GitOps Principles and Implementation
What is GitOps and how does it differ from traditional CI/CD? Explain the pull-based deployment model.
GitOps uses Git as the single source of truth for declarative infrastructure and applications. Core principles: 1) Declarative - desired state defined in Git. 2) Versioned - all changes tracked via Git history. 3) Automated - agents automatically apply changes. 4) Reconciliation - controllers continuously sync actual state to desired state. Pull-based model: agents (ArgoCD, Flux) run inside the cluster, pull changes from Git, and apply them. This is more secure than push-based CI/CD as the cluster doesn't need external access.
GitOps treats operations like software development - infrastructure changes go through pull requests, code review, and audit trails. The pull model is a key differentiator: instead of CI pipelines pushing to clusters (requiring credentials), cluster agents pull from Git. This improves security and enables self-healing - if someone manually changes a resource, the GitOps controller reverts it to match Git.
ArgoCD Application
Flux Kustomization
- Committing secrets to Git (use sealed secrets or external secrets)
- Not setting up proper RBAC for the GitOps controller
- Mixing application and infrastructure repos inappropriately
- How do you handle secrets in a GitOps workflow?
- What is drift detection and why is it important?
- How do you implement progressive delivery with GitOps?