Flag of the selected language EN English
Français
Jump to
Linkedin Instagram Github RSS

GitOps: The Principles and Why You Should Adopt It

Alexandre Buisine Alexandre Buisine
Mar 25, 2025 • 7 min

This article is intended for those who are just discovering or haven’t yet formed a strong opinion about GitOps.

It can be particularly difficult to get a clear picture when navigating between the DevOps movement, Infrastructure-as-Code (IaC) tools, and the GitOps method.

The goal of this article is to shed light on all of these concepts. By the end of this read, you should have formed your own opinion — and maybe even a preference — about the GitOps approach that suits you best.

Let’s keep it short on the DevOps side: the idea is to unify Dev and Ops through automation, monitoring, and other best practices, with the aim of optimizing and speeding up the entire software delivery pipeline. One key benefit is being able to deploy applications more frequently and with fewer hiccups.

DevOps is a practice and, as with anything else, you need the right tools and methods!

Let’s start with some of today’s most popular concepts…

The Basics of Infrastructure-as-Code

Monkey with Infrastructure as Code sign

Infrastructure-as-Code (IaC) is a practice aimed at simplifying IT infrastructure management.

Provisioning infrastructure is often long and tedious, involving many dependencies between the components being handled (machines, network, storage, security, etc.). The result is that infrastructure is difficult to replicate or rebuild, especially in the event of a major failure.

This becomes even more problematic when trying to create identical environments:

  • A production environment with a near-identical staging/pre-production
  • A production setup duplicated across 3 datacenters

The idea is to write everything down — not on paper, but in files — describing the environment we want to create or reproduce. This becomes even more appealing now that we can use cloud provider APIs (or on-prem APIs) to describe infrastructure. We can finally define servers, networks, storage, etc. in a standardized way.

From there, tools to reach a state defined in a file quickly emerged (we call this a declarative model).

If part of the infrastructure already exists, the tool will add or remove the necessary components to match the desired state.

You may already be familiar with some of them:

  • General-purpose, multi-cloud tools like Terraform, Pulumi
  • CloudFormation for Amazon
  • Azure Resource Management or Bicep
  • Google Cloud Deployment Manager

We’re talking about declaring infrastructure in files… so let’s store it all in Git! Time to apply the GitOps method

What is GitOps?

GitOps logo

Here’s the short version.

Even without talking about infrastructure, you probably already use various tools to describe your desired production state:

  • If you’re using Kubernetes, a Helm Chart can define your production application stack in a file ;
  • If you’re using Ansible to configure your machines, you’re describing what runs inside the infrastructure in multiple files ;
  • And many more examples…

There you have it: GitOps is here to organize all of that.

To summarize the concept in one sentence: GitOps is about managing operations and environment changes (usually production) based on one or more Git repositories.

In technical terms, it’s the combination of a source of truth with automation.

Source of Truth

When multiple people are working toward a production goal — and there are multiple views or versions of that goal — it’s critical to know where the single source of truth is. As you’ve guessed, with GitOps, we store all declarative files representing the desired state in Git.

The benefits are immediate:

  • From a traceability standpoint:
    • Change history
    • Who changed what?
    • Read/write access control
  • From a methodological standpoint:
    • Multiple concurrent branches/visions
    • Parallel editing
    • Ability to merge and reconcile changes

In short, you can reuse all the best practices from application development and apply them to your infrastructure.

Automation

Based on a Git repository, we can build a continuous integration (CI) pipeline — just like for application code — using GitLab CI, GitHub Actions, Jenkins / Jenkins X, etc.

In other words, we validate the declarative code, test some parts if needed, and get ready to deploy to production.

Whether you want to increase deployment frequency or avoid risky manual operations, GitOps encourages automating the execution of the deployment, while still allowing manual triggers when needed.

Be aware that there are two main GitOps strategies: Push and Pull. Let’s break them down.

GitOps Push: DIY or Custom Pipelines

If you feel that declarative files + a CI/CD pipeline are enough, or if your source of truth is already established, the Push approach might suit you best.

Here, the CI/CD pipeline handles the last mile — deploying changes to production based on Git-stored files.

