I'm considering transitioning our CI/CD processes to a GitOps model, where we handle both application and infrastructure changes through pull requests, using declarative configurations, and implementing reviews and auto-promotions. I'm curious about potential pitfalls to avoid, such as repo sprawl, managing secrets and ephemeral credentials, the risk of drift between the pipeline runner and cluster, issues with flaky approvals, maintaining proper hygiene during environment promotions, and the complexity of rollbacks. Additionally, I'd appreciate any insights on tooling options (like Argo CD, Flux, Tekton, or GitHub Actions), managing environment-specific overlays, and ensuring our pipelines remain testable and versioned without hampering team productivity.
5 Answers
What exact issues are you looking to resolve with this GitOps approach? Clarifying your goals might help in identifying potential hurdles ahead.
If you're handling complex projects, the continuous deployment features in GitHub may not cover all your needs. In that case, consider using a dedicated tool like Argo CD or Kargo for better control.
A key lesson I learned is to keep your infrastructure configuration separate from your application code. It helps mitigate some of the complexities.
Watch out for repo sprawl and the challenges that come with managing secrets. Using Argo CD can be beneficial because of its declarative nature, and Tekton offers great flexibility. Keeping an eye on these areas will help ensure a smoother transition.
In my experience with Azure DevOps, I create a pipeline that generates other pipelines, consolidating all definitions in one repo. One drawback is that the Azure DevOps repository doesn't allow for defining PR auto triggers in code, so I have to set each repository policy manually.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically