Introduction to GitOps

The 2 AM Production Deployment That Changed Everything

It was 2 AM on a Friday. Our API was down. I was SSH'd into a production Kubernetes node, frantically running kubectl commands:

kubectl get pods -n production
# Some pods running old version, some running new version
# Which deployment updated? Who deployed it? When?

kubectl describe deployment api-service
# Image: api:v2.3.1... or was it v2.3.2?
# I don't remember what we deployed

kubectl logs api-service-7d8f9c-xk2lp
# Error: database connection failed
# Was this deployed with the new config?

kubectl get configmap -n production
# 47 configmaps... which one is current?

I spent 3 hours:

1. Finding what version was "supposed" to be deployed

2. Checking what was actually running

3. Rolling back (maybe?)

4. Fixing broken config

5. Redeploying

6. Hoping I didn't make it worse

The next morning, our CTO asked: "What's deployed in production right now?"

I couldn't answer with confidence.

That's when I discovered GitOps.

What is GitOps?

GitOps is a way of managing infrastructure and applications where Git is the single source of truth.

Instead of running imperative commands (kubectl apply, kubectl set image), you:

1. Declare desired state in Git

2. Let an automated agent sync Git → Cluster

3. Git history = deployment history

4. Want to know what's deployed? Check Git

The Four GitOps Principles

1. Declarative - System described declaratively (YAML manifests)

2. Versioned and Immutable - Stored in Git, every change is a commit

3. Pulled Automatically - Software agents pull desired state from Git

4. Continuously Reconciled - Agents ensure actual state matches desired state

GitOps Mental Model

Flow:

1. Developer commits Kubernetes manifests to Git

2. ArgoCD watches the Git repository

3. ArgoCD detects changes

4. ArgoCD applies changes to cluster

5. ArgoCD reports sync status

Key insight: You never run kubectl apply in production. Git is deployed, not you.

Imperative vs Declarative

Imperative Deployments (The Old Way)

Problems:

• No source of truth

• No audit trail

• Hard to rollback

• Configuration drift

• "Works on my machine" syndrome

Declarative Deployments (GitOps Way)

Benefits:

• Git is the source of truth

• Complete audit trail

• Easy rollback (git revert)

• No configuration drift

• Infrastructure as code

Git as Single Source of Truth

This is the most important GitOps principle.

Before GitOps:

With GitOps:

Want to know what's deployed?

Real Benefits I've Experienced

1. Complete Audit Trail

Before GitOps:

With GitOps:

Full context: who, what, when, why.

2. Easy Rollback

Before GitOps:

With GitOps:

3. Disaster Recovery

Our production cluster was accidentally deleted. (Yes, really.)

Before GitOps: Would have taken days to rebuild.

With GitOps:

Full recovery: 30 minutes.

4. Consistency Across Environments

Before GitOps:

With GitOps:

5. Eliminates Configuration Drift

Configuration drift = Actual state ≠ Desired state

How it happens:

1. Someone runs kubectl edit deployment api

2. Manual change applied

3. Nobody updates Git

4. Next deployment overwrites manual change

5. Confusion ensues

GitOps prevents drift:

• ArgoCD continuously reconciles

• If actual ≠ desired, ArgoCD fixes it

• Manual changes auto-reverted

• Git always wins

GitOps vs Traditional CD

Traditional CI/CD (Push-based)

Problems:

• CI system needs cluster credentials

• Security risk: credentials in CI

• No visibility into deployed state

• Hard to rollback

• Configuration drift

GitOps (Pull-based)

Benefits:

• Cluster credentials stay in cluster

• ArgoCD has cluster access, CI doesn't

• Clear separation: CI builds, CD deploys

• Git = deployed state

• Auto-sync on Git changes

The GitOps Workflow

Here's how we work with GitOps:

1. Development

2. Update Manifest

3. Commit and Push

4. ArgoCD Syncs

5. Verify

Common GitOps Patterns

Pattern 1: Single Repo, Multiple Environments

Pattern 2: App Repo + Config Repo

Flow:

1. Developer pushes to myapp repo

2. CI builds Docker image

3. CI updates image tag in myapp-config repo

4. ArgoCD syncs myapp-config → cluster

Pattern 3: Monorepo

All apps and manifests in one repo.

What GitOps Tools Exist?

ArgoCD (This Series)

• Most popular GitOps tool for Kubernetes

• Great UI

• Application management

• Multi-cluster support

• We'll use ArgoCD throughout this series

Flux CD

• Alternative to ArgoCD

• More lightweight

• CLI-focused

• Great for simple use cases

Jenkins X

• Opinionated CI/CD platform

• Includes GitOps

• Full platform vs just GitOps

This series focuses on ArgoCD - it's the most widely adopted and feature-rich.

Is GitOps Right for You?

GitOps is Great For:

✅ Kubernetes deployments ✅ Multiple environments (dev/staging/prod) ✅ Teams > 3 people ✅ Need audit trail ✅ Want disaster recovery ✅ Need consistency ✅ Compliance requirements

GitOps Might Be Overkill For:

❌ Single environment ❌ Solo developer ❌ Rapid experimentation ❌ Not using Kubernetes ❌ Simple static sites

Key Takeaways

1. GitOps = Git as source of truth

   • Desired state lives in Git

   • Actual state matches Git

   • Git history = deployment history

2. Declarative, not imperative

   • Define WHAT you want, not HOW to get there

   • No more kubectl apply in production

   • Manifests in Git, not commands in terminals

3. Pull-based, not push-based

   • ArgoCD pulls from Git

   • Cluster credentials stay in cluster

   • More secure than CI pushing

4. Benefits are real

   • Complete audit trail

   • Easy rollback

   • Disaster recovery

   • No configuration drift

   • Consistency across environments

5. ArgoCD is the tool

   • Most popular GitOps operator

   • Rich UI and CLI

   • Production-ready

   • We'll dive deep in this series

In the next article, we'll explore GitOps core concepts in detail: desired state, reconciliation loops, and how GitOps agents keep your cluster in sync.

Previous: GitOps 101 Overview Next: Understanding GitOps Core Concepts