ArgoCD implements the GitOps pattern for Kubernetes by continuously reconciling the live state of your cluster with manifests stored in a Git repository. Running on RHEL 8, you interact with ArgoCD through its CLI, its web UI, or both, while a controller inside the cluster watches for drift and can automatically correct it. This tutorial covers installing ArgoCD into a dedicated namespace, configuring the CLI, creating and syncing applications, enabling automated self-healing, and connecting private repositories via SSH. By following these steps you will have a production-grade GitOps delivery pipeline up and running.

Prerequisites

  • RHEL 8 host with kubectl configured against a running Kubernetes cluster (v1.21+)
  • Sufficient cluster permissions to create namespaces and RBAC resources
  • A Git repository containing Kubernetes manifests (public or private)
  • ArgoCD CLI binary installed on the RHEL 8 management host
  • curl and kubectl port-forward available

Step 1 — Install ArgoCD into a Dedicated Namespace

ArgoCD is distributed as a single installation manifest that creates all required CRDs, deployments, services, and RBAC objects.

kubectl create namespace argocd

kubectl apply -n argocd 
  -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Watch pods come up
kubectl get pods -n argocd -w

# Confirm all pods are Running
kubectl get pods -n argocd

The installation includes the ArgoCD server, application controller, repo server, Redis, and Dex (for SSO). Wait until all pods reach the Running state before proceeding.

Step 2 — Install the ArgoCD CLI and Log In

Download the ArgoCD CLI binary that matches the server version installed in the previous step, then authenticate using kubectl port-forward so you do not need to expose the ArgoCD server externally during initial setup.

# Download the latest ArgoCD CLI
ARGOCD_VERSION=$(kubectl -n argocd get deployment argocd-server 
  -o jsonpath='{.spec.template.spec.containers[0].image}' | cut -d: -f2)

curl -sSL -o /usr/local/bin/argocd 
  https://github.com/argoproj/argo-cd/releases/download/${ARGOCD_VERSION}/argocd-linux-amd64

chmod +x /usr/local/bin/argocd
argocd version --client

# Port-forward the ArgoCD server to localhost
kubectl port-forward svc/argocd-server -n argocd 8080:443 &

# Retrieve the initial admin password
ARGOCD_PASS=$(kubectl -n argocd get secret argocd-initial-admin-secret 
  -o jsonpath="{.data.password}" | base64 -d)

# Log in (accept the self-signed cert)
argocd login localhost:8080 --username admin --password "$ARGOCD_PASS" --insecure

Step 3 — Create and Sync an ArgoCD Application

An ArgoCD Application resource maps a Git repository path to a Kubernetes namespace. The argocd app create command creates this mapping.

argocd app create my-app 
  --repo https://github.com/your-org/your-repo.git 
  --path k8s/manifests 
  --dest-server https://kubernetes.default.svc 
  --dest-namespace my-app-namespace

# Create the destination namespace if it does not exist
kubectl create namespace my-app-namespace

# Trigger an initial manual sync
argocd app sync my-app

# Check application status
argocd app get my-app
argocd app list

The --dest-server https://kubernetes.default.svc value tells ArgoCD to deploy to the same cluster it is running in. For external clusters you would register the cluster first with argocd cluster add <context-name>.

Step 4 — Enable Automated Sync, Self-Healing, and Pruning

Automated sync policies eliminate the need to manually trigger syncs after every Git push. Self-healing reapplies desired state if someone manually edits a resource in the cluster, and pruning removes resources that no longer exist in Git.

argocd app set my-app 
  --sync-policy automated 
  --self-heal 
  --auto-prune

# Verify the sync policy
argocd app get my-app | grep -A5 "Sync Policy"

# Check for drift between live and desired state
argocd app diff my-app

# Force a manual refresh (re-fetch from Git without waiting for polling interval)
argocd app get my-app --refresh

By default ArgoCD polls Git every three minutes. You can configure a webhook on your Git repository to push change notifications to ArgoCD for near-instant syncs.

Step 5 — Connect a Private Repository via SSH Key

For private repositories, ArgoCD must be given credentials to authenticate. The recommended approach for SSH is to register a deploy key.

# Generate a deploy key (no passphrase for automated use)
ssh-keygen -t ed25519 -C "argocd-deploy" -f ~/.ssh/argocd_deploy -N ""

# Display the public key — add this as a read-only deploy key in your Git provider
cat ~/.ssh/argocd_deploy.pub

# Register the private key with ArgoCD
argocd repo add [email protected]:your-org/your-repo.git 
  --ssh-private-key-path ~/.ssh/argocd_deploy

# List registered repositories
argocd repo list

You can also use HTTPS credentials with --username and --password flags, or a personal access token. Store secrets in a secrets manager and inject them at deployment time rather than hard-coding them in manifests.

Step 6 — Access the ArgoCD Web UI

The ArgoCD web UI provides a visual representation of application health, sync status, and resource trees. Expose it using port-forward or patch the service to LoadBalancer or NodePort.

# Keep port-forward running (already started in Step 2)
# Open https://localhost:8080 in a browser

# Change the admin password after first login
argocd account update-password 
  --current-password "$ARGOCD_PASS" 
  --new-password "YourNewSecurePassw0rd!"

# Alternatively, expose the service as NodePort for cluster-wide access
kubectl patch svc argocd-server -n argocd 
  -p '{"spec": {"type": "NodePort"}}'

kubectl get svc argocd-server -n argocd

The UI displays each application’s resource tree, colour-coded sync status (Synced / OutOfSync), and health status (Healthy / Degraded / Progressing). Clicking a resource opens its YAML, events, and logs directly in the browser.

Conclusion

You have deployed ArgoCD on a Kubernetes cluster managed from RHEL 8, authenticated with the CLI, created a GitOps application, and configured automated sync with self-healing and pruning. You also learned how to connect private repositories securely using SSH deploy keys and how to access the visual web dashboard. With ArgoCD in place, every merge to your target Git branch automatically reconciles the cluster to the declared desired state.

Next steps: How to Install and Use Helm for Kubernetes Package Management on RHEL 8, How to Install and Configure SonarQube on RHEL 8, and How to Build a Jenkins CI/CD Pipeline on RHEL 8.