To recap, a GitOps system evolves
1. Basic: Configs in repo as a storage
or backup mechanism.
2. IaC: PRs from within the team
trigger CI-based deployments.
3. GitOps: PRs from outside the team,
pre-vetted PRs, post-merge testing.
4. Automatic: Eliminate the human
The user benefits from GitOps in many
ways. The primary benefit is that a request is completed faster. Waiting for
approval is faster than waiting to meet
and discuss the request, waiting for the
IT team to do the required work, and
verifying that it was all done correctly.
Even if the PR requires a few iterations
and refinements, the process is faster
or at least more enjoyable because it is
GitOps offers more transparency.
The user can see all the details of the
request, thus avoiding potential errors,
typos, and the common problem of information being lost in translation.
Technical people value opportunities to learn. Technical users enjoy
learning the system as the documentation walks them through the process.
The code that processes the PR, checks
errors, and deploys the result is often
visible to the user, and a curious user
can explore it. Requests for additional
features and error checks are often
pushed to the user, who may enjoy collaboratively improving the system. This
can be a recruiting tool for the IT team.
GitOps enhances dignity in the
treatment of requests. Requests for environment changes should, ideally, be
granted on the basis of whether they
conform to architectural and engineering principles, regardless of the source.
In a traditional organization, requests
are often achieved as a factor of political and bureaucratic success, and force
of personality. GitOps moves us toward
the better way.
The user also benefits because
when it becomes easier for the IT team
to create self-service tools, more such
tools are created. GitOps lowers the bar
to creating these tools.
The downside is that Git has a steep
learning curve. This is not so much an
issue for developers who already use it
and may view GitOps as simply more
things they can submit PRs to. It is a
burden for others, however, especially
nontechnical users, but also techni-
cal people who do not already use
Git, such as those in the network op-
erations center, on the help desk, or in
other purely operational roles. Luck-
ily, Git is so frustratingly incompre-
hensible that it has spawned a cottage
industry of GUI systems and editor
plugins that sit on top of Git and make
it easier to use. Some popular GUIs
include GitHub Desktop and Tortoise-
Git. Emacs, vim, and VSCode all have
excellent Git integrations.
GitOps has all the benefits of IaC.
When files that describe an infrastructure are stored in a VCS, all the benefits
of using a VCS emerge: version history,
log of who made what change, rollback, and so on.
GitOps has benefits far beyond IaC.
It democratizes and delegates work.
By having users create their own PRs,
it creates a division of labor where the
users who are experts in the details
of the request create the PR, and the
team with expertise in the system approves the PRs. It scales the IT team
better because approving PRs is relatively easy. It also lets the IT team focus on quality assurance and improving system safety, which is a better use
of their time.
While it may take a senior engineer
to set up the initial system, automating tests is a good way for junior engineers to build up experience. Thus,
GitOps creates mentoring and growth
GitOps has security benefits, too.
Having a VCS log of all changes makes
security audits easier. This turns an organization often perceived as a blocker
into an ally. If your VCS is Git or another cryptographically hashed system,
silently altering files becomes very dif-
ficult. Commits can be cryptographi-
cally signed for additional assurance.
Lastly, GitOps enables managers to
be better managers. Middle managers
can gather metrics from the PR system
or the configuration files. Line manag-
ers can keep track of what their team
is doing by following the PRs rather
than nagging their direct reports for
I like to configure our GitOps sys-
it easy for IT
It does all that
while reducing the
amount of code that
must be written