--- title: "GitOps" type: concept tags: - GitOps - IaC - DevOps - CD sources: - ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments - ctp-topic-33-an-introduction-to-gitops - ctp-topic-9-ci-cd-with-gruntwork last_updated: 2026-04-29 --- # GitOps ## Definition GitOps 是将软件开发原则(尤其是 Git 版本控制)应用于基础设施和应用程序部署的方法论。其核心思想是:**将 Git 仓库作为声明式配置的单一事实来源(Single Source of Truth),通过自动化机制确保实际环境与 Git 中声明的期望状态保持一致。** ## Core Principles 1. **Declarative Configuration(声明式配置)** 所有基础设施和应用配置以声明式语言(如 Terraform HCL、Kubernetes YAML)描述,而非命令式步骤。 2. **Version Control(版本控制)** 所有配置存储在 Git 仓库中,享受版本历史、代码审查(Pull Request)和回滚能力。 3. **Automated CD(自动化持续交付)** CI 专注代码构建和分析,CD 专注部署;两者解耦,增强安全性和可靠性。 4. **Self-Healing(自修复协调)** GitOps Controller 持续监控实际状态与 Git 声明状态,自动调和偏差(drift correction)。 ## Architecture Patterns ### Pull Model(推荐) - GitOps Agent(如 ArgoCD、Flux)同时监控 Git 仓库和目标系统 - Agent 通过 Pull 方式主动检测变更,无需外部系统推送 - 安全性更高,符合零信任原则 ### Push Model - CI/CD 流水线(如 Jenkins、GitHub Actions)在代码变更后主动推送到目标环境 - 配置相对简单,但安全性较低 ## Tooling Ecosystem | Tool | Role | Model | |------|------|-------| | [[Atlantis]] | Terraform 自动化 Plan/Apply | Pull(PR-based)| | ArgoCD | Kubernetes 应用部署 | Pull | | Flux | Kubernetes 持续交付 | Pull | | Terraform Cloud/Enterprise | Terraform 协作与状态管理 | Hybrid | ## GitOps vs Traditional CI/CD | Dimension | Traditional CI/CD | GitOps | |-----------|------------------|--------| | Source of Truth | Pipeline definition | Git repository | | Trigger | Push to repo | Automated pull + diff detection | | State Drift Detection | Manual or periodic | Continuous automatic | | Rollback | Manual or scripted | Git revert + auto-sync | | Audit Trail | Build logs | Git commit history | | Security Model | Token-based push | Agent has minimal permissions | ## Related Concepts - [[Infrastructure as Code (IaC)]]:GitOps 的核心技术基础 - [[CI/CD Pipeline]]:GitOps 的前身和组成部分 - [[Terraform]]:主流 IaC 工具,Atlantis 是其 GitOps 工具 ## Related Entities - [[Atlantis]]:Terraform GitOps 的核心工具实现 - [[Jenkins]]:传统 CI/CD 模式(非 GitOps 原生) ## Related Sources - [[ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments]] — Atlantis 工具实践层 - [[ctp-topic-33-an-introduction-to-gitops]] — GitOps 概念层(Victor Etkin 讲解) - [[ctp-topic-9-ci-cd-with-gruntwork]] — Gruntwork CI/CD 实践