GitOps Implementation Framework for Spring Boot Microservices
In modern cloud-native engineering, the ability to ship software reliably and often is essential. GitOps is the paradigm that enables this by making Git the single source of truth for both application code and deployment configurations. When developers push code to Git, a declarative pipeline ensures the corresponding changes are built, tested, and deployed to production — automatically and safely.
GitOps is a cloud-native deployment methodology that uses Git as the single source of truth for both application and infrastructure configurations. All desired state — container images, Kubernetes manifests, Helm charts — lives in Git. A GitOps controller (e.g., Argo CD) continuously reconciles the live cluster state with the desired state in Git.
This article presents a generic, reusable GitOps implementation framework tailored for Spring Boot microservices on Kubernetes, with a detailed end-to-end example using an Order Service deployed to Amazon EKS. We use industry-standard tools:
- Jenkins for CI (Continuous Integration)
- Amazon ECR as Container Registry
- Argo CD as the GitOps CD (Continuous Deployment) engine
- Amazon EKS as the Kubernetes runtime
The implementation embodies industry best practices and leverages real-world adoption patterns reported for GitOps and Argo CD. According to recent surveys, GitOps adoption has soared with primary incentives including automation, configuration consistency, and auditability and Argo CD is now a mainstream choice for Kubernetes environments.
The article is divided into two parts:
Part 1: A reusable, generic GitOps framework applicable across domains
Part 2: Applying the Framework to an Example Spring Boot Microservice
Part 1: A Reusable GitOps Implementation Framework for Spring Boot Microservices
Step 1: GitOps Reference Architecture
At a high level, the GitOps architecture consists of two distinct but connected pipelines: CI Pipeline and CD Pipeline. This separation respects the principle that CI produces artifacts; CD applies declarative state. Never allow CI to directly deploy to Kubernetes. All deployment actions must flow through Git.
CI Pipeline
Responsible for building, testing, and packaging the Spring Boot application. It produces container artifacts, and updates GitOps configuration.
Flow: Developer → Git (App Repo) → Jenkins → Amazon ECR
CD Pipeline
Argo CD continuously syncs Kubernetes manifests from Git to the EKS cluster.
Flow: Git (Config Repo) → Argo CD → Amazon EKS
Key Principle:
- CI produces artifacts.
- CD applies declarative state.
Step-2: Repository Strategy (Foundational Design Choice)
2.1 Two-Repository Model (Recommended)
Application Repository- Spring Boot source code
- Unit and integration tests
- Dockerfile
- Jenkinsfile
- Kubernetes manifests or Helm charts
- Environment-specific overlays
- Image version references
- Argo CD Application definitions
Separating application code from deployment config avoids accidental changes, encourages clear ownership, and supports environment promotions through pull requests.
Never allow CI tools to deploy directly to Kubernetes. CI commits configuration changes to Git; Argo CD performs deployment.
Step-3: Agile and DevOps Processes Embedded in GitOps
GitOps aligns naturally with modern agile and DevOps practices:
- Backlog Definition includes both code and deployment changes
- Feature Branch Workflow with pull requests ensures quality and auditability
- Definition of Done includes successful CI build, image push, and manifest update — followed by successful Argo CD sync
Best practices include enforcing branch protection, mandatory pull request reviews, and environment promotion gates. These controls ensure deployments are both fast and safe.
Step-4: Continuous Integration (CI) with Jenkins
CI focuses exclusively on code quality and artifact creation. Here are the typical CI stages:
Stage 1: Source Checkout- Jenkins pulls code from Git
- Ensures traceability via commit SHA
- Maven or Gradle build
- Fails fast on compilation errors
- Unit tests
- Optional integration tests (Testcontainers recommended)
- Tools such as SonarQube
- Enforces quality gates early
- Docker image built with immutable version tag
- Example: order-service:1.2.3 or order-service:git-sha
- Jenkins authenticates using IAM role
- Image pushed to private ECR repository
- Jenkins updates the configuration repository
- Only image tag or chart version is changed
- Commit message links to build and Git SHA
CI does not deploy directly. It only produces artifacts and updates Git. The GitOps controller handles deployment.
