GitOps Principles and Best Practices
GitOps is an operational framework that uses Git as the single source of truth for infrastructure and application configuration. All changes flow through Git, providing audit trails, rollback capability, and consistency across environments.
Core Principles
- Declarative Configuration -- the entire system state is described in code
- Version Controlled -- Git stores the desired state with full history
- Automated Delivery -- approved changes are automatically applied
- Continuous Reconciliation -- agents ensure actual state matches desired state
Repository Structure
Organize your GitOps repository with clear separation:
infrastructure/
base/
namespaces.yaml
network-policies.yaml
production/
kustomization.yaml
staging/
kustomization.yaml
apps/
my-app/
deployment.yaml
service.yaml
ingress.yamlBest Practices
- Separate application code repos from deployment config repos
- Use pull requests for all changes -- never push directly to main
- Implement branch protection rules and require reviews
- Pin image tags to specific versions, never use
latest - Use sealed secrets or external secret managers for sensitive data
- Run validation in CI before merging (kubeval, OPA policies)
Deployment Flow
A typical GitOps workflow on your Breeze cluster:
# Developer pushes code change
# CI builds image with tag v1.2.3
# CI opens PR updating deployment.yaml image tag
# Team reviews and merges PR
# GitOps operator detects change and applies to clusterThis approach ensures every production change is reviewed, traceable, and reversible through standard Git operations.