How GitOps Transforms Change Management: Automation, Code, and Transparency

What is GitOps

GitOps is a model that abstracts system operations into automation using Git as the source of truth. It aims for change automation, code‑centric changes, and transparency.

GitOps Principles

Declarative

Versioned and Immutable

Pulled Automatically

Continuously Reconciled

These principles extend the original WeaveWorks definition and often recommend using Flux for practice.

GitOps Formula

GitOps = IaC + MRs + CI/CD

IaC (Infrastructure as Code) : Manage the entire infrastructure through code.

MRs (Merge Requests) : Changes are introduced via merge requests, enabling risk assessment and audit.

CI/CD : Automates integration and delivery, ensuring quality and speed.

Types of GitOps

The Original GitOps – Kubernetes‑based IaC.

The Purist GitOps – IaC‑driven without necessarily using Kubernetes.

The Verified GitOps – Focuses on verification via git diff throughout the process.

The Verified GitOps emphasizes practicality by allowing benefits of GitOps even before full IaC adoption.

Infrastructure as Code (IaC) Approaches

Declarative vs imperative programming examples:

# Using SQL to query users older than 30
SELECT name, age FROM users WHERE age > 30;

users = [{"name": "Alice", "age": 25}, {"name": "Bob", "age": 35}, {"name": "Carol", "age": 32}]
users_over_30 = []
for user in users:
    if user["age"] > 30:
        users_over_30.append(user)

Popular IaC tools:

Terraform : Uses HCL for declarative infrastructure across clouds.

Crossplane : Extends Kubernetes with CRDs for multi‑cloud IaaS.

Pulumi : Allows using general‑purpose languages (Python, TypeScript, etc.) for IaC.

State files are essential for idempotent IaC; without them repeated executions may create duplicate resources.

GitOps Tool Landscape

Jenkins X evolves Jenkins for Kubernetes, using Tekton for pipelines but still limited in CD capabilities.

ArgoCD provides a pure CD approach via an Application CRD, but requires manual image tag updates.

FluxCD, created by WeaveWorks, implements the full GitOps model with separate controllers for source, Helm, and image automation, including automatic image updates.

Practical GitOps Implementation

Using the GitOps formula, the article demonstrates a “change transparency” solution that records SHA256, git commit, and artifact names in a database without altering existing CI pipelines.

By integrating artifact information, the change tree becomes fully traceable.

SRE Stack Proposal

A Python‑based SRE Stack allows users to orchestrate changes in familiar code, combining IaC code with state files for a complete change description.

Provides an sre_stack.py for declarative change definition.

State files act as snapshots, enabling cross‑platform data integration.

Audits can detect when state changes without IaC changes, prompting approval.

The SRE Stack achieves the three goals:

Change Automation : Merge requests trigger automatic rendering and deployment.

Change Codification : Stack files declaratively describe the intended changes.

Change Transparency : Collected artifact data provides full visibility into change provenance.

Conclusion

The GitOps practice is being adopted internally, and interested companies can contact SREWorks for open‑source collaboration.