Chapters
GitOps: The Modern Way to Manage Infrastructure Using Git as the Single Source of Truth
✅ Chapter 2: Setting Up Your GitOps Workflow — Tools and Environment
🔍 Introduction
Now that you understand GitOps fundamentals, it’s time to implement
a real GitOps workflow. Setting up GitOps involves choosing the right
tools, organizing your repositories, configuring GitOps controllers, and
preparing your infrastructure for continuous, automated operations.
In this chapter, you’ll learn:
- How
to select GitOps tools
- How
to organize your Git repositories
- How
to install and configure GitOps controllers
- How
to prepare a Kubernetes cluster for GitOps
- Common
patterns for managing multiple environments
Let’s move from theory to hands-on GitOps practice.
🛠️ Choosing the Right
GitOps Tools
Several open-source and commercial tools simplify GitOps
adoption. Choosing the right tools depends on your environment, scale, and team
preferences.
📋 GitOps Tool Comparison
|
Tool |
Purpose |
Best For |
|
ArgoCD |
Declarative GitOps for
Kubernetes |
User-friendly UI,
enterprise-grade deployments |
|
FluxCD |
Lightweight
GitOps operator for Kubernetes |
GitOps
simplicity, Kubernetes native |
|
Terraform |
Infrastructure as Code
(cloud infra) |
Managing cloud
infrastructure (AWS, GCP, Azure) |
|
Kustomize |
Kubernetes
native configuration management |
Managing
Kubernetes resources without Helm |
|
Helm |
Kubernetes package
manager |
Managing app
deployments as packages (charts) |
|
Pulumi |
IaC using
real programming languages |
Type-safe
infrastructure development |
🔹 Minimal Setup for a
GitOps Pilot
To start, you need:
- A Git
repository (GitHub, GitLab, Bitbucket)
- A Kubernetes
cluster (local Minikube/Kind or cloud-managed like EKS/GKE)
- A GitOps
agent (ArgoCD or Flux)
📁 Organizing Your Git
Repositories
The way you structure your Git repos affects how easily you
can scale and manage environments.
🔥 GitOps Repo Structures
|
Structure Type |
Description |
|
Mono-Repo |
One repo containing
all applications and infra configs |
|
Multi-Repo |
Separate
repos per application or service |
|
Environment-Specific
Repos |
Separate repos for
dev, staging, production |
📚 Recommended Structure
Example
bash
CopyEdit
gitops-repo/
├── clusters/
│ ├── dev/
│ │ ├── app1.yaml
│ │ └── app2.yaml
│ └── prod/
│ ├──
app1.yaml
│ └── app2.yaml
├── applications/
│ ├── app1/
│ │ ├── base/
│ │ └── overlays/
│ └── app2/
📋 Folder Design Best
Practices
- Use separate
overlays for dev, staging, prod.
- Keep
application manifests independent of cluster-specific configs.
- Maintain
small, modular files (avoid monolithic YAMLs).
🚀 Setting Up a Kubernetes
Cluster
Before deploying GitOps agents, you need a working
Kubernetes environment.
🔹 Local Setup Options
|
Tool |
Best For |
|
Minikube |
Quick local testing |
|
Kind |
Running
Kubernetes in Docker containers |
|
Docker Desktop
(with Kubernetes) |
Mac/Windows local
Kubernetes |
🔹 Cloud Setup Options
|
Cloud Provider |
Kubernetes Service |
|
AWS |
Elastic Kubernetes
Service (EKS) |
|
GCP |
Google
Kubernetes Engine (GKE) |
|
Azure |
Azure Kubernetes
Service (AKS) |
🧪 Quickstart: Minikube
Install Minikube:
bash
CopyEdit
brew
install minikube
Start a cluster:
bash
CopyEdit
minikube
start
Verify:
bash
CopyEdit
kubectl
get nodes
📦 Installing and
Configuring a GitOps Agent
In GitOps, a controller ensures that the system state
matches what’s defined in Git.
We'll walk through setting up ArgoCD, one of the most
popular GitOps controllers.
🔹 Installing ArgoCD
bash
CopyEdit
kubectl
create namespace argocd
kubectl
apply -n argocd -f
https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Check Pods:
bash
CopyEdit
kubectl
get pods -n argocd
🔹 Accessing ArgoCD
Dashboard
Port-forward the ArgoCD server:
bash
CopyEdit
kubectl
port-forward svc/argocd-server -n argocd 8080:443
Visit:
text
CopyEdit
https://localhost:8080
🔹 Initial Admin
Credentials
Get initial password:
bash
CopyEdit
kubectl
get secret argocd-initial-admin-secret -n argocd -o
jsonpath="{.data.password}" | base64 -d
Username: admin
🧰 Creating Your First
GitOps Application
Now you can point ArgoCD to a Git repository containing
Kubernetes manifests.
