ArgoCD vs Flux comparison

ArgoCD vs Flux: When to Choose What

“Should I use ArgoCD or Flux?” I get this question over coffee, in Slack, in PR comments, probably once a week. People want me to declare a winner so they can stop thinking about it and go build something. Here is my bias, up front, so you can weigh everything that follows: I run ArgoCD on my own clusters. I have a few years of it under my belt and I like it. That preference is going to leak through no matter how careful I am, so I am telling you now instead of pretending I am neutral. ...

March 28, 2025 · 9 min read · Tom Meurs
ArgoCD GitOps deployment flow

ArgoCD for Beginners: Your First GitOps Deployment

Here is the thing I never want to do again: ask a cluster what it is running and not trust the answer. For years that was normal. Someone ran kubectl apply, maybe from a laptop, maybe from a CI job nobody could find anymore, and the live state slowly drifted away from anything written down. When I switched to GitOps, that whole category of uncertainty disappeared. I push to Git, and the cluster converges to match. If I want to know what is deployed, I read a file. ...

March 16, 2025 · 8 min read · Tom Meurs
Kubernetes Network Policies visual guide

Kubernetes Network Policies: A Visual Guide to Pod Security

Picture this: an attacker pops a single pod in your cluster, maybe through a vulnerable image or a leaked token. From that one foothold, they can reach every database, every internal API, every secret-fetching sidecar you run. Nothing stops them, because by default nothing tries to. Network Policies are the thing that stops them. They turn “one compromised pod” into “one compromised pod, and that’s it.” Everyone knows they should use them. Almost nobody actually does, because the YAML looks scary and the behaviour is weird until the mental model clicks. ...

February 8, 2025 · 8 min read · Tom Meurs