Docs
Kubernetes
Components
GitOps

GitOps in Kubernetes

GitOps is a declarative approach to Kubernetes application management that uses Git as the single source of truth for cluster configuration and application deployment. By using Git to track and manage infrastructure and application states, changes are version-controlled, auditable, and easily reproducible.

Thalassa Cloud supports GitOps workflows using tools like FluxCD and ArgoCD, allowing teams to automate deployments while maintaining security and consistency across environments.

GitOps Concepts

GitOps enables continuous deployment by automating Kubernetes updates whenever changes are pushed to a Git repository. The key principles of GitOps include:

  • Declarative Configuration: The desired state of the system is defined using YAML manifests and stored in a Git repository.
  • Version Control & Auditability: All configuration changes are tracked in Git, providing a clear history of modifications.
  • Automated Synchronization: A GitOps controller (such as FluxCD or ArgoCD) continuously checks the repository and applies changes to the cluster.
  • Pull-Based Model: Instead of pushing changes manually, GitOps controllers pull changes from Git, reducing the attack surface and improving security.

GitOps Workflow

  1. Commit Changes to Git: Developers push updates to Kubernetes manifests stored in a Git repository.
  2. GitOps Controller Detects Changes: Tools like FluxCD or ArgoCD continuously monitor the repository for updates.
  3. Changes Are Applied to the Cluster: The controller applies the updated configuration, keeping the cluster in sync with Git.
  4. Cluster State is Continuously Reconciled: If any manual changes are made outside Git, they are reverted to match the declared state.

Implementing GitOps with FluxCD

What is FluxCD?

FluxCD is a lightweight, Kubernetes-native GitOps tool that continuously reconciles cluster state with a Git repository. It is particularly well-suited for multi-tenant environments and infrastructure as code (IaC).

Installing FluxCD on Thalassa Cloud

Refer to the official FluxCD installation documentation for detailed steps.

  1. Install Flux CLI:
curl -s https://fluxcd.io/install.sh | sudo bash
  1. Bootstrap FluxCD with Git Integration:
flux bootstrap git --url=ssh://[email protected]/my-org/my-repo.git --branch=main --path=clusters/my-cluster

This command:

  • Deploys FluxCD to the cluster.
  • Links it to a Git repository for configuration management.
  • Starts continuous synchronization of manifests.
  1. Define a GitOps Application (Kustomization):
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: my-app
  namespace: flux-system
spec:
  interval: 5m
  sourceRef:
    kind: GitRepository
    name: my-repo
  path: "./apps/my-app"
  prune: true
  healthChecks:
    - apiVersion: apps/v1
      kind: Deployment
      name: my-app
  1. Apply the Configuration:
kubectl apply -f my-app.yaml

FluxCD will now monitor my-app and automatically apply updates whenever changes are pushed to Git.

Implementing GitOps with ArgoCD

What is ArgoCD?

ArgoCD is a declarative GitOps controller that provides a web UI, CLI, and API for managing Kubernetes applications. It offers real-time application status monitoring and supports multi-cluster deployments.

Installing ArgoCD on Thalassa Cloud

Refer to the official ArgoCD installation documentation for detailed steps.

  1. Install ArgoCD:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
  1. Expose ArgoCD API (Optional):
kubectl port-forward svc/argocd-server -n argocd 8080:443
  1. Retrieve Initial Admin Password:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
  1. Log into ArgoCD:
argocd login localhost:8080

Deploying Applications with ArgoCD

To deploy an application, create an Application resource:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  destination:
    namespace: my-namespace
    server: https://kubernetes.default.svc
  source:
    repoURL: https://github.com/my-org/my-repo.git
    path: apps/my-app
    targetRevision: main
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Apply the configuration:

kubectl apply -f my-app.yaml -n argocd

ArgoCD will now continuously sync my-app with the Git repository.

Choosing Between FluxCD and ArgoCD

FeatureFluxCDArgoCD
Installation ComplexityLightweightRequires more setup
Web UINo built-in UIFull-featured UI
Multi-Cluster SupportYesYes
Automated ReconciliationYesYes
RBAC and Access ControlLimitedAdvanced
  • Use FluxCD if you need a lightweight, Kubernetes-native approach with minimal dependencies.
  • Use ArgoCD if you require a user-friendly interface, real-time monitoring, and multi-cluster application management.

Summary

GitOps simplifies Kubernetes application management by enforcing declarative configurations stored in Git. Both FluxCD and ArgoCD provide automated synchronization, rollback capabilities, and improved security for continuous deployment in Thalassa Cloud.

Best Practices:

  • Use FluxCD for a lightweight, Git-native GitOps approach.
  • Use ArgoCD for a UI-driven experience with multi-cluster support.
  • Keep configuration files declarative and version-controlled in Git.
  • Automate reconciliation to maintain the desired cluster state.
  • Implement RBAC and security policies to control GitOps access.

By leveraging GitOps with FluxCD or ArgoCD, teams can ensure reliable, automated deployments in Thalassa Cloud Kubernetes.

Additional Resources

This guide provides a comprehensive introduction to GitOps and practical steps to implement FluxCD and ArgoCD in Thalassa Cloud Kubernetes.

CoreDNSKonnectivity Agent