Example:
yaml
CopyEdit
apiVersion:
argoproj.io/v1alpha1
kind:
Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL:
https://github.com/your-org/your-app-configs
targetRevision: HEAD
path: clusters/dev
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
Apply:
bash
CopyEdit
kubectl
apply -f my-app.yaml
ArgoCD will now monitor Git and deploy changes
automatically!
🛡️ Handling Secrets in
GitOps
One major challenge is managing sensitive information like
passwords or tokens securely.
🔒 Popular Secrets
Management Solutions
|
Tool |
Approach |
|
Sealed-Secrets
(Bitnami) |
Encrypt secrets into
YAML, decrypt automatically in cluster |
|
SOPS + Git-crypt |
Encrypt
secrets stored in Git |
|
HashiCorp Vault +
External Secrets |
Pull secrets
dynamically at runtime |
🧪 Example: Sealed Secrets
Workflow
- Encrypt
Kubernetes Secret into a SealedSecret.
- Store
SealedSecret in Git safely.
- Controller
decrypts automatically inside cluster.
Never store raw Secrets directly in Git repositories.
🔥 Managing Multiple
Environments with GitOps
You often need different configurations for dev,
staging, and production.
📋 Environment Management
Patterns
|
Pattern |
Approach |
|
Directory-based
overlays |
Use Kustomize to
customize base config for each environment |
|
Branch per environment |
Separate Git
branches for dev, staging, prod |
|
Repo per
environment |
Separate Git repos for
each environment |
🧩 Example Kustomize
Structure
bash
CopyEdit
base/
deployment.yaml
service.yaml
overlays/
dev/
kustomization.yaml
prod/
kustomization.yaml
Apply:
bash
CopyEdit
kubectl
apply -k overlays/dev/
Kustomize automatically layers environment-specific
configurations.
📚 Summary: What You
Learned in Chapter 2
- Choosing
the right GitOps tools is critical for success
- Organizing
Git repos well simplifies multi-environment management
- Setting
up a Kubernetes cluster is the foundation for GitOps
- Installing
GitOps agents like ArgoCD automates synchronization
- Managing
secrets securely is essential
- Kustomize
and Git branching strategies streamline environment management
FAQs
❓1. What exactly is GitOps?
Answer: GitOps is a set of practices that use Git
repositories as the single source of truth for managing infrastructure and
application configurations. Changes are made by updating Git, and automated
systems then synchronize the live system to match the Git repository.
❓2. How is GitOps different from traditional Infrastructure as Code (IaC)?
Answer: While both GitOps and IaC involve defining
infrastructure using code, GitOps emphasizes automated synchronization, continuous
reconciliation, and operations managed entirely through Git workflows—including
deployments, rollbacks, and drift detection.
❓3. What tools are commonly used in a GitOps workflow?
Answer: Popular GitOps tools include:
- ArgoCD
(for Kubernetes GitOps)
- Flux
(another Kubernetes-native GitOps operator)
- Terraform
(for cloud infrastructure)
- Helm
and Kustomize (for Kubernetes resource templating)
❓4. Can GitOps be used outside Kubernetes?
Answer: Yes. While GitOps originated with Kubernetes,
the principles can be applied to any system that supports declarative
infrastructure (e.g., cloud resources using Terraform, databases, serverless
deployments, and even networking configurations).
❓5. How does GitOps handle rollback or recovery?
Answer: Rollbacks in GitOps are simple—just revert
the Git commit (or use Git history to reset configurations) and the GitOps
controller will automatically reconcile the live environment back to that
previous, stable state.
❓6. How does GitOps improve security?
Answer: GitOps enhances security by:
- Reducing
the need for direct access to production systems
- Auditing
every change through Git history
- Enforcing
peer reviews through pull requests
- Allowing
fine-grained RBAC at the Git repository level instead of cluster access
❓7. What are the main challenges of adopting GitOps?
Answer: Common challenges include:
- Structuring
Git repositories for scalability (mono-repo vs multi-repo)
- Managing
secrets securely within Git workflows
- Handling
merge conflicts in complex YAML or Terraform files
- Building
developer confidence with declarative and Git-centric operations
❓8. What happens if someone manually changes infrastructure without updating Git?
Answer: GitOps tools like ArgoCD or Flux continuously reconcile the live environment against the Git state. If drift is detected, they can either:
- Alert
you to manual changes
- Automatically
revert unauthorized changes back to the Git-defined state
❓9. Is GitOps only for large companies or microservices architectures?
Answer: No. GitOps can be beneficial for small
startups, medium businesses, or large enterprises alike. Whether you're
managing a handful of services or hundreds, GitOps provides automation,
reliability, and clear operational visibility at all scales.
❓10. Can I implement GitOps gradually or do I need a full migration?
Answer: You can (and should) implement GitOps incrementally. Start with:
- Non-critical
services
- Development
environments
- Kubernetes
cluster resource management As your confidence and tooling mature, expand
GitOps practices to production systems and more complex workloads.
Comments(0)