Nandini automates everything

Nandini's team was deploying 8 times a day to 12 microservices across 3 environments. Every deployment was manual — log into the cluster, run kubectl apply, hope nothing breaks. Three engineers spent 2 hours per day just on deployments.

Then a new developer accidentally ran kubectl delete namespace production instead of staging. Everything was gone. It took 4 hours to restore from backups.

Nandini decided that if humans could cause problems, humans should be removed from the deployment process.

GitOps: Git as the source of truth. The desired state of your infrastructure lives in Git. A tool watches that repo and automatically applies any changes to your cluster. Humans never run kubectl manually in production.

Benefits:

- Every change is reviewed via PR — no surprise production changes

- Full audit trail of who changed what and when

- Rollback means git revert — the cluster follows automatically

- New cluster? Point ArgoCD at your repo and everything self-heals

ArgoCD watches your git repo and keeps your cluster in sync:

# Install ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Create an Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
  namespace: argocd
spec:
  source:
    repoURL: https://github.com/mycompany/k8s-configs
    targetRevision: main
    path: apps/myapp
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

When you push a new Docker image tag to your k8s-configs repo, ArgoCD applies it automatically within 3 minutes. No human involvement required.

Terraform manages the cluster itself and everything around it — VPCs, databases, load balancers, DNS records:

provider "aws" {
  region = "ap-south-1"  # Mumbai
}

module "eks" {
  source          = "terraform-aws-modules/eks/aws"
  cluster_name    = "production"
  cluster_version = "1.29"
  vpc_id          = module.vpc.vpc_id
  subnet_ids      = module.vpc.private_subnets

  node_groups = {
    main = {
      desired_size = 3
      min_size     = 2
      max_size     = 10
      instance_types = ["t3.large"]
    }
  }
}

terraform init
terraform plan     # shows what will change
terraform apply    # makes the changes

Your entire cloud infrastructure is now in version control. Disaster recovery means running terraform apply on a new AWS account.

The full GitOps pipeline:

1. Developer pushes code

2. GitHub Actions runs tests, builds Docker image, pushes to ECR

3. GitHub Actions opens a PR updating the image tag in k8s-configs repo

4. Team reviews and merges the PR

5. ArgoCD detects the change and deploys to production automatically

6. Grafana shows the new deployment in metrics

Nandini's team went from 2 hours of manual deployment per engineer per day to zero. The next time someone ran a dangerous kubectl command, ArgoCD simply overwrote it within 3 minutes.