Typically, the pipeline is triggered manually so you stay in control.

Pros

  • Simple to maintain (similar to regular CI)
  • No additional tooling required
  • Complete control and visibility
  • Fully customizable (Git or manual events)
  • Easy to replay locally for debugging

Cons

  • Tighter coupling between Dev and Ops
  • CI/CD tool needs access to production (can be a dealbreaker)
  • Requires solid understanding of deployment tools and concepts

GitOps Pull: Flux or ArgoCD

Logos of Flux and Argo

No more extended CI/CD pipelines! This is where specialized tools come in.

Two major technologies dominate the Pull approach: Flux and ArgoCD.

At one point, the projects even considered merging into a single solution (they didn’t), highlighting their differing visions of GitOps (Pull). We won’t go into too much detail here — that’s for a future blog post.

Flux is a cluster-centric tool — it’s installed on each cluster and operates autonomously.

ArgoCD is more workflow-oriented, with a visual UI that gives human operators more control. It’s well-suited for multi-environment and multi-cluster Kubernetes setups.

In both cases, you’ll need to adapt your organization around the tool, as they challenge traditional deployment habits — either through automated decisions or unfamiliar internals. You’ll have to trust the tool.

Remember: it’s called GitOps Pull because both tools pull changes from Git and apply them to your environments.

Both solutions are mature and production-ready.

Pros

  • Standardized, documented deployment workflows
  • No more maintaining custom deployment pipelines
  • Automatic reconciliation between desired and current state
  • Ideal if your Git platform shouldn’t have direct access to production

Cons

  • Less flexibility (e.g., harder to integrate Ansible)
  • Both tools depend on Kubernetes
  • Manual changes to clusters are quickly overwritten by the system

GitOps and Kubernetes

GitOps and Kubernetes logos

A common question: while we’ve kept the discussion generic, it’s clear that GitOps is applicable to any infrastructure where deployment automation is desired.

That said, GitOps gained traction alongside containers and Kubernetes adoption. This makes sense, given Kubernetes’ declarative and centralized nature. Application containers are often deployed via Git-based CI pipelines (e.g., GitLab CI, GitHub Actions), so using the same Git repo to manage both infrastructure and application deployments is natural.

GitOps and Secret Management

Let’s address a more advanced — but critical — question: how do you manage secrets in a GitOps model?

Since Git is public or shared, never store unencrypted secrets in Git. Several strategies are available:

  • Sealed Secrets (Bitnami) – encrypted with a public key, decrypted at runtime by a cluster-side controller ;
  • SOPS (Mozilla) – a CLI tool widely used with GitOps, compatible with Flux and ArgoCD ;
  • External Secrets Operator – dynamically fetches secrets from backends (like Vault, etc.) ;
  • HashiCorp Vault – a more robust (but more complex) solution.

Each option has its pros depending on your security expectations, implementation complexity, and infrastructure setup.

GitOps: Limitations and Caveats

Despite its popularity, GitOps comes with a few challenges:

  • Increasing complexity – As you add security, multi-cluster support, and validation rules, your GitOps stack can become hard to manage without proper tooling ;
  • Latency – Depending on your tools and setup, there may be delays between Git updates and actual production changes ;
  • Strong dependency on Git – Git becomes even more critical. Think backups, availability, and resilience.

Final Thoughts on GitOps

Despite these caveats, most teams adopt GitOps without much hesitation — and rightly so. The benefits are clear:

  • Reversibility
  • Full, traceable change history
  • Easier collaboration in larger teams
  • Git can serve as a reliable source of truth across all environments, including production

That said, implementation deserves thoughtful planning. To sum it up:

  • For a simple use case: choose the Push approach
  • For large-scale, production-grade setups: go for the Pull approach, with the right tooling and team training

A personal note: avoid going overboard. While GitOps is powerful, making it too rigid or complex can backfire, leading to frustration rather than simplification.

If you’re considering GitOps for your organization and need guidance, our DevOps and Kubernetes experts can help. Feel free to contact us to start the conversation!

Do not miss our latest DevOps and Cloud Native blogposts! Follow Enix on Linkedin!