3 min readJust now

–

Press enter or click to view image in full size

Photo by Growtika on Unsplash

What you get from this setup

• Push-to-deploy workflow: merge to main → build → publish image → update manifests → ArgoCD syncs to EKS
• Repeatable infrastructure with Terraform (easy to recreate and clean up)
• Safe rollbacks by reverting Git commits (manifests and app versions)

High-level flow (Commit → Production)

1. Developer merges a PR to main
2. GitHub Actions runs CI for the changed microservice(s)
3. CI builds a Docker image and pushes to Docker Hub
4. CI updates the Helm values (image + tag) in the K8s manifest repo
5. ArgoCD detects the Git change and syncs it to AWS EKS
6. Kubernetes performs a rolling update

Architecture summary

CI (Build & Publish)

• Source code in GitHub (microservices repo)
• GitHub Actions per-service workflows
• Docker build & push to Docker Hub

CD (GitOps Deploy)

• Helm charts + values in a separate Git repo (the “desired state”)
• ArgoCD watches the manifest repo and syncs to EKS

Infrastructure (IaC)

• Terraform provisions AWS resources (VPC, EKS, IAM, etc.)

Press enter or click to view image in full size

Infrastructure as Code (Terraform)

Repository: microservices-demo-Iaac

Prerequisites

1. Install Terraform: HashiCorp documentation
2. Install kubectl: Kubernetes documentation
3. Install and configure AWS CLI

1) Setup Infrastrucure

Step 1: Configure AWS credentials

aws configure

You will set:

• AWS Access Key ID
• AWS Secret Access Key
• Default region (example: ap-south-1)
• Output format (recommended: yaml)

Step 2: Clone the Terraform repo

git clone <https://github.com/c0dysharma/microservices-demo-Iaac>cd microservices-demo-Iaac

Step 3: Create terraform.tfvars

env = "dev"azs = ["ap-south-1a", "ap-south-1b", "ap-south-1c"]

Update AZs to match your chosen region.

Step 4: Initialize Terraform

terraform init

Step 5: Review changes

terraform plan

Step 6: Apply

terraform apply

This may take 10–15 minutes.

Step 7: Connect kubectl to the cluster

aws eks update-kubeconfig --name myapp-cluster --region <region>

Replace <region> with your AWS region.

Verify:

kubectl get nodes

2) Install ArgoCD on EKS

Step 1: Create namespace

kubectl create namespace argocd

Step 2: Install ArgoCD

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Wait until pods are ready:

kubectl get pods -n argocd -w

Step 3: (Optional) Install ArgoCD CLI

Follow: ArgoCD CLI docs

Step 4: Apply your ArgoCD Application

kubectl apply -f argocd/application.yaml

Before applying, confirm application.yaml has:

• The manifest repo URL
• Correct app name and namespace
• Correct target revision (branch or tag)

Step 5: Access ArgoCD UI (local)

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

Open:

• ArgoCD service url by checking using

kubectl get svc argocd-service -n argocd

What Terraform creates (at a glance)

• VPC with public and private subnets
• EKS cluster + node groups
• IAM roles and policies
• Security groups

Cleanup — when you want to take infra down

terraform destroy

Kubernetes manifests (Helm) + GitOps

Repository: microservices-demo-k8s

What this repo is for

This repo is the source of truth for what runs in the cluster.

• Helm charts define Kubernetes resources
• Helm values define per-service settings (image, replicas, resources, etc.)
• ArgoCD continuously compares Git vs cluster and syncs changes

How updates work

1. CI pushes a new image to Docker Hub
2. CI updates appImage and appVersion (or similar) in Helm values
3. CI commits to the manifest repo
4. ArgoCD detects the commit and syncs to EKS

Important: Image values are updated by CI, so avoid editing them manually.

Microservices source code + GitHub Actions (CI)

Repository: microservices-demo

Repo structure

• Multiple microservices under src/
• Each service has its own workflow
• Workflows call a reusable workflow template for shared CI logic

Required GitHub secrets

Add these in GitHub:

• DOCKER_USERNAME: Docker Hub username
• DOCKER_PASSWORD: Docker Hub Personal Access Token (PAT) with push access
• K8S_REPO_TOKEN: GitHub PAT with write access to the manifest repo (to update Helm values)

CI flow (per service)

1. Detect changes in the service directory
2. Build Docker image
3. Tag with commit SHA (and optionally semantic version)
4. Push to Docker Hub
5. Update Helm values in the manifest repo
6. Commit + push (triggers ArgoCD sync)

Why this approach works well

• Fast and automated delivery
• Clear separation: CI builds artifacts, CD deploys from Argo
• Easy rollbacks: revert a manifest commit
• Scales cleanly as you add more microservices