The problem with traditional Kubernetes deploys

• Previously we used kubectl apply or helm install
• This is a "push" model
• Even if we automate, traditional CI/CD is typically, "one and done"
• It has limits:
  • Status is hard to get. CI/CD will usually show "success" or "failure"
  • CI/CD-aware rollbacks are unlikely
  • Drift (out-of-band change after deploy) is hard to detect or nonexistent
  • CI/CD now has admin cluster access. To all clusters! 😱

Definition according to Weaveworks / OpenGitOps

Weaveworks coined the term GitOps in 2017, now documented in the OpenGitOps project

• Declarative
  • A system managed by GitOps must have its desired state expressed declaratively.
• Versioned and Immutable
  • Desired state is stored in a way that enforces immutability, versioning, and a complete version history.
• Pulled Automatically
  • Software agents automatically pull the desired state declarations from the source.
• Continuously Reconciled
  • Software agents continuously observe actual system state and attempt to apply the desired state.