Chapters
Try It For Free
Harness
/
Blog
/
Technical
January 26, 2026

How to Scale GitOps Without Hitting the Argo Ceiling | Harness Blog

Dewan Ahmed

All this author’s posts

Eric Minick

All this author’s posts

The Argo ceiling is a predictable scaling challenge, not a failure of Argo CD or GitOps. As clusters and teams grow, visibility, governance, and orchestration fragment without a control plane. Script-heavy workflows and manual processes slow delivery and increase risk at scale. A GitOps control plane enables unified visibility, structured workflows, automated guardrails, and secure secret management.

GitOps has become the default model for deploying applications on Kubernetes. Tools like Argo CD have made it simple to declaratively define desired state, sync it to clusters, and gain confidence that what’s running matches what’s in Git.

And for a while, it works exceptionally well.

Most teams that adopt GitOps experience a familiar pattern: a successful pilot, strong early momentum, and growing trust in automated delivery. But as adoption spreads across more teams, environments, and clusters, cracks begin to form. Troubleshooting slows down. Governance becomes inconsistent. Delivery workflows sprawl across scripts and tools.

This is the point many teams describe as “Argo not scaling.”

In reality, they’ve hit what we call the Argo ceiling.

The Argo ceiling isn’t a flaw in Argo CD. It’s a predictable inflection point that appears when GitOps is asked to operate at scale without a control plane.

What Is the Argo Ceiling?

The Argo ceiling is the moment when GitOps delivery starts to lose cohesion as scale increases.

Argo CD is intentionally designed to be cluster-scoped. That design choice is one of its strengths: it keeps the system simple, reliable, and aligned with Kubernetes’ model. But as organizations grow, that same design introduces friction.

Teams move from:

  • A small number of clusters to dozens (or hundreds)
  • A handful of applications to thousands
  • One platform team to many autonomous product teams

At that point, GitOps still works — but operating GitOps becomes harder. Visibility fragments. Orchestration logic leaks into scripts. Governance depends on human process instead of platform guarantees.

The Argo ceiling isn’t a hard limit. It’s the point where teams realize they need more structure around GitOps to keep moving forward.

Argo Ceiling Concept

The Symptoms Teams See at Scale

Fragmented Visibility

One of the first pain points teams encounter is visibility.

Argo CD provides excellent insight within a single cluster. But as environments multiply, troubleshooting often turns into dashboard hopping. Engineers find themselves logging into multiple Argo CD instances just to answer basic questions:

  • Where is this application deployed?
  • Which environment failed?
  • Was this caused by the same change?

What teams usually want instead is:

  • A single place to see deployment status across clusters
  • The ability to correlate failures back to a specific change or release
  • Faster root-cause analysis without switching contexts

Argo CD doesn’t try to be a global control plane, so this gap is expected. When teams start asking for cross-cluster visibility, it’s often the first sign they’ve hit the Argo ceiling.

Glue Code and Script Entropy

As GitOps adoption grows, orchestration gaps start to appear. Teams need to handle promotions, validations, approvals, notifications, and integrations with external systems.

In practice, many organizations fill these gaps with:

  • Jenkins pipelines
  • GitHub Actions
  • Custom scripts glued together over time

These scripts usually start small and helpful. But as they grow, they begin to:

  • Accumulate environment-specific logic
  • Encode tribal knowledge
  • Become difficult to change safely

This is a classic Argo ceiling symptom. Orchestration lives outside the platform instead of being modeled as a first-class, observable workflow. Over time, GitOps starts to feel less like a modern delivery model and more like scripted CI/CD from a decade ago.

Awkward Promotion Flows

Promotion is another area where teams feel friction.

Argo CD is excellent at syncing desired state, but it doesn’t model the full lifecycle of a release. As a result, promotions often involve:

  • Manual pull requests
  • Repo hopping between environments
  • Ad-hoc approvals and checks

These steps slow delivery and increase cognitive load, especially as the number of applications and environments grows.

Secret Sprawl

Git is the source of truth in GitOps — but secrets don’t belong in Git.

At small scale, teams manage this tension with conventions and external secret stores. At larger scale, this often turns into a patchwork of approaches:

  • Different secret managers per team
  • Custom templating logic
  • Inconsistent access controls

The result is secret sprawl and operational risk. Managing secrets becomes harder precisely when consistency matters most.

Difficult Audits

Finally, audits become painful.

Change records are scattered across Git repos, CI systems, approval tools, and human processes. Reconstructing who changed what, when, and why turns into a forensic exercise.

At this stage, compliance depends more on institutional memory than on reliable system guarantees.

What Not to Do When You Hit the Ceiling

When teams hit the Argo ceiling, the instinctive response is often to add more tooling:

  • More scripts
  • More pipelines
  • More conventions
  • More manual reviews

Unfortunately, this usually makes things worse.

