Things & stuff


This is a living document and subject to errors and gaps in understanding

GitOps is an operating model for K8s. Provides set of best practices that unifies deployment, management and monitoring for clusters and applications.

  1. entire system is described declaratively

  2. desired system state version is controlled in Git

  3. the ability for changes to be automatically applied

  4. software agents verify correct system state and alert on divergence

Control and feedback loops

  • How do I know if my deployment was successful?
  • How do I know if the live system has converged to the desired state?
  • Can I be notified whit this differs?
  • Can I trigger a convergence between the cluster and source control?


  • Stronger security guarantees
    • ssh sign changes to prove authorship and origin
    • separates responsibilities tenant of least privilege
  • Increased speed and productivity
    • familiar work flow
  • Reduced mean time to detect and mean time to recovery
  • Improved stability and reliability
  • Easier compliance and auditing


  1. A pull request for a new feature is pushed to GitHub for review.
  2. The code is reviewed and approved. After the code is revised, and re-approved it is merged to a release branch in git.
  3. The git merge triggers a GitHub Actions work flow to run a series of tests and then eventually builds a new image and pushes it to a container registry.
  4. AWS Elastic Container Repository sends an AWS Event Bridge event that triggers a lambda function to update the cluster config.
  5. An agent (?) detects that the config is out of date and pulls the changed manifest from the config repo to deploy the new feature into the cluster.
Last updated on 9 Feb 2021
Published on 9 Feb 2021