GitOps-Driven Kubernetes Platform Engineering with ArgoCD and Crossplane

Harry The DevOps Guy
GitOps ArgoCD Crossplane Kubernetes PlatformEngineering InfrastructureAsCode DevOpsTrends MultiCloud

Platform Engineering is maturing rapidly, and GitOps has evolved far beyond application delivery. The modern direction is toward GitOps-first platforms — where infrastructure provisioning, app deployment, and environment reconciliation are all driven declaratively from Git.

This blog outlines a production-grade approach to building a GitOps-native platform using ArgoCD and Crossplane.

Why ArgoCD + Crossplane?

ArgoCD enables declarative, Git-synced application delivery. Crossplane brings infrastructure-as-code directly into Kubernetes via CRDs. When combined:

  • Git becomes the single source of truth
  • Infra and app deployments are reconciled inside Kubernetes
  • There’s no need for external CI jobs, Terraform state, or secret sprawl

This approach empowers platform teams to build reusable, cloud-agnostic abstractions while giving dev teams self-service access via resource claims.

Architecture Overview

Git holds the source manifests. ArgoCD continuously syncs these into Kubernetes. Infrastructure manifests (e.g., for databases, clusters) are interpreted by Crossplane and translated into real cloud resources using provider controllers (e.g., AWS, Azure, GCP).

ArgoCD also deploys applications using Helm, Kustomize, or raw manifests. All changes are Git-driven, diffable, auditable, and revertible.

Example: Multi-Cloud SaaS Platform

Step-by-step flow:

  1. Platform team defines CompositeResourceDefinition (XRD) like XPostgresInstance
  2. Dev team submits a new claim for a database by committing a PostgresClaim.yaml to Git
  3. ArgoCD detects the change and syncs it to the cluster
  4. Crossplane provisions a new PostgreSQL DB (RDS on AWS or CloudSQL on GCP)
  5. Application is deployed via Helm, referencing that DB

There’s zero manual provisioning and zero CI pipeline logic for infra.

Benefits

  • GitOps for both infra and apps
  • Unified Kubernetes-native control plane
  • Cloud-provider abstraction using XRDs
  • No external state management
  • Safer, faster rollbacks and audits

Operational Best Practices

  • Enforce policy on claims using Kyverno or Gatekeeper
  • Expose Crossplane metrics and CRD health via Prometheus/Grafana
  • Use sealed secrets or external secret stores (like Vault) for sensitive values
  • Manage compositions centrally to reduce drift and increase reuse

GitOps Is the New Cloud OS

This model treats Git as the API, Kubernetes as the orchestrator, and CRDs as the programmable interface to both infra and apps. It aligns with internal developer platform (IDP) principles — enabling fast, safe, self-service environments across clouds.

If you’re building a platform team or designing next-gen DevOps workflows, this GitOps-first approach with ArgoCD + Crossplane should be on your radar.

More coming soon: in the next post, I’ll share a reference repo and folder structure for bootstrapping this setup with real-world AWS and GCP infrastructure.