The problem isn’t a lack of tools. It’s a lack of structure. Scaling GitOps requires rethinking how visibility, orchestration, and governance are handled — not piling on more glue code.

Principles for Scaling GitOps Correctly

Before introducing solutions, it’s worth stepping back and defining the principles that make GitOps sustainable at scale.

Centralize Control (Without Centralizing Ownership)

One of the biggest mistakes teams make is repeating the same logic in every Argo CD cluster.

Instead, control should be centralized:

  • RBAC policies
  • Governance rules
  • Audit trails
  • Global visibility

At the same time, application ownership remains decentralized. Teams still own their services and repositories — but the rules of the road are consistent everywhere.

Orchestrate, Don’t Script

GitOps should feel modern, not like scripted CI/CD.

Delivery is more than “sync succeeded.” Real workflows include:

  • Pre- and post-deployment steps
  • Validations and checks
  • Approvals and notifications

These should be modeled as structured, observable workflows — not hidden inside scripts that only a few people understand.

Automate Guardrails

Many teams start enforcing rules through:

  • PR reviews
  • Documentation
  • Manual approvals

That approach doesn’t scale.

In mature GitOps environments, guardrails are enforced automatically:

  • Objective policy checks
  • Repeatable enforcement
  • Rules that run before, during, and after deployment

Git remains the source of truth, but compliance becomes a platform guarantee instead of a human responsibility.

Why GitOps Needs a Control Plane

These challenges point to a common conclusion: GitOps at scale needs a control plane.

Git excels at versioning desired state, but it doesn’t provide:

  • Cross-cluster visibility
  • Consistent governance
  • End-to-end workflow orchestration

A control plane complements GitOps by sitting above individual clusters. It doesn’t replace Argo CD — it coordinates and governs it.

Harness as the GitOps Control Plane

Harness provides a control plane that allows teams to scale GitOps without losing control.

Unified Visibility

Harness gives teams a single place to see deployments across clusters and environments. Failures can be correlated back to the same change or release, dramatically reducing time to root cause.

A Single Control Plane for Your GitOps Resources

Structured Orchestration

Instead of relying on scripts, Harness models delivery as structured workflows:

  • Pre- and post-sync steps
  • Promotions and approvals
  • Notifications and integrations
End-to-End GitOps Delivery Pipeline

This keeps orchestration visible, reusable, and safe to evolve over time.

AI-Assisted Deployment Verification

Kubernetes and Argo CD can tell you whether a deployment technically succeeded — but not whether the application is actually behaving correctly.

Harness customers use AI-assisted deployment verification to analyze metrics, logs, and signals automatically. Rather than relying on static thresholds or manual checks, the system evaluates real behavior and can trigger rollbacks when anomalies are detected.

This builds on ideas from progressive delivery (such as Argo Rollouts analysis) while making verification consistent and governable across teams and environments.

Solving the GitOps–Secrets Paradox

Harness GitOps Secret Expressions address the tension between GitOps and secret management:

  • Secrets are created and stored securely in the Harness platform
  • GitOps manifests reference secrets using expressions
  • The GitOps agent resolves them at runtime
  • Secrets never leave customer infrastructure

This keeps Git clean while making secret handling consistent and auditable.

What’s Next

The Argo ceiling isn’t a failure of GitOps — it’s a sign of success.

Teams hit it when GitOps adoption grows faster than the systems around it. Argo CD remains a powerful foundation, but at scale it needs a control plane to provide visibility, orchestration, and governance.

GitOps doesn’t break at scale.
Unmanaged GitOps does.

Ready to move past the Argo ceiling? Watch the on-demand session to learn how teams scale GitOps with confidence.

Dewan Ahmed

All this author’s posts

Dewan Ahmed is a Principal Developer Advocate at Harness, a company that aims to enable every software engineering team in the world to deliver code reliably, efficiently and quickly to their users. Before joining Harness, he worked at IBM, Red Hat, and Aiven as a developer, QA lead, consultant, and developer advocate. For the last fifteen years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last ten years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech on his personal blog. Outside of work, he’s an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.

Eric Minick

All this author’s posts

Eric Minick is an internationally recognized expert in software delivery with experience in Continuous Delivery, DevOps, and Agile practices, working as a developer, marketer, and product manager. Eric is the co-author of “AI Native Software Delivery” (O’Reilly) and is cited or acknowledged in the books “Continuous Integration,” “Agile Conversations,” and “Team Topologies.” Today, Eric works on the Harness product management team to bring its solutions to market. Eric joined Harness from CodeLogic, where he was Head of Product.

Previous
Next

What is a Kubernetes Container?

Spinnaker to Harness: A Conversion Story - Part 1

Shifting Down With Harness Cloud Cost Management

Modern Log Layers

GraphQL: Harness Your Way

CI/CD Pipeline: Everything You Need to Know

A Home for ECS Developers

Testing Methodologies

Your First Harness CI Installation, Build, and Publish

Spinnaker vs Harness - Filming My Journey

IT Audits - How Continuous Delivery can Help

Deploying With Harness & AppDynamics

Blue-Green Deployments With Kubernetes and Harness

Your First Kubernetes Cluster Deployment

Canary Deployments and Operations in Kubernetes

Lessons from the Harness Cloud Cost Management

Optimizing cloud logging to save over $140k in costs

6 Actionable GitOps Best Practices to Help You Get Started

An Introduction to Artificial Intelligence and Machine Learning

Applying AI/ML to CI/CD Pipelines

Metrics to Improve Continuous Integration Performance

Comparing Helm vs Kustomize

A Breakdown of Continuous Integration Testing

Eliminates Delivery Toil

Introducing Recommendations API: Find Potential Cost Savings Programmatically

Accelerates AWS Cloud Migration

Selected Harness over Spinnaker for CI/CD

Replaced Spinnaker & Saved $275,000

Scaled Kubernetes Continuous Delivery with GitOps

Migrates to Kubernetes with One Developer and Harness

What is O11Y? Observability Demystified with Chris Riley from Splunk

Travis CI Alternatives To Consider

Kubernetes CI/CD Best Practices

What is Cloud Cost Intelligence?

ShipTalk Podcast - A Time Before, During, and After Kubernetes

Tutorial: How to Use the New Vault Agent Integration Method With Harness

Pipeline Patterns for CI/CD Pipelines

Feature Flags: Should I Build or Buy?

Measuring & Maximizing Developer Productivity

4 Best CI/CD Tools for DevOps

Migrating to Harness Feature Flags: Our Technical Journey

Tutorial: Turning a GitHub Repo Into a Helm Chart Repo

Change Management in the World of Continuous Delivery

Laying the Groundwork for an Effective FinOps Organization

How to set up cross-account access for S3 bucket policies

Harness the Power of AWS EKS-Anywhere

Test Intelligence™: Move Fast, Don’t Break Things

Tutorial: [GraphQL] How to Interact With the Harness API Using Python

What Are Audit Trails & Why You Need Them in CD

5 Feature Flag Use Cases You May Not Have Thought Of

Announcing Support for Python in Harness Feature Flags

The Benefits of Feature Flags in Software Delivery

Announcing Support for .NET in Harness Feature Flags

How to Write Your First Plugin for CI

Migrating From Jenkins to Harness CIE: A Journey

Feature Flags With Python

Intelligent & Automated Feature Flags With Harness

Find and Fix Vulnerabilities in Your Pipeline With Snyk and Harness

Cloud Center of Excellence: What It Is, Best Practices, & More

What Is Testing in Production & How to Avoid The Risks

Simplifying Kubernetes Cost Management With Harness

Cloud Cost Workload Recommendations

GitHub Actions Support in Harness CI

How Feature Flags Help With Trunk-Based Development

AutoStopping Rules for Kubernetes Clusters

Dashboarding, Or Data Visualization

Feature Flags Best Practices also known as Feature Toggles

Micro-Frontend Architecture in the Harness Software Delivery Platform

Lessonly by Seismic Says Goodbye to Jenkins and Toil With Harness CI Enterprise

What Is Split.io? A Look at Features and Use Cases

Harness CI Enterprise for UI Builds

Feature Flags Overview For PMs: Getting Qualitative Feedback and Managing Releases

Kubernetes Mistakes: A Beginner’s Guide to Avoiding Common Pitfalls

In-Depth: Harness Feature Flags Relay Proxy

Announcing: Public APIs for Feature Flags

Announcing Support for Xamarin in Harness Feature Flags

The Git Sync Experience in Harness

Git Branching in Harness

Source Code Management in DevOps

Harness Service Reliability Management (SRM) - Key Capabilities

Harness Security Testing Orchestration (STO) - Key Capabilities

Quality vs Reliability

Build System vs CI System: What's the Difference and Why Does it Matter?

3 Reasons to Correlate Cloud Costs to Engineering Releases

The Best Open Source CI Tools

Harness Infrastructure Provisioners and ARM Templates - Part 2

Benefits of GitOps & Why GitOps Is Important

The Importance of Continuous Integration and Its Benefits

What Are GitOps Principles?

GitOps Tools & Kubernetes Gitops Tools

Deploy Your Simple Node.js Application Using Local Docker Images in Minikube

Kubernetes Services Explained

Harness CI and Harness CD - Your First True CI/CD Pipeline

Continuous Delivery vs. Continuous Deployment: What’s the Difference?

Move Fast and Fix Faster with Harness 24/7 Service Guard

Value Stream Mapping for Software Delivery

How to Maintain Istio Service Mesh with Harness

Rancher Rio vs Harness - Filming my Journey

Using Github Actions with Harness

Solving Standardization in Continuous Delivery

Similar Blogs

DevOps & Automation
DevOps & Automation
DevOps & Automation
Continuous Delivery & GitOps
Technical
Continuous Delivery & GitOps