GitOps

A GitOps operator for Kubernetes and a graduated CNCF project. Flux implements the core GitOps reconciliation loop by continuously pulling updates from a source repository (Git, OCI) and applying them to a target cluster.

• Key Feature: Multi-tenancy support and a dependency-aware engine for managing complex deployments.
• Mechanism: Uses Custom Resource Definitions (CRDs) like Kustomization and HelmRelease to define what to sync and how.
• Example: Automatically deploys a new container image tag to staging when a Git commit updates the manifest in the ./clusters/staging path.

A declarative, GitOps continuous delivery tool for Kubernetes and a CNCF incubating project. It provides a web UI, CLI, and API for visualizing application state and managing deployments.

• Key Feature: A visual diff between the live state in the cluster and the desired state in Git.
• Mechanism: Operates in a pull-based model where an in-cluster agent compares and syncs resources. Supports sync waves and hooks for orchestrated rollouts.
• Example: Manages a canary rollout by progressively shifting traffic between application versions defined in a Git-based Application manifest.

A cloud-native CI/CD platform that incorporates GitOps principles for both the development pipeline and the deployment of applications. It automates the creation of Git repositories and environments.

• Key Feature: Preview Environments automatically spun up for each Pull Request, with their configuration defined in Git.
• Mechanism: Uses Tekton for pipeline execution and Helm for packaging. Promotion between environments (e.g., staging to production) is managed via Git commits and Pull Requests.
• Example: A merge to the main branch triggers a pipeline that creates a new semantic version, commits the updated Helm chart to a GitOps repo, which then triggers the production deployment.

A GitOps platform built on Flux, offering an enterprise-grade UI, governance features, and integrations for managing Kubernetes clusters and applications at scale.

• Key Feature: Templates and Policies for enforcing security and compliance standards across all deployed manifests.
• Mechanism: Extends Flux with a Runtime component that manages the lifecycle of Flux itself and other cluster add-ons via GitOps.
• Example: A platform team defines a secure base Kubernetes configuration as a template in Git; any application team's deployment that references this template automatically inherits security contexts and network policies.

A progressive delivery operator that automates the release process using GitOps. It works with Flux, Argo CD, or Jenkins X to manage canary deployments, A/B testing, and blue-green rollouts.

• Key Feature: Automated rollback based on metrics from Prometheus, Datadog, or other providers.
• Mechanism: Watches for changes to Kubernetes objects (e.g., Deployment image tag) and orchestrates a gradual traffic shift while analyzing key performance indicators.
• Example: A new version defined in Git triggers Flagger to slowly route 5%, then 20%, then 50% of traffic to the canary, automatically halting and rolling back if the error rate exceeds a threshold defined in a Canary CRD.

A control plane framework that extends the GitOps model to cloud infrastructure and services. It allows you to define and manage databases, buckets, and clusters using Kubernetes-style APIs and reconcile them via Git.

• Key Feature: Universal GitOps for both applications and the underlying cloud infrastructure.
• Mechanism: Uses Composite Resource Definitions (XRDs) and Compositions to create custom APIs. Providers translate these Kubernetes manifests into API calls to AWS, Azure, or GCP.
• Example: A Git commit containing a PostgreSQLInstance manifest triggers Crossplane to provision a managed Cloud SQL database on GCP, with the connection secret stored back in the cluster for the application to consume.

The foundational practice of defining and provisioning computing infrastructure using machine-readable configuration files, rather than manual processes. IaC is the declarative language that GitOps uses to express the desired state of a system.

• Core Tools: Terraform, AWS CloudFormation, Pulumi, Ansible.
• Key Principle: Idempotency, where applying the same configuration repeatedly results in the same system state.
• Relation to GitOps: GitOps treats IaC manifests as the single source of truth, stored in a Git repository. The GitOps operator's job is to continuously reconcile the live infrastructure with these declared IaC states.

Software extensions to Kubernetes that use custom resources to manage applications and their components. Operators encode human operational knowledge into software that can automatically handle complex tasks like backups, updates, and failure recovery.

• How They Work: They follow the control loop pattern: Observe the state of the system, analyze differences from the desired state, and take action to reconcile.
• Examples: The etcd Operator, Prometheus Operator.
• Relation to GitOps: GitOps tools like Flux and Argo CD are themselves Kubernetes Operators. They are installed in the cluster, watch Git repositories (and sometimes OCI registries), and continuously reconcile the cluster's state with the source of truth. They extend Kubernetes' native declarative model to encompass the entire delivery pipeline.

A dedicated infrastructure layer for managing service-to-service communication within a microservices architecture. It provides capabilities like traffic management, security, and observability without requiring changes to application code.

• Core Features: Intelligent routing (for canaries, A/B tests), load balancing, failure recovery (retries, timeouts, circuit breakers), and telemetry collection.
• Popular Implementations: Istio, Linkerd, Consul Connect.
• Relation to GitOps: In a GitOps workflow, the configuration of the service mesh is declarative and stored in Git. For example, Istio's VirtualService and DestinationRule custom resources, which define traffic routing policies for progressive delivery, are managed via the same GitOps pull pipeline as application deployments. This ensures mesh configuration is versioned, auditable, and applied consistently.