Correct Answer: A) Git repository is the single source of truth for declarative infrastructure

GitOps uses Git repositories as the single source of truth for declarative infrastructure and applications. The desired state of the system is versioned in Git, and automated processes ensure the actual state matches the desired state.

Correct Answer: C) A GitOps continuous delivery tool for Kubernetes

ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by keeping the deployed state in sync with the state defined in a Git repository.

Correct Answer: B) Enhanced security through immutable infrastructure

GitOps enhances security by promoting immutable infrastructure. Changes go through version control (providing audit trail and approval processes), and no direct access to the cluster is needed for deployments, reducing the attack surface.

Correct Answer: C) ArgoCD Application Controller

The Application Controller is the component that continuously monitors running applications and compares their current, live state against the desired state defined in the Git repository. It detects and reconciles any differences.

Correct Answer: B) Specifying the desired end state of a system rather than the steps to get there

Declarative configuration focuses on describing what the desired outcome should be, rather than how to achieve it. The system then works to reconcile the actual state with this declared desired state.

Correct Answer: C) kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

The standard way to install ArgoCD is by applying the install manifest directly from the ArgoCD GitHub repository, though other methods like Helm are also available. The correct Helm command is: helm install my-argo-cd oci://ghcr.io/argoproj/argo-helm/argo-cd --version 7.8.14 (see https://artifacthub.io/packages/helm/argo-cd-oci/argo-cd)

Correct Answer: B) Application

The Application CRD is the core resource in ArgoCD that defines a logical application and links it to a source repository, destination cluster, and path within the repository.

Correct Answer: B) Continuous comparison of desired state with actual cluster state

ArgoCD's reconciliation constantly compares the desired state (defined in Git) with the actual state in the Kubernetes cluster. When differences are detected, ArgoCD takes action to make the actual state match the desired state.

Correct Answer: B) To specify when and how automatic synchronization should occur

The sync policy defines whether synchronization happens automatically or manually, and can include additional options like pruning resources and performing self-healing operations.

Correct Answer: D) Docker registries

ArgoCD natively supports Git repositories, Helm charts, and Kustomize applications as source types, but not Docker registries directly. It deploys applications based on manifest sources, not container images.

Correct Answer: C) Application repositories for source code and config repositories for deployment manifests

A common GitOps pattern is to separate application code from deployment configuration. This allows for independent lifecycle management while maintaining a clear separation of concerns.

Correct Answer: B) Operators inside the cluster pull desired configuration from Git

In pull-based GitOps, operators (like ArgoCD) running inside the cluster continuously monitor Git repositories and pull in changes, applying them to the cluster when differences are detected.

Correct Answer: C) It extends Kubernetes RBAC with custom resources like Projects

ArgoCD builds on Kubernetes RBAC but extends it with concepts like Projects, which provide logical grouping of applications with specific access controls and constraints.

Correct Answer: B) Using one ArgoCD Application to manage other ArgoCD Applications

The "App of Apps" pattern involves creating an ArgoCD Application that points to a Git repository containing the definitions of other ArgoCD Applications. This allows for managing multiple applications as a group.

Correct Answer: C) Argo Rollouts

Argo Rollouts is specifically designed to work with ArgoCD for advanced deployment strategies like canary, blue-green, and A/B testing, providing fine-grained control over the progressive delivery process.

Correct Answer: C) To automatically correct drift between the desired and actual state

The self-heal option enables ArgoCD to automatically restore resources to their desired state if they are modified outside of the GitOps workflow, preventing configuration drift.

Correct Answer: B) A logical grouping of applications with specific restrictions and permissions

An ArgoCD Project provides a way to group applications and define rules about what repositories they can pull from, what cluster resources they can deploy, and which clusters they can deploy to.

Correct Answer: B) The state defined in the Git repository that should be reflected in the cluster

In GitOps, the Git repository acts as the single source of truth, containing the desired state that should be reflected in the target environment. The GitOps operator works to ensure the actual state matches this desired state.

Correct Answer: A) Using separate values files committed to the Git repository

In a GitOps workflow with ArgoCD, Helm chart values are typically defined in values files committed to the Git repository. ArgoCD can be configured to use these values files when deploying the chart.

Correct Answer: B) Controlling the sequence of resource creation across multiple applications

Waves in ArgoCD allow for fine-grained control over the order in which resources are created or updated, ensuring dependencies are properly addressed and reducing the risk of failed deployments.

Correct Answer: D) API Server

The ArgoCD API Server is a gRPC/REST server that exposes the API consumed by the web UI, CLI, and other clients. It's responsible for application management and status reporting, and also serves as the repository server.

Correct Answer: B) Kustomize uses a patching approach, while Helm uses templating

Kustomize and Helm represent different approaches to managing Kubernetes manifests. Kustomize uses a patching system to modify existing YAML, while Helm uses a templating engine to generate YAML from templates and values.

Correct Answer: B) To remove resources that no longer exist in the Git repository

The prune option allows ArgoCD to delete resources from the cluster that are no longer defined in the Git repository, ensuring complete synchronization of the actual state with the desired state.

Correct Answer: B) By integrating with external tools like Sealed Secrets, Vault, or SOPS

ArgoCD doesn't have built-in secret encryption but integrates with tools like Bitnami Sealed Secrets, HashiCorp Vault, or SOPS to securely manage secrets in a GitOps workflow.

Correct Answer: C) Force

ArgoCD supports three sync strategies: Apply (default, using kubectl apply), Hook (using kubectl apply with pruning pre/post sync hooks), and Replace (using kubectl replace). "Force" is not a valid sync strategy.

