Practice : GitOps

Purpose and Strategic Importance

GitOps is a model for managing infrastructure and application delivery using Git as the single source of truth. All desired state configurations are stored in version control, and automated agents ensure the runtime environment always matches what's declared in Git.

GitOps increases reliability, reduces human error, and provides clear auditability of all changes. By aligning deployment with version control, GitOps enables rapid, repeatable, and secure operations - empowering teams to ship more confidently and recover faster from incidents.

Description of the Practice

  • Desired system state (infra, config, apps) is defined declaratively in Git.
  • A reconciler or GitOps agent (e.g. ArgoCD, Flux) monitors Git and syncs changes to the target environment.
  • Changes are made by pull request and merged into Git - no manual changes to the live environment.
  • Rollbacks are as simple as reverting the Git commit.
  • All actions are traceable through Git history and automated audit logs.

How to Practise It (Playbook)

1. Getting Started

  • Choose a GitOps agent that fits your environment (e.g. ArgoCD, Flux, Weaveworks).
  • Define your infrastructure and application configurations declaratively (e.g. YAML, Helm charts, Kustomize).
  • Store all desired state configurations in a dedicated Git repo.
  • Set up CI to validate changes and CD (via the GitOps agent) to deploy them automatically.

2. Scaling and Maturing

  • Separate configuration from secrets using tools like Sealed Secrets or HashiCorp Vault.
  • Implement automated drift detection and alerting for divergence from desired state.
  • Use Git branching strategies to support promotion between environments (e.g. dev → staging → prod).
  • Define policies as code to validate pull requests and block misconfigurations.
  • Monitor the reconciliation status and performance of the GitOps agent.

3. Team Behaviours to Encourage

  • Make changes only via Git - no manual tweaks in production.
  • Use pull requests for every change - with automated tests and peer review.
  • Treat GitOps repos as critical systems - protect them with controls and reviews.
  • Collaborate across platform and application teams on shared GitOps patterns.

4. Watch Out For…

  • Making changes directly in the environment (which will be overwritten by GitOps).
  • Overloading a single repo with too many responsibilities - use modular, scoped repos.
  • Ignoring reconciliation errors - they may indicate critical drift or misalignment.
  • Complexity in managing secrets - ensure secrets management is secure and automated.

5. Signals of Success

  • Every configuration change is tracked and auditable in Git.
  • Environments are self-healing and converge to declared state automatically.
  • Rollbacks are fast, reliable, and done via Git.
  • Teams trust automation and rely less on manual interventions.
  • GitOps practices are shared and extended across teams and platforms.