GitOps applies the core principles of Git-based collaboration to infrastructure and application delivery. Instead of running imperative commands to deploy changes, you declare the desired state of your infrastructure in Git, and an automated agent ensures the live environment matches that declaration. This approach brings the same auditability, rollback capability, and collaboration workflows that developers enjoy for application code to the infrastructure layer.
Core Principles of GitOps
GitOps is built on four principles. First, the entire system is described declaratively. Second, the canonical desired state is versioned in Git. Third, approved changes are automatically applied to the system. Fourth, software agents ensure correctness and alert on divergence. These principles create a closed-loop system where Git is the single source of truth and any drift between desired and actual state is automatically corrected.
This model fundamentally changes how teams interact with production systems. Instead of granting engineers direct access to production clusters, changes flow through pull requests with code review, automated testing, and approval workflows. The audit trail is built into the Git history, making compliance and incident investigation straightforward.
ArgoCD: Kubernetes-Native GitOps
ArgoCD is a declarative, Kubernetes-native continuous delivery tool that has become the de facto standard for GitOps on Kubernetes. It watches Git repositories for changes to Kubernetes manifests, Helm charts, or Kustomize configurations and synchronizes them to target clusters. ArgoCD provides a web UI that visualizes the sync status of every application, showing exactly which resources are in sync, out of sync, or degraded.
At Nexis Limited, we deploy ArgoCD as the delivery mechanism for all Kubernetes-based projects. Application definitions are stored in a dedicated GitOps repository, separate from application source code. This separation allows infrastructure teams to manage deployment configurations without modifying application repositories and enables different access controls for development and operations.
ArgoCD Application Sets
ApplicationSets extend ArgoCD to manage multiple applications from a single definition. Using generators based on Git directories, cluster lists, or pull requests, ApplicationSets can automatically create ArgoCD applications for new microservices, environments, or clusters. This eliminates the manual overhead of registering new services with ArgoCD as your platform grows.
Flux: The Modular Alternative
Flux CD takes a more modular approach to GitOps. Instead of a single monolithic controller, Flux uses specialized controllers for source management, Kustomize rendering, Helm releases, and notifications. This modularity allows teams to adopt only the components they need. Flux integrates tightly with the Kubernetes API and feels more native to operators familiar with Kubernetes resource management patterns.
Repository Structure and Branching
A well-structured GitOps repository separates base configurations from environment-specific overlays. Kustomize is ideal for this pattern, with a base directory containing common manifests and overlay directories for development, staging, and production that patch environment-specific values. Changes promote through environments by updating overlay files, typically via automated pull requests from CI pipelines.
Avoid using Git branches to represent environments. Branch-based promotion creates merge conflicts and divergent histories. Directory-based promotion with a single main branch is simpler and more reliable. Each environment directory contains the complete desired state for that environment.
Rollback and Recovery
One of the strongest advantages of GitOps is effortless rollback. Reverting a deployment is as simple as reverting a Git commit. ArgoCD and Flux detect the reverted state and automatically synchronize the cluster back to the previous configuration. This eliminates the need for custom rollback scripts or manual intervention. During incidents, the ability to reliably revert to the last known good state in seconds is invaluable.
GitOps transforms infrastructure management from an error-prone manual process into a collaborative, auditable, and automated workflow. Whether you are managing a handful of services or a complex multi-cluster platform, GitOps provides the foundation for reliable delivery. Learn how Nexis Limited implements GitOps for organizations by exploring our services, or contact us to discuss your delivery automation needs.