Modern GitOps Practices
GitOps Engine Comparison
FluxCD vs ArgoCD Feature Matrix
features:
- name: "Multi-tenancy"
flux: "Native support"
argo: "Namespaced projects"
- name: "Drift Detection"
flux: "Automated reconciliation"
argo: "Manual sync options"
- name: "Policy Enforcement"
flux: "Kyverno native"
argo: "OPA/Gatekeeper"
Modern Implementation
Flux Example
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: production-apps
namespace: flux-system
spec:
interval: 1m
url: https://github.com/org/apps
ref:
branch: main
secretRef:
name: github-credentials
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: applications
namespace: flux-system
spec:
interval: 10m
path: "./environments/production"
prune: true
sourceRef:
kind: GitRepository
name: production-apps
healthChecks:
- apiVersion: apps/v1
kind: Deployment
name: frontend
namespace: default
Progressive Delivery
Flagger Configuration
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: app-canary
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: app
service:
port: 8080
analysis:
interval: 1m
threshold: 10
maxWeight: 50
stepWeight: 5
metrics:
- name: request-success-rate
thresholdRange:
min: 99
interval: 1m
- name: request-duration
thresholdRange:
max: 500
interval: 1m
Security Integration
Image Policy
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: secure-policy
spec:
imageRepositoryRef:
name: app-repository
policy:
securityScanning:
enabled: true
severity: high
signatureVerification:
required: true
Best Practices
- Declarative Configuration
- Infrastructure as Code
- Application manifests
- Policy definitions
- Security controls
- Automation Strategy
- Continuous reconciliation
- Drift detection
- Automatic remediation
- Progressive delivery
- Security Controls
- Image scanning
- Policy enforcement
- RBAC integration
- Audit logging