Glossary Term

GitOps

Updated · 1 min read

GitOps extends Infrastructure as Code by making a Git repository the canonical, immutable source for both application manifests and infrastructure configuration. A GitOps operator continuously compares the live system against the state declared in Git, automatically remediating any divergence.

The Four Principles (OpenGitOps)

  1. Declarative — Desired system state expressed in declarations, not imperative scripts
  2. Versioned & Immutable — State stored in Git with complete history and rollback capability
  3. Pulled Automatically — Software agents pull desired state rather than CI pushing into production
  4. Continuously Reconciled — Agents actively enforce desired state and alert on drift

Primary Tools

ArgoCD and Flux are the two dominant GitOps operators for Kubernetes. Both watch Git repositories and synchronise cluster state, but differ in architecture: ArgoCD uses a centralised UI and server, while Flux operates as a set of composable controllers.

Security Advantage

Because deployments are pull-based, production clusters never require inbound CI/CD credentials. The GitOps operator pulls from the repository — CI never pushes directly into the cluster — substantially reducing the blast radius of a compromised pipeline.

Ready to put this into practice?

Our team has deployed these architectures across 100+ client engagements.

Talk to an Expert →

More Glossary Terms

Browse all →
Service Mesh A service mesh intercepts all network traffic between microservices and manages cross-cutting concerns — encryption, retries, circuit breaking, distributed tracing — transparently, without requiring changes to application code. The Sidecar Pattern Most service meshes inject a lightweight proxy (typically Envoy) as a sidecar container alongside every service Pod. All inbound and outbound FinOps FinOps (Financial Operations) is the discipline of applying financial accountability to the on-demand, variable-cost nature of cloud infrastructure. It combines culture, process, and tooling to ensure that cloud investment is visible, measured, and optimised continuously. The FinOps Lifecycle * Inform — Achieve full visibility: resource tagging, cost attribution, real-time dashboards, showback and Infrastructure as Code Infrastructure as Code (IaC) treats servers, networks, databases, and load balancers as software: version-controlled, peer-reviewed, and deployed through automated pipelines. Instead of clicking through a cloud console, you declare the desired state of your infrastructure and let the tool calculate and apply the diff. Declarative vs Imperative Most modern IaC Kubernetes Kubernetes (K8s) is an open-source system originally designed by Google, now maintained by the CNCF. It groups containers into logical units called Pods for easy management and service discovery. Core Architecture A cluster consists of a control plane (API server, scheduler, etcd, controller manager) and worker nodes that run Pods