DEV Community

Cover image for GitOps Explained with a Real Production Workflow
Ripenapps
Ripenapps

Posted on

GitOps Explained with a Real Production Workflow

Every engineering team eventually reaches a point where deployments become stressful. It happens inside a fast-growing web app development company just as often as it happens in a large enterprise platform group.

A developer merges a pull request. The CI pipeline passes, Docker images are built, and someone manually runs a few kubectl apply commands. Everything looks fine until production starts behaving differently from staging. A quick investigation reveals that someone modified a ConfigMap directly in the cluster a week ago. Another engineer hot-fixed a Deployment using kubectl edit, and nobody documented the change.

Now the cluster configuration no longer matches the Git repository.

This is a classic example of configuration drift, and it's one of the biggest reasons deployments become unreliable as teams grow.

This is exactly the problem GitOps was designed to solve.

Instead of treating Kubernetes as something engineers manually manage, GitOps makes Git the single source of truth. Every deployment, infrastructure change, and configuration update starts with a commit, creating an auditable, repeatable, and automated deployment workflow.

In this article, we'll explore GitOps through a real production workflow, showing how modern engineering teams use GitHub Actions, Docker, Argo CD, and Kubernetes to deploy applications safely at scale.

What is GitOps?

GitOps is an operational framework that uses Git repositories as the authoritative source for both application and infrastructure configuration.

Rather than pushing changes directly into a Kubernetes cluster, engineers declare the desired state in Git. A GitOps controller such as Argo CD or FluxCD continuously monitors that repository and automatically reconciles the cluster until it matches the desired state.

The deployment process shifts from this:

flowchart TD
    A[Developer] --> B[kubectl apply]
    B --> C[Production]
Enter fullscreen mode Exit fullscreen mode

to this:

flowchart TD
    A[Developer] --> B[Git Repository]
    B --> C[Argo CD]
    C --> D[Kubernetes]
Enter fullscreen mode Exit fullscreen mode

This simple change fundamentally improves deployment reliability because every change is version-controlled, reviewable, and recoverable.

Key Takeaway: In GitOps, engineers don't deploy applications. They update Git, and the platform deploys applications automatically.

Why Traditional CI/CD Pipelines Break at Scale

Traditional CI/CD pipelines work well for small teams, but they often struggle as applications and environments grow.

Some common challenges include:

  • Configuration drift: Manual cluster changes eventually diverge from Git.
  • Environment inconsistency: Development, staging, and production slowly become different.
  • Limited auditability: It's difficult to determine who changed what and when.
  • Risky rollbacks: Recovering from failed deployments often involves guesswork.
  • Manual intervention: Engineers spend valuable time applying manifests and fixing deployments.

GitOps eliminates these issues by ensuring that Git always represents the desired system state. If someone changes a resource manually, the GitOps controller detects the drift and restores the correct configuration automatically.

GitOps Architecture

A production-ready GitOps architecture separates responsibilities across different tools.

Each component has a specific role:

  • Developer: Writes code and updates Kubernetes manifests.
  • GitHub: Stores application code and deployment configuration.
  • GitHub Actions: Builds Docker images, runs tests, and updates manifests.
  • Container Registry: Stores versioned container images.
  • Argo CD: Continuously watches Git repositories for changes.
  • Kubernetes: Runs workloads and maintains application availability.

Because every deployment flows through Git, teams gain complete visibility into their software delivery process.

A Real Production GitOps Workflow

Let's walk through a deployment that many engineering teams perform every day.

Step 1: Developer Creates a Feature

A developer implements a new API endpoint and opens a pull request.

The application code is reviewed, tested, and approved before merging.

No deployment happens yet.

Step 2: CI Pipeline Starts

Once the pull request is merged, GitHub Actions automatically begins the CI pipeline.

Typical steps include:

  • Running unit tests
  • Performing static code analysis
  • Building the Docker image
  • Running vulnerability scans
  • Publishing the image to a container registry

Every successful build receives a unique image tag such as myapp:v2.3.1.

Immutable image tags make deployments predictable and simplify rollbacks.

Step 3: Update Kubernetes Manifests

Instead of deploying directly to the cluster, the pipeline updates the Kubernetes Deployment manifest.

