- GitOps is an operation model for cloud-native applications running on Kubernetes (created by Weaveworks).
- To the most part, it is infrastructure-as-code with continuous integration and continuous delivery.
- The idea is having Git as the source of truth for all operations.
- A single Git repository describes the entire desired state of the system.
- Operational changes are made through pull requests.
- Changes can be peer-reviewed, versioned, released, rolled back, audited, etc.
- Diff tools detect any divergence and sync tools enable convergence.
- GitOps can be used for managing Kubernetes clusters since Kubernetes uses declarative resource definitions.
- Kubernetes secrets can also be stored in Git repo using one-way encryption (take a look at sealed-secrets)
- GitOps in contrast to CIOps improves your workflow in the following ways:
- All of your configurations and changes to them are centralized in one place (easier to track, audit, and reason about).
- Divergences will be detected and the cluster will be converged again automatically (failed deployments will be retried too).
- GitOps can be done using either a Push approach or a Pull approach.
- With push your cluster credentials are in your build system whereas with pull no external system has access to your cluster.