What is GitOps?

GitOps is an operational framework for managing infrastructure and application deployments using Git as the single source of truth. All desired system state is described declaratively in a Git repository. An automated reconciliation loop continuously compares the live state to the declared state and applies any differences, eliminating manual configuration and configuration drift.

The Four GitOps Principles

1. Declarative — the entire system state is described declaratively, not as procedures
2. Versioned and immutable — the desired state is stored in Git with full version history
3. Pulled automatically — software agents pull and apply changes from the source of truth
4. Continuously reconciled — agents continuously compare live state to desired state and correct drift

How GitOps Differs from Traditional CD

In traditional CI/CD, the pipeline pushes changes to the target environment (push model). In GitOps, an agent running inside the target environment pulls changes from the Git repository (pull model). The pipeline updates the Git repository; the agent handles the deployment. This keeps credentials for production environments inside the cluster, significantly reducing the attack surface.

GitOps Tools

• Argo CD — declarative Kubernetes CD tool; watches Git and reconciles cluster state
• Flux CD — CNCF project; GitOps toolkit for Kubernetes with multi-tenancy support
• Crossplane — extends GitOps to cloud infrastructure beyond Kubernetes

GitOps and Kubernetes

GitOps is most commonly implemented on Kubernetes, where resources are already declarative YAML. Argo CD or Flux run inside the cluster, watch a Git repository for changes to Kubernetes manifests or Helm charts, and apply changes automatically. Drift from the desired state triggers automatic correction.

Benefits of GitOps

• Every production change is a Git commit — full audit trail and accountability
• Rollback is a git revert — fast and reliable
• Drift is detected and corrected automatically
• Production credentials never leave the cluster
• Developers use familiar Git workflows for deployment

GitOps and Autonomous Code Governance

GitOps and autonomous code governance are natural partners. Hydra governs the code and configuration that flows into the Git repository; GitOps agents ensure that repository state is continuously reconciled with production. When Hydra generates a remediation PR — updating a container image, patching a Helm chart, or fixing an IaC misconfiguration — the GitOps agent automatically applies the change to the cluster once the PR merges, completing the automated governance-to-production loop.

Frequently Asked Questions

Does GitOps only work with Kubernetes?

GitOps principles apply to any system that can be described declaratively. Terraform GitOps, for example, uses the same pull-and-reconcile pattern for cloud infrastructure. Kubernetes is the most common implementation because it was designed for declarative configuration from the start.

What is the difference between Argo CD and Flux?

Both are CNCF-graduated GitOps tools for Kubernetes. Argo CD emphasizes a rich UI and application-centric model. Flux emphasizes a more modular, API-driven toolkit approach. The choice typically comes down to team preference and operational model.

How does rollback work in GitOps?

A git revert creates a new commit that undoes a previous change. The GitOps agent detects this new desired state and reconciles the cluster back to the previous version. No pipeline re-run or manual intervention is required.

What is configuration drift in GitOps?

Drift occurs when the live state of a system diverges from the declared state in Git, typically through manual changes made directly to the environment. GitOps agents detect drift and revert the environment to the declared state automatically.