Step-5: Continuous Deployment with Argo CD
Argo CD implements the reconciliation loop. Argo CD implements the core GitOps pattern:
- Watches the configuration repository
- Detects commits indicating desired state changes
- Reconciles Kubernetes cluster with desired state
- Provides self-healing by auto-correcting drift
- Application: Maps Git repo + path to a Kubernetes namespace
- Desired State: Defined in Git
- Live State: Observed in EKS
- Sync: Reconciliation of live state to desired state
- Rolling updates
- Blue/Green (via Argo Rollouts)
- Canary deployments
- dev, qa, prod directories or branches
- Promotion achieved via Git pull requests
- Full audit trail of every release
Step-6: Security and Governance Best Practices
To make GitOps robust:
- Use IAM Roles for Service Accounts (IRSA) in EKS
- Manage secrets via AWS Secrets Manager or External Secrets
- Enforce Argo CD RBAC
- Enable automated drift detection
Best practices include:
- Keep deployments reproducible
- Enforce Git commit signing
- Avoid manual kubectl changes in clusters
These build a secure, auditable pipeline aligned with enterprise governance needs.
Part 2: Applying the Framework to an Example Spring Boot Microservice
Example Microservice: Order Service
This microservice exposes REST APIs to create and retrieve orders. It uses Spring Boot, PostgreSQL (external), and is packaged as a Docker container.
Initialize the Application Repository
Structure:
The Spring Boot app should include standard REST endpoints and health checks. Include liveness/readiness probes for Kubernetes.
Define Jenkins CI Pipeline
Jenkinsfile Outline:- Checkout
- Build (Maven)
- Test
- Static analysis
- Build Docker image
- Push to ECR
- Update GitOps repo with new image tag
The updated GitOps repo commit triggers Argo CD to deploy changes. This aligns CI to produce artifacts and update deploy state only through Git.
Create ECR Repository
Use native ECR integration for Argo CD to authenticate and pull images (Argo CD can now handle ECR tokens more smoothly with AWS’s managed capability).
Set Up GitOps Configuration Repository
Example Structure:
Use Kustomize or Helm to manage environment overlays; this simplifies reuse and reduces duplicate manifests across environments.
Install and Configure Argo CD on EKS
Install Argo CD in the EKS cluster. Create Argo CD Applications that point to each environment’s overlay. With automated sync enabled, Argo CD will deploy changes whenever the GitOps repo is updated.
End-to-End Flow in Action
- Developer commits code to main
- Jenkins CI pipeline runs
- Docker image pushed to ECR
- Jenkins updates image tag in GitOps repo
- Argo CD detects Git change
- Argo CD syncs desired state to EKS
- Order Service rolls out automatically
- Health checks pass, deployment marked healthy
Result: No kubectl commands. No manual deployment steps.
Conclusion
A well-designed GitOps framework transforms Spring Boot microservice delivery into a predictable, auditable, and scalable system. By combining Jenkins for CI, Amazon ECR for artifact storage, Argo CD for GitOps-based deployment, and Amazon EKS for runtime orchestration, teams achieve true continuous delivery with strong governance.
Most importantly, this framework is generic and reusable. Whether you are deploying a payment service, inventory service, or customer service, the same GitOps principles, repository structures, and pipelines apply. GitOps is not merely a deployment technique; it is an operating model for modern cloud-native engineering.
When Git becomes the source of truth, production becomes a reflection of intent, not manual intervention.
References and Further Reading
- https://ncluster.tech/blog/gitops-kubernetes-argocd-flux/
- https://medium.com/%40shehuyusuf/a-practical-guide-to-gitops-on-aws-building-an-end-to-end-ci-cd-pipeline-with-jenkins-amazon-ecr-3b5322df0c2c
- https://www.linkedin.com/posts/sameer-shekhar-007992283_aws-devops-jenkins-activity-7387892616174047232-mLkx
- https://www.devopstales.com/devops/gitops-goes-mainstream-argocd-surpasses-20000-github-stars-as-enterprise-adoption-triples/
- https://signiance.com/how-enterprises-can-adopt-gitops-for-better-control/
- https://aws.amazon.com/blogs/containers/deep-dive-streamlining-gitops-with-amazon-eks-capability-for-argo-cd/
- https://www.linkedin.com/posts/egor-iakimov_kubernetes-gitops-devops-activity-7393742779887112193-6sM6/
Disclaimer: This post provides general information and is not tailored to any specific individual or entity. It includes only publicly available information for general awareness purposes. Do not warrant that this post is free from errors or omissions. Views are personal.