GitOps is an approach to managing infrastructure and applications where Git is the single source of truth. All changes to the Kubernetes cluster or config are described in the repo, and deploy runs via a pull model: an operator compares desired state from Git with reality and reconciles the system.
Core Principles
- Declarative — Git holds the desired state (manifests, Helm values), not step-by-step scripts.
- Versioning and audit — every env change is recorded in a commit: who, when, what.
- Automation — tools (Argo CD, Flux, etc.) continuously reconcile the cluster with the repo and apply changes.
Why It Matters
Teams get a unified process for dev and ops: one workflow through Git, rollback via revert, review via merge request. This reduces config drift and simplifies compliance. GitOps pairs well with CI/CD: the pipeline builds the image and updates manifests in Git, and the operator deploys to the cluster.
GitOps and CI/CD
In the classic CI/CD model the pipeline not only builds artifacts but also pushes changes to the cluster (push model). In GitOps build and deploy are separated: CI builds the image, updates the tag in manifests in Git, and pushes a commit. A separate controller (Argo CD, Flux) in the cluster pulls changes from the repo and applies them. The cluster doesn't need outbound access; permissions can be limited to reading one repo — convenient for security and least privilege.
Tools
In practice Argo CD and Flux are most common. Both subscribe to a Git repo (branch or directory), compare desired state with the cluster, and run apply. Argo CD offers a web UI for visual control; Flux fits well into pipelines and integrates with Helm and Kustomize. The choice depends on team preferences and how much you want to automate updates.
Pros and Limits
GitOps benefits are clear: full change history, rollback with one command (git revert), config review like code. Limits exist too: not everything is convenient to put in Git (secrets, some external services), discipline is required — all changes through the repo, no manual cluster edits. For teams already keeping infra "as code", GitOps is a natural next step.
Summary: GitOps is not a single tool but a way to organize the process. Git as single source of truth, declarative description, automatic cluster reconciliation. Combined with CI/CD and modern controllers it yields a predictable and transparent delivery cycle for Kubernetes apps.