What is GitOps?

GitOps is a modern approach to continuous deployment that uses Git as the single source of truth for declarative infrastructure and applications. Coined by Weaveworks in 2017, GitOps extends the principles of Infrastructure as Code (IaC) to the entire deployment lifecycle.

Core Principles

  1. Declarative Configuration - The entire system is described declaratively
  2. Version Controlled - The desired state is stored in Git
  3. Automated Delivery - Approved changes are automatically applied
  4. Continuous Reconciliation - Agents ensure actual state matches desired state

Why GitOps?

Traditional deployment approaches often suffer from several challenges:

ChallengeTraditional ApproachGitOps Approach
Audit TrailManual trackingGit history
RollbackComplex scriptsgit revert
Configuration DriftCommonAuto-healed
Access ControlMultiple systemsGit permissions
CollaborationVariesPull requests

GitOps Architecture

C(omdaeniCfheasntg)eDevG(G(KCeistiAulltortrbuouuOgespP(RrtporteurechsCnerlepe)DerlvoA)tWi(so(g(eoRemifwessrewetanykq)rottnfugrccleeyh)os))wt

Setting Up ArgoCD

Step 1: Install ArgoCD

1
2
3
4
5
6
7
8
# Create namespace
kubectl create namespace argocd

# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Wait for pods to be ready
kubectl wait --for=condition=Ready pods --all -n argocd --timeout=300s

Step 2: Access the UI

1
2
3
4
5
6
# Port forward the ArgoCD server
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get the initial admin password
kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath="{.data.password}" | base64 -d

Step 3: Connect Your Repository

1
2
3
4
5
6
7
# Login to ArgoCD CLI
argocd login localhost:8080

# Add your Git repository
argocd repo add https://github.com/your-org/your-gitops-repo.git \
  --username your-username \
  --password your-token

Step 4: Create an Application

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-application
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/your-org/your-gitops-repo.git
    targetRevision: HEAD
    path: apps/my-application
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

Best Practices

1. Repository Structure

Use a clear, organized repository structure:

gitopaiaspnr-pfgrsroe/aaacimcapppsenodpopptrgn/p/--rtrilabbu-eti/av/cmsocsetasraerun-it/dskldsprannieeuaetregggoprsyvao/ei/nlvtsgdrnsoioi//x/ycmn/meige.z/nyatat.miyloanm.lyaml

2. Environment Promotion

Promote changes through environments using automated or manual approval:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# Using Kustomize overlays for environment-specific config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: production
resources:
  - ../../base
patchesStrategicMerge:
  - replica-count.yaml
  - resource-limits.yaml
images:
  - name: my-app
    newTag: v1.2.3

3. Secrets Management

Never store secrets in Git! Use one of these approaches:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Option 1: Sealed Secrets
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: my-secret
spec:
  encryptedData:
    password: AgBy8hCi...

# Option 2: External Secrets Operator
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: my-secret
spec:
  secretStoreRef:
    name: azure-keyvault
    kind: ClusterSecretStore
  target:
    name: my-secret
  data:
    - secretKey: password
      remoteRef:
        key: my-app-password

Common Pitfalls to Avoid

  1. Storing secrets in Git - Use Sealed Secrets or External Secrets
  2. Not using Kustomize/Helm - Avoid duplicating manifests across environments
  3. Too many repositories - Balance between mono-repo and poly-repo
  4. Ignoring drift detection - Monitor for manual changes
  5. No rollback strategy - Document and test rollback procedures

Conclusion

GitOps transforms how we deploy and manage applications by leveraging Git’s power for change management, collaboration, and audit trails. Start small with a single application and gradually expand your GitOps practice.

Next Steps


Have questions about GitOps? Contact me or leave a comment below!