Reconciliation loop: the heart of GitOps. The operator runs an infinite control loop: (1) read desired state from Git, (2) read observed state from Kubernetes API, (3) diff, (4) if different, apply changes (kubectl apply equivalent). Runs on configurable interval (e.g., 3 minutes) and on Git push webhooks. GitOps properties: Declarative (YAML), Versioned (Git), Pulled automatically (operator pulls — not push-based CI), Continuously reconciled (self-healing). Drift: any difference between desired and observed state.
2 / 5
In ArgoCD, what is an Application custom resource?
ArgoCD Application CR: spec fields: source.repoURL (Git URL), source.path (directory in repo), source.targetRevision (branch/tag/commit), destination.server (cluster URL or "in-cluster"), destination.namespace. Sync policies: automated.prune: true — delete resources removed from Git. automated.selfHeal: true — revert manual changes. App of Apps pattern: one Application CR that points to a directory of other Application CRs — bootstraps an entire cluster from a single sync. Sync waves: order resource creation (wave 0 first: CRDs, namespaces; wave 1: operators; wave 2: applications).
3 / 5
What does ArgoCD's OutOfSync status mean?
OutOfSync: ArgoCD has detected a difference between Git and the cluster. Sources: new Git commit (expected — sync will apply it), manual kubectl change (drift — sync will revert it), mutating admission webhook injecting fields (expected — may need to use ignoreDifferences). Synced: Git and cluster match. Unknown: ArgoCD cannot determine state. Health status: Healthy: all resources running. Progressing: deployment in progress. Degraded: pod crash-looping, Deployment failed rollout. Sync options: CreateNamespace=true, ServerSideApply=true, PruneLast=true.
4 / 5
What is Kustomize and why is it used in GitOps repos?
Kustomize: structure: base/ (shared manifests) + overlays/dev/ + overlays/production/. Each overlay kustomization.yaml references the base and applies patches. Features: images override: change image tags without editing base manifests. namePrefix/nameSuffix: add environment prefix to all resource names. configMapGenerator: generate ConfigMaps with content hash appended (triggers rolling update). patches: strategic merge patch or JSON6902. No templating language — plain YAML + overlays. Multi-environment pattern: dev overlay reduces replicas/resources; production overlay adds HPA, PDB, higher limits.
5 / 5
What is drift in a GitOps context and why is it a risk?
Drift: sources include: kubectl direct changes (most common — someone hotfixes in the cluster), admission webhook mutations (injecting fields not in Git), external operators modifying resources, VPA/Cluster Autoscaler changing resource requests. Risk: cluster state no longer matches Git, so Git cannot be used to reproduce the cluster. The cluster is an undocumented snowflake. Auto-reconciliation reverts manual fixes without warning. Break-glass procedure: (1) pause ArgoCD sync for the Application, (2) apply emergency fix, (3) immediately commit same change to Git, (4) re-enable sync. Every break-glass event should trigger a postmortem.