“We do GitOps” has become the new “we’re agile”—everyone claims it, few do it well, and most don’t actually understand what it means.

GitOps isn’t just storing your Kubernetes manifests in Git and running kubectl apply from a CI pipeline. That’s just… using Git. The actual value of GitOps comes from a fundamentally different operational model.

The Core Principle: Reconciliation

True GitOps uses a pull-based model with continuous reconciliation. Your cluster constantly compares its actual state against the desired state in Git and automatically corrects any drift.

This means:

  • No more “it works on my machine” – the cluster state is always what’s in Git
  • Self-healing infrastructure – manual changes get reverted automatically
  • Complete audit trail – every change is a Git commit with history and blame
  • Rollbacks are trivial – just revert the commit

What Most Teams Get Wrong

I’ve audited dozens of “GitOps” implementations. The common mistakes:

1. Push-based deployments

If your CI pipeline pushes changes to the cluster, you don’t have GitOps. You have CI/CD with Git storage. The cluster should pull changes, not receive pushes.

2. Manual interventions

If engineers regularly kubectl apply or kubectl edit directly, your Git repo isn’t the source of truth. Those changes will get reverted (if you’re doing it right) or create drift (if you’re not).

3. Secrets in Git

GitOps doesn’t mean putting secrets in Git. Use Sealed Secrets, External Secrets Operator, or Vault. Your repo should reference secrets, not contain them.

4. No environment promotion strategy

GitOps works best with a clear path from dev → staging → production. Without this, you’re just storing configs in Git.

Tools That Actually Work

After running GitOps at scale, my recommendations:

  • ArgoCD for application deployments – mature, well-documented, great UI
  • Flux if you prefer a lighter touch – no UI, more composable
  • Crossplane for cloud resources – GitOps for your infrastructure, not just apps

Getting Started Right

If you’re implementing GitOps for the first time:

  1. Start with a single, non-critical application
  2. Set up automated drift detection alerts before enforcement
  3. Train your team on the new workflow before enabling auto-sync
  4. Document your rollback procedures

Struggling with GitOps implementation? I help teams design and implement GitOps workflows that actually work. Let’s talk.