questions specifically.

  • 1Why GitOps improves auditability over direct kubectl apply - every change is a Git commit with a reviewer, timestamp, and full diff
  • 2The difference between push-based and pull-based CD and why pull-based is more secure - no cluster credentials live in CI
  • 3How Kustomize overlays work and why you chose Kustomize over Helm for environment configuration (or vice versa)
  • 4How to investigate a failed ArgoCD sync - what the ArgoCD UI and CLI show you and the commands to dig deeper
  • 5Why you cannot store secrets in a private Git repository and trust that as sufficient security, and how Sealed Secrets solves this with asymmetric encryption
← All projectsCheck your skill gaps ->