Example:

containers:
  - name: api
    image: ghcr.io/company/api:v2.3.1
Enter fullscreen mode Exit fullscreen mode

The updated manifest is committed back into the Git repository.

This commit becomes the deployment event.

Step 4: Argo CD Detects the Change

Argo CD continuously monitors the manifest repository.

When it detects the new image version, it compares the desired state stored in Git with the current state running inside Kubernetes.

If they differ, synchronization begins automatically.

No engineer needs to log into the cluster.

Step 5: Kubernetes Performs the Deployment

Kubernetes updates Pods using the configured deployment strategy.

Most production systems use Rolling Updates because they maintain service availability during deployments.

The process typically looks like this:

flowchart TD
    A[Old Pods: 5] --> B[Create New Pod]
    B --> C[Health Check]
    C --> D[Terminate Old Pod]
    D --> E[Repeat]
    E -.-> B
Enter fullscreen mode Exit fullscreen mode

Users continue accessing the application throughout the deployment.

Step 6: Health Verification

Modern GitOps workflows never assume deployments succeeded.

Instead, Kubernetes continuously validates:

  • Readiness probes
  • Liveness probes
  • Startup probes

If new Pods fail health checks, Kubernetes automatically prevents traffic from reaching unhealthy containers.

Combined with Argo CD's synchronization status, operators immediately know whether deployments are healthy.

Production Repository Structure

One mistake many teams make is placing everything inside a single folder.

Production repositories are usually organized by responsibility.

gitops/
├── apps/
├── infrastructure/
├── clusters/
├── charts/
├── manifests/
├── services/
└── environments/
    ├── dev/
    ├── staging/
    └── production/
Enter fullscreen mode Exit fullscreen mode

This separation keeps infrastructure, application manifests, and environment-specific configuration independent, making large-scale GitOps workflows easier to maintain.

Why GitOps Changes the Way Teams Work

GitOps is often described as a deployment strategy, but its biggest impact is actually organizational.

Instead of relying on tribal knowledge or manual procedures, every deployment follows the same repeatable process:

  1. Make a change.
  2. Open a pull request.
  3. Review the change.
  4. Merge to Git.
  5. Let automation handle deployment.

This consistency reduces operational risk and allows teams to deploy more frequently with greater confidence.

For organizations adopting Platform Engineering, Infrastructure as Code, or Cloud Native architectures, GitOps becomes the foundation for reliable software delivery.

Whether you're working with a single Kubernetes cluster or managing hundreds across multiple cloud providers, GitOps provides the auditability, automation, and consistency needed to scale. It's the same reason cloud managed service providers and teams offering cloud infrastructure management services increasingly standardize on Git as the single source of truth for every environment they operate.

Final Thoughts

GitOps is more than another DevOps trend. It's a shift toward treating infrastructure and application delivery as version-controlled software.

By making Git the single source of truth, teams eliminate configuration drift, simplify rollbacks, improve security, and create deployment workflows that are transparent and repeatable.

Tools like Argo CD, FluxCD, Helm, Terraform, and GitHub Actions work together to automate the entire software delivery lifecycle, but the real value isn't the tooling itself. The value lies in building deployment processes that engineers can trust.

As your Kubernetes environments grow, manual operations become increasingly fragile. GitOps replaces uncertainty with automation, visibility, and consistency, enabling engineering teams to deliver software faster without sacrificing reliability. For many organizations, this is where GitOps connects to a wider set of cloud transformation services, giving teams a reliable delivery backbone before they scale further.

If you're beginning your GitOps journey, start small: automate a single Kubernetes application, store all manifests in Git, and let a GitOps controller manage synchronization. Once that workflow becomes second nature, expanding to infrastructure provisioning, multi-cluster deployments, progressive delivery, and platform engineering becomes a natural next step. Teams often accelerate that path with dedicated DevOps consulting services, or choose to hire DevOps developers who have run these workflows in production before, particularly when GitOps is introduced alongside cloud migration consulting services during a larger platform move.

In modern cloud-native environments, successful deployments aren't driven by manual commands. They're driven by well-defined, declarative workflows where Git records every change, automation executes every deployment, and Kubernetes continuously reconciles reality with your desired state. That's the essence of GitOps, and it's why it has become the preferred deployment model for high-performing engineering teams.

Top comments (0)