GitOps Principles with kubectl
GitOps is an operational framework that uses Git as the single source of truth for declarative infrastructure and application configuration. Every change flows through Git, making deployments auditable, repeatable, and reversible.
Core Principles
- Declarative configuration: Define desired state in YAML manifests stored in Git.
- Version controlled: All changes are tracked via commits and pull requests.
- Automated reconciliation: Tools continuously sync cluster state to match Git.
- Observable: Drift between desired and actual state is detected and reported.
kubectl apply in CI/CD
The simplest GitOps workflow uses kubectl apply directly from a pipeline:
# Apply all manifests from a directory
kubectl apply -f manifests/ --recursive
# Apply with server-side apply for better conflict detection
kubectl apply --server-side -f manifests/
# Dry-run before applying to catch errors
kubectl apply -f manifests/ --dry-run=server
# Diff current state against desired state
kubectl diff -f manifests/
ArgoCD and Flux Overview
ArgoCD provides a UI-driven GitOps experience. It watches Git repositories and synchronizes resources to your cluster automatically:
# Install ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Create an application pointing to your Git repo
argocd app create my-app \
--repo https://github.com/org/manifests.git \
--path ./k8s \
--dest-server https://kubernetes.default.svc \
--dest-namespace production
Flux takes a controller-based approach, running inside the cluster and reconciling state from Git sources:
# Bootstrap Flux in your cluster
flux bootstrap github \
--owner=my-org \
--repository=fleet-infra \
--path=clusters/production
Both tools eliminate manual kubectl apply calls, enforce Git-based approval workflows, and provide automated drift detection.