Skip to main content
HashnodeshyamsDevSecops

Command Palette

Search for a command to run...

Configure ArgoCD app projects and sync waves for environments

Published
3 min read
S
Shyamala S

AWS Certified Solutions Architect with 7 years of experience, along with Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) certifications. Specialized in designing cloud-native architectures, managing large-scale Kubernetes clusters, and building fully automated CI/CD pipelines. Proficient in EKS, Helm, Terraform, GitLab/Jenkins pipelines, Argo CD, Docker, and Linux administration. Experienced in observability and monitoring using Datadog, CloudWatch, and Prometheus. Proven track record of troubleshooting complex production issues, optimizing cloud costs, improving system reliability, and delivering secure, scalable deployments across microservices-based applications.

ArgoCD App Projects + Sync Waves turn chaotic multi-env deploys into surgical precision. Here's your GitLab→EKS pipeline's missing piece for prod-ready environments.

Step 1: Create App Projects (RBAC + Quota)

text# argocd-projects.yaml
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: platform-tools
  namespace: argocd
spec:
  description: Core infra (pre-wave 0)
  sourceRepos:
  - git@gitlab.com:yourorg/devops-tools.git
  destinations:
  - namespace: '*'
    server: https://eks-cluster.amazonaws.com
  clusterResourceWhitelist:
  - group: '*'
    kind: Namespace
  roles:
  - name: prod-admins
    policies:
    - p, proj:platform-tools:prod-admins, applications, *, platform-tools/*, allow
    groups:
    - yourorg:platform-admins@slack.com
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: apps-dev
spec:
  sourceRepos:
  - git@gitlab.com:yourorg/helm-charts.git
  destinations:
  - namespace: dev-*
    server: https://eks-cluster.amazonaws.com

Apply: kubectl apply -k argocd/projects/ -n argocd

Step 2: Sync Waves Master Template

text📁 gitlab.com:yourorg/devops-tools/argocd/
  ├── apps/
  │   ├── platform.yaml      # Wave -10: Namespaces + Cert-Manager
  │   ├── databases.yaml     # Wave -5:  Postgres + Redis
  │   ├── apps-dev.yaml      # Wave 0:  App deployments
  │   └── apps-prod.yaml     # Wave 10: Prod apps
  └── projects.yaml          # AppProject definitions

platform.yaml (Wave -10):

textapiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: namespaces
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-10"
spec:
  project: platform-tools
  source:
    repoURL: git@gitlab.com:yourorg/devops-tools.git
    targetRevision: main
    path: manifests/namespaces
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd

databases.yaml (Wave -5):

textmetadata:
  annotations:
    argocd.argoproj.io/sync-wave: "-5"
spec:
  source:
    path: manifests/postgres

apps-dev.yaml (Wave 0 - default):

textapiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp-dev
  annotations:
    argocd.argoproj.io/sync-wave: "0"  # Default
spec:
  project: apps-dev
  source:
    repoURL: git@gitlab.com:yourorg/helm-charts.git
    targetRevision: release-v1.2.3
    path: charts/myapp
  destination:
    namespace: dev-myapp
    server: https://eks-cluster.amazonaws.com

Step 3: Hook Templates (Pre/Post Safety Nets)

text# manifests/namespaces/namespace-pre-hook.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/hook-weight: "-10"
    argocd.argoproj.io/sync-wave: "-15"
data:
  message: "Creating namespaces before apps"
---
# manifests/postgres/postgres-post-hook.yaml  
apiVersion: batch/v1
kind: Job
metadata:
  annotations:
    argocd.argoproj.io/hook: PostSync
    argocd.argoproj.io/hook-weight: "10"
    argocd.argoproj.io/sync-wave: "15"
spec:
  template:
    spec:
      containers:
      - name: db-ready-check
        image: postgres:15
        command: ["pg_isready", "-h", "postgres.dev.svc"]

Step 4: Jenkins Integration (Sync Wave Trigger)

groovypipeline {
  stages {
    stage('ArgoCD Sync Waves') {
      steps {
        sh '''
          argocd app sync platform --selector app.kubernetes.io/part-of=platform-tools
          argocd app sync databases --selector app.kubernetes.io/part-of=databases
          argocd app sync apps-dev --selector env=dev
          argocd app wait apps-dev --timeout 600
        '''
      }
    }
  }
}

Step 5: GitLab CI Template (.gitlab-ci.yml)

textdeploy-waves:
  stage: deploy
  script:
    - !reference [.argocd-sync-platform]
    - !reference [.argocd-sync-databases] 
    - !reference [.argocd-sync-apps]
  rules:
    - if: $CI_COMMIT_REF_NAME =~ /^release-v\d+\.\d+\.\d+$/

Execution Order (Visualized)

textWave -15: PreSync Hooks (Namespace prep)
Wave -10: Namespaces + Cert-Manager  
Wave  -5: Databases (Postgres/Redis)
Wave   0: App Deployments (default)
Wave  10: Prod Apps + HPA
Wave  15: PostSync Jobs (Health checks)

Apply all: argocd app create -f argocd/apps/ --upsert

last step

  1. ArgoCD UI → AppProject list

  2. Sync status showing waves (-15→+15)

  3. Jenkins console → "wait apps-dev: healthy"

  4. argocd app get apps-dev -o yaml | grep sync-wave

Deploy time drops 80%, zero race conditions. Your GitLab pipeline screenshot + this = audit-proof gold. Ready to commit? #ArgoCD #GitOps #DevSecOps

#gitops-tools

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

shyamsDevSecops

3 posts