Git as the source of truth
GitOps manages infrastructure and deployments by treating a Git repository as the single source of truth for the desired system state. You change the system by committing to Git, and an automated agent makes the running environment match what the repository declares.
The reconciliation loop
A controller inside the cluster continuously compares actual state with the desired state in Git. If they differ, it reconciles by applying changes to close the gap. This is a pull model: the cluster pulls its config rather than a pipeline pushing into it.
Why it helps
- Auditability every change is a commit with author and history.
- Easy rollback revert the commit to return to a known state.
- Drift correction manual changes are detected and reverted toward the declared state.
- Security the agent pulls from inside, so external systems need no cluster credentials.
Practical notes
GitOps builds on declarative infrastructure and is popular for Kubernetes. Separate repositories often hold application code and deployment manifests so a config change does not require an application rebuild. Secrets need careful handling, since plaintext must never live in Git.
Key idea
GitOps makes a Git repository the single source of truth and uses a reconciliation agent to continuously align the running system to it, delivering auditability, easy rollback, and automatic drift correction.