AboutTechnologiesBlog
GWARDNEW
Back to Blog

GitOps Explained: Continuous Delivery with Kubernetes

22 March 20267 min readCaner Korkut

GitOps is an operational framework that applies Git-based workflows to infrastructure and application delivery. By using Git as the single source of truth for your desired system state, GitOps brings the same rigour that developers apply to code — pull requests, reviews, version history, and automated rollbacks — to the world of Kubernetes operations.

What Is GitOps?

At its core, GitOps is built on four principles:

  1. Declarative configuration — the entire desired state of your system is described declaratively in Git, typically as Kubernetes manifests, Helm charts, or Kustomize overlays.
  2. Version controlled — Git is the single source of truth. Every change is tracked, auditable, and reversible through standard Git operations.
  3. Automated delivery — an operator automatically applies changes from Git to the cluster, ensuring the live state matches the declared state.
  4. Continuous reconciliation — the operator continuously compares the live cluster state against the desired state in Git and corrects any drift.

GitOps vs Traditional CI/CD

In a traditional CI/CD pipeline, the CI system builds the application, runs tests, and then pushes changes to the target environment using kubectl apply or Helm install. This push-based approach means your CI system needs credentials to access your cluster, and the pipeline itself becomes a critical security surface.

GitOps inverts this model. The CI pipeline only builds and pushes container images to a registry, then updates the desired state in Git (for example, by changing an image tag in a deployment manifest). A GitOps operator inside the cluster pulls the updated configuration and applies it. This pull-based approach means your CI system never needs direct cluster access, significantly improving your pipeline security posture.

Key GitOps Tools

Two tools dominate the GitOps ecosystem for Kubernetes:

  • Argo CD — a declarative GitOps continuous delivery tool with a rich web UI, support for multiple configuration management tools (Helm, Kustomize, Jsonnet), and advanced deployment strategies including canary and blue-green. It is a CNCF graduated project.
  • Flux — a set of GitOps operators that integrate directly with Kubernetes. Flux v2 is built on the GitOps Toolkit and supports Helm, Kustomize, and OCI artefacts. It is also a CNCF graduated project and tends to be lighter-weight than Argo CD.

Both tools are production-ready and well-supported. Argo CD is often preferred when teams want a graphical dashboard and advanced deployment features. Flux is favoured by teams that prefer a CLI-first, composable approach.

Implementing GitOps: A Practical Workflow

A typical GitOps workflow for a Kubernetes-based application follows this pattern:

  1. A developer pushes code changes to the application repository and opens a pull request.
  2. The CI pipeline runs tests, builds a container image, and pushes it to a container registry with a unique tag.
  3. The CI pipeline (or a dedicated automation) updates the image tag in the GitOps configuration repository and opens a pull request.
  4. A team member reviews and merges the configuration change.
  5. The GitOps operator detects the change in Git and applies the updated manifests to the cluster.
  6. The operator continuously monitors for drift and re-applies the desired state if anything changes.

This separation of application code and deployment configuration into distinct repositories is a common best practice. It allows different teams to manage application development and infrastructure operations independently while maintaining a clear audit trail for both.

GitOps for Multi-Environment and Multi-Cluster Deployments

GitOps scales naturally to multi-environment setups. Using Git branches or directory-based structures, you can manage dev, staging, and production configurations from a single repository. Kustomize overlays are particularly effective for this pattern, allowing you to maintain a base configuration and apply environment-specific patches.

For organisations running multiple Kubernetes clusters, both Argo CD and Flux support multi-cluster management. Argo CD can manage remote clusters from a central control plane, while Flux can be installed independently on each cluster with shared configuration repositories.

Challenges and Considerations

  • Secret management — storing secrets in Git requires encryption. Tools like Sealed Secrets, SOPS, or external secret managers (AWS Secrets Manager, Azure Key Vault) should be integrated into your GitOps workflow.
  • Rollback complexity — while Git makes it easy to revert a configuration change, rollbacks that involve database migrations or stateful changes require additional care.
  • Learning curve — teams new to Kubernetes and declarative configuration may need time to adapt to the GitOps workflow. Investing in training upfront pays dividends in operational stability.

How ICTLAB Can Help

ICTLAB helps Belgian organisations adopt GitOps practices as part of our DevOps and cloud services. From setting up Argo CD or Flux on your Kubernetes clusters to designing multi-environment deployment workflows, we guide your team through implementation and provide the training needed to operate confidently with GitOps.

Need Help with Kubernetes Consulting?

Container orchestration done right. From initial cluster setup to production-grade managed Kubernetes, we help you scale applications reliably and securely.

Learn More Contact Us

Related Articles

5 February 2025

What Is DevSecOps? A Guide for Belgian Companies

Discover what DevSecOps is, why it matters, and how Belgian companies can integrate security into their development pipelines for faster, safer releases.

8 April 2025

Cloud Migration Checklist for Belgian Companies

A practical cloud migration checklist covering planning, security, compliance, and execution steps for Belgian organizations moving to the cloud.