> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Course Introduction

> Practical hands-on GitOps course teaching principles and patterns, Argo CD and tooling, secrets management, CI integration, observability, release strategies, labs, and certification preparation.

Welcome to the GitOps Certified Associate course.

I'm Siddharth, and I'll be your guide through GitOps—the modern, pull-based approach transforming how teams deploy and operate cloud-native applications. Organizations such as Spotify, Apple, Fidelity, and Intuit use GitOps to accelerate deployments, reduce human errors, and scale operations. CNCF surveys show GitOps adoption is growing across enterprises.

This course is practical and hands-on: you’ll work through labs, make mistakes safely, and learn by doing so you can apply GitOps patterns and tooling in real-world scenarios.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/t4oxgWWg0SQKJwoX/images/Prep-Course-GitOps-Certified-Associate-CGOA/Introduction/Course-Introduction/gitea-server-access-terminal-video-overlay.jpg?fit=max&auto=format&n=t4oxgWWg0SQKJwoX&q=85&s=3d4a089c3647eb568358d0d0be231e33" alt="The image shows a split screen with a text-based task on the left explaining how to access a Gitea server and a terminal window on the right displaying a welcome message from KodeKloud. There is also a video overlay of a person speaking." width="1920" height="1080" data-path="images/Prep-Course-GitOps-Certified-Associate-CGOA/Introduction/Course-Introduction/gitea-server-access-terminal-video-overlay.jpg" />
</Frame>

<Callout icon="lightbulb" color="#1CB2FE">
  This course emphasizes labs and exercises so you can practice GitOps patterns and tooling in realistic scenarios.
</Callout>

## What you’ll learn (at a glance)

* GitOps fundamentals: continuous and declarative concepts, desired state, state drift, reconciliation, and feedback loops.
* GitOps principles: why Git as the single source of truth matters and the core principles that define GitOps.
* Reconciliation engines: hands-on with Argo CD and Argo Rollouts.
* Manifests and packaging: Kustomize, Helm charts, and OCI-based Git/registry workflows.
* Secrets management: working with Bitnami Sealed Secrets and `kubeseal`.
* Observability: integrating Prometheus, Grafana, and Alertmanager for metrics and alerts.
* CI integration: building pipelines that publish artifacts and update Git for pull-based delivery.
* Release patterns: rolling updates, recreate, blue/green, and canary releases.
* Metrics & best practices: DORA metrics, operational guardrails, and security-first practices.
* Mock exams and practice questions to validate readiness for certification.

## Course modules overview

| Module                    | Core Topics                                   | Example Tools                      |
| ------------------------- | --------------------------------------------- | ---------------------------------- |
| GitOps fundamentals       | Desired state, reconciliation, feedback loops | `Git`, Argo CD                     |
| Manifests & packaging     | Kustomize overlays, Helm charts               | `Kustomize`, `Helm`                |
| Secrets management        | Encrypting secrets for Git                    | Bitnami Sealed Secrets, `kubeseal` |
| Reconciliation & delivery | Pull-based deployments, rollouts              | Argo CD, Argo Rollouts             |
| CI integration            | Build, push, update Git workflow              | Jenkins, GitHub Actions            |
| Observability             | Metrics, dashboards, alerting                 | Prometheus, Grafana, Alertmanager  |
| Best practices & metrics  | DORA, security, IaC vs CaC                    | Various                            |

## Hands-on labs and learning approach

This course is lab-first. Each lesson pairs conceptual material with guided exercises so you can test patterns, iterate, and learn troubleshooting techniques that matter in production environments.

## GitOps patterns — storing secrets safely with Bitnami Sealed Secrets

A common, secure flow to keep secrets in Git using Bitnami Sealed Secrets:

1. Create a Kubernetes `Secret` manifest locally (without applying it to the cluster).
2. Encrypt that secret with `kubeseal` to produce a `SealedSecret`.
3. Commit the `SealedSecret` to Git; your GitOps controller (for example, Argo CD) will apply it and the Sealed Secrets controller will decrypt it inside the cluster.

Warning: Never commit plain `Secret` YAML (base64 or otherwise) to public repositories.

<Callout icon="warning" color="#FF6B6B">
  Always ensure the private key for Sealed Secrets remains secure. Only encrypted `SealedSecret` manifests belong in Git. Avoid storing unencrypted secrets or private keys in repositories.
</Callout>

Example: create a Secret manifest locally and produce a sealed secret

```bash theme={null}
# Create a Kubernetes Secret manifest (not applied to the cluster)
kubectl create secret generic mysql-password \
  --from-literal=password='s1Ddh@rttF' \
  --dry-run=client -o yaml > mysql-password_k8s-secret.yaml

# Use kubeseal (installed separately) to encrypt the secret into a SealedSecret
# Apply the sealed secret to the cluster (Sealed Secrets controller will decrypt it)
# kubectl apply -f sealed-secret.yaml
```

Local Kubernetes Secret manifest example:

```yaml theme={null}
apiVersion: v1
kind: Secret
metadata:
  name: mysql-password
type: Opaque
data:
  # Base64-encoded password (example)
  password: czFEZGhAcnQj
```

Once you have a `sealed-secret.yaml`, you can manage it in Git and create an Argo CD application that points to the chart or repository hosting the Sealed Secrets controller:

```bash theme={null}
argocd app create sealed-secrets \
  --repo https://bitnami-labs.github.io/sealed-secrets \
  --helm-chart sealed-secrets \
  --revision 2.2.0 \
  --dest-namespace kube-system \
  --dest-server https://1.2.3.4
```

Recommended references:

* Bitnami Sealed Secrets: [https://github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets)
* `kubeseal` docs: [https://github.com/bitnami-labs/sealed-secrets#kubeseal](https://github.com/bitnami-labs/sealed-secrets#kubeseal)

## Tooling and repository layouts

You will practice operating both manifest-based repos and Helm chart repositories. A typical navigation example:

```bash theme={null}
# Example repository navigation
cd cgoa-demos/manifests/helm/
ls
# Output:
# highway-chart
cd highway-chart/
```

Consider organizing repos with clear boundaries:

* `infrastructure/` for cluster-level manifests (ingress, storage)
* `applications/` for per-app Helm charts or Kustomize overlays
* `ci/` for pipeline definitions that update Git

## CI pipelines that update Git (example pattern)

A common GitOps pattern: CI builds and publishes an image, then updates a manifest in Git (e.g., bumps an image tag). The GitOps controller then reconciles that change to the cluster. Below is a cleaned Jenkins pipeline that demonstrates the pattern.

```groovy theme={null}
pipeline {
  agent any
  environment {
    REPO_URL = "http://localhost:5000/kk-org/cgoa-demos"
    BRANCH = "feature-gitea"
    REMOTE_AUTH = "http://587fcc78b44a416b7497ad5065dad577d722708@localhost:5000/kk-org/cgoa-demos"
  }
  stages {
    stage('Checkout') {
      steps {
        script {
          if (fileExists('cgoa-demos')) {
            echo 'Cloned repo already exists - Pulling latest changes'
            dir('cgoa-demos') {
              sh 'git pull'
            }
          } else {
            echo 'Repo does not exist - Cloning the repo'
            sh "git clone -b ${BRANCH} ${REPO_URL}"
          }
        }
      }
    }

    stage('Update Manifest') {
      steps {
        dir('cgoa-demos/jenkins-demo') {
          // Replace placeholder image with the new image tag in deployment.yaml
          sh 'sed -i "s|${IMAGE_REPO}/${NAME}:${VERSION}|${NEW_IMAGE}|g" deployment.yaml'
          sh 'cat deployment.yaml'
        }
      }
    }

    stage('Commit & Push') {
      steps {
        dir('cgoa-demos/jenkins-demo') {
          sh '''
            git config --global user.email "jenkins@ci.com"
            git remote set-url origin ${REMOTE_AUTH}
            git checkout ${BRANCH}
            git add -A || true
            git commit -m "Update manifest: set image to ${NEW_IMAGE}" || true
            git push origin ${BRANCH} || true
          '''
        }
      }
    }
  }
}
```

This pattern demonstrates the separation of concerns:

* CI: build/publish artifacts and update Git (push change).
* GitOps controller: continuously reconcile the cluster to match Git.

## Infrastructure as Code (IaC) vs Configuration as Code (CaC)

Understanding IaC vs CaC clarifies responsibilities:

| Concern       | IaC                                                       | CaC                                                 |
| ------------- | --------------------------------------------------------- | --------------------------------------------------- |
| Primary focus | Provisioning infrastructure (clusters, VMs, networks)     | Application configuration and runtime manifests     |
| Typical tools | Terraform, Pulumi, CloudFormation                         | Helm, Kustomize, plain Kubernetes manifests         |
| GitOps role   | Often used in provisioning pipelines or as upstream input | Primary driver for reconciliation engines (Argo CD) |

Use IaC to create and manage platform resources; use CaC to manage how workloads run on those platforms.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/t4oxgWWg0SQKJwoX/images/Prep-Course-GitOps-Certified-Associate-CGOA/Introduction/Course-Introduction/iac-vs-cac-comparison-diagram.jpg?fit=max&auto=format&n=t4oxgWWg0SQKJwoX&q=85&s=d05d11e7b95aab82adc69572c30274f0" alt="The image compares Infrastructure as Code (IaC) and Configuration as Code (CaC), highlighting their primary focus, what they manage, common tools, context in GitOps, and analogies." width="1920" height="1080" data-path="images/Prep-Course-GitOps-Certified-Associate-CGOA/Introduction/Course-Introduction/iac-vs-cac-comparison-diagram.jpg" />
</Frame>

## Other topics covered

* Moving from DevOps to DevSecOps: integrating security into GitOps workflows.
* CI/CD best practices and how CI pipelines feed pull-based delivery.
* Observability: Prometheus metrics, Grafana dashboards, and Alertmanager for alerts and incident detection.
* DORA metrics: measuring lead time, deployment frequency, MTTR, and change failure rate.
* Labs, exercises, and mock exams to validate your knowledge and certification readiness.

## Quick links & references

* Argo CD: [https://argo-cd.readthedocs.io/](https://argo-cd.readthedocs.io/)
* Bitnami Sealed Secrets: [https://github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets)
* Kubernetes docs: [https://kubernetes.io/docs/](https://kubernetes.io/docs/)
* Helm: [https://helm.sh/](https://helm.sh/)
* Kustomize: [https://kustomize.io/](https://kustomize.io/)
* Prometheus: [https://prometheus.io/](https://prometheus.io/)
* Grafana: [https://grafana.com/](https://grafana.com/)
* Jenkins: [https://www.jenkins.io/](https://www.jenkins.io/)
* DORA metrics primer: [https://cloud.google.com/blog/products/devops-sre/dora-research-accelerate](https://cloud.google.com/blog/products/devops-sre/dora-research-accelerate)

Are you ready to become a GitOps Certified Associate and lead cloud-native operational excellence? This course will prepare you with the practical skills and exam-focused practice to succeed.

<CardGroup>
  <Card title="Watch Video" icon="video" cta="Learn more" href="https://learn.kodekloud.com/user/courses/gitops-certified-associate-cgoa/module/b51e7927-03a2-4bb9-a900-6a55c35e6a0c/lesson/cdf68874-2b28-4011-925b-1025405c736c" />
</CardGroup>
