GitOps

The pattern: git is the source of truth for the system’s desired state. Reconcilers (ArgoCD, Flux, Atlantis) watch git and apply diffs to the live system. Humans never kubectl apply from a laptop; they open PRs. Audit, history, rollback, and review are free byproducts of git — not features you have to build.

The trade-off: discipline overhead vs. operational safety. GitOps requires every change to flow through a PR (slower for “I just need to test this real quick”). The benefit is enormous: every state change is reviewable, audited, rollbackable; cluster credentials never leave the cluster (pull-based reconciliation); recovery is “re-apply from git.” Modern platform engineering treats GitOps as the default — kubectl apply -f in production is an anti-pattern.

Deepens in Year 1 Phase 7 (ArgoCD + basecamp git repo + app-of-apps). Reinforced in Year 2 Phase 9: IaC when Atlantis enforces the same model for Terraform.

Related patterns

• declarative-vs-imperative-infrastructure — the substrate GitOps reconciles against.
• progressive-delivery — what the GitOps pipeline rolls out.
• platform-as-product — GitOps is the deploy contract the platform offers developers.
• least-privilege — pull-based reconcilers keep cluster creds off laptops.
• secrets-lifecycle — the one thing that does not live in git.
• runbook-as-code — operational procedures committed to the same repo as the state they touch.
• Phase 12: Platform Engineering and basecamp — where GitOps becomes the platform’s contract.