Correct Answer: A) To create a hierarchy of applications for easier management

The app-of-apps pattern creates a hierarchical structure where a parent ArgoCD Application manages multiple child Applications, simplifying the management of complex deployments and enabling orchestration of multiple applications.

Correct Answer: B) Centralized governance and configuration consistency across clusters

ArgoCD's multi-cluster capability allows organizations to manage applications across multiple Kubernetes clusters from a single ArgoCD instance, ensuring consistent configuration and governance across environments.

Correct Answer: B) To determine if applications are functioning correctly after deployment

ArgoCD health checks evaluate the status of deployed resources to determine if an application is healthy after synchronization. Different resource types have different health criteria that ArgoCD checks.

Correct Answer: D) Direct access through the Kubernetes API server

While ArgoCD can be accessed via port-forwarding, Ingress, or NodePort services, it's not directly accessible through the Kubernetes API server as it's a separate application with its own API and UI.

Correct Answer: B) To update the Git repositories cached by ArgoCD

The refresh operation updates ArgoCD's internal cache with the latest state from the Git repository and the live cluster state, ensuring ArgoCD has up-to-date information when making sync decisions.

Correct Answer: A) To generate Kubernetes manifests from proprietary configuration formats

Config Management Plugins extend ArgoCD's capability to work with custom or proprietary configuration management tools and formats beyond the built-in support for Helm, Kustomize, and plain YAML.

Correct Answer: A) Blue-Green switches all traffic at once, while Canary gradually shifts traffic

In Blue-Green deployments, two identical environments exist with only one receiving traffic. Traffic is switched entirely from one to the other after validation. In Canary deployments, traffic is gradually shifted to the new version.

Correct Answer: C) Application

The Application is a custom resource definition (CRD) specific to ArgoCD that defines the source repository, target cluster, and configuration options for an application managed by ArgoCD.

Correct Answer: B) To maintain a local cache of repository contents

The Repository Server maintains a local cache of Git repository contents, generates and returns the Kubernetes manifests for applications based on the repository content, configuration management tools, and application settings.

Correct Answer: A) Lua scripts

ArgoCD uses Lua scripts for custom health checks. You can define custom health checks for specific resources by adding Lua scripts that determine when a resource is considered healthy.

Correct Answer: B) To customize how ArgoCD compares resources during synchronization

Diffing customization allows you to configure how ArgoCD compares the desired state with the actual state, such as ignoring certain fields or normalizing differences that aren't significant.

Correct Answer: A) Number of applications and their sync statuses

Monitoring the number of applications and their sync statuses provides insight into ArgoCD's operational state and can help identify issues with the GitOps workflow.

Correct Answer: B) They provide templating and packaging for complex applications

Helm charts offer templating capabilities and package management for Kubernetes applications, making it easier to deploy and configure complex applications with different values across environments.

Correct Answer: B) To automate the creation of ArgoCD Applications at scale

ApplicationSets allow for automated, templated creation of ArgoCD Applications across multiple clusters, repositories, or environments, simplifying management at scale.

Correct Answer: D) All of the above

ArgoCD HA mode requires multiple components: multiple instances of ArgoCD components (API server, application controller, repo server), a load balancer to distribute traffic, and typically external database/Redis for state management.

Correct Answer: B) To control the order of resource creation within an application

SyncWaves allow for controlling the order in which resources are applied within an application by assigning wave numbers to resources. Resources with lower wave numbers are applied first.

Correct Answer: A) To manage sets of applications across multiple clusters

The ApplicationSet controller allows for templated creation of many ArgoCD Applications across multiple clusters or from multiple Git repositories, simplifying fleet management.

Correct Answer: D) Deployment generator

ApplicationSets support List, Cluster, Git, and Matrix generators, but there's no built-in "Deployment generator". These generators define how ApplicationSet templates are expanded into multiple Applications.

Correct Answer: A) Storing encrypted secrets in the Git repository using tools like Sealed Secrets

For GitOps-based secret management, it's recommended to encrypt secrets before storing them in Git using tools like Bitnami Sealed Secrets, SOPS, or Vault, allowing for secure secret management within the GitOps workflow.

Correct Answer: B) A resource that temporarily exists during sync operations

Hooks in ArgoCD are Kubernetes resources that are executed during specific phases of a sync operation (PreSync, Sync, PostSync) but are not part of the final application state. They're used for jobs like database migrations.

Correct Answer: A) ArgoCD has a web UI, while Flux CD is CLI-only

One of the key differences between these GitOps tools is that ArgoCD provides a rich web UI for visualization and management, while Flux CD traditionally has been more CLI-focused (though this is changing in newer versions).

Correct Answer: B) To track which resources are managed by which application

Resource tracking in ArgoCD determines which Kubernetes resources are managed by which ArgoCD application, preventing conflicts where multiple applications might try to manage the same resources.

Correct Answer: B) Rebuilding the entire infrastructure from the Git repository

A key benefit of GitOps is that the Git repository contains the complete desired state of the system. In case of disaster, you can rebuild the entire infrastructure by applying the manifests from the repository to a new cluster.

Correct Answer: C) To specify fields that should be ignored when comparing resources

The ignoreDifferences field allows you to specify fields in resources that ArgoCD should ignore when determining if a resource is in sync, useful for fields that are modified by controllers or contain runtime data.

Correct Answer: C) Using a single branch with environment-specific overlays using Kustomize

A common best practice in GitOps is to use a single branch with environment-specific overlays using tools like Kustomize. This approach maintains a single source of truth while allowing for environment-specific configurations.