GitOps
Git-driven delivery patterns for Kubernetes and platform operations
GitOps is an operating model where desired state is stored in Git, reviewed through pull requests, and reconciled into runtime environments by controllers. This guide introduces the concepts and points to implementation references for Argo CD, Flux, and Argo Workflows.
Core principles#
Declarative configuration
Infrastructure, Kubernetes manifests, policies, and application configuration are described declaratively so the target state can be reviewed and reproduced.
Version-controlled desired state
Git becomes the audit trail for operational changes. Pull requests provide review, history, and rollback context.
Automated reconciliation
Controllers pull approved state from Git and continuously compare it with the runtime environment.
Drift detection and recovery
When a cluster differs from the committed desired state, GitOps tooling can report drift or automatically restore the expected configuration.
GitOps vs traditional CI/CD
Traditional CI/CD often pushes changes into clusters. GitOps tools pull desired state from Git, reducing the need to place cluster credentials in CI systems and making drift easier to detect.
Tooling references#
Repository design checklist#
- Separate platform, application, and environment concerns clearly.
- Keep promotion paths explicit so changes move through environments intentionally.
- Use branch protection, CODEOWNERS, and required checks for sensitive paths.
- Store secrets through a documented encryption or external-secrets workflow; do not commit plaintext secrets.
- Define rollback expectations before enabling automated sync on critical workloads.
- Monitor reconciliation health, sync failures, controller errors, and drift alerts.