ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b40abbcd473a7093d8261e212e3d6de97c1e516a
nexus/wiki/concepts/GitOps.md

80 lines
3.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "GitOps"
type: concept
tags:
- GitOps
- IaC
- DevOps
- CD
sources:
- ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments
- ctp-topic-33-an-introduction-to-gitops
- ctp-topic-9-ci-cd-with-gruntwork
last_updated: 2026-04-29
---
# GitOps
## Definition
GitOps 是将软件开发原则(尤其是 Git 版本控制)应用于基础设施和应用程序部署的方法论。其核心思想是:**将 Git 仓库作为声明式配置的单一事实来源Single Source of Truth通过自动化机制确保实际环境与 Git 中声明的期望状态保持一致。**
## Core Principles
1. **Declarative Configuration声明式配置**
所有基础设施和应用配置以声明式语言(如 Terraform HCL、Kubernetes YAML描述而非命令式步骤。
2. **Version Control版本控制**
所有配置存储在 Git 仓库中享受版本历史、代码审查Pull Request和回滚能力。
3. **Automated CD自动化持续交付**
CI 专注代码构建和分析CD 专注部署;两者解耦,增强安全性和可靠性。
4. **Self-Healing自修复协调**
GitOps Controller 持续监控实际状态与 Git 声明状态自动调和偏差drift correction
## Architecture Patterns
### Pull Model推荐
- GitOps Agent如 ArgoCD、Flux同时监控 Git 仓库和目标系统
- Agent 通过 Pull 方式主动检测变更,无需外部系统推送
- 安全性更高,符合零信任原则
### Push Model
- CI/CD 流水线(如 Jenkins、GitHub Actions在代码变更后主动推送到目标环境
- 配置相对简单,但安全性较低
## Tooling Ecosystem
| Tool | Role | Model |
|------|------|-------|
| [[Atlantis]] | Terraform 自动化 Plan/Apply | PullPR-based|
| ArgoCD | Kubernetes 应用部署 | Pull |
| Flux | Kubernetes 持续交付 | Pull |
| Terraform Cloud/Enterprise | Terraform 协作与状态管理 | Hybrid |
## GitOps vs Traditional CI/CD
| Dimension | Traditional CI/CD | GitOps |
|-----------|------------------|--------|
| Source of Truth | Pipeline definition | Git repository |
| Trigger | Push to repo | Automated pull + diff detection |
| State Drift Detection | Manual or periodic | Continuous automatic |
| Rollback | Manual or scripted | Git revert + auto-sync |
| Audit Trail | Build logs | Git commit history |
| Security Model | Token-based push | Agent has minimal permissions |
## Related Concepts
- [[Infrastructure as Code (IaC)]]GitOps 的核心技术基础
- [[CI/CD Pipeline]]GitOps 的前身和组成部分
- [[Terraform]]:主流 IaC 工具Atlantis 是其 GitOps 工具
## Related Entities
- [[Atlantis]]Terraform GitOps 的核心工具实现
- [[Jenkins]]:传统 CI/CD 模式(非 GitOps 原生)
## Related Sources
- [[ctp-topic-32-using-atlantis-cicd-for-infrastructure-deployments]] — Atlantis 工具实践层
- [[ctp-topic-33-an-introduction-to-gitops]] — GitOps 概念层Victor Etkin 讲解)
- [[ctp-topic-9-ci-cd-with-gruntwork]] — Gruntwork CI/CD 实践
Reference in New Issue View Git Blame Copy Permalink