ArgoCD Advanced Patterns: App of Apps and Promotion Flows

Basic ArgoCD setup works for a small number of applications. At scale, teams need structure for multi-environment promotion, dependency ordering, and controlled rollouts.

1. Repository Strategy

A practical approach:

  • app source code in service repos
  • deployment manifests in environment repos
  • platform/base components in shared repo

This separation keeps deployment governance independent from application release cadence.

2. App of Apps Pattern

Use one root application per environment that manages child apps.

Benefits:

  • consistent environment bootstrapping
  • centralized visibility
  • easier disaster recovery recreation
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: prod-root
  namespace: argocd
spec:
  project: production
  source:
    repoURL: https://github.com/company/platform-gitops
    path: environments/prod/apps
    targetRevision: main
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

3. Promotion Flow Between Environments

Use explicit promotion commits instead of direct production edits:

  1. Merge to dev
  2. Validate automated tests and smoke checks
  3. Promote same artifact digest to staging
  4. Promote approved digest to prod

Key rule:

  • promote immutable image digests, not mutable tags.

4. Sync Waves and Hooks

Complex systems need ordered deployment:

  • CRDs first
  • platform dependencies second
  • application workloads last

Use sync waves:

metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "10"

Use pre-sync and post-sync hooks for database migrations and smoke tests.

5. Drift and Policy Controls

  • enable selfHeal carefully in production
  • block manual cluster edits for managed resources
  • use policy checks for critical manifests
  • alert on repeated drift

6. Progressive Delivery with Argo Rollouts

For high-risk services:

  • canary with metrics-based analysis
  • automatic rollback on SLO degradation
  • staged traffic increase

This combines GitOps consistency with runtime risk control.

7. Multi-Tenant ArgoCD Setup

  • create ArgoCD Projects per team or domain
  • restrict source repos and destination namespaces
  • enforce RBAC and SSO groups

This avoids cross-team blast radius in shared clusters.

8. Anti-Patterns

  • one giant repo with no environment boundaries
  • direct production commits bypassing promotion flow
  • mutable image tags in production
  • unmanaged dependencies without sync ordering

Production Baseline

  1. App of Apps per environment
  2. digest-based promotion flow
  3. sync waves for dependencies
  4. policy + RBAC boundaries
  5. progressive delivery for critical services

These patterns keep GitOps manageable